Escape from Tarkov was recently hit by an attack in which a number of players have had their 2FA bypassed and their progress reset back to 0.
The earliest known post pertaining to this incident appears to be this post by BAXBEAST at 12:37PM EST detailing that his account progress appears to have been reset entirely and his profile picture has been changed.
Quote From BAXBEAST I got RESET TO 0 IN TARKOV? Somehow, an hour ago someone logged into my account and reset it to 0, they also changed my profile Pic, my accounts have double log verification, etc. Never had this happen before, with any account whatsoever. I was lvl 53 ready to prestige 5 with all all tasks done with "for humanity ending" already done. Can you guys please help me fix the account? #EscapefromTarkov #EFT @ogdmit @nikgeneburn
Gaining traction is this post from a Spanish user by the name of "Chilljones1125", detailing how the hackers appeared to be able to use Steam IDs to log into the accounts of others, bypassing the 2FA in the process.
Note: The original post is written in Spanish. What you're reading below is that post translated to English with Google Translate.
How did the exploit happen? Before anyone else posts nonsense. The exploit is easier than you think. It has nothing to do with databases/MongoDB or any of the other nonsense people (including senior developers) are saying out there. Starting thread #1/? Change the SteamID64 at the end of the openid.claimed_id and openid.identity parameters to that of any other user. The server grants access to the profile of the user whose ID was entered, without requiring the actual login process for that account.
It's not known if this has been exploited on other platforms, but at the moment, it is known on Steam.
Additionally, streamer VeryBadSCAV went into detail that some known streamers of the game have run into this problem.
Apparently, there was Multiple streamers (@Onepeg, @DrLupo, @BAXBEAST, @LogicaISoIution, @insanesqt) & some gamers with 2FA, had their account reset (image 1). Not only that their PFP was changed into personal insult, etc. (especially streamers - image 2) #EscapefromTarkov I'll share what i learned about the situation. 0. BSG has temporarily blocked account reset (image 3) This is different from the ones in the past. 2. Another thing is account reset shows 2027 year limit for next reset (image 1). Maybe not normal method they used. 3. I've checked with my chat, if anyone got hacked into same situation but it was almost none. Guessing here - Maybe it was more targeted then whole data breach. Only 3 guys i got reported. (ex. test on non-streamers, and target actual streamers) 4. One of the streamer got account reset while in game and streaming https://x.com/PixelOperative/status/2004700180730577095?s=20 5. Lot of these people who has been reset now have their account access 'blocked' for 'prevention' of additional damage from BSG (image 4)
where accidental wipes happened
due to very likely arena desync or bsg mistakes themselves (check past covering video in the thread)
since it shows actual wipe button has been pressed and pfp changed (image 1).
VBS does also point how selective the nature of the attack was, noting that the attack has been limited to mostly (if not only) streamers who play the game. Players have also reported that the account reset feature has been disabled while Battlestate works on figuring out the solution.
So, is your account compromised? The honest answer is that we don't know. It never hurts to stay safe, so if you feel like you need to take more safety precautions as a result of this incident, no one would blame you. You may want to check your account to make sure nothing has been changed.
With the account reset feature disabled at the moment, you don't appear to be at risk of having a similar event happen to you, but after the breach is figured out, it would still be a wise idea to change your password.
What do you think of these events? Let us know your thoughts in the comments below.
Comments
No Comments Yet. Be the first to create one down below!