Massively

Blizzard denies Diablo III authenticator hacking claims

Justin Olivetti — Tue, 22 May 2012 17:00:00 EST

Filed under: Fantasy, Launches, Legal, Diablo III

We've been following the mass reports of hackers bypassing passwords and authenticators to rob Diablo III accounts blind, and now we have a new twist on the story. While Blizzard confirmed "an increase in reports of individual account compromises," the studio says it has no hard evidence that hackers have found a way to skirt around the authentication system.

Community Manager Bashiok said that the company is taking the claims "extremely seriously" and is investigating the rash of account compromises. "Despite the claims and theories being made, we have yet to find any situations in which a person's account was not compromised through traditional means of someone else logging into their account through the use of their password," he said. "While the authenticator isn't a 100% guarantee of account security, we have yet to investigate a compromise report in which an authenticator was attached beforehand."

Blizzard is assisting compromised customers by restoring stolen items and rolling back their accounts. The studio has a post up on its forums to help players protect their accounts and get assistance if theft occurs.

Blizzard denies Diablo III authenticator hacking claims originally appeared on Massively on Tue, 22 May 2012 17:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Anonymous declares war on Sony over SOPA support

Justin Olivetti — Fri, 30 Dec 2011 16:00:00 EST

Sony may once again be the target of hacking attacks, but at least this time the company has a little heads-up in advance. The secretive organization of hackers known as Anonymous released a video declaring its intent to strike at Sony over Sony's support of the controversial Stop Online Piracy Act (SOPA).

The video contains your usual vague proclamations of doom and ego-boosting statements, although with Anonymous' past activity, it will be hard to ignore the threat. The collective of hackers were thought to be at least partially responsible for the attack on Sony earlier this year that forced the company to take its network and games offline.

SOPA is a proposed U.S. bill that would allow law enforcement to combat pirated digital goods by shutting down websites and blocking payments to site owners. While the bill is supported by Hollywood, the music industry, and some major game companies, SOPA opposers worry that the bill will infringe on First Amendment rights and permanently harm the internet.

You can watch the Anonymous declaration after the jump.

Continue reading Anonymous declares war on Sony over SOPA support

Anonymous declares war on Sony over SOPA support originally appeared on Massively on Fri, 30 Dec 2011 16:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Trion Worlds customer database hacked, 'no evidence' credit card info stolen

Justin Olivetti — Thu, 22 Dec 2011 22:00:00 EST

Filed under: Fantasy, MMO industry, Legal, RIFT, Miscellaneous

Trion Worlds has become the latest in a long string of MMO studio security breaches this year, as the company reported an intrusion into its customer database. At risk of compromise were customers' user names, passwords, birthdates, email and billing addresses, and partial credit card info. However, the company states that "there is no evidence" that full credit card numbers were stolen at this time.

In a message posted on the Trion Worlds website, the company promises that it is both researching the intrusion and taking steps to increase security. As part of this, all RIFT players will be asked to change passwords and security questions, and their mobile authenticators will need to be reconnected.

The company urges customers to watch their bank statements for questionable activity, and provides customers with resources to get a free credit report and putting a freeze on credit reports.

To compensate customers for the issue, Trion is providing all RIFT players with three extra days of gaming time and a Moneybags' Purse that increases all money looted by 10% in-game.

[Thanks to everyone who sent this in!]

Trion Worlds customer database hacked, 'no evidence' credit card info stolen originally appeared on Massively on Thu, 22 Dec 2011 22:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Square-Enix says no user info stolen during security breach

Justin Olivetti — Wed, 21 Dec 2011 09:00:00 EST

Filed under: Final Fantasy XI, MMO industry, Legal, Final Fantasy XIV, Miscellaneous

A week ago we reported that Square-Enix's Members site, a loyalty program for fans of the studio's games, suffered an unwarranted intrusion and was subsequently taken offline as the company conducted an investigation. It turns out that the best possible outcome of this investigation has occurred, as no personal information was stolen. Subsequently, the company plans to bring its Japanese and North American websites back online by the end of the month.

Square-Enix posted the following notice as an update:

As a result of our continuing investigation, we have now confirmed that the database in which we store personal information was NOT accessed during the recent server intrusion. Therefore, your personal information was NOT compromised by an unknown third party.

Square-Enix is planning to restart the Square Enix Members service by the end of December. Details of the schedule will be announced at a later date.

We deeply regret any inconvenience this may have caused our customers and fans, and appreciate your patience.

Square-Enix says no user info stolen during security breach originally appeared on Massively on Wed, 21 Dec 2011 09:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

SOE hands out suspensions to over 700 players as 'a first warning'

Matt Daniel — Wed, 14 Dec 2011 17:00:00 EST

Filed under: Fantasy, EverQuest, Events, in-game, News items

A couple of weeks ago, Sony Online Entertainment threw down the gauntlet to the ne'er-do-wells of EverQuest, telling them simply to "stop now." Well, as often is the case with the scum of the MMO world, many didn't listen to SOE's ominous words of warning. On Friday, December 9th, they paid the price... in blood! [Insert maniacal laughter here.]

