The online forums of the DayZ gaming community were compromised around January 23 by a group of Saudi Arabian hackers known as OurMine.
DayZ is an open-world survival video game and the stand-alone version of the award-winning ARMA II mod of the same name. The game, developed by Bohemia Interactive, is quite popular even if it's still in an alpha stage.
According to a screenshot on their Tumblr account, on January 23, the Our Mine hacking crew managed to penetrate the official forums of the DayZ community, stealing details about over 200,000 usernames.
OurMine defaced the forums' frontend
The hackers didn't operate in the shadows and left a visible topic on the forum's main page. On the same date, the DayZ development team took to Twitter, warning of a possible data breach.
"Survivors, We've experience an outside security breach of our forums. We suggest playing it safe and changing your password just in case," the DayZ team tweeted out.
As an investigation was started to see what went wrong, the forums' admins found signs that data has been stolen from their database. Yesterday, the DayZ staff sent a message to all forum users, confirming the incident and asking users to change their forum passwords and those for other accounts where users utilized the same username and password combo.
Usernames, emails, and passwords stolen
The development team said that hackers stole only usernames, emails, and hashed passwords. Additionally, the team also announced they would start work on replacing their forums' built-in login system with their own authentication system, considered more secure and also used for other Bohemia Interactive services.
The DayZ forums were using the IPBoard bulletin board software. According to discussions on the IPBoard official forums, DayZ admins were seriously lagging behind, running a very old version of the forum software, (3.4.8 or 3.4.9). The 4.x branch is the current IPBoard version considered to be stable and secure.
As for the hackers, we wrote about the OurMine team last July, when the crew started moving up in the hacking community, graduating from social media and gaming accounts to launching DDoS attacks against financial institutions.
Hey all. Our website, forums, and Feedback Tracker will be down for the time being while we work on security updates. — DayZ Development (@dayzdevteam) February 3, 2016
Heads up gang, servers will be offline for an hour due to security updates (1400-1500 CET). — DayZ Development (@dayzdevteam) February 4, 2016
For those who may not have yet checked email, here is an update on our recent security breach. Questions welcome. pic.twitter.com/4zEz03UL2s — DayZ Development (@dayzdevteam) February 4, 2016