Earlier today, one of our forum Super Moderators’ accounts password was compromised, and an attacker proceeded to use their account to inject a piece of malicious JavaScript code into the forums. For a very small percentage of users (about 0.003% of all users on Zelda Universe) online between midnight and noon EST, passwords and private messages may have been compromised if they clicked a link to a specific announcement thread on the forums. The attacker in question was able to receive full passwords from these users.

Since then, we have taken extreme measures to protect the security of everyone registered on the forums and ensure that such an incident never happens again. We take the security and privacy of everyone registered on Zelda Universe very seriously and are always auditing our best security practices. To that end, we have now:

  • Limited the capabilities of administrative forum accounts to post raw HTML code as formatting tools
  • Reset the passwords of all potentially affected users to secure alternatives
  • Emailed the new, secure passwords to all potentially affected users (if you did not receive an email but believe you could be affected, please send an email to webmaster@zeldauniverse.net and we’ll personally help you out)

We understand that, although no system is completely secure, breaches like this are completely unacceptable. We’re downright embarrassed that this happened to anyone on our site. We always want everyone to feel safe when browsing and registering on Zelda Universe. Although we feel like we’ve done all we can to prevent a similar attack from ever happening again, we also know trust must be earned. We hope that our quick and decisive action means that you still trust us to keep your personal information safe from attackers.

Thanks for sticking with us. We’re out there for all the Zelda fans in the world, and we hope that this breach doesn’t stop you from celebrating the series we all love with us on Zelda Universe.

Jason Rappaport
CEO of Zelda Universe

Related Topics