SOE has since suspended over 700 accounts "for a number of days by way of a first warning." Community Manager Piestro closes out with another word of caution: "Remember that these suspensions are merely the first wave, and further action is on the horizon. We will not rest, but will instead continue to gather data and take action as necessary on behalf of the entire player base. Don't cheat -- it's not worth it." Also, it still makes you a jerk.

In still other EQ news, SOE has announced that it is tweaking the rate of experience gain on progression-locked servers.

SOE hands out suspensions to over 700 players as 'a first warning' originally appeared on Massively on Wed, 14 Dec 2011 17:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Square Enix Members server hacked, personal info possibly compromised

Justin Olivetti — Wed, 14 Dec 2011 08:30:00 EST

Filed under: MMO industry, Legal, Miscellaneous

Square-Enix has sounded the klaxons and let out the guard dogs in response to an "unauthorized access" on one of its Square Enix Members servers. The web service was taken offline in North America and Japan while the company investigates the situation and determines how serious the problem is.

Fortunately, it doesn't appear as if credit card information is at stake, although some users' personal information may be:

We are assessing the full extent of this potential breach to determine what data, if any, was compromised and will provide more details as soon as possible. While some personal information may have been accessed, we can confirm that there is no possibility of any credit card information leak from this incident, since the server in question stores no credit card information. We estimate that the suspension will continue for a few days until we complete our investigation and counter-measures. We will update you as we learn more.

Square Enix Members is a loyalty program that dishes out rewards in exchange for players who register Square-Enix games with the service. The website does store users' names, addresses, usernames, and passwords.

Square Enix Members server hacked, personal info possibly compromised originally appeared on Massively on Wed, 14 Dec 2011 08:30:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

EverQuest to hackers: You've been served

Matt Daniel — Fri, 02 Dec 2011 22:00:00 EST

Filed under: Fantasy, EverQuest, Culture, News items

In a suitably ominous speech on the EverQuest forums, Sony Online Entertainment's Piestro delivered a word of warning to the cheaters, hackers, and exploiters of Norrath: "Stop now." Piestro goes on to reveal that the team has been quietly performing some clandestine work that helps "[detect] cheaters quickly and accurately."

This should be good news for fans of the old-school title who enjoy playing the game on a level field. Hackers, however, should back down at once, because -- as Piestro warns -- "there will be no second chances." Also, because cheating makes you a jerk.

EverQuest to hackers: You've been served originally appeared on Massively on Fri, 02 Dec 2011 22:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

MapleStory breached, 13 million accounts exposed

Justin Olivetti — Sat, 26 Nov 2011 18:00:00 EST

Filed under: Fantasy, MapleStory, MMO industry, Free-to-play, Legal

The famously hacked Sony has a sympathetic shoulder this week, as Nexon recently discovered a massive breach that's exposed over 13 million MapleStory player accounts to cyber ne'er-do-wells. Discovered this past Thursday, the breach was solely limited to South Korea, as Nexon hosts separate countries on their own servers.

This means that any South Korean MapleStory player's information is at risk, including user IDs, names, passwords, and residential registration numbers. This information could potentially be stolen and used for a variety of crimes.

While there's been no word whether actual personal information has been stolen, Nexon nevertheless urged these 13+ million subscribers to change their passwords. The company has contacted the police to ask for a formal investigation.

This comes at an unfortunate time for the company, as Nexon is poised to present its IPO on the Tokyo Stock Exchange in December.

MapleStory breached, 13 million accounts exposed originally appeared on Massively on Sat, 26 Nov 2011 18:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Free for All: The real damage of botting, in the words of a botter

Beau Hindman — Wed, 02 Nov 2011 10:00:00 EST

Filed under: Business models, Economy, Opinion, RuneScape, Free-to-play, Browser, Free for All

I received an interesting email from someone the other day, someone who wanted to let me in on the lifestyle of a botter. Frankly I was a little embarrassed for the guy since he seemed to believe me to be naive about the entire process. The truth is that I have met plenty of shady characters and heard stories that would make your eyes bug out of your head. I've heard these stories from the developers and players themselves. There truly is some nasty stuff going on in MMO gaming.

The saddest thing is that cheaters honestly think that what they do cannot possibly result in much harm for the game they are botting in, cheating at, or hacking up. It's sad because the truth is that a cheater, as one person, might not have much of an impact on the game. Add up several thousands of these scam artists and the results are mindboggling. Drive by your local dump to see just how much trash can pile up, one person at a time.

I want to shine some light on just how damaging botting can be. Click past the cut.

