It has come to our attention that Snail Games USA database (the company hosting Bounty Bay Online) has been leaked and user information has been compromised.
Specifics of what exactly has been stolen is unknown as Snail is keeping the details private. They are claiming the passwords were hashed, but we have no idea which hashing algorithm they used and how hard is it to crack, so we are treating it as a worst case scenario.
This doesn't affect VCO directly, as our game is hosted by IGG and our data is not connected to Snail data in any way shape or form, but it could affect certain players.
In case you were playing both VCO and BBO and you've been using the same usernames and passwords (which is a horrible security practice), change them on both games!
If you're one of those persons who use the same username and password for many different online services, this is exactly the reason why you shouldn't be doing that! Now all of your services have been compromised, its just a matter of time before the information goes public and someone decides to try to login to your email or bank account using the same username and password he found in the Snail database.
Even if you had no association with the said game and company, you should use this opportunity to review your security practices!
1. Choose a strong password! IGG allows password lengths up to 16 characters.
- Avoid words that have meaning in common languages, as those can be easily cracked using brute force techniques with dictionary attacks.
- Avoid personal information such as date of birth, family names as those passwords can be easily cracked using social engineering attacks.
- Include numbers, symbols and capitalization.
- Avoid using leet talk passwords such as V0y4ge as those can also be easily cracked using brute force techniques with modified dictionary attacks.
2. Avoid password reuse!
- This post here is exactly the reason why you should avoid using same passwords everywhere. One database gets leaked and now everyone has your password, and it just becomes a matter of time before they try to use it on other online services.
3. Change passwords regularly!
- Sometimes databases can be leaked without detection or the company might want to hide it. Your IGG password might be out in the wild open for anyone to use. For this very reason you should change your password regularly, so even if its out there, by the time someone tries to use it, you've already changed it.
4. Keep your passwords private!
- Number one reason why accounts get stolen is account sharing. Not only is it against TOS, it can lead to a higher security problem as someone can figure out which style passwords you use and by social engineering he can get access to your other accounts and services.
- Don't write down your passwords on your PC in plain text. That's like leaving keys to your house under a flower pot.
- If you must write passwords on your PC locally, use a password manager like KeePass which can store the passwords in an encrypted database.
- Don't write down your passwords where anyone else can see it, like a sticky note on your screen.
- Keep passwords private and safe.
5. Use a Password Manager!
- Password managers allow you to generate unique passwords, store them in an encrypted database, even auto fill forms for you.
- You don't even need to see the password, the manager will do everything for you.
- Read more about password managers here: https://en.wikipedia.org/wiki/Password_manager.
How to know if your password has been compromised in the past?
There is an online website called Have I Been Pwned which has access to many stolen databases that went public at some point in time. By entering your email or password, it can check if it appears in any of the databases and it can tell you which company has leaked it. If your passwords/email appears in any of the listed leaks and you haven't changed them, do it immediately.
Have I Been Pwned - Password: https://haveibeenpwned.com/Passwords
Have I Been Pwned - Email: https://haveibeenpwned.com/
Navigator, tools, guides and much more!
Visit us at: https://thepiratescove.org