In an email sent to Friday the 13th's most prominent livestreamers last night and obtained by PC Gamer, publisher Gun Media revealed that an exploit was allowing malicious users to kick players from games and take control of their in-game inventories. The exploit was specifically used to target popular streamers.
The publisher stresses that all players' Steam accounts have been, and still are, secure. The 'hackers' did not access any personal information. They spoofed user IDs to appear as other players to Friday the 13th's servers, booting the victim from their game.
"The client is being sent a SteamID and then taking that ID and acting like it's logging in," wrote the publisher. "So, that boots your active game. We only allow one login."
You can see streamer Angry Joe possibly being kicked at the end of this stream. (Warning: very loud yelling.)
“No personal information was viewed, compromised or lost," developer IllFonic told PC Gamer in a statement passed along by the publisher. "We don’t store this information on our database. Our database was not compromised in this attack in any way. Some individuals just found a way to boot some players out of the game and affect player XP, CP and Perks. They seemed to only target streamers and content creators.”
As of now, Gun Media says it is no longer possible to kick players with this method, though the effort to patch up the game's servers is ongoing. "We are working around the clock and have brought in an external security group to help us identify and plug vulnerabilities," says IllFonic.
