OP Productions LLC issues Security Alert for The War Z game players, We are sorry to report that we have discovered that hackers gained access to our forum and game databases and the player data in those databases. We have launched a thorough investigation covering our entire system to determine the scope of the intrusion. This investigation is ongoing and is our top priority. As part of the remediation and security enhancement process we will be taking the game and forums down temporarily. We are issuing this Security Alert to all Survivors as a precaution so you can take some precautionary measures on your own. We have already taken a number of steps to increase security and are continuing to work with external advisors and investigators to identify and implement measures to minimize the chance of this happening in the future. The data accessed included email addresses used to log-in to the forum and game, forum passwords which we encrypt, encrypted game passwords as well as in-game character names and the IP addresses from which players log-in to the forum and to the game. If you posted other information to the forum it is likely that such data was accessed as well. We do not collect the names or addresses of our gamers so that information was not impacted unless you posted it on the forum. We are investigating whether additional information may have been obtained. No Payment information Exposed.All payments are made through a third party and not through our system. Therefore there was absolutely no exposure of your payment or billing information of any kind. Email Addresses.If you registered on our forum your registration email address was taken. Those Survivors who use the same email address to access their game accounts should be aware that the hackers have the email address. Passwords.We encrypt all passwords. However, there is a possibility that simple passwords can be obtained using brute force even if they are encrypted. Our research shows that many users are not using strong passwords. Therefore, we are asking all of our players to please change your passwords immediately. You may do this by visiting our website or by clicking "Forgot Password" on The War Z launcher screen. If you use the same password for accounts on other services, you should change those passwords as well. Please make sure to use a strong password that is unique and uses a combination of upper and lower case letters, numbers and special characters. Longer passwords are stronger. We suggest not to use password shorter than 8 symbols, with 12 to 15 symbols long password being preferred. What we are doing.We have engaged outside experts and investigators to assist in our investigation of this incident and committed substantial resources to that effort. We have identified how access was obtained and have enhanced our security to improve game and forum safety. We are undertaking a full review and update of our servers and the services we use and adding additional security mechanisms. The security of your data is important to us and we want our players to be assured that we take this situation very seriously. We have taken steps to improve security to minimize the chance of this happening in the future and will continue to invest in improving security going forward. This has been a humbling experience for us. While we all know that there is no guaranty of security on the internet, our goal is to try our very best to protect your data. We sincerely apologize. We will update you on status as we make progress. Thank you, The War Z Team
OP Productions LLC Issues Security Update for The War Z Game Players We’ve concluded our preliminary investigation of the attack by hackers on our forum and game. This Security Update is being issued to advise our players and forum participant on the preliminary results of our investigation. We will continue to work with security experts and our internal team to improve our game network and are cooperating with authorities in their investigation. What we have learned. 1) Our Investigation. As soon as we learned that hackers had obtained access to our forums we began a thorough investigation, calling on our internal team as well as outside experts. For purposes of the investigation we assumed the worst, that the hackers gained access to the entire system, and reviewed the entire system for evidence of access, security vulnerability and other tampering. With the preliminary investigation completed, we have learned that the attack was concentrated on the forums. We did not find definitive evidence that our game account database was accessed. 2) Our Forums were accessed by hackers. Hackers were able to access certain administrator accounts on our forums using previously installed backdoors. Using these accounts they were able to access and delete the forums database which contains all forum messages, as well as forum participant account information. 3) Information that was accessed. The forums database contained unencrypted email addresses used to log-in to the forum, forum passwords which were encrypted, as well as IP addresses from which players log into the forum. The database did not contain player names (unless identified in their email address) and did not contain payment information, which we do not receive or retain. Forum passwords were encrypted, but our investigation indicated that many participants use weak passwords that could be guessed using brute force. 4) Access to the game. Forums are hosted independently from the game. They are not connected to the game itself. By accessing the administrator accounts the hackers were able to obtain the administrators' passwords used for their game accounts. With these passwords the hackers were also able to access certain “dev” level game accounts and play the game using those accounts. They were able to ban up to several dozens of players randomly. We disabled the hacked accounts, identified the wrongly banned players and reversed those bans within hours of the attack. 5) No definitive proof of access to Game Accounts Database. We have not found definitive proof that hackers were able to access the game accounts database. Because we value the security of the game data and the privacy of our players we took an aggressive and comprehensive approach in our investigation. Better to be safe than sorry. Out of an abundance of caution we advised all players to change their passwords, and, if they used the same email and password for other accounts, to change those passwords as well. We suggested using longer and stronger passwords with a combination of numbers, upper and lower case letters and special characters. Although there was no evidence of access to player game accounts, we believe taking this cautious approach will help improve our game security. We are proud that our players have followed our recommendation and changed their passwords. What we doing ? 1) As a result of our investigation, we have taken steps to improve security of the forums and the game. We took forums offline, completely wiped the forums servers and reinstalled new software. We have installed several layers of hardware and software security. Players may see some of these measures, but most are behind the scenes. In addition we have made changes for aesthetic purposes, such as switching to IPB. We are confident that the changes we have made will make our forums more secure as well as will increase usability. 2) In order to enhance game security, we took the game offline on for half a day on April 1 and 2 to completely reinstall all software we’re using, install additional hardware protection against possible attacks, and install additional third party services to help us check and monitor security of the whole system. We are continuing to invest significant resources to make our system even more secure 3) We continue actively working with several third party security experts and are giving our full cooperation to authorities in their ongoing investigations into the attack, it’s origin and methods used. We all know that the online world is never 100% secure against aggressive and sophisticated hackers. This experience has been a humbling one for your War Z Team. We have recommitted ourselves to providing a secure and enjoyable game for our players. We will keep working to improve our game and our security in keeping with that commitment. We are sincerely sorry that this incident occurred and greatly appreciate the loyalty of our players. We will keep the forumbreach@thewarz.com email account open so that we can address any questions, concerns or suggestions you may have.