The War Z taken offline following forum, database hack
Players of The War Z, a first-person zombie survival game, have been notified of a breach of the developer’s (Hammerpoint Interactive) forum and game databases and the theft of user data contained in them.
“The data accessed included email addresses used to log-in to the forum, forum passwords which we encrypt, email addresses used to log-in to the game, encrypted game passwords as well as in-game character names and the IP addresses from which players log-in to the forum and to the game,” the developer explained in a public advisory.
“If you posted other information to the forum it is likely that such data was accessed as well. We do not collect the names or addresses of our gamers so that information was not impacted unless you posted it on the forum. We are investigating whether additional information may have been obtained.”
It’s good to know that payment or billing information was not compromised, as the payments are made through a third party.
There is no mention of what encryption algorithm they use to encrypt the passwords, nor whether they are “salted,” so their advice to users about immediately changing the passwords they used for the forum and the account is more than fitting. “If you use the same password for accounts on other services, you should change those passwords as well,” they added.
“We have engaged outside experts and investigators to assist in our investigation of this incident and committed substantial resources to that effort. We have identified number of ways access was obtained and have enhanced our security to improve game and forum safety. We are undertaking a full review and update of our servers and the services we use and adding additional security mechanisms. In addition to this post, we are emailing all of our players just to make certain that everyone is informed and has been advised to change their passwords,” they wrote.
Hammerpoint Interactive temporarily took down the forums and the game, but users can change their passwords on the developers’ website.
Some 600,000 registered to play it since it was launched in December 2012, despite the fact that some users complained that it didn’t include features that were mentioned on the Steam web page where the game was offered for sale.