If passwords were soldiers, you'd not entrust them to protect even the most minor strategic point. They may look the part, but they're always getting captured. Arma 3 developer Bohemia Interactive are the latest group to fall victim to nefarious internet mercenaries - who broke into the website and took users' account names, emails and passwords. Luckily, those passwords were encrypted, ensuring the hackers are just getting the Geneva Convention standard: name, rank and number.
This is becoming increasingly routine: an online service has been hacked; usernames, emails and encrypted passwords have been compromised; no personal payment information has been taken. The standard drill, basically. This time it's Ubisoft that's been hit; affecting users' web and uPlay account. Clearly someone took the premise of Watch Dogs a little too seriously.
More information has appeared about the source of this morning's (now removed) leaked videos of Far Cry 3: Blood Dragon. Eurogamer report that Ubisoft's uPlay launcher has been exploited by Russian hackers, allowing them to freely download the service's games. Supposedly, the hackers' software tricks the launcher into thinking the user already owns a particular game, allowing them to download it for offline play, and thereby bypassing the uPlay DRM.
In a statement made where their forum page used to be, OP Productions, publishers of The War Z, say that hackers have infiltrated the databases for the game and forums, gaining access to player information. In response, the game has been taken offline while they investigate the system vulnerabilities that led to the infiltration.
A security flaw has surfaced in the browser protocol Origin uses to launch games through custom links using the "origin:" structure. As Ars Technica reports, research group ReVuln demonstrates how a malicious program can be executed via a modified Origin link masquerading as a game launch.
The continuing saga of The War Z's misfortune - er - continues, although this time the game's not making headlines for the actions of its creators. Over the past few days The War Z's servers have been subjected to a variety of attacks, as hackers target the game for whatever reason it is that hackers attack anything. They're bored, I guess.
Riot Games have notified all EU West and EU Nordic & East League of Legends players warning them that their account details may have been compromised by hackers.
Some players' email addresses, encrypted account passwords, and dates of birth have been leaked. As a precaution Riot recommend you change your account password immediately by logging in here and clicking "my account" page in the top right.
Numerous players on the Battle.net forums say their Diablo 3 accounts have been hacked. Affected players logged in to find all of their items gone and, in some cases, strangers added to their friends list. There are even a few players with Blizzard Authenticators are claiming that they've been compromised.
This morning, our own Tom Hatfield woke up to find all of his items gone, Eurogamer's Chris Donlan was found wandering around Sanctuary being controlled by someone called "Anna", Team Dignitas' Nathaniel tweeted to say that all of his items have been nicked. "I love always on DRM to protect servers," he says.
It's often hard to get a handle on the numbers affected by a hacking outbreak, but the amount of anecdotal accounts suggests a significant problem. It's bizarre enough that players running through Diablo as a single play game are having to put up with account hacks and disappearing items, but there's another concern. The real money auction house is due to open next Tuesday.
It looks as though German MMO publisher, Gamigo, has been hit by hackers. Trying to access their site brings up a publisher message saying that the company have "detected an illegal intrusion" into the gamigo Account System, and have "turned off all possibly affected services to investigate."
Like every competitive shooter, Battlefield 3 has a problem with hackers and cheats who use exploits and aimbots to boost their stats. Recently the problem seems to have become more serious. The unofficial BF3 blog mentions an instance in which one of DICE's own moderators was uncovered as a hacker. Now a group of hackers are advertising an exploit that allows them to get innocent players banned.
The author of this Reddit post got in touch yesterday with links to hacker forum discussions revealing exploits that would trick Punkbuster into ejecting honest players. A number of threads on the Battlelog forums have been started by players claiming to have been banned from Battlefield 3 games without cause. There are plenty of reports of servers and leaderboards dominated by bots racking up hundreds of kills.
DICE have recently said that they're ramping up anti-cheat measures and have been issuing bans en-masse to cheaters they've been catching, but among Battlefield 3 players there's increasing scepticism over the levels of security offered by anti-cheat program, Punkbuster.
UPDATE: The Game statement has now been released. "We have thoroughly investigated the hacking claims made today by the website Pastebin, and can confirm that they are entirely false. The published email addresses are not registered users of GAME.co.uk, and there has been no breach of our database security," says Game's Anna-Marie Mason on MCV. "We would like to assure all our customers that their details are well protected, and advise anyone who has any questions to contact our customer services team via the website, our Facebook page or Twitter account."