Continue reading Free for All: The real damage of botting, in the words of a botter

Free for All: The real damage of botting, in the words of a botter originally appeared on Massively on Wed, 02 Nov 2011 10:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Introducing Shadowrun Online

Justin Olivetti — Thu, 13 Oct 2011 09:30:00 EST

Filed under: Sci-fi, New titles, Browser

Cliffhanger Productions, the makers of the upcoming Jagged Alliance Online, has announced another title in progress: Shadowrun Online. Based on the popular pen-and-paper game, Shadowrun will share a similar top-down strategy format with Jagged Alliance. Shadowrun takes place in a dystopian 2070 where magic and technology clash, and where hackers and street samurai are commonplace.

Shadowrun Online players will split their game time between prepping missions and carrying them out. While some of the maps will require all-out action efforts, others will require stealth, hacking, and even magic. Between fights, players will seek out contacts, prepare spells, and purchase gear to improve their odds when the time comes.

Shadowrun Online is in pre-production and the team hopes to get it into full development by November. It is planned to be a browser-based title, and Cliffhanger is drawing from Shadowrun alumni efforts to keep the game in line with the franchise. The company is still looking for partners to help with publishing and distributing.

Introducing Shadowrun Online originally appeared on Massively on Thu, 13 Oct 2011 09:30:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Hackers compromise 33,000 SOE accounts

Justin Olivetti — Wed, 12 Oct 2011 07:00:00 EST

Filed under: MMO industry, Legal, Miscellaneous

Sony's hacking woes continue today, as intruders today have attempted -- and, in some cases, succeeded -- to access the giant corporation's accounts. Chief Information Security Officer Philip Reitinger posted a letter on several SOE forums informing players that their accounts may have been compromised.

The good news is that less than 0.1% of Sony's entire playerbase has been affected. The bad news is that that leaves around 33,000 SOE players -- in addition to Sony Entertainment Network and PlayStation Network customers -- whose accounts were hacked. Following the intrusion, Sony temporarily locked the accounts and is investigating the situation.

"Only a small fraction of these 93,000 accounts showed additional activity prior to being locked," Reitinger said. He assured customers that credit card numbers were not leaked and that any purchases made during this intrusion will be restored. SOE customers with locked accounts will receive an email with instructions on how to validate their credentials and restore their service.

Hackers compromise 33,000 SOE accounts originally appeared on Massively on Wed, 12 Oct 2011 07:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Fighting the EverQuest hacking wildfire

Justin Olivetti — Thu, 06 Oct 2011 13:00:00 EST

Filed under: Fantasy, EverQuest, Bugs

While hacking and botting may not be a source of frustration to you in your daily MMO, to the denizens of EverQuest, it is a real and ever-present headache. In what is already not the easiest MMO on the planet, players are experiencing an onslaught of hackers who go out of their way to ruin the fun for everyone.

In a three-part series, Ten Ton Hammer exposes the systematic problem of rampant hacking in the game, especially on the new progression servers. While guilds are doing their part to crack down on hackers in their midst, it doesn't seem to be enough to stem the flow, especially as with a much smaller team in place these days.

Ultimately, fighting this problem does not seem to be SOE's current priority. EQ Producer Thom Terazzas addressed the issue of hacking by saying, "The expansion is something that we're really focused on right now. That has gotten, I would say, 80 percent of the focus here. So doing anything that dramatically combats the hacking is something that we would really like to do, but it is not something we've been able to do."

Terazzas followed that up by talking with the Customer Service team and promised that the hackings will receive higher priority once the expansion crunch is over. In the meantime, he urged players to file reports with CS if hacking was observed.

Fighting the EverQuest hacking wildfire originally appeared on Massively on Thu, 06 Oct 2011 13:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Star Wars Galaxies fan site hacked, 23K passwords stolen

Justin Olivetti — Wed, 31 Aug 2011 11:30:00 EST

Filed under: Sci-fi, News items, Star Wars Galaxies, Legal, Miscellaneous

Talk about kicking a game's community when it's down.

VentureBeat reports that Star Wars Galaxies.net, a major SWG fan site, was hacked yesterday. Star Wars Galaxies.net is part of a LucasArts fan site network, and apparently was not being actively maintained, as the last update was in June of 2009. Still, over 21,000 email addresses and 23,000 passwords were stolen -- some of which could lead to identity theft, according to authorities.

The hack was perpetrated by ObSec, a small group in the vein of LulzSec. The hackers posted the email addresses and passwords online for all to see. Analysis of the passwords found that 71% were relatively weak and easy to crack anyway.

Some Star Wars Galaxies players may see this as an unfortunate echo of the much larger Sony hack that happened earlier this year. We at Massively urge any players who have used this fan site to make sure that they change their passwords elsewhere as well.

