Heroes of Newerth hacked

A naughty hacker has busted into the database of S2's Heroes of Newerth, gaining access to account login information. If you've played the DotA 'em up and use a password shared with any other online account, you'll want to get changing those passwords and, honestly, start using individual passwords for each account.

10

A naughty hacker has busted into the database of S2's Heroes of Newerth, gaining access to account login information. If you've played the DotA 'em up and use a password shared with any other online account, you'll want to get to changing those passwords and, honestly, start using individual passwords for each account.

"At 2:30 PM EST we became aware that a Heroes of Newerth password security breach had occurred," S2 Games says in an announcement on the in-game login screen. "We encourage everyone to change any passwords that were shared with your Heroes of Newerth account. Do not change your Heroes of Newerth account password at this time."

S2 has brought the servers down in response, so for now you can't get your HoN on.

Over on Reddit, a chap claiming to be behind the hack says he found several security holes but is keeping them secret until S2 has plugged them.

If the rash of gaming hacks over recent years hasn't convinced you to start using individual passwords and a password manager like KeePass, well, you really should.

Filed Under
From The Chatty
  • reply
    December 17, 2012 9:00 AM

    Alice O'Connor posted a new article, Heroes of Newerth hacked.

    A naughty hacker has busted into the database of S2's Heroes of Newerth, gaining access to account login information. If you've played the DotA 'em up and use a password shared with any other online account, you'll want to get changing those passwords and, honestly, start using individual passwords for each account.

    • reply
      December 17, 2012 9:57 AM

      That's such a pain in the ass though. I have a couple REALLY strong passwords that I use for banking and the like, but I tend to only use one or two for games.

      If S2 managed their security better, it'd be a non issue.

      • reply
        December 17, 2012 10:00 AM

        Time to get Lastpass or KeepPass

        • reply
          December 17, 2012 12:20 PM

          So let's say, theoretically, that I've been using the same 2-3 passwords in a lot of places and the number of stories like this have finally convinced me to change that. Is there a good strategy for changing this up?

          Namely:
          - How hard is it to go and use LastPass/KeepPass to change everything up?
          - Is there any way to find out where all I might be registered? I mean obviously I use my banking credentials regularly but who knows how many obscure-ass sites I've signed up for over the years and forgotten about. Some of which might not be around anymore.

          • reply
            December 17, 2012 2:31 PM

            As a lastpass user, I'll try to answer your q's:

            1. No way to automate it that I know of. I assume it would be manually knowing which sites to go to and changing credentials.
            2. I assume not, aside from looking through account registration emails. However, if said obscure sites no longer exist and/ or your old insecure passwords are not in use anyways, why does it matter?

            • reply
              December 17, 2012 2:48 PM

              As I just did #1 a few months ago, the #1 thing is,
              If your PWs are all stored in Firefox/IE/Chrome, LastPass automatically shows you the full list of every site stored in those caches.

              I then went through, one-by-one, and changed every single password on every single website. I then went through my email and updated any that were missed that way. LastPass automatically catches password changes and will auto-generate new passwords for you, so this was a quick effort, if not automatic.

            • reply
              December 17, 2012 9:34 PM

              I guess I'm more concerned with how many sites might still have some valid CC# on file for something I bought.

              Oh well, change what I can and hope for the best. Hypothetically.

              • reply
                December 18, 2012 12:10 AM

                Call your bank and report them as possibly stolen. They'll get you a new number. But really, VISA/MC/etc protect you from those charges when they do happen. It's happened to me before.

                For passwords, LastPass is awesome.

        • reply
          December 18, 2012 10:19 AM

          I have keypass, and I keep the master list on a dropbox account (very convenient) but still.... pain in the ass looking each one up.

          • reply
            December 18, 2012 12:35 PM

            Thanks for telling us where all your passwords are. So basically all I need is your dropbox account to access your email, facebook, amazon, apple, etc. accounts? Are your banking account passwords there too?

            • reply
              December 27, 2012 10:40 PM

              well, since I only use the DB for keepass, good luck. Oh, and I have one BIGASS password to protect the rest.

    • reply
      December 17, 2012 9:36 PM

      is "has bursted" queen's english? because it would be an egregious typo in america.

      • reply
        December 18, 2012 1:44 AM

        No you wouldn't use "bursted" there which is why she used "busted" :)

    • reply
      December 17, 2012 9:51 PM

      Gahhh I guess it's time for a password manager because I think I signed up for a HoN account even though I only played the game once.

      Lastpass vs KeePass?

    • reply
      December 18, 2012 12:18 AM

      Uhhh shouldn't they only be storing the hash of the password (with salt of course) thereby making the breach useless for other sites?

    • reply
      December 18, 2012 1:39 AM

      obligatory https://agilebits.com/onepassword

      yeah it costs money

Hello, Meet Lola