Dead By Daylight Doxxing Issue
Allow me to preface this by saying I am not a cybersecurity expert, nor do I pretend to be. This is based off of my own knowledge around the subject, and if I get something wrong please correct me as this is about player safety.
This is in no way a comprehensive guide, but basic tips you can (usually) easily follow to help protect yourself online.
intro
So, for people who don't know, DBD currently has a security flaw allowing people to track the IP addresses of people they match with, and with that IP address are able to track down personal information (doxxing) or DDOS attack (Distributed Denial of Service attack- where lots of packets of data are sent to the router all at once, causing it to overload and in some cases fry completely) you. This flaw was discovered on the PTB, however can be exploited on live servers too.
Don't believe me? Streamers, especially large streamers, have been getting DDOS attacks incredibly frequently, from Paulie to Otz, and streamer Elix has been swatted live on her stream. DDOS attacks cause your router to slow down drastically, and often kick all devices off of the router.
While waiting for an official statement on this, hopefully along with some upgraded security, here's some things you can do to help prevent this happening, and what to do in case it does happen.
EDIT: We have an official statement from BHVR, as confirmed by @MandyTalk:
what to do
So, on a PC there's one main thing you can do.
Invest in a VPN
VPN, standing for Virtual Private Network, creates a midpoint between you and the DBD server. Your data is encrypted between your router and the VPN (in most cases), so if it's intercepted then it won't be readable (some of this data including, you guessed it, your IP address). A lot of VPNs can cost money- obviously, if you're only getting it to play DBD, attempt a free trial or get a free one. Don't spend lots of money for a product you're using only to safely play one game.
There are free VPNs, just for the record, which will do the job of changing IP address and preventing DDOS attacks even if they won't provide the snazzy features of other VPNs.
VPNs do not make you completely immune to DDOS attacks, however the VPN will take the majority of the attack, allowing you to potentially stay online even if it is slower.
Change steam networking settings
It is worth noting that the following has no impact on DBD specficially, however could help in other games which do utilise this feature. Thank you to commenter @Austin for mentioning this, as I was relaying information I'd gotten from Twitter. VPNs are your best bet for preventing a DDOS attack from occuring in the first place.
To change these settings, naviate to "Settings" in your Steam client:
Head to the "In-Game" option:
And change this option to "Never":
I don't know any preventative measures on console, however I do know a way to help remedy the situation.
if you get ddosed
Change your IP address
This will (probably) differ between the different ISPs, however changing your IP address can help if people have it and are sharing it. This can be done in a few different ways, so I'll link you to this guide on how to do it:
And yes, two of these options do work on consoles too (contacting your ISP, or disconnecting and reconnecting all devices after around 15-20 minutes).
if you get doxxed
Doxxing is the act of publicly revealing a person's previously private personal information.
Firstly, doxxing is a criminal offence (even if some countries don't have regulations explicitly on the subject matter, it can lead to other charges). If you are worried about having been doxxed, contact local police. If you have been threatened with personal information, screenshot and save their account details for use in the police report. They can be tracked down a lot of the time, and you can press charges.
This article by WIRED helps explain what to do if you've been doxxed, with tips from a cybersecurity expert.
TL;DR- Assess if you're mentally ready to deal with it, lock down all socials and other accounts for a while, and report the account used for doxxing to respective sites (as it's often times against their TOS).
There isn't much you can do, but just make sure to keep everything as private as you can.
if you get swatted
Swatting is the act of deceiving the emergency services into raiding someone's location, usually their house, by giving false tips to the staff. This could be something from illegal narcotics to alleged kidnappings. Swatting is also a criminal offence- so if you were doxxed and then swatted, be sure to save the details of the doxxer (do it anyway, but definitely do it here).
I can't exactly give a lot of tips here, however it's worth saying that you should use common sense. If you're being swatted, the emergency services have reason to believe you are potentially dangerous. Do not give them any reason to affirm these beliefs. Try to remain as calm as you possibly can- which of course will not be easy- and explain your situation as clearly as you can.
Remember that your life could potentially be at risk in case of a SWAT. This is genuinely dangerous and it's imperative you keep a cool head and do nothing reckless which could endanger you or others.
