Hello dear Agents,
On June 17th, 2015 we received an anonymous extortion letter via the support system. The extortionist shared with us that he was able to get unnoticed access to the forum databases through a former exploit, which enabled him to copy data from there. In this post we explain to you what exactly happened, which actions we took or will take and what is important for you.
• In the past, there was an exploit in the forum software we use (IP-Board from Invision Power Services Inc.), which left all forums with this software version vulnerable. An attacker took advantage of this exploit and gained unauthorized access to our forum databases. In addition to the attack, it was possible to install a so called “Backdoor” in the forum software. Although the provider of the forum software published a security update which we applied, the attacker was able to contaminate our forum systems.
• In the course of this unauthorized access, all of the forum database information has been copied. In the current state of affairs, this affects all Hero Zero, Big Bang Empire and Operation X forums. This incident came to light in the night from June 16th to 17th, 2015, as we have been contacted by the attacker with an extortion letter.
• The police and the BSI (Federal Office for Information Security) have been informed immediately after we received the extortion letter. In addition, we are in direct contact with the provider of the forum software to analyze and work through the attack in detail.
In general, we decided to not give in to the demands of the extortionist, but to communicate the incident publicly.
During the past days we installed a completely new and increasingly secured forum server on which the forum system is now running.
What to do now/What kind of data has been stolen?
Data sets from all forum tables have been copied and we assume that the complete forum databases have been copied.
The passwords are saved encrypted in the forum system, so according to the current state they should be safe. To be safe, we still recommend all forum users to change their passwords – especially if the password used in the forum is the same as the password used for the game.
All other data, e.g., name, email address, personal user information, forum posts and personal forum messages were stolen by the attacker.
Is it confirmed that the attacker really copied data?
Unfortunately, yes. The attacker sent us a link to a file which contains the copies of the databases.
Does this affect only forum data or game data as well?
The attacker only accessed the forum databases. Game accounts are not affected.
Is my password still safe?
In general, yes. Passwords are not saved as plain text in the database. Nevertheless we recommend to all users to change their passwords – especially if their password for their game account is the same as the password for their forum account.
Are personal messages affected?
Yes, the stolen data contains personal messages. If you sent passwords for any logins via personal message, you should change the passwords for those logins immediately.
Are payment data, bank account data or credit card information affected?
No! This kind of data information is not saved in the forum databases. In addition, all payment transactions in the games are processed by the respective partner companies (e.g. PayPal).
What does the attacker want to do with the data?
Currently, he threatened to upload the copies of the databases to the torrent network.
Can’t the attacker be identified by his bank or PayPal data?
Unfortunately not. With his extortion, the attacker wants to get money in form of Bitcoins.
Why didn’t you inform us earlier?
After consultation with the police and the BSI (Federal Office for Information Security) we decided to secure all internal systems first and end the attack. With any immediate information, we would have unnecessarily provided the hacker with information about our countermeasures, which would have endangered the cleaning and securing of the systems.
We are truly sorry for this incident and we’re shocked about this attack. We apologize for the occurred inconvenience and we, of course, will review this incident extensively. If you have questions, we will be available for you as good as we can and extend the FAQ if necessary.
Your Playata team