Back to www.dofus.com
 

No flash

 
News
Home / Community / News
Important informations
2011-08-01 11:21
On Friday, 29th 2011, our systems detected an intrusion on some database servers. Though we cannot get any evidence yet, these people may have obtained access to some player account data. We invite all our players to change their password in order to protect their account security.

For the majority of players there is no cause for concern, the data that we suspect of being compromised was encrypted; it would be almost completely unusuable in this state.

All payments on DOFUS sites are directly done between players and our payment partners, absolutely no credit card or bank information is stored on our servers. No one can access this kind of data through our servers.

Because your security is our priority, we would like to announce that a new certification system will soon be added on DOFUS. This system will allow you to specifically define the computers where you plan to use your DOFUS account. Then, even if some unscrupulous person does gain access to your account, your characters' items will be protected.

This system - which has been under development for some time - will be stepped up and released as soon as possible in response to this unfortunate incident.

We are using all our available resources to increase and ensure the account security of all Ankama players.

Thank you for reading, and for your understanding and patience.

Comments
93
To comment, you need to login to your account or register an account
talorj 31 July 2011 - 22:00
years ago i let my kids makes these accounts .so i now have 6 accounts i cant change pass to any sugestions?
alirezad 31 July 2011 - 19:07
what do you mean you mean people finding out our passwords???
-------DaviD------- 31 July 2011 - 17:09
24ppl like this on Facebook, how can you like this omg o.O"??
Angelcatmalo 31 July 2011 - 16:15
i canged my pasword but it will be like the old one but thankyou for saying
Devil-Alt 31 July 2011 - 15:40
Ok Changed my password. Thank you for telling me this
low-peoples 31 July 2011 - 14:50
For goodness sake. I'm sick of seeing the whining posts.

The point is, change your passwords. The data that was stolen probably uses a similar level to that of PSN, which was as simple as salted MD5 hashes, with a SHA1 interface to triple encrypt passwords.

If that's case then it's a simple case of either using one of the many md5 hash decrypters, or posting them on somewhere such as hack-forums, where many users will decrypt the hashes for free.

If you want your data to stay safe, I would change your password to be sure. Take one look at how they entered the database to steal the data, and then compare that to typing that data to someone else, who gives them the straight password. They've already done the hard bit, now they have the easiest part ahead of them.

kthxbai.
darraxiin 31 July 2011 - 13:03
Not long before seeing the "Important informations" post, I received a fairly dubious email from "DOFUS" claiming that I'd tried to sell my account. Just hovering over the links on the email showed that they didn't direct to the Dofus website. I'd imagine that the data stolen were actually email addresses of users and that the majority of account or item loss was down to phishing.
Apologies if I am grossly mistaken.
Gunnerwolfang 31 July 2011 - 12:23

(SamIsHawtxD @ 31 July 2011 12:14) *
If most of it is encrypted, chances are your accounts will be safe.
Safe? Then how come this thread exist advising players to change our password?

When I say hacked, I mean encrypted information were decrypted by those who broked in and accessed the players account database as described in the announcement. The french forum even say that the company knows whose accounts were accessed, which means that safe players were compromised due to acts that were not their fault.

1. They broke in the system and accessed the players database information.
2. They decrypted those info.
3. They accessed those accounts.

May I ask you, do you play safe? Would you follow this threads advise to change your password?
SamIsHawtxD 31 July 2011 - 12:14
If most of it is encrypted, chances are your accounts will be safe. And when you say people were "hacked" (@Gunnerwolfgang), you probably mean they were phished or tricked into telling their information, and that's not hacking, that's social engineering... This means that as long as you have a functional brain, your efforts playing this game won't be in jeopardy.

Furthermore, the new system will probably be based on your computers MAC address rather than your IP address based on how many people have dynamic IP's or an ISP that periodically refreshes their customers' IP.

Just don't give your account information out and there's no harm done. Simple as that xD
Gunnerwolfang 31 July 2011 - 04:18

(InuzukaKiba @ 30 July 2011 05:59) *
Click here

Google translated quote: "In any case, we know precisely what accounts have been accessed by intruders, we can act accordingly if problems are found. "

That either means "we know what accounts they have", or "we can figure out which accounts intruders have entered if necessary." Regardless of which one he really means, it's good news.

inb4 a bunch of people that were compromised through their own fault roll on through.
How would they know if a account was accessed by a IP switching hacker or an IP switching original owner? Any player trying to make a profit can log on another IP and take their items and pretend that another IP have taken their items?

If they know precisely what account info was leaked, wouldn't it be less alarming to just contact those players in-game rather than advise all 1million+ players to change pass?

If encrypted account info were leaked and accounts were accessed by hackers, what assurance can players have that it can not happen again or that it have never happened before? A lot of players have been hacked in the past, what if those were same case but have only been discovered today?

In short, how secure are players investment (time, money, effort) in this game?