The online servers of the newly launched ATLAS game have suffered some "technical difficulties" after players hacked an admin account, used exploits to mess with other players' gameplay, and spammed fellow players for hours with "Subscribe to PewDiePie" messages.
The hacks (more fittingly described as "defacements") happened last week and impacted the multiplayer servers of ATLAS, a new MMO (Massively Multiplayer Online) game developed by Grapeshot Games and launched in early access on Steam before Christmas last year.
The game has a pirate theme, similar to Assassin's Creed: Black Flag and Sea of Thieves, and works by letting players roam nearly endless oceans to discover loot, explore islands, and fight in player-vs-player or clan-vs-clan battles.
Many gaming publications anticipate that the game will become a sensation on the gaming scene due to its engaging gameplay. However, with great success comes increased attention from pranksters, cheaters, and hackers.
This is what appears to have happened last week when game makers had to roll back servers on two separate occasions after some naughtier users wreaked havoc among fellow players.
The first incident was recorded on Thursday, January 17, when according to Grapeshot Games, an unidentified individual compromised a game admin's Steam account, which the intruder used to log into the game and alter the multiplayer server's settings.
According to several Twitch users, who caught the incident on live streams, the hacker used the admin account to spawn World War II airplanes and tanks inside the server, flooding the game with era-inappropriate objects, killing players, damaging ships, and ruining the gameplay of tens of thousands of players.
Grapeshot admitted to the Steam admin account compromise right away, rolled back servers for five hours to counteract the negative effects on multiplayer scores, and apologized for the incident on its forum.
But if the game makers were hoping to sweep the incident under the rug as a one-time happening, they were seriously mistaken. Things escalated to a whole new level on Sunday, January 20, when multiple players found and started using a technical exploit in the ATLAS game itself.
Twitch streamers, once again, caught the incidents as they happened. This time around, the small group of players who found the exploit used it to flood the server with whales, spawning them in both water, land and sometimes floating in the air. When they got bored of spawning whales, they then moved to flooding the server with dragons.
As things started to degenerate into chaos, some of the players who found the exploit began using it to spam the in-game messaging system with the now-classic "Subscribe to PewDiePie" message.
This incident is just the most recent episode where PewDiePie's name has been mentioned. While the printer hacks, the Wall Street Journal defacement, and the Chromecast hijacks were carried out by PewDiePie fans trying to gain attention for their idol, the ATLAS spam seems more of a secondary effect rather than the driving force behind last week's incidents.
The times, they are a-changing. Slowly but surely, spamming users to "subscribe to PewDiePie" has now become the de-facto prank message and a rite of passage for any wannabe hacker, replacing the old practice of dropping a reference to infosec journalist Brian Krebs in website defacements, botnets, and malware source code.
Just like the last time, ATLAS game makers were forced to roll back game servers to undo all the spam and possible score and gameplay impact.
"The damage done was caused by a technical exploit which we have now protected against, no administrator accounts were compromised in this situation," a Grapeshot Games admin said on the game's forum. "Multiple accounts have been banned in relation to this."
More security coverage:
- Some Android GPS apps are just showing ads on top of Google Maps
- Temporary fix available for one of the two Windows zero-days released in December
- Online stores for governments and multinationals hacked via new security flaw
- Websites can steal browser data via extensions APIs
- Advertising network compromised to deliver credit card stealing code
- WiFi firmware bug affects laptops, smartphones, routers, gaming devices
- Twitter messages to Russian cybersecurity firm helped NSA leak probe CNET
- Top 5 non-game AR businesses TechRepublic