Design Notes
April 26, 2024
We do not have a security vulnerability.
Keep your account safe. Never share your password.
Recently, we've gotten questions about a few screenshots that show a list of hacked accounts and their login information. We do not have a security vulnerability. These accounts were "stolen" when players shared their account information. We've already taken action to secure them.
A known trouble maker returned and apparently bought a list of 500 scammed/hacked accounts from a scammer online and has been causing a stir with it. Player support has been being spammed by these individuals as they attempt to use compromised accounts to trick the team or other players into giving them information. We have reset any reported accounts back to their original owner with a randomized password.
Please spread the message that players should NEVER use the same password on multiple sites. A lot of players use the same name and password on other (and older) sites. The danger (and probably what is happening in this case) is the hackers will search for player names on the dark web. If a player used the same password on multiple sites, and one of those sites was breached, the hacker will take the info they find and test it against our games to see if they work.
This reason is why you should never use the same password on multiple sites. It does not matter how secure we are if hackers find your password somewhere else.
Why would anyone steal accounts?
They sell them. Which creates a secondary situation. Because their buyers typically do not know the account is stolen. So when the original owner of the account contacts player support and recovers their account... then the buyer thinks they were hacked. In this regard, the scammer rips off both the original owner and the buyer. This is why we do not allow the selling, trading, or sharing of accounts. Again, there are no security vulnerability in our system. Our password are one-way encrypted and not even the staff can see or unencrypt them. Which is why once again, and I cannot stress this enough... use a unique password for your game accounts.