Hackers compromised the forum and game database of the massively multiplayer online game, The War Z, forcing the game’s producer OP Productions to temporarily take the game and its forum offline.
In a security alert issued yesterday, OP Productions informed The War Z players of the breach and subsequent game and forum downtime. According to the alert, hackers accessed and may have exposed the players’ email addresses and encrypted passwords used to login to the game and forum, in-game character names, any information posted on the forum, and the IP addresses for machines that logged into the forum and the game.
OP Productions assured users their names and addresses are not collected and therefore were not exposed (unless gamers posted that information of the forum). They are still investigating whether further information was exposed.
The alert also notes that player payments are handled by a third party on unrelated systems, and that no payment information was compromised in the breach.
Despite its practice of encrypting user passwords, OP Productions advises that users update their passwords. The company claims its independent research has shown that many players are not using strong enough passwords and that the encrypted outputs for them can be easily obtained in a brute force attack. It is especially important that these users change their passwords.
“We have identified number of ways access was obtained and have enhanced our security to improve game and forum safety,” the alert said. “We are undertaking a full review and update of our servers and the services we use and adding additional security mechanisms.”
More and more it seems that cybercriminals and malicious hackers are setting their sights on online gaming networks, starting with the Sony PlayStation Network breach two years ago. More recently, players of the popular XBOX 360 game Borderlands 2 violated XBOX Live’s code of conduct by using a malicious application that allowed them to permanently kill off the characters of other players. The Steam gaming and media distribution platform has had more than its fair share of incidents in recent years and months; cybercriminals have mimicked popular Android games as a means to get users to download malicious applications for some time now.