As of April 7, we were informed of a serious security issue called "Heartbleed" in the OpenSSL encryption software, which is widely used today. This problem has the potential to affect anyone who has any kind of online account – not purely those related to Wargaming. This vulnerability could allow intruders to access private encrypted data that is transferred online.
Our team has promptly reacted to the threat and we may confidently state that as of now none of our customers may be affected within Wargaming realms.
The safety of our players' credentials is one of the major priorities of Wargaming as a company. We will continue our dedication to strengthening account security as a precautionary measure.
Wargaming moved to fix the issue on all of our servers as soon as the nature of the bug was revealed but the likelihood of a security compromise is still possible due to earlier vulnerability before the changes were made.
Therefore, we still advise you to change all Wargaming related passwords as an additional precaution.
In order to minimize the risk of losing personal access to accounts, we recommend that you change your passwords on other sites as well (e.g. the email account that you used to register your Wargaming account).
For even more protection, we suggest that you set up two-step verification on your accounts. This may be done through binding a cellphone number, secret questions, etc.
Before changing a password or logging in to a website, make sure that the site has had the vulnerability removed, by performing an SSL Server test.
Additionally, make sure to take part in the Change your Password Event, in which any player can not only strengthen the security of his or her account but also get Gold!