Data Breach Notification

Dear Armor Games Players, We respect the privacy of our users which is why as a precautionary measure, we are writing to let you know of a data security incident that may involve your personal information. What happened? On January 29th, 2019, [Tuik Security Group]( privately contacted us to let us know about a potential breach of our users' data. We immediately began an investigation which included an ongoing audit of our hosting provider, web servers, and database systems. We can now confirm this breach is real and occurred around January 1st, 2019. This appears to be part of a larger breach affecting 16 companies (see [this news article]( for more information). We are one of the smaller companies affected, apparently holding less than 2% of the total accounts affected between the 16 companies. At this time, we have no evidence that any Armor Games’ users’ data was actually misused. What information was involved? The database affected primarily stores all our website users’ public profiles (information that is already public), login data (usernames, email addresses, IP addresses, and hashed passwords), birthdays of our admin accounts, and information about our password protection processes at the time (including the password salt). We do not have (and thus, this incident does not involve) first or last names, credit card data, addresses, or phone numbers. Based on public reporting, the other companies affected by this breach similarly included account information, hashed passwords, and the salt to reveal those passwords. In addition, some of the accounts held by the other companies appear to include names, social media authentication tokens, security questions and answers, interests, profile information, birthdays, and location data. What we are doing. While we investigate, we will require our users to update their passwords. We are making changes on our side to harden our security and fixing any weaknesses found by our audit, including updating our password protection methods. We are also adding measures to protect our users from misuse of this information on our own site. We have begun notifying authorities and will cooperate with law enforcement if requested and we may work with the other companies affected. We already have a policy of keeping as little data as possible and we will continue to look for new ways to minimize our data collection. What you can do. We recommend taking this opportunity to update your passwords on all websites. Use unique, creative passwords and avoid reusing passwords across websites (password managers can help make this easy). Those who reuse passwords should change their passwords on other services, especially other gaming platforms. In addition, we recommend [learning]( whether any of the other companies affected by this breach include your data, following their instructions for securing your account information. As always, you have the right to request to access or delete your data from us at any time. For More Information. If you have any questions or concerns, please reach out to us at please reach out to us at support@armorgames.com. Visit this [blog post]( for more information and updated details about the breach. Armor Games sincerely apologizes for the inconvenience and concern this incident may cause, and remains committed to safeguarding the personal information in its care. We will notify you of any significant developments. We continue our work to be the best place to play free web games online. - The Armor Games Team