Search form

Published April 19, 2013

The Bad

In online activities, security breaches are an everyday occurrence. For the most part, we're at the mercy of the companies' security practices and some are better at dealing with these issues than others. Without getting into the security versus convenience argument or into too much detail on security, there has been an "incident" with account security concerning the North American World of Tanks server.

The Good

The good is that not much was compromised, which is to say financials appear to be secure. Password hashes and emails may be compromised for some players, though. A password hash isn't a password. However, it is it's only a matter of time and computing power to turn password hashes into actual passwords, so you'll want to change your account password as soon as possible and not change it back.

The great news is clearly that Wargaming takes this seriously and is offering a 300 gold bounty for taking your account security as seriously as they do. All you have to do is change your account password. This will invalidate the password hash IF the perpetrators manage to decode it. WG has even made an event of it.

Bottom line is log in and change your password as soon as possible to cash in and to keep your account secure. I'm doing it right now.

Additional Notes

Given the nature of these breaches, there is no reason to expect WG.net to provide any additional detail as it would only encourage others to "test their security." No, "testing their security" isn't a good thing because it increases server load, so don't do it.

Having just updated my password using the link they provided, it's quick and easy. Their site uses https, the secure http protocol, so that's good. Their password strength meter judges based on complexity and length which passwords are better. Short passwords of random characters are much easier to crack and harder to remember than long passwords of anything except repeating characters. From a security standpoint, a four or five word phrase is easy for humans to remember but exceedingly difficult for computers to crack in computational terms, depending on the words. 

That being said, please do not set your WoT password to "correcthorsebatterystaple".

Saiphas Cain
Where am I? What Plane/Mech/Tank/Ship am I in?