Slashdot Mirror
DRM Company Denuvo Forgets To Secure Its Server, Leaks Two Years Of Emails (torrentfreak.com)
Denuvo "left several private directories on its website open to the public," TorrentFreak wrote Sunday, calling it "an embarrassing blunder" for the digital rights management company. "Members of the cracking community are downloading and scrutinizing the contents," the site reports, with one of the finds being an 11-megabyte text file which apparently contains every message sent through Denuvo's web site since 2014. An anonymous reader writes:
There's a message from Google's security team, one from Capcom Japan, and "dozens of emails from angry pirates, each looking to vent their anger," according to TorrentFreak. Ars Technica reports that there's also a 2015 message from Microsoft about "an upcoming initiative," as well as messages several game studios, and even one from the producers of Mavis Beacon Teaches Typing. "Combing the log file brings up countless spam messages, along with complaints, confused 'why won't this game work' queries from apparent pirates, and even threats (an example: 'for what you did to arkham knight I will find you and I will kill you and all of your loved ones, this I promise you CEO of this SHIT drm')."
"Since Denuvo's contact page does not contain a link to a private e-mail address -- only a contact form and a phone number to the company's Austrian headquarters -- the form appears to also have been used by many game developers and publishers." And in addition, "much of Denuvo's web database content appears to be entirely unsecured, with root directories for 'fileadmin' and 'logs' sitting in the open right now."
In addition, there's also a slideshow -- which has since been uploaded to Imgur -- bragging that "With over 300 man years of development experience among us, we clearly know what we're doing."
"Since Denuvo's contact page does not contain a link to a private e-mail address -- only a contact form and a phone number to the company's Austrian headquarters -- the form appears to also have been used by many game developers and publishers." And in addition, "much of Denuvo's web database content appears to be entirely unsecured, with root directories for 'fileadmin' and 'logs' sitting in the open right now."
In addition, there's also a slideshow -- which has since been uploaded to Imgur -- bragging that "With over 300 man years of development experience among us, we clearly know what we're doing."
If they got the good stuff, they'll have a legal goldmine on felonies by management and lawsuits on the company.
and I just can't stop laughing!
. . . . when we did a simple port-scan, and found every single Solaris box on the net had FTP running. So we did an anonymous FTP login. And in the root of the public directory. . . . was a Kickstart file. With the root password.
We had the entire network pwned in under 45 minutes. Simply because someone didn't bother to clean up. Probably because they'd already redlined the "maintenance" budget. . . .