Discussion InnoGames data breach

[Dursland]

So from the youtube videos being posted on discord of cities being deleted, it's clear InnoGames has suffered a massive data breach.

Why are they not resetting all passwords, or at least notifying users?

Are the affected players going to get their cities restored, including GB levels?

 

[planetofthehumans2]

Apparently you don't need email confirmation for a password change which is pretty bad on security even if a hacker probably has both.

I'm sure if those players report to support, their city will be restored.

 

[Juber]

InnoGames has suffered a massive data breach

This is not true. We have not suffered any data breach. There was a different breach that exposed e-mails and passwords from a different source. If you use the same password here, then other people can of course log in here as well.
We can only tell you to keep your account safe by choosing a secure password, regularly changing it and most importantly, don't use the same one for multiple websites. You can find more about account safety here: https://forum.beta.forgeofempires.com/index.php?threads/how-to-ensure-your-online-safety.15129/

 

[CrashBoom]

and don't use suspicious addons / tools

if you use an illegal tool which does forbidden things
why shouldn't that tool also be doing illegal things to you

"There is no honor among thieves"

 

[PackCat]

So from the youtube videos being posted on discord of cities being deleted, it's clear InnoGames has suffered a massive data breach.

Why are they not resetting all passwords, or at least notifying users?

Are the affected players going to get their cities restored, including GB levels?

Hopefully some of them were the cheaters who were long due for deletion.

 

[Tanmay11]

Inno needs to enable 2FA option for the game asap. regradless where the data was leaked from. its an extra layer of security that's gonna save a lot of headaches for both players and support team. it's already implemented on forum. time to bring it to the game.

This was suggested and forwarded a while ago. https://forum.beta.forgeofempires.c...tor-authentication-to-the-game-as-well.15989/

this is like the only game i play that doesnt have 2FA option.

 

[Juber]

Inno needs to enable 2FA option for the game asap. regradless where the data was leaked from.

But let's be honest: People that use the same password everywhere and don't change it for years don't care enough about security to actually use it. At least that is my opinion.

 

[MooingCat]

But let's be honest: People that use the same password everywhere and don't change it for years don't care enough about security to actually use it. At least that is my opinion.

It should still be an option though.

 

[MonkeyDMonkey]

And in the case of a real data leak from Inno, criminals cannot gain access if 2FA has been set. It would increase the overall security of the account.

 

[CrashBoom]

And in the case of a real data leak from Inno, criminals cannot gain access if 2FA has been set. It would increase the overall security of the account.

in case of a real data leak Inno should delete all passwords immediately and log out all players
that will force all players to request a new one

with that nobody could use those stolen password after the point where Inno knows about it

and then only people who would use the same password for this game and their email would still have a problem

that is how I would do it

 

[Emberguard]

And in the case of a real data leak from Inno, criminals cannot gain access if 2FA has been set. It would increase the overall security of the account.

There are instances where hackers have gotten into 2FA protected accounts on other websites before. 2FA is not a impenetrable defence, though it is a better defence than just password on its own.

 

[Thunderdome]

Man!

I left for a few months (okay, kind of a little bit over a year ago), and chaos just rears its ugly head.

But, in all seriousness, why do I have to change my password just because some dingbat with nothing better to do chooses to do a little breaching and a company that fell short of ensuring our accounts being safeguarded within their databases? And, before someone says something, I do care about security very much but not to the point I have to change my passwords across 20-30 sources every so often (even with more challenges like special characters in the mix) just because of a breach.

 

[-Alin-]

But let's be honest: People that use the same password everywhere and don't change it for years don't care enough about security to actually use it. At least that is my opinion.

Sorry Juber, can't stand this ...t You just wrote here.
Even if they use the same password everywhere, this isn't an excuse for You nor Inno to enable 2FA or implement 2FA in this game.
If they don't care about their accounts is just their problem, why others should not have the right to use it?

I am very strict with security on a daily basis, I don't acces links sent from friends either if I don't know for sure what that link or file does or from which website it is. So for me 2FA is important even with a different password on FoE, are some money and time invested in this game.

 

[Juber]

Sorry for not being to clear with my opinion. Of course 2FA is important for account security, however my point was, that it would not have helped here, since the people affected would not have used it in the first place.
That's the only point I tried to make.

 

[Beta567]

And in the case of a real data leak from Inno, criminals cannot gain access if 2FA has been set. It would increase the overall security of the account.

Unfortunately this is not true. The question is does anyone need to spend time and money to hack your FOE account?

https://www.linkedin.com/pulse/bypass-two-factor-authentication-facebook-accounts-25300-bazzoun/

 

[Emberguard]

The question is does anyone need to spend time and money to hack your FOE account?

Well…. A even better question is could the hacker get the victim to pay them without the victim realising it’s a trap?