Interested in learning what's next for the gaming industry? Join gaming executives to discuss emerging parts of the industry this October at GamesBeat Summit Next. Register today.

A Star Wars Galaxies fan site got hacked today and thieves stole 21,000 email addresses and 23,000 passwords. And judging from an analysis of the passwords, most of them were weak.

The site is a fan site owned by LFNetwork, an independently owned network of LucasArts fan sites. Hackers from the group ObSec, a small hacking collective with apparent sympathies for the LulzSec and AntiSec hacktivist groups, broke into the site’s security and posted the addresses and passwords on the web. While a compromised forum login isn’t itself a big deal, the threat from this kind of smaller breach is that it can lead to further identity theft that could be devastating for individuals — particularly if they’re reusing the same passwords at other, more critical websites.

Jeff Moeller, editor of LFNetwork, said that the site that got hacked is not actively maintained any more. The fan site targets males 18 to 34 years old, and evidently none of the other UGO or IGN sites were targeted.

Identity Finder took a look at the posted passwords and found many of them were weak. In other words, they would have been easy to crack because they are short, contain dictionary words, or don’t contain special characters, numbers, or punctuation.


GamesBeat Summit Next 2022

Join gaming leaders live this October 25-26 in San Francisco to examine the next big opportunities within the gaming industry.

Register Here

“It’s unfortunate,” said Todd Feinman, chief executive of Identity Finder, in an interview. “It must be so frustrating for someone to see their passwords online, given the amount of online sign-ups we have to do.”

Of the 23,389 passwords stolen, 71 percent were weak. Only 13 percent of the passwords were strong. The average password length was 7.6 characters. About 4.3 percent of the passwords were less than 5 characters, and only 4.7 percent of the passwords were more than 10 characters long.

Hacking a game web site password isn’t too big a deal. But the problem is that users often reuse their passwords on more important sites, like online banks. Studies show that 50 percent of passwords are reused.

Feinman said, “Passwords are a digital identity and password reuse is a serious problem that could lead toward identity fraud.”

One of the users had a password that was 42 characters long. That person took trouble to protect himself or herself. But since the web site stored the passwords in an unencrypted format, the password is out there for everyone to see now.

GamesBeat's creed when covering the game industry is "where passion meets business." What does this mean? We want to tell you how the news matters to you -- not just as a decision-maker at a game studio, but also as a fan of games. Whether you read our articles, listen to our podcasts, or watch our videos, GamesBeat will help you learn about the industry and enjoy engaging with it. Discover our Briefings.