BeamMP Hack and Downtime

created: 14.04.26, 17:52 CET - last update: 14.04.26, 21:26 CET [13]

BEMP IS BAKC BABE

latest updates:

14.04.2026 ~16:00 CET:

keymaster for EA members came back, unofficial public servers are now appearing in the server list. they are still crashing pretty often tho, so expect disconnects.

next:

server stability - is being worked on, the official servers already are more stable, ETA for a public release of newer server version: unknown

auth system - ETA: unknown

---

...

---

What happened?

BeamMP suffered a major security breach and related downtime at the end of March 2026, with services starting to come back online via a “soft launch” in early April 2026.

• The main incident occurred around March 27–30, 2026. Reports of a hack and backend issues started circulating on March 27.
• On March 28, 2026, the BeamMP team’s own FAQ dates the outage as having started that day and still ongoing as of April 1.
• Media coverage describes a compromise of BeamMP’s infrastructure on March 30, 2026, noting the mod was taken offline following the breach.
• By April 1–2, 2026, creators reported that BeamMP was beginning to come back online with a limited or “soft” relaunch of services.

What happened technically

• A malicious actor gained high‑level access to the official BeamMP Discord server, raided it (deleting or replacing channels), and spam‑pinged users, which is how many first learned “BeamMP has been hacked.”
• The attacker also compromised parts of BeamMP’s backend infrastructure; as a result, the developers intentionally shut down backend services (website, authentication, server browser) to contain and investigate the breach.
• Some reports and community investigations claim the attacker exfiltrated data including email addresses and hashed passwords and briefly published source code on GitHub before it was removed.
• There were indications that the attacker had also used large numbers of BeamMP accounts (thousands) for DDoS‑style activity against servers, contributing to instability.

Impact on players and servers

• The central backend and keymaster/auth systems were taken offline, which meant:
• Server lists in the in‑game browser stopped working.
• Auth keys became unusable and server owners had to set servers to Private = true and/or allow guest access to keep playing via direct connect.
• Many users saw generic backend‑outage style errors such as “Sorry Backend System Outage!” when trying to connect.
• The website and Discord were intermittently offline or restricted while the team restored control and audited security.
• During the downtime, only direct IP connections to privately configured servers were generally workable, and some communities took their servers offline as a precaution.

Aftermath and current status (2026)

• By early April 2026, the BeamMP team had brought core services back up in stages and began communicating fixes and workarounds (e.g., how to host private servers while auth systems were still limited).
• Community posts suggest the developers ran a security audit and worked on closing the vulnerability that allowed the breach, though detailed technical post‑mortems are still limited or scattered across community channels.

---