Bohemia Interactive Confirms DayZ Forum Hacked

DayZ see’s players fight off and survive in a harsh apocalyptic world where zombies are the second most dangerous thing, only after the other players that want all your stuff. Seems someone took that one step further and have taken people’s login details for the DayZ forums.

With reports that it was hacked as early as last week, Bohemia Interactive (the creators of the standalone game, based on the popular mod) have sent an email round to their forum members stating the extent of the hack and the details that were obtained during the hack.

Greetings,

A security incident occurred on forums.dayzgame.com recently. According to our investigation all usernames, emails and passwords from forums.dayzgame.com were accessed and downloaded by hackers.

While the passwords were not stored in plain text, but in a more secure form, it is highly recommended that if you have used the same password elsewhere you change it immediately on all applicable websites and services.

We would like to apologize for the inconvenience caused, and share with you one of the major changes planned in order to mitigate similar risks in the future. We will be replacing the IPBoards login system with Bohemia Account within the next two weeks. As Bohemia Account is a separate custom-built service currently used by Bohemia Interactive Forums and Store, it offers much better security and its use should prevent similar incidents going forward.

We ask for your patience over the next few days and weeks as we implement this and other security overhauls, as there are likely to be service interruptions and forum unavailability from time to time. In particular, the forums will be down until migration to the Bohemia Account is complete. We will keep you up to date on vital info and scheduled down-time on the site itself and via our Twitter.

Yours sincerely,

Bohemia Interactive

While everything from usernames and emails was taken,  the passwords were luckily encrypted in some way. We highly recommend that you change your password for the DayZ forum and any other sites or services that you use that password for (recommended that everything has a unique password in future, helps prevent breaches like this affecting other accounts).

While hacks are becoming more and more common, sites like these need to respond quicker and alert their users as soon as they detect the hack, a whole week is a lot of time to have access to people’s emails and social media accounts (all of which could be done using your email and potentially your password).

Huge Steam Error Exposes User Details!

Steam is a worldwide service designed to help you and your friends purchase and play games with a sense of security and unity. This doesn’t mean it’s perfect though as we found out this Christmas with a bunch of users reporting seeing other people’s details.

Reported on Reddit users were claiming that not only were their information displaying in another language it was also showing other usernames and information related to their accounts. While this may sound trivial the kind of information wasn’t, with everything from Steam Wallet balances, purchase histories and PayPal information being met with some contact information. While there has been no official word from Valve has of yet, but the steam services

While there has been no official word from Valve has of yet, but the steam services did go offline for a period before being brought back to life with a fix.

Steam Database, a service that keeps watch on steam from its sales to its services, reported that while it was being exposed the information was read-only. This means that people could only see your information, not change it. They go on to stress that it is not a hack but most likely a misconfiguration in Valve’s caching mechanisms. They then recommend asking Steam to forget your payment information as “Valve have proven multiple times that they’re unable to keep their security standards to a high level”.

99% Of Women Profiles On Ashley Madison Were Fake

Oh, well I am not surprised but here we go, the well reported data breach on dating website Ashley Madison has exposed a wealth of information including a huge proportion of fake profiles.

Impact Team who were the group behind the hack, announced that it was releasing the information in part because Ashley Madison had duped consumers over the male to female account ratio on its website. At the time, the hackers claimed that 90-95% of the accounts on Ashley Madison were male with “thousands” of fake female profiles. It turns out the group were correct but underestimated the figures ever so slightly.

After careful scrutiny of the data in order to verify that 5.5 million female accounts were indeed fake, the information reveals that many accounts were created with a single localhost IP of 127.0.0.1. This was along with thousands of accounts which listed AshleyMadison.com email address as their primary contact point including organized accounts which stated 100@ashleymadison.com, 200@ashleymadison.com and so on.

Another piece of information which is certainly revealing conveys the last log in date a user has checked their inbox, this data is logged by the site even if the user only checks it once. It reveals a huge 20,269,675 men checked their messages while only 1492 woman viewed their inbox. Well, just look at those odds, even Ray Winstone cannot market this appealingly for Bet 365.

I do feel these sites offer the majority a false sense of possibility with reality far less forgiving; it conveys the level of information which can be harvested by third parties if not stored correctly. The irony to all this is that Ashley Madison offered a platform where people could cheat on their other half which is deplorable, yet far less possible than previously thought considering the number of fake profiles.

Thank you extremetech for providing us with this information

Image courtesy of huffingtonpost