DayZ massive, change your passwords. Now.
The DayZ forums have reportedly suffered a pretty serious security breach.
The email confirms all user names, email addresses and passwords were accessed and downloaded, which spells trouble – although the passwords were, thankfully, not stored in plain text. If you have ever been a member of the forums, it’s worthwhile changing any login for which you used a duplicate password, and also stop doing that.
The DayZ forums are currently down for maintenance, and will be migrated over to Bohemia’s tech to reduce the risk of future incidents.
The breach appears to have occurred about a week ago, which is a long time for this information to be in the wrong hands without notification to users – although it’s possible there has been a second attack.
Here’s the full text of notification email:
A security incident occurred on forums.dayzgame.com recently. According to our investigation all usernames, emails and passwords from forums.dayzgame.com were accessed and downloaded by hackers.
While the passwords were not stored in plain text, but in a more secure form, it is highly recommended that if you have used the same password elsewhere you change it immediately on all applicable websites and services.
We would like to apologize for the inconvenience caused, and share with you one of the major changes planned in order to mitigate similar risks in the future. We will be replacing the IPBoards login system with Bohemia Account within the next two weeks. As Bohemia Account is a separate custom-built service currently used by Bohemia Interactive Forums and Store, it offers much better security and its use should prevent similar incidents going forward.
We ask for your patience over the next few days and weeks as we implement this and other security overhauls, as there are likely to be service interruptions and forum unavailability from time to time. In particular, the forums will be down until migration to the Bohemia Account is complete. We will keep you up to date on vital info and scheduled down-time on the site itself and via our Twitter.