In the world of cyber security, today it seems no one is exempt from the risk of falling victim to cyber thieves targeting your business and therefore your customers, free online game providers such as S2 Games is no exception.
On December 16, 2012, a popular multiplayer online battle arena game (MOBA), S2’s the Heroes of Newerth (HoN) became the target of a hacker(s) who brazenly claimed credit for the security breach on Reddit, taunting the company in a rather crass vulgar fashion that we will not repost. The hacker is allegedly a Belarus network security engineer and reportedly when he/she hacked into S2’s database and developers did not acknowledge the hacker, in retaliation and “to gain some attention” the hacker took over the accounts of high profile HoN streamers. The hacker claimed there were numerous security holes in S2’s platform network and that he/she was planning on attacking S2 again on December 25. It has since been said that the hacker has sold the stolen data, claiming not to have kept any of the money.
S2’s response to the cyber intrusion was to promptly acknowledge the breach by posting two Security Issues Responses on their website forum warning their customers of the breach and what the company was doing about it. The company stated they were working diligently with their “internal expert security staff” to determine what had occurred and how.
This breach involved only email addresses, usernames and passwords since the company does not store any credit or debit card information, but despite that, the company took further protective measures to ensure no further password storage issues would arise. The Heroes of Newerth site was temporarily shut down while the security team eliminated the third party access points and strengthened the network’s security protocols.
Furthermore, S2 informed its customers of the need to reset their passwords and warned them not to heed any other instructions from parties other than S2 Games. Needless to say the Security Issue Response advised its customers to reset their password for any other site they may have shared their HoN passwords with. For your convenience we have reposted S2 Games Security Issues Response for your perusal.
S2 Games made the following announcement on their website:
Security Issues Response
On Sunday afternoon we became aware of a Heroes of Newerth password security breach. We immediately took steps to limit the risk to our players by directly advising the community to change the passwords for any linked accounts.
We’ve been working around the clock with our internal expert security staff to analyze what happened, and it is our mission to be completely transparent. We know that only passwords were stolen. No credit card or billing information was compromised, as we do not store this information. The security breach occurred when a third-party software that interacts with our account database was hacked. Contrary to some outside reports, the game client was not hacked.
We took immediate action to eliminate any future password storage issues by removing the third-parties ability to access sensitive information.
Additionally, while the game was down we upgraded all security systems. The game is back up and all HoN accounts will be prompted to create a new password. All passwords will be expired upon next login. However, we do want to reiterate that those who used the same password for HoN to access anything else to change their passwords.
We take security very seriously. Players must know their sensitive information is secure and S2 will ensure this is the case, no matter the effort or cost.
If you have any questions do not hesitate to ask our Community Manager @s2xanderK.
Sincerely,
Marc “Maliken” DeForest
Additional Resources About This Breach:
http://www.slashgear.com/heroes-of-newerth-announces-security-breach-17261224/
http://forums.heroesofnewerth.com/showthread.php?469222-Security-Issue-12-16
http://forums.heroesofnewerth.com/showthread.php?469777-Security-Issues-Response