Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Quick Links
DayZ security breach
Just got this email:
"Hello,
A security breach has sadly happened to DayZ, we are sending out a mass email to notify users who currently do not know.
To stay informed please refer to:
http://dayzmod.com/forum/showthread.php?tid=9123
A short summary:
Our forum database has been comprised and users are urged to change their passwords.
This is a good time to inform users to do good password practices, if you are not tech-savvy with today's modern age there are various different articles on practicing safe passwords and so fourth, below will contain a link that users should read to keep secure passwords so when security breaches like this happens you are not effected on a personal way. If you are contacted by a person claiming to be with the DayZ Dev team and they ask you for any personal information do not respond to this person and block them from contacting you. DayZ Dev Team will not ask you for any personal information or passwords.
https://itservices.uchicago.edu/page/good-password-practices
Also along with this database security breach our us.armafiles.info mirror (US Mirror) was also comprised and the attacker tried to spread a malicious application to infect users, if you downloaded an application called 'dayz_auto_updater.exe' from early this morning US Eastern time 6-8am on the date 6/9/2012 you should scan your computer for viruses and check your Appdata folder for .exe's containing the file names:
D3D8THK.exe
VSCover.exe
An extensive report by ThreatExpert can explain how to locate these malicious applications:
http://www.threatexpert.com/report.aspx?md5=ead7a55075d5ce1a32353832bed88069
And lastly for server hosts who have provided DayZ with RDP details for their servers are to quickly react on this and to change the RDP's account password and scan your server for any of the malicious software above as your servers integrity is comprised. Please do not contact DayZ Dev Team with new RDP Details, DayZ is no longer requesting RDP details for servers after this breach and hosts will be required to maintain their servers on their own. If a server host is contacted by anyone claiming to be with the DayZ Dev Team and are asking for server RDP details do not reply to this person and block them from getting in touch with you. DayZ Dev Team will not ask you for RDP details.
We cannot express how deeply sorry we are that this happened and are correcting our mistakes where we have went wrong so such a breach never happens again.
With kind regards,
Tonic
DayZ Dev Team"
Comments
Yeah I read about this on the DayZ forums as soon as they posted it. Unlike a lot of big companies however they were very quick to fix the issue and alert their player base as to what had transpired, exactly what steps they took to correct it and what the players should do to secure their end of things. This to me deserves huge kudos to the DayZ team. They took decisive action immediately and are already looking at legal action against the parties involved in the breach (They already know who did it which is impressive in itself). Other online companies should be taking notes on how to best handle a situation such as this as the DayZ team was right on top of this as soon as it occurred.
Edit: Oh, and it's also worth mentioning that they did all of this without taking the game offline for even a minute. Their main site was down for approximately 1 hour while they did a roll back as well. Their main concern through all of this was the end users which is more than I can say for most companies whose only concern is how to make it seem like it's not their fault even if it means putting users at further risk by not telling them the full extent of the problem.
Bren
while(horse==dead)
{
beat();
}