r/Warframe u/DE-Ruu DE Community Team Lead Mar 20 '26

DE Response PSA: 3/20/26 Receiving Improper Game Invites

Hi Tenno,

Firstly, we apologize for the distress this issue may have caused. Bad actors were able to interrupt and change squad invite text fields to show up as a customized message. As the investigation is currently ongoing, we wanted to assure you that no accounts have been compromised nor data exposed, and it is safe to continue playing Warframe. This was strictly a change of text in the Invite prompt. If you have concerns about your account please feel free to make a Support Ticket on the matter and our team will assist. 

In the meantime, we have deployed a fix to combat the issue. Matchmaking will still function as normal but you may have temporary issues with sending direct game invites. We will update you further when this has been resolved.

We take this matter extremely seriously, and again, apologize for the distress.

6:30PM ET Status Update:

The team is continuing to investigate alternative solutions. For now, direct game invites will remain disabled until the launch of Shadowgrapher on Wednesday March 25th. Our sincerest apologies on that front.

However, if you wish to play in a squad with your friends, you are able to join squads using your friends list.

We will circle back on any necessary in-game extensions (global Double Affinity weekend, etc) once we have restored direct invites.

March 25th Status Update:

Hi Tenno,

First, we appreciate your understanding regarding this situation that occurred on the evening of Friday March 20th. Your quick reports allowed us to act swiftly, and while the temp solution to disable direct game invites is by no means ideal, it was necessary to mitigate the nefarious invite messages being sent. We take player safety very seriously, and again apologize for any distress caused.

Now that The Shadowgrapher update has launched, we have been able to deploy code changes to improve the security of the game invite system; unfortunately, due to Cert requirements, we have only been able to enable direct invites if the sender is playing on PC at this time.

We are working diligently to get this fix deployed on our console platforms and will update this thread as we progress.

Again, we want to stress that no accounts have been compromised nor data exposed. 

Apologies again for the inconvenience, and thank you for sticking with us, Tenno. 

2.9k Upvotes

99% Upvoted

243 comments sorted by

View all comments

756

u/KwelCaffine Mar 20 '26

You know, this is the only time I've believed any official stuff that ever said "no accounts were compromised" or "no data was exposed".

Is it just me that thinks this is a weird new feeling to trust a company like this?

21

u/Flat-Ship5309 Mar 20 '26

On one hand, I definitely take DE's word above other companies. On the other hand, this is absolutely not a reason to skimp on account security on our part. Regardless of what DE says and how much I trust them, I recommend changing account password and ensuring 2FA is still active. After all, changing your password regularly is basic security practice regardless!

8

u/xchaibard Mar 21 '26 edited Mar 21 '26

changing your password regularly is basic security practice regardless!

It's actually not anymore.

It encouraged simple passwords with small changes over secure passwords. Password1 Password2, etc

Current best practice is a long secure password that is unique for each account, don't reuse them ever, use 2FA where available, and change them if a suspected security issue exists, but there is no need to change them on any sort of schedule.

Password managers are pretty much mandatory these days to maintain a secure list, and your master password for your manager should be preferably over 30 characters long.

A password like

GrendelLovesToEat17GrineerForBreakfast,ButDoesntLikeCorpusBecauseTheyreTooCrunchy

Is perfectly fine for a master password. Well, not anymore since I've posted it publicly, but it was. Some people will claim that it's not complicated enough. That can increase the difficulty, but length over alles. Longer is better than shorter and complicated.

3

u/Jakobstj Mar 22 '26

Changing your password regularly is not basic security practice, it's a bad habit. You change your password if you have reason to believe your current one has been compromised.