Battlefield Heroes hacked in LulzSec swansong

The free-to-play Battlefield Heroes was briefly taken offline after LulzSec released user data from the beta version. With this final datablast, the hacker group has disbanded.


EA's free-to-play Battlefield Heroes was taken offline over the weekend after hacker group LulzSec released user data from the beta as part of one final datablast before disbanding. While the passwords from the 548,774 Battlefield Heroes beta accounts were encrypted, they aren't entirely secure.

"Our investigation is ongoing, however it appears screen names and encrypted passwords associated with an early beta version of Heroes have been compromised," reads a short statement on the Battlefield Heroes site. "To the best of our knowledge, it appears that no personal data was compromised – no emails, account history, credit card numbers or payment methods."

However, all's not quite as rosy as EA makes out. While the passwords were encrypted with MD5, they are 'unsalted' and so not necessarily safe. Many of the MD5 hashes have already been 'solved,' so ne'er-do-wells might still be able to easily find your password.

You can use Dazzlepod's handy tool to check if your account was one of those compromised in the LulzSec hack. If you're on the list, you'd best get changing your password on any sites which shared the same password.

The Battlefield Heroes beta data is part of LulzSec's final release, which also included technical data from AT&T, e-mails of a number of private investigators, user accounts for a NATO bookshop, and user details for several gaming forums. With this, the group is calling it quits.

"Our planned 50 day cruise has expired, and we must now sail into the distance, leaving behind - we hope - inspiration, fear, denial, happiness, approval, disapproval, mockery, embarrassment, thoughtfulness, jealousy, hate, even love," says the group's farewell statement. "If anything, we hope we had a microscopic impact on someone, somewhere. Anywhere."

Over the past fifty days, LulzSec has targetted numerous parties, including Bethesda, Minecraft, EVE Online, and League of Legends, as well as the CIA, PBS, Sony Pictures, and the US Senate. Some were hacked into and had data copied, while others were simply knocked offline. The group professes support for the AntiSec movement, which calls for security exploits to be kept secret rather than publicised, arguing that sharing them does more harm than good.

Last week, a suspected LulzSec member was arrested in England. The group has denied that the man was their "leader" or even a member at all. Other hackers have claimed to discovered the identities of LulzSec users; this too is denied.

Shacknews has contacted EA for comment and will update as we learn more.

From The Chatty
  • reply
    June 27, 2011 6:00 AM

    Alice O'Connor posted a new article, Battlefield Heroes hacked in LulzSec swansong.

    The free-to-play Battlefield Heroes was briefly taken offline after LulzSec released user data from the beta version. With this final datablast, the hacker group has disbanded.

    • reply
      June 27, 2011 6:52 AM

      Or so they claim, I think we'll stilll be hearing about hacking attempts and they'll simply not be taking credit for them anymore.

      • reply
        June 27, 2011 9:21 AM

        Yeah, like LulsSec invented hacking and they are the only one to practicing the dark art.

        • reply
          June 27, 2011 9:25 AM

          I'm not saying that at all, but they've simply been the most vocal about it lately. I don't think they'll stop, I just think they've got a bit too much heat on them right now so they're waiting for it to cool off (although they'll probably get busted not too long from now).

      • Zek legacy 10 years legacy 20 years
        June 27, 2011 9:23 AM

        They're attention whores, they wouldn't keep doing it if they're not going to take credit.

    • reply
      June 27, 2011 10:36 AM

      If you want to credit for hacking you would hack a site/game people use not some crappy game/site people do not go to or play.

      Hell would not be shocked if this happen 6 months ago and they only just found out and then just since they was told.

      • reply
        June 27, 2011 10:40 AM

        what? that it was attacked was stated by lulzsec, there's no just-now-discovered issue here

    • reply
      June 27, 2011 2:43 PM

      Either way it will be nice to have a break from the constant barrage of lulzsec reports lately

Hello, Meet Lola