Click here to go to the first staff post in this thread. Thread: Security Issues Response

Page 1 of 6 12345 ... LastLast
Results 1 to 20 of 118
  1.   Click here to go to the next staff post in this thread.   #1
    Offline
    S2 Staff Member S2 Games Staff
    Join Date
    Sep 2008
    Location
    Kalamazoo, MI
    Posts
    1,342

    Security Issues Response

    On Sunday afternoon we became aware of a Heroes of Newerth password security breach. We immediately took steps to limit the risk to our players by directly advising the community to change the passwords for any linked accounts.

    We’ve been working around the clock with our internal expert security staff to analyze what happened, and it is our mission to be completely transparent. We know that only passwords were stolen. No credit card or billing information was compromised, as we do not store this information. The security breach occurred when a third-party software that interacts with our account database was hacked. Contrary to some outside reports, the game client was not hacked.

    We took immediate action to eliminate any future password storage issues by removing the third-parties ability to access sensitive information.

    Additionally, while the game was down we upgraded all security systems. The game is back up and all HoN accounts will be prompted to create a new password. All passwords will be expired upon next login. However, we do want to reiterate that those who used the same password for HoN to access anything else to change their passwords.

    We take security very seriously. Players must know their sensitive information is secure and S2 will ensure this is the case, no matter the effort or cost.

    If you have any questions do not hesitate to ask our Community Manager @s2xanderK.

    Sincerely,

    Marc "Maliken" DeForest

  2. #2
    It's good to hear from Maliken himself about this.
    Thankyou for acting with haste, and keeping us informed.
    Good Job s2!

  3.   Click here to go to the next staff post in this thread.   #3
    Offline
    Account Icon
    Join Date
    Sep 2009
    Location
    Kalamazoo, MI
    Posts
    1,941
    Just posting on the thread to give everyone easy access to my Twitter (in my signature) or to be able to PM me here on the forums. As Maliken says, I'm glad to answer any questions that I can.

  4. #4
    Offline
    Account Icon
    Chat Symbol
    Join Date
    Aug 2009
    Location
    Gwada(West Indies)
    Posts
    1,730
    Thanks You for the update CEO Maliken.
    And Merry-ck Christmas!!
    Hardcore player. Always improve his gameplay. Never rage against anyone than himself for being weak.
    --------------------------------------------------------------------------------------------------------------------------------------------------------------

  5. #5
    Thank you for the clear response!

  6. #6
    Thank you for fixing the problem!

  7. #7
    Offline
    Account Icon
    Chat Symbol
    Join Date
    Apr 2010
    Location
    Chicago IL
    Posts
    72
    Thanks for the update and explanation. Instead of just saying its fixed and change your passwords.

  8. #8
    Thank you guys

  9. #9
    our internal expert security staff
    Are you kidding me? According to reddit and other sources, you used (salted) MD5 for password storage. Any "expert security staff" would know how silly that is. Are those sources just wrong? How does S2 store user credentials?

  10. #10
    I am here, just for maliken.

  11. #11
    Are SEA accounts at risk from this breach?

  12. #12
    No free coins?
    You are all I long for, all I worship and adore.

  13. #13
    no -.-'
    Lodestone is balanced. period.

  14. #14
    Quote Originally Posted by OliverSykes` View Post
    No free coins?
    I get why they wouldn't want to. It would be incentive for other people to try to hack them again if every time there is a security issue everyone gets coins.

  15. #15
    Did you guys have interns design the system? Not sure how else a developer would be incompetent enough to provide third party services access to the database.

  16. #16
    Quote Originally Posted by BenStark View Post
    I get why they wouldn't want to. It would be incentive for other people to try to hack them again if every time there is a security issue everyone gets coins.
    If someone breaks into the database they could simply set their own coin amount to over 9000 rather then invoke total chaos by stealing game accounts.

  17. #17
    The only thing is asking for gold coins ? Really Guys? Its not the fault if S2 ;/ Shame on You Guys Rly. Ty for the Clear Statement Maliken.

  18. #18

  19. #19
    thanks

  20. #20
    Quote Originally Posted by Maliken View Post
    We know that only passwords were stolen. No credit card or billing information was compromised, as we do not store this information.
    So, the hacker didn't obtain any email adresses?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •