Security Update

Discussion in 'Announcements' started by [ATA]Will, Apr 23, 2021.

  1. Security Update



    We have recently become aware that a handful of Kingdoms at War players had their accounts compromised.

    Our investigation found that in each case the player's email address and password combination was one they had used on another service which had then suffered a data breach, or the password was shared by the player themselves.

    We routinely audit our security, and your data is fully encrypted and secure. KAW has never had a data breach, and we spend significant resources to keep it that way. The only way your account can be compromised is if your password is compromised by sharing it yourself intentionally, being phished/social engineered, or a leak from another service you use it on. This includes using third-party bots or game clients!

    It is VERY IMPORTANT that you use a unique password for your KAW account and keep it safe. As a preventative measure, we have logged out accounts that may have been compromised to prevent further access from unauthorized third parties. These players will receive emails notifying them of this and how to regain access.

    If you have been logged out, please visit the Kingdoms at War website for instructions on how to reset your password via email or recover your account via our in game help tool. If you need further support, please contact us in game via the help tool.

    Account Security Best Practices


    As a reminder good password hygiene is important for any type of online profile you setup.

    A few best practices are:
    1. Select a password that is unique and you do not use for any other services.
    2. If you suspect someone has accessed your account, use the password reset link to change your password
    3. If you click any malicious seeming links, change your password.

    Remember we will never ask you for your password outside of the app!

    Stay safe!
    [ATA] Will
     
    #1 [ATA]Will, Apr 23, 2021
    Last edited: Apr 23, 2021
  2. Kaw accounts are tied to a specific IMEI device login. If the so called password leak was of facebook/third party data, and you say account data is encrypted, how did someone know the email addresses were tied to a Kingdoms at War account? Is that data breach on you or Facebook? And if your never have had a data breach, as you claim, what do you call the RipKaw fiasco from January? Was that not a firewall/server breach?
     
  3. "This includes using third-party bots or game clients!"

    I thought bots were against TOU. Are you saying ATA supports 3rd party bots for running KaW accounts?
     
  4. KaW devs not being honest and truly transparent with their players.....the hell you say!
     
    Princess_Cookie likes this.
  5. I agree, the MOET guy defenitely breached into your security system so you are not being very honest about that. You might not be aware of data / security breaches but that doesn't mean they are not happening.

    I do find it weird that you haven't come up with a system to fully secure our accounts.

    Many platforms use 2fa or mfa. This is somenthing in my opinion as an IT engineer you should defenitely implement in your system.
     
    Apporina likes this.
  6. I call BS, you security sucks, many have been hacked and you always blame the player for account sharing. I've been hacked, I've never shared my account yet you still blamed me! I'll never spend another cent on this game! If it were feasible I'd Sue ATA for the large amount of money I did spend on this game. Be blessed ATA, crooks always get th
     
  7.  
  8. Here's a public accusation. Want more? read the reports sent.
     
  9. Thank you all for your passionate feedback.

    To address a few things:
    Using third party bots or game clients is against Terms of Use and is not supported. We proactively search for these and investigate player reports to take action where necessary. We still know that people will try to use these and part of the reason we actively discourage them (in addition to how it is cheating) is that they are not secure.

    Leaking of passwords/logins can come from any online service you use, and practicing good password hygiene is the best way to combat this. There are a number of tools that can help you search your email to find out if it has been listed as compromised in a data breach. Some of these tools are built into browsers or password keeping services that can even tell if you have used the same password more than once, so you can update it. If you know you use the same password across different online profiles, I would strongly recommend you update them to unique passwords.

    The spammer from January was not a breach, but simply an overzealous spammer trying to make people think he had more power than he did. No data was breached by any means.

    I hope these details help. If you have any specific questions or concerns, feel free to write in a help ticket for further support.
     
  10. Never used a bot either.........lame! You know you can easily go over a player's electronic history yet instead of truly doing your job (that which pays your grand salary) which comes out of the players pockets (me) you chose to rubber stamp the issue. That's why I have chosen to cut your pay. You'll not get another dollar out of me until I see some real work ethic and labor preformance. I have nothing good to say about you devs right now. I challenge you to change my mind.
     
  11. Just sad honestly that you can spend large amounts of money and get hacked and have the devs tell you it is your fault. Rather than try and save the player base they push it away and blame it. If ANYBODY got hacked, friend or foe, I’d have the same feelings. Nobody should have to spend countless hours and money on a game to have it gone in minutes and have no support from the developers. It’s just sad. Unfortunately I expected more. Maybe I should stop expecting the best, not too sure.
     
  12. You like many others have been here long enough to know the devs wont help or accept any sort of responsibility. They have always claimed that their software cant be manipulated in any way and any account issues are our own fault or other 3rd party software. 1 thing i would say is that allowing logging in via Fbook is opening accounts to attack as crapbook has never been secure and is wide open from all those dodgey ads on there claiming to be mega discounted sales when infact they are just scamming to get contact details so they can constantly ring you from the indian call centers about your Ipad purchase or your computer has been hacked or even your washing machine is in need of service( yes ive actually had that 1). Just remember, the devs will always blame others as it saves them time and money. While ever they are getting payed the crazy amounts from here they will just care about 1 thing and users arnt it.
     
  13. I don’t even believe you guys when you say you don’t allow bots. There’s always bee favoritism on this game and I doubt that’s changed.
     
  14. Hahaha this is hilarious to see, devs lying once again! In December 2020 my account was hacked and lost all of my furnishings luckily was quickly onto it and logged him out before he had the chance to take everything else, after sending in reports and making a whole forum post the devs blatantly called me a liar and that i’d shared my password which was absolutely not true and my details had not been breached elsewhere, sad to see this is still happening and devs are just shrugging it off as if it’s not their problem.
     
    -Bine- likes this.
  15. Dear Devs,
    My credit card number was compromised recently and someone used it on a fraudulent purchase. Did my credit card company ask me if I had it stored in Apple Pay, or Google Wallet or other services that could have been breached? No, they did not. I filled out an affidavit saying the charge was fraudulent and they simply restored my credit card to the correct balance, and issued a new credit card. I would call on the devs to do the same. If there is a breach and some account all of the sudden drops all of its allies, dismantles all furniture, etc... I would like the devs to take the high road and make it right even if it wasn’t a data breach at any fault of KaW servers. The devs should restore charms, furniture, buildings, and gold for BFA.

    Stop victim shaming the victim please and we can be back on your side on this issue. Thanks!



     
  16. Surely you guys can give us an option for 2FA?
     
  17. I have been hacked 58 days ago, all of my furnishings and items have gone. I have the information in my news feed. I have informed the devs and was told there wasn't a hack. I have opened a new message with them and they won't reply to it... I haven't shared any details with anyone and would never. It needs resolving. This game is supposed to be fun but when this happens after you've spent years building it up its a bit soul destroying! Devs please sort it out!
     
    Arwyn, xSyn_Passion, -Bine- and 2 others like this.
  18. Personal Datas, MATRIX, dark net, breaching, bots in KAW game??!! Can hackers electronic thieves or KAW DEVS identify especially 😳PASSWORDS🤔 logins for accounts???!!!! If it is so then this is a very DANGEROUS & INSECURE GAME to play.. usually i dont save any of my passwords in my phones but im wondering if im still subjected to get hacked!!!!🤔😳🤔😳🤭