Jump to content
Ryan

Urgent Announcement

By Ryan, in Updates

Recommended Posts

Ryan    315

Ryan
Posted

We regret to inform everyone that our web servers have recently been breached, and as a result user information may have been compromised.

At around 9:00 AM CST today (April 18th, 2018) the hacker(s) had infected the game client with malware, causing anyone who opened the launcher/auto-updater to potentially be infected. After some analysis it appears that the malware steals login data from user web browsers whenever launched.

Our systems are once again secure, and the infected client has been removed from our servers (at approx. 6:00 PM CST).

Here's what we encourage ALL players to do to:

  1. If you had opened the launcher during April 18th, 2018 we recommend you run a virus scan from a reliable antivirus software
    • If you aren't sure or can't remember if you ran the launcher, we recommend doing this just in case
  2. Change any important passwords if you believe you've launched the infected client
    • Using a program like http://www.nirsoft.net/utils/chromepass.html allows you to see what logins are stored on your chrome browser
    • We don't believe passwords were compromised unless they were stored in google chrome's auto-fill, but we recommend changing just to be safe.
  3. Make sure to reset your in-game passwords and PINs, as well as your forum password
    • Account PINs were not included in the compromised data, but we recommend a change just to be safe
      • You can type ::changepin to prompt an account PIN change

We sincerely apologize for this ordeal, and we'll be taking further steps to prevent anything like this from happening in the future.

Feel free to private message me on forums if you have any questions or need any assistance regarding this issue

Sincerely,
The Staff Team

Share this post

Link to post
Share on other sites

Goobymunch    106

Goobymunch
Posted
6 hours ago, Ryan said:
  1. If you had opened the launcher during April 18th, 2018 we recommend you run a virus scan from a reliable antivirus software
    • If you aren't sure or can't remember if you ran the launcher, we recommend doing this just in case
  2. Change any important passwords if you believe you've launched the infected client
    • Using a program like http://www.nirsoft.net/utils/chromepass.html allows you to see what logins are stored on your chrome browser
    • We don't believe passwords were compromised unless they were stored in google chrome's auto-fill, but we recommend changing just to be safe.

So if you don't use google chrome does that mean you weren't infected?
Or is there a similar tool for other browsers like Opera, Firefox etc.

Share this post

Link to post
Share on other sites

Doggy    69

Doggy
Posted

Be like fortnite and give us a cute backpack for the problem. No worries Ryan senpai.

 

Plot twist: they hacked Ryan's account on forums and that link is actually a huge virus/keylogger. Go no re

Share this post

Link to post
Share on other sites

Goobymunch    106

Goobymunch
Posted
5 minutes ago, Doggy said:

Be like fortnite and give us a cute backpack for the problem. No worries Ryan senpai.

 

Plot twist: they hacked Ryan's account on forums and that link is actually a huge virus/keylogger. Go no re

I was thinking the exact same thing l0l but its displayed as a broadcast ingame so probs not.

Share this post

Link to post
Share on other sites

Doggy    69

Doggy
Posted
5 minutes ago, goobymunch said:

I was thinking the exact same thing l0l but its displayed as a broadcast ingame so probs not.

gotta change my premium porn password bro :/

Share this post

Link to post
Share on other sites

FP King    12

FP King
Posted

I would recommend everyone to use Malwarebytes to scan their computers and SUPERAntiSpyware. The former should work on OSX as well.

 

Remember to never ever save passwords in chrome or any other browser. Use something like LastPass to hold your passwords, and don't ever use the same password anywhere.

Share this post

Link to post
Share on other sites

Ryan    315

Ryan
Posted

Clarification/update on the malware:

After reverse engineering the infected client it appears that the malware does not actually execute (those who understand some Java may be able to see in this decompiled class https://i.imgur.com/4w0lpl4.png)

This may be good news, because there is a chance that the malware was not programmed properly for those who launched it, meaning no personal data was stolen. But in case we're wrong or missing anything in our analysis, I had administered this warning for everyone to be completely safe.

EDIT: It appears after testing with a more reliable decompiler, it unfortunately does in fact execute.

Share this post

Link to post
Share on other sites

Phenomenon    398

Phenomenon
Posted

 

Just now, Ryan said:

Clarification/update on the malware:

After reverse engineering the infected client it appears that the malware does not actually execute (those who understand some Java may be able to see in this decompiled class https://i.imgur.com/4w0lpl4.png)

This may be good news, because there is a chance that the malware was not programmed properly for those who launched it, meaning no personal data was stolen. But in case we're missing anything in our analysis, I had administered this warning for everyone to be completely safe.

Thank you for the update Ryan,

I (along with the entire community i'm sure) appreciate how fast you not only diffused the situation, but also making an announcement about it for all to see.

 

  • Like 1
  • Thanks 1

Share this post

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Go To Topic Listing Updates
×