WildStar Forum Update

The WildStar forums continue to be down due to the security exploit found last week.. Today, Carbine has provided an update as to what the exploit may have revealed to whoever used it..

Fear not.. Passwords are safe!

Here’s a full copy/pasta of what Carbine has updated us on, via Reddit:

Hi everyone,

On Friday, July 24, we discovered that the WildStar forum software had been compromised by someone using a software exploit. Once we confirmed this, we immediately pulled the forums down to minimize damage and investigate.

Our teams are analyzing the scope of information that might have been visible, and we believe that it is limited to email and IP addresses related to forum accounts, as well as forum content created by our users (including posts, private messages and profile information). While we cannot confirm any of this information was accessed, we felt it was important to let you know as soon as possible. We can confirm that no passwords or other personal information was visible.

We sincerely apologize for the forum downtime. Our players’ security is of top priority to us. As a result of this intrusion, we are completely rebuilding the WildStar forums and rolling back our forum data to the latest state we feel is secure. We have audited all other NCSOFT West games and forums and found no evidence of compromises.

At this point, no action is required from forum users, however we advise that you are extra vigilant about phishing emails. Carbine and NCSOFT will never ask you for your password or billing information via email.

We are working to have the WildStar forums up again in the next few days. Thank you for bearing with us.

My take?

Yay! for roll-back.. though, I wonder just how far back forum rollback to ‘safe’ date is actually going to end up being.  I also hope they take this chance to try and fix that stupid forum bug that randomly logs people out, even if you’re in the middle of typing a post…

To be safe, even though passwords were not compromised.. it probably wouldn’t be a bad idea (especially if you don’t use two-factor authentication) for everyone to change their passwords.

It’s also very important to note.. that Carbine isn’t saying that any of the information (PMs, posts, profile information) was accessed.. just that their analysis of the flaw says it MIGHT have been exposed.  So, don’t panic! (But, do add two-factor authentication, and change your password, just to be safe).