Stay safe.
Comments
-
Imagine being forced to buy a VPN to play a game due to the devs being so incompetent they cause swatting to happen. I think "Just play something else." is a better suggestion.
61 -
I thought that would be obvious but this was intended for people who wanted to continue to play DBD while the issue is going on.
6 -
If BHVR remains completely silent about this, I will lose all of the faith I have in them as a company right now
Balancing the game and communication surrounding it is whatever. It's a video game
Ignoring the rampant cheating is pretty disheartening but I can live with it
But not caring about the safety and privacy of your customers is a step too far. I'm saving judgement though because this just happened and I imagine it takes a bit to do something about it but if we are left with no communication by the end of this, then I'm done giving BHVR any kind of benefit of the doubt
24 -
This is a great informative post, thank you.
I will personally not play this game for an extended period of time, but I still greatly appreciate the effort and consideration this took from you.
I kinda wish I felt this level of concern and consideration from another party, but hey, I'll take what I can get.
9 -
Well lucky me for being on a break atm
7 -
Just as I posted this, we got an update on another thread
Aren't I just the master of timing
Oh also, great thread. Very well made, love to see people who care about this stuff.
5 -
Will edit this into the main thread now!
Thank you to @MandyTalk for point it out, BHVR have made a statement on this in a Eurogamer article.
Here is said statement:
3 -
This is pretty empty. "We care about you guys really. We're monitoring things. Let us know if something happens." No, that's legit not good enough if people are being SWATTED and could possibly DIE. Hell at that point, shut the game servers down until you figure out the issue.
26 -
Hey there! Game developer here (no, I don't work for BHVR or are affiliated with them) but the Steam Settings related to Steam Datagram Relay(SDR)/Steam Networking has no effect when playing DbD as they don't utilize SDR nor do they use Steam Sockets which would obfuscate your IP Address into a steam.{SteamID64} address when playing the game. SDR is cross-platform, but to utilize it whenever they use Gamelift would more than likely be a challenge. Using a VPN would be the best bet to protect yourself currently if you do decide to play.
12 -
Got it, thanks! I'll edit this into the thread now.
2 -
Thanks for the heads up.
Would anyone happen to know, does this only affect pc players?
Are console players safe?
2 -
I don't believe so. IP addresses are used whenever you'd connect to the Internet, which consoles do, and while I don't think there's any encryption or other protection involved I could be wrong.
If you believe yourself to have been DDOSed, attempt to reset/change your IP address (the linked article tells you how to do this), and make sure you stay as safe as is possible to avoid further complications.
3 -
Im gonna stop playing DbD until the problem gets resolved.
11 -
good idea
0 -
Oh, great, the ######### that's been happening to me for the last year is now happening to everyone else.
I'd honestly recommend everyone stay away from the game until this is fixed. It's not worth the potential trauma.
13 -
There are sites that log your IP address if you play on console, so no, not safe.
2 -
So basically "we're looking into it, so keep having your personal info leaked"? No ETA, plans on how to combat this situation, anything?
6 -
You had faith in behavior? Poor sweet innocent child ...
6 -
seems it
2 -
God glad I picked up a vpn recently.
Probably still going to play less. You just aren't safe anywhere.
3 -
Can I just say.
Welcome back my friend!!
1 -
Thank you :)
2 -
I got one to watch scream queens and turns out it's been useful for more than just that
2 -
I got mine to watch Chucky.
American tv shows saving lives here
2 -
Even if it does make some people a bit afraid of it, I'd much rather the information be out there and relatively easy to access, instead of people falling victim to these attacks.
4 -
'The values of sportsmanship and inclusion'.
Sportsmanship? As survivors teabag their way merrily across the map? Hah!
But yeah, hopefully this gets fixed fast.
2 -
like whatever tf eurogamer is
0 -
This is serious ######### right here. I’ll believe it when I see it when BHVR actually fixes this issue.
4 -
I love that mindset.
Which is why I'm wondering when/if DBD is going to post an official warning about potential security breaches in their game on one of their main media platforms.
Sure, we got a post from Mandy tucked away in a thread somewhere here, linking to an external news source they responded to 7-8 hours ago acknowledging the issue, but I doubt that's going to reach many players.
