Posted Fri, Feb 21, 2014 by Martuk
Aura Kingdoms recently posted a security advisory to users that have begun receiving emails to join a private Aura Kingdoms server. At first guess, some players speculated that there may have been a data breach, but an update to the Aura Kingdoms website indicates that that isn’t the case.
The update states that there is currently no evidence that the Aura Kingdom servers have been compromised, but the team over at Aeria Games is investigating how the emails may have been obtained. One possible culprit is unofficial Facebook groups, which may be getting used to obtain email addresses. All the same, Aeria Games is advising users to change their passwords just to be safe. You can read the full message below.
Source: Aura Kingdom website
We have been made aware of emails that have been sent out to a small number of users that advertise for an illegal, private server for Aura Kingdom.
We have investigated and researched our servers and security systems. It is not possible to get access to the email addresses with a DDOS, Hack, or compromise of the Aura Kingdom servers. Our security system keeps the account information off of the Aura Kingdom servers and there is no indication whatsoever of the account information being compromised on our servers or website.
We have also not received or found evidence of any accounts being compromised. Even if they somehow have your email address they still do not have your secondary password for Aura Kingdom and would have to go through security checks in order to change your account or secondary passwords to gain access to your account/characters.
That being said, we are continuing to look into ways the users' emails were obtained and have found a couple security vulnerabilities not under our control. First, there are multiple Facebook groups out there that are not official. The people running the Facebook groups could have gotten your email address. There are multiple fan sites out there that could have your email address.
If and once we receive additional information we will pass it along.
In the meantime, if you have not changed your password recently then we encourage you to do so. Regular password changes help with account security and are recommended. You can go through the password change process by clicking here!