2014 Warframe hack that leaked 775,000 account emails revealed two years later | PCGamesN

2014 Warframe hack that leaked 775,000 account emails revealed two years later

Free-to-play shooter Warframe faced a sizeable hack in 2014 - the usernames and emails of nearly 800,000 accounts were compromised. These are reportedly being traded on the digital black market right now.

Related: check out our massive list of PC's best free games.

Troy Hunt, a security researcher, first flagged the data breach to Motherboard earlier this month. After getting hold of a sample of this data, Motherboard presented it to Digital Extremes and it was identified as authentic. 

“After a thorough review of the data we received, we can confirm that a list of 775,749 email addresses were acquired through a Drupal SQL exploit that was patched by Drupal two weeks after the breach occurred,” says Meridith Braun, VP Publishing at Digital Extremes, in a statement to Motherboard.

“The stolen data DID NOT include any account passwords, variations of passwords, hashed passwords, game account data or personal player information such as full names, addresses or other billing and payment information."

Motherboard say they pressed Braun on this and pointed to some hashes in the data that were marked as "pass", but Braun said that was a placeholder value.

This breach happened in November 2014, but this is the first time we are hearing about it. Because it's only usernames and email addresses, there's probably no need to panic too much, but it's still a huge issue that seemed to slip by without a whisper, and I'd still probably change my password - especially if it's anything to do with your username.

“We take account and game security very seriously and are constantly working to improve and plug any exploits we find,” Braun concludes. “As part of our continued efforts to improve the security of Warframe, over the last year and a half we have added two-factor authentication and also replaced Drupal with a custom website system that no longer stores any account information to avoid exposing ourselves to these sorts of attacks.”

Sign in to Commentlogin to comment