Watch out League of Legends fans because before you know it, your favorite online game could soon be the victim of a malicious attack.
The last week has been a busy one for hackers across the globe, including the one who hacked into Heroes of Newerth databases Monday night, stealing an unknown amount of personal data from fellow gamers, including passwords and causing servers to shut down. Since that time the servers have been restored and passwords rest, but it seems this will not be the end of the anonymous hackers havoc wreaking game hacks-apparently he has his eye on League of Legends (LoL) next.
Calling himself Ryan_HTP, the hacker is reportedly a network security engineer from Belarus. It seems the fellow is searching for a bit of a limelight as today he revealed his tricks to angry Heros of Newerth (HoN) players through an Reddit AMA where he told onlookers the following:
"I am the guy who hacked HoN, ask me anything..."
The anonymous hacker went further, posting several insights as to his process, while delivering the unsettling news, that League of Legends (LoL) was indeed next on his list of games to hack.
"I will disclose the vulnerabilities as they patch them. As of right now I have multiple, none patched. I exploited a SQL injection vulnerability to first gain access and download the database, I found more vulnerabilities later on."
"I hacked HoN because there's nothing as hilarious as seeing a bunch of fanboys of a game get enraged over the fact that their favorite game has been hacked."
"I guess I'll do LoL next as this was so funny."
Though the feat of hacking into a highly popular game such as Heroes of Newerth (HoN) is certainly notable, it seems most not only are unappreciative, but are calling out the self-centered hacker for exactly what he appears to be-nothing more than an attention seeking individual with too much time and too few friend to keep him busy apparently.
In the words of reddit user fahaddddd
"The attention whoreness is strong with this one..."
Or as reddit user itznotme stated,
Now this is what I have a problem with:
- When things happen like this, you always have to deal with the outspoken, boastful and intensely arrogant attitudes that each hacker brings. Frankly, it's old, usual and boring. No one likes that in real life. No one likes it online.
- You say you have a day job. You say you're a network security engineer since 1995. That is to say you're a grown adult with a presumably reasonable income. Yet, you not only hack into a system stealing all of the passwords of users, but you then are selling those very accounts to others. Not only is it immoral (albeit illegal) but it is also incredibly juvenile. I can't seem to take you seriously when you say you have an adult job when you come on here saying "look how bad these people got owned. I'm going to sell accounts for money." All I'm left to assume is that you're somewhat of a pompous man-child who does nothing but make small change off of a 13-year-old kids' piggy bank.
Still, the fact that the server was compromised, as well as numerous player's passwords stolen, brings a spotlight to the lack of security which must be present in the Heroes of Newerth game as a whole.
As reddit user anarchistsomalia observed:
"I don't play HON, but I've been reading this thread. This guy is a script kiddie if I've ever seen one. No serious hacker would go on the subreddit and ask for attention. His stunt is more a testament to the HON web developers' and system administrators' poor security than his "hacking" skills. SQL injections are like the lowest form of web-based attacks you can do, and they're quite easy to prevent.
The fact that he then went on to access streams and Twitter accounts suggests that either 1. they stored the passwords in plaintext which is another terrible practice or 2. the accounts he did have to crack used very simple passwords and/or were very simply protected 3. the targets chose on other sites were those who use the same email/password there as they did for HON.
Direct your frustrations at the S2 guys, because it's their fault the information was so easily accessed and then broken down. This kid essentially walked over a downed fence and then claimed to have broken into a high-security mansion. He merely lucked out and wants his fifteen minutes of fame."
It seems this redditor is not the only one who feels this way about the lack of Security in games like Heros of Newerth ( HoN) as even the hacker himself states that the security is less than desired:
"The vulnerability in their systems was just pathetic, I am surprised nobody else has hacked HoN before. And I still have a plenty of vulnerabilities left and will hack HoN again on the 25th of December (Merry f**king Christmas S2)."
Even though systems have been restored, there are still many who have yet to reset password information, prompting Heroes of Newerth developer, S2 Games, to issue a warning to all users: Please change your passwords! In addition, the company is also asking that anyone who has accounts that share details with Heroes of Newerth profiles to make changes to those accounts as soon as possible.
Though the hacker has made clear claims that League of Legends is on his hit list of games to hack, at this point, studio Riot Games has yet to respond to the threat.
The recent compromise of the Heroes of Newerth accounts however, should serve as a grim reminder never to utilize your real name as a user name. In cases such as this one, you could soon find your information being sold off to the highest bidder.
If more information becomes available, we will be updating this story, but until then, make sure to change any insecure password, use very anonymous user names, and be careful who or what you trust or take for granted on the web.