A new GamesBeat event is around the corner! Learn more about what comes next. 

A Star Wars Galaxies fan site got hacked today and thieves stole 21,000 email addresses and 23,000 passwords. And judging from an analysis of the passwords, most of them were weak.

The site SWGalaxies.net is a fan site owned by LFNetwork, an independently owned network of LucasArts fan sites. Hackers from the group ObSec, a small hacking collective with apparent sympathies for the LulzSec and AntiSec hacktivist groups, broke into the site’s security and posted the addresses and passwords on the web. While a compromised forum login isn’t itself a big deal, the threat from this kind of smaller breach is that it can lead to further identity theft that could be devastating for individuals — particularly if they’re reusing the same passwords at other, more critical websites.

Jeff Moeller, editor of LFNetwork, said that the site that got hacked is not actively maintained any more. The fan site targets males 18 to 34 years old, and evidently none of the other UGO or IGN sites were targeted.

Identity Finder took a look at the posted passwords and found many of them were weak. In other words, they would have been easy to crack because they are short, contain dictionary words, or don’t contain special characters, numbers, or punctuation.


Three top investment pros open up about what it takes to get your video game funded.

Watch On Demand

“It’s unfortunate,” said Todd Feinman, chief executive of Identity Finder, in an interview. “It must be so frustrating for someone to see their passwords online, given the amount of online sign-ups we have to do.”

Of the 23,389 passwords stolen, 71 percent were weak. Only 13 percent of the passwords were strong. The average password length was 7.6 characters. About 4.3 percent of the passwords were less than 5 characters, and only 4.7 percent of the passwords were more than 10 characters long.

Hacking a game web site password isn’t too big a deal. But the problem is that users often reuse their passwords on more important sites, like online banks. Studies show that 50 percent of passwords are reused.

Feinman said, “Passwords are a digital identity and password reuse is a serious problem that could lead toward identity fraud.”

One of the users had a password that was 42 characters long. That person took trouble to protect himself or herself. But since the web site stored the passwords in an unencrypted format, the password is out there for everyone to see now.


GamesBeat's creed when covering the game industry is "where passion meets business." What does this mean? We want to tell you how the news matters to you -- not just as a decision-maker at a game studio, but also as a fan of games. Whether you read our articles, listen to our podcasts, or watch our videos, GamesBeat will help you learn about the industry and enjoy engaging with it. How will you do that? Membership includes access to:
  • Newsletters, such as DeanBeat
  • The wonderful, educational, and fun speakers at our events
  • Networking opportunities
  • Special members-only interviews, chats, and "open office" events with GamesBeat staff
  • Chatting with community members, GamesBeat staff, and other guests in our Discord
  • And maybe even a fun prize or two
  • Introductions to like-minded parties
Become a member