But as I jokingly stated elsewhere, at least they did send out public notices that the Halloween event is over during this crisis instead.
5 -
Is this the time to bring up the us vs them bullshit?
8 -
BHVRs actions recently feel like a big VHS ad.
6 -
"Eurogamer is a British video game journalism website owned by Gamer Network, both formed alongside each other in 1999. Its editor-in-chief is Oli Welsh and its editor is Wesley Yin-Poole"
2 -
ok thx :)
0 -
That show has been absolutely brilliant so far :)
.
I take it VPN does not work for console users then? Its not something you can set up using a laptop to protect you while you play on console?
0 -
Thanks for the info Karu!! , hopefully the devs to something, this is pathetic at this point, I already lost hope in bhvr if we have to buy a vpn to play this game, I'm hoping the game either dies or they remove mmr since that is what the "hackers" want.
1 -
Rather unfortunately I don't think that's the case, and as far as I know there are no legal methods to installing a VPN on your console.
If you still want to play, I advise caution and locking down accounts preemptively (as in, go into private mode on most socials). If you believe yourself to be a victim of a DDOS attack contact your ISP, and if you have been doxxed contact the police. Be cautious.
2 -
Is Express VPN free, though? Free trials notwithstanding, because you shouldn't have to pay money for security in a game you were secure in a week before.
4 -
As somebody who plays on console, for as long as I can remember we were taught "stranger danger" because you can get ddosed just for joining a party.
If Microsoft let that happen for years and years, I'm curious to see how long itll take Abhvr to fix WITHOUT it breaking in the next patch
2 -
Why not? :)
I was being snarky at the corporate-speak. Gallows humour and all that.
*Coughs, serious voice*: Yes, this is a big problem and needs to be fixed asap. I hope that it is and that anyone who isn't on a VPN takes steps.
0 -
"Why not"
There are copious other threads on these forums you could bring that up in.
This isn't about game balance, though. This is about personal data protection and possibly saving people's lives, because swatting has been proven to be, and still will be, fatal to some people. This is so much more of an issue than game balance ever actually will be.
That's why it wasn't the time nor the place for that. Wrong thread, wrong topic.
8 -
Thanks for the information, this is the first I have heard of it. Not worth it to me to get a VPN just for video games. Maybe it's time for a break until the devs fix their code.
6 -
Sigh.
It may be a cultural thing. I'm not sure if you are familiar with the term 'gallows humour'.
Regardless - yes, this is a very serious problem and I hope that it gets straightened out (and that whoever this slipped by gets a month in the office dungeon).
0 -
Unfortunately not.
There are also "legal" sites that log your IP if you play on Xbox or PS. They hold it for the expressed purpose of allowing people to DDoS you, but don't worry! You can stop them for just a small fee, you can block this from happening!
Totally not extortion or anything...
5 -
I...was not aware of this.
Fortunately I game on PC, but will have to warn the missus.
0 -
Yeah, I've become increasingly familiar with those sites.
One of them charges $75 a month, but hey, they got my router, so I hope it was worth it.
2 -
That is certainly unnerving.
0 -
Indeed. That one isn't on BHVR though. These sites have been around since 2009-ish and Microsoft/Sony haven't done anything about them.
This new issue of nabbing IP's from the game is totally on BHVR though and it makes getting info and getting more way easier.
2 -
Yeah, would love to know how this happened. It's such a bafflingly huge mistake to make. Sony Credit Card leak huge.
It's times like these that I'm really damn glad that I set up my VPN back when I was in Japan. It's a sad fact, but I'd almost consider a VPN mandatory these days.
0 -
Anyone know if consoles are affected? Iv been ddos'd a few times before the hacker epidemic due to xbox having a way to get ip's through messaging services.
Also curious what the offensive pop up displays when you try to report a hacker in game, I don't think it pops up for console.
0 -
Idk many times others and I need to say that consoles are affected but yes, consoles are affected.
And the pop-up is I believe unsportsmanlike, though you'd have to check the game rules you can find here
https://forum.deadbydaylight.com/en/kb/articles/139-game-rules
2
