Security Issues Response

[[S2]Maliken]

On Sunday afternoon we became aware of a Heroes of Newerth password security breach. We immediately took steps to limit the risk to our players by directly advising the community to change the passwords for any linked accounts.

We’ve been working around the clock with our internal expert security staff to analyze what happened, and it is our mission to be completely transparent. We know that only passwords were stolen. No credit card or billing information was compromised, as we do not store this information. The security breach occurred when a third-party software that interacts with our account database was hacked. Contrary to some outside reports, the game client was not hacked.

We took immediate action to eliminate any future password storage issues by removing the third-parties ability to access sensitive information.

Additionally, while the game was down we upgraded all security systems. The game is back up and all HoN accounts will be prompted to create a new password. All passwords will be expired upon next login. However, we do want to reiterate that those who used the same password for HoN to access anything else to change their passwords.

We take security very seriously. Players must know their sensitive information is secure and S2 will ensure this is the case, no matter the effort or cost.

If you have any questions do not hesitate to ask our Community Manager @s2xanderK.

Sincerely,

Marc "Maliken" DeForest

[GoldenOak]

It's good to hear from Maliken himself about this.
Thankyou for acting with haste, and keeping us informed.
Good Job s2!

[xanderK]

Just posting on the thread to give everyone easy access to my Twitter (in my signature) or to be able to PM me here on the forums. As Maliken says, I'm glad to answer any questions that I can.

[[ComE]CaitSith]

Thanks You for the update CEO Maliken.
And Merry-ck Christmas!!

[Win```]

Thank you for the clear response!

[[AvAl]Pedoscam]

Thank you for fixing the problem!

[`Elucidate]

Thanks for the update and explanation. Instead of just saying its fixed and change your passwords.

[[Xeno]Dorjan]

Thank you guys

[ojii]

our internal expert security staff

Are you kidding me? According to reddit and other sources, you used (salted) MD5 for password storage. Any "expert security staff" would know how silly that is. Are those sources just wrong? How does S2 store user credentials?

[Pan_spagetka]

I am here, just for maliken.

[Afterburn]

Are SEA accounts at risk from this breach?

[[SBT]OliverSykes`]

No free coins?

[Vaez]

no -.-'

[[FUK]BenStark]

No free coins?

I get why they wouldn't want to. It would be incentive for other people to try to hack them again if every time there is a security issue everyone gets coins.

[[Ruud]Zerotorescue]

Did you guys have interns design the system? Not sure how else a developer would be incompetent enough to provide third party services access to the database.

[[Ruud]Zerotorescue]

I get why they wouldn't want to. It would be incentive for other people to try to hack them again if every time there is a security issue everyone gets coins.

If someone breaks into the database they could simply set their own coin amount to over 9000 rather then invoke total chaos by stealing game accounts.

[[TTVC]BeatKAI]

The only thing is asking for gold coins ? Really Guys? Its not the fault if S2 ;/ Shame on You Guys Rly. Ty for the Clear Statement Maliken.

[[LlVE]MothGod]

Nice to hear Maliken !!!!

[[SdS]ALAKEFAK]

thanks

[[BAY]Trilok]

We know that only passwords were stolen. No credit card or billing information was compromised, as we do not store this information.

So, the hacker didn't obtain any email adresses?