ORIGINAL STORY: British retailer, Game, has had its records hacked, according to a report on Softpedia spotted on MCV. The hackers have posted 200 email addresses and passwords online. It's not known whether they also got their hands on any payment information but Game are due to release a statement shortly. Tasmanian site, Catalyst-Gaming, was also hacked, with similar results. If you have a Game login, you might want to jump in and change your password.
Valve have just informed us that Steam's database has been compromised.
An IM is being sent out to all Steam users. Here are the details straight from Gabe:
"Our Steam forums were defaced on the evening of Sunday, November 6. We began investigating and found that the intrusion goes beyond the Steam forums.
We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked."
Valve are investigating the situation. They mention that there's been no evidence of illegal credit card activity as yet, and that it's probably a good idea to change both your Steam passwords. To do that, access Settings from the Steam menu within the client.
Newell signs off his IM with sincerity: "I am truly sorry this happened, and I apologize for the inconvenience."
Steam joins a long list of high profile targets who have recently been targeted by hackers. Sony, Codemasters and Bioware have all taken the hit. Valve recently announced Steam Guard, designed to increase account security; Gabe even gave out his password to show off its true power. That makes us extra sad.
Click through for the IM in full.
Blue's News are reporting that the old QuakeCon forum site has been hacked, with username and password data compromised.
In a story posted on the QuakeCon website, the admin write: "In recent days, a hacker carried out an unlawful intrusion of the old forums.quakecon.org site, compromising usernames and passwords. While we have taken appropriate steps to protect the new forums from attack, we recommend anyone using their old credentials on another site to change their passwords immediately.
We regret any inconvenience this may have caused, and suggest you migrate to the new forums — which will be live shortly — to discuss QuakeCon 2011."
It is advised if you ever used your QuakeCon username or password for another website that you take steps to change them to help protect yourself against intrusive action.
Early preview code for Deus Ex: Human Revolution was leaked onto the web back in May. The preview offered a ten hour chunk of the game similar to the code we used to bring your our Deus Ex: Human Revolution previews.
Square Enix may have found those responsible for leaking the early code. Kotaku reports that the publisher has filed a lawsuit accusing fifteen Italian nationals of stealing and illegally distributing the preview.
After almost two months of cyber-attacks on dozens of targets, hacker collective Lulzsec declare that they have disbanded. The group have claimed responsibility for the data theft and denial of service attacks on a number of gaming websites, including Minecraft, Eve Online, Codemasters, Bethesda, Sony and Nintendo, and even claim to have targeted government sites like Senate.gov.
In a final statement, Lulzsec declared that the 50th day marked the end of their attacks, and leaked a final salvo of illegally obtained information, including details of hundreds of thousands of Battlefield Heroes accounts.
Another day. Another hack. Bioware's Neverwinter Nights forums have been hit by "a highly sophisticated and unlawful cyber attack." According to Bioware, "user names, encrypted passwords, email addresses, mailing addresses, names, phone numbers, CD keys and birth dates" have been compromised. Sensitive information like credit card details and social security numbers were not affected by the breach.
The suspected ringleader of Lulzsec has been arrested in a joint operation between Scotland Yard and the FBI. The 19 year old Brit is accused of masterminding the recent spate of cyber-attacks on CIA.gov and a number of games company sites, including Nintendo, Minecraft and Eve Online.
The teenager was apprehended at his home in Wickford, Essex, in a joint operation that could see the suspect extradited to America to face charges, reports Sky News.
Update: Lulzsec have tweeted in response to the arrest, saying "seems the glorious leader of LulzSec got arrested, it's all over now... wait... we're all still here! Which poor bastard did they take down?" The suspect has been named by the press as Ryan Cleary, and is thought to be an ex-member of notorious hacking organisation, Anonymous.
Epic and Bethesda are the latest victims of wave of cyber-crime that has so far seen data stolen from a number of games company sites, including Sony Online Entertainment, Nintendo, Eidos and Codemasters.
A post on the Bethblog yesterday revealed that the game publisher's site and forums had suffered "an unlawful intrusion" that resulted in the theft of an undisclosed number of forum and website passwords and email addresses.
On Friday, Epic sites also experienced downtime in the aftermath of a similar attack that compromised a number of forum accounts. Thankfully, both companies report that no credit card information was stolen. Other companies have been less fortunate.
World of Warcraft isn't just a game, it's a money-making empire for both Blizzard and an army of criminals that would love nothing more than to make real money from your virtual gold. You might think you're safe, but the techniques they use to get their hands on it go far beyond guessing your password.