We've heard some rumblings lately about Order & Chaos Online [$6.99] accounts getting hacked, and the attacks were recently confirmed by our pals over at PocketGamer. Order & Chaos, if you're unfamiliar, is Gameloft's fairly blatant riff on World of Warcraft, complete with characters, monsters, and areas that might look a more than a little familiar to anyone who has played WoW before.

Anyway, the cause of this security breach as well as how deep this rabbit hole goes has yet to be revealed, although Gameloft says they're actively investigating. A thread on the official Order & Chaos forum indicates that players of both mobile and Facebook versions of the game have been hacked.

If you've ever played Order & Chaos and you're the kind of person who still uses the same password for everything, it's a good idea to change all your others. While you're at it, check out this New York Times article on creating strong passwords, and maybe even think about getting some password management software. I'm partial to 1Password myself, which basically exists for all platforms you'd ever want to access your passwords on and gracefully keeps all your data in sync via Dropbox.

Migrating from a single password you use for everything to a password management suite and different passwords for everything will take a little getting used to, but consider this: Once you start doing that, security breaches like this are entirely insignificant. Thanks to 1Password, I use a different password for everything. Order & Chaos getting hacked makes no difference to me, since all anyone would ever be able to access with those login credentials is my character… As opposed to desperately hunting down every login form that you've used your favorite password, "password", for.

Update: I was just reminded that Order & Chaos uses Gameloft's Gameloft Live service for logins, and if that is what was compromised, if you've ever created a Gameloft Live account it might be a good idea to get busy with the password changin' too.

  • http://www.lwry.me/ Matthew L.

    There goes any chance of me ever using Gameloft again!

  • http://twitter.com/109mae Davide Pasca

    About passwords.. here's a classic: http://xkcd.com/936/

  • Anonymous

    son of a bitch, this is unacceptable. Thankfully I use the 2 step verification for gmail, so my main store of data is pretty goddamn safe

  • Anonymous

    son of a bitch, this is unacceptable. Thankfully I use the 2 step verification for gmail, so my main store of data is pretty goddamn safe

  • Anonymous

    son of a bitch, this is unacceptable. Thankfully I use the 2 step verification for gmail, so my main store of data is pretty goddamn safe

  • Anonymous

    son of a bitch, this is unacceptable. Thankfully I use the 2 step verification for gmail, so my main store of data is pretty goddamn safe

  • Anonymous

    son of a bitch, this is unacceptable. Thankfully I use the 2 step verification for gmail, so my main store of data is pretty goddamn safe

  • Anonymous

    son of a bitch, this is unacceptable. Thankfully I use the 2 step verification for gmail, so my main store of data is pretty goddamn safe

  • Anonymous

    How hard is it to encrypt user data.

    • Adam Gibson

      While encryption can help if only the encrypted password fields were obtained that alone is not enough because usually the encryption keys have to be available somewhere for the server to read the data which can be obtained by the hackers.  One way hashes with salt are the best ideas to protect passwords (and throw encryption on top of that).  Even hashes will not protect 100% if the site gets hacked and the logins and passwords are sniffed directly from the web app and logged by the hackers.

      Nothing is completely secure.  Everything is only a byte away from compromise.  In millions of lines of code it can be hard for even companies that pride themselves with security to be 100% sure they are safe.

  • Anonymous

    I also use 2 step verification for my gmail account as well. Kind of makes me wish every other site had it.

  • http://pulse.yahoo.com/_YHW77ODKOYDUWTB3UN7BCCUEOY Christopher Reeves

    Absolutely unbelievable. This company is an absolute joke and I hope there is a class action suit against them.

    • http://twitter.com/VULTR3 Mike

      You're just bitter because you fell off a horse and lost use of your lower body, Christopher.

    • http://twitter.com/h1dd3n_m0nk h1dd3n_m0nk

      How is Gameloft a joke because their servers got hacked? You do realize that can happen to *anyone*? That has really nothing to do with Gameloft but with the scumbags (maybe some O&C nerds who wanted to start hacking accounts for cheats?) who thought it'd be fun to infiltrate the servers in the first place.

      • Adams Immersive

        I wouldn’t say anyone: not every company is equally secure. The details matter: did Gameloft screw up their security practices? Or did the hackers exploit a flaw that was nearly impossible to foresee?

        I won’t blame—or defend—Gameloft without that answer. (Which we may never get.) I will, of course, blame the criminals either way!

  • http://www.dusungec.com seo

    harikaymış bu site

  • Anonymous

    On a coolness scale of 1 to 10, hacking an authentication system is zero cool.

  • Anonymous

    hax0r3d my a$$, they just probably got an admin to verify his bank account information through a link in an email...

  • http://twitter.com/jaolen Alan Baldwin

    If you read the forum post before, it's not that it was hacked really.  Gameloft was/is basically SHOUTING your password to everyone within earshot.

  • http://www.facebook.com/people/Darian-Babra/100000188607967 Darian Babra

    Ok I'm giving away a user name and pass don't change the pass plzz it's for everyone to use I will keep buying monthly play on it tthe user is:userlol the pass is lollollol