Bohemia interactive has confirmed that hackers have accessed the DayZ forums, and in turn, have accessed users’ usernames, email addresses and passwords.
The tiny piece of good news is that the passwords were not stored in plain text, and were stored using a more secure form. To be safe though, Bohemia is recommending users that have used the same password across multiple other sites to change their password on those other sites.
To combat this in the future, Bohemia will replace the IPBoards login system with Bohemia Account, which will be implemented in the next two weeks. Until then, the forums will be offline.
Also affected by the hack was with web version of DayZ; Mini DayZ. Bohemia stated in a Twitter update that they will get it back up ASAP.
The full email sent out to those registered to the forum is as follows (via Bohemia):
A security incident occurred on forums.dayzgame.com recently. According to our investigation all usernames, emails and passwords from forums.dayzgame.com were accessed and downloaded by hackers.
While the passwords were not stored in plain text, but in a more secure form, it is highly recommended that if you have used the same password elsewhere you change it immediately on all applicable websites and services.
We would like to apologise for the inconvenience caused, and share with you one of the major changes planned in order to mitigate similar risks in the future. We will be replacing the IPBoards login system with Bohemia Account within the next two weeks. As Bohemia Account is a separate custom-built service currently used by Bohemia Interactive Forums and Store, it offers much better security and its use should prevent similar incidents going forward.
We ask for your patience over the next few days and weeks as we implement this and other security overhauls, as there are likely to be service interruptions and forum unavailability from time to time. In particular, the forums will be down until migration to the Bohemia Account is complete. We will keep you up to date on vital info and scheduled down-time on the site itself and via our Twitter.