DayZ in a Daze: Forum Breach Confirmed

DayZ in a Daze: Forum Breach Confirmed

Back in 2012, the team working on the DayZ mod had their forums and main email account compromised – with a piece of malware uploaded to “Less than 15 percent of game servers” being the final cherry on the zombie cake.

In 2013, what might have seemed like a zombie curse struck again with a second bout of forum compromising action. By this point, DayZ was no longer a standalone mod maintained by an enthusiast but under the care of Bohemia Interactive and a fully fledged Alpha release videogame.

Unfortunately, it appears that their run of “No hacks please, there’s zombies to deal with” has run aground and, once more, we have a breach. Usernames, passwords and emails are the name of the game, although they state that the passwords aren’t plaintext so that’s something.

The notification email – which was actually preceded by a message posted to Twitter more than a week ago – reads as follows:

Greetings, A security incident occurred on forums.dayzgame.com recently. According to our investigation all usernames, emails and passwords from forums.dayzgame.com were accessed and downloaded by hackers. While the passwords were not stored in plain text, but in a more secure form, it is highly recommended that if you have used the same password elsewhere you change it immediately on all applicable websites and services. We would like to apologize for the inconvenience caused, and share with you one of the major changes planned in order to mitigate similar risks in the future. We will be replacing the IPBoards login system with Bohemia Account within the next two weeks. As Bohemia Account is a separate custom-built service currently used by Bohemia Interactive Forums and Store, it offers much better security and its use should prevent similar incidents going forward. We ask for your patience over the next few days and weeks as we implement this and other security overhauls, as there are likely to be service interruptions and forum unavailability from time to time. In particular, the forums will be down until migration to the Bohemia Account is complete. We will keep you up to date on vital info and scheduled down-time on the site itself and via our Twitter. Yours sincerely, Bohemia Interactive

In all cases, the weak link in the chain appears to be the forum, and it’s worth mentioning that many people reuse passwords for forum logins. From there, it’s one short step to having all your accounts reusing credentials taken over by scammers.

The best thing you can do here is look into a password manager tool which best fits your needs, while making yourself a lot more secure into the bargain.

As for forums, managing them can be a complicated business. Not all forum packages can be updated automatically, but if you’re using one that has this feature you should definitely make use of it.

There are additional security tips and tricks you can make use of where forums are concerned, but typically these are specific to whatever install you happen to be making use of. In those situations, jumping onto the official site would be the most sensible course of action.

As for DayZ, it remains to be seen if another bout of brain chomping forum mayhem will strike when they least expect it.

The best you can do is to secure your forum accounts with as strong a password as possible and hope for the best. When all else fails, feel free to enter your email address into the wonderful Haveibeenpwned and see if you’re doing the rounds on any database breaches.

Some notification is always better than no notification, whether by email, Twitter or the occasional random Google detective work…

Christopher Boyd

ABOUT THE AUTHOR

Christopher Boyd

Former Director of Research at FaceTime Security Labs. He has a very particular set of skills. Skills that make him a nightmare for threats like you.