Star Wars Galaxies fan site hacked, 23K passwords stolen originally appeared on Massively on Wed, 31 Aug 2011 11:30:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

North Korea employing MMO hackers to fund government

Jef Reahard — Sat, 06 Aug 2011 20:00:00 EST

Filed under: Lineage, Business models, Culture, MMO industry, News items

What's a dictator to do when his third-world economy is wheezing along on its last legs? Hack some video games, of course! According to a report in the New York Times, North Korea's Kim Jong-il unleashed an army of young computer crackers on popular South Korean online gaming portals to find ways to make quick cash.

South Korean authorities claim that a squad of approximately 30 hackers operated from a base in China and were given the mission of breaching online gaming servers (including those of the immensely popular Lineage) to set up bot factories and automated farming collectives. The digital booty was then sold to gamers for a reported $6 million over two years.

Chung Kil-hwan, a senior officer at South Korea's International Crime Investigation Unit, says that the hacker group "reports to a shadowy Communist Party agency called Office 39, which gathers foreign hard currency for Mr. Kim through drug trafficking, counterfeiting, arms sales, and other illicit activities."

North Korea employing MMO hackers to fund government originally appeared on Massively on Sat, 06 Aug 2011 20:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Scott Hartsman says gold farming hurts our games more than we know

Justin Olivetti — Thu, 21 Jul 2011 13:30:00 EST

Filed under: MMO industry, Legal, Miscellaneous

Gold buying is one of those aspects of MMO culture that is seemingly universally denounced, yet enough people partake in the practice to keep the wheels of this grey market activity going. Scott Hartsman may be saying the obvious when he denounced gold farming and selling to Gamasutra, but apparently it is still something we need to hear.

The Trion Worlds general manager shared a glimpse of just how hard these activities hit games, and how concerned he and other studio execs are about the proliferation of credit card fraud that results: "It's those kinds of things where people laugh and go, 'Oh, that never happens.' No. It happens. It happens a s**tload. To the point where, over the last three or four years, I would dare anybody to ask an exec at a gaming company how much they've had to pay in MasterCard and Visa fines, because of fraud. It happens a lot."

According to Hartsman, the more these events take place, the more money studios spend on paying fines and dealing with them instead of reinvesting funds into the games themselves -- all because of the "jerks" perpetuating the crimes.

Scott Hartsman says gold farming hurts our games more than we know originally appeared on Massively on Thu, 21 Jul 2011 13:30:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Fifty days of 'lulz' over: LulzSec disbands

Justin Olivetti — Mon, 27 Jun 2011 10:00:00 EST

Filed under: EVE Online, Events, real-world, Legal, Miscellaneous

The secretive hacking group known as LulzSec has announced that it is formally disbanding with the completion of its planned 50 days of mayhem. Among its many targets that it has hacked, including government sites, LulzSec struck at The Escapist, Bethesda Game Studios, League of Legends, and EVE Online.

LulzSec sent out a final statement, which said the group was a band of six hackers who had planned 50 days of attacks from the beginning. Now that the time is up, the group plans to fade into the shadows.

The group hopes that others will continue with these illegal activities: "Behind the mask, behind the insanity and mayhem, we truly believe in the AntiSec movement. We hope, wish, even beg, that the movement manifests itself into a revolution that can continue on without us."

While a suspected member of LulzSec was arrested a few days ago, the organization denied that he was part of the collective.

Fifty days of 'lulz' over: LulzSec disbands originally appeared on Massively on Mon, 27 Jun 2011 10:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Codemasters website, store, and database hacked

Jef Reahard — Fri, 10 Jun 2011 12:00:00 EST

Filed under: Culture, MMO industry, News items, Miscellaneous

Another day, another game publisher in a hacker's crosshairs. This time around it's Codemasters, and Eurogamer has the details on a security violation that compromised the company's website, EStore, CodeM database, and Dirt3 VIP code redemption webpage. The intrusion occurred on June 3rd, and Codemasters has sent out a letter to affected customers advising of the potential threat to their identity-related information.

The article reports that no payment details or credit card info was pilfered, but encrypted passwords as well as Xbox Live gamer tags and personal data (including addresses and user names) were taken. Thus far no groups or individuals have claimed responsibility for the attack. You can read the full Codemasters letter at Eurogamer.

Codemasters website, store, and database hacked originally appeared on Massively on Fri, 10 Jun 2011 12:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Suspected Sony hackers arrested in Spain

Jef Reahard — Fri, 10 Jun 2011 11:00:00 EST

Filed under: Culture, MMO industry, News items, Miscellaneous

If you've been wondering when (or whether) authorities would be bringing some of the Sony PlayStation hackers to justice, the New York Times has a brief report that you'll want to check out. Three hackers were recently arrested by Spanish police in the cities of Almeria, Barcelona, and Valencia, all of them with suspected connections to the attacks that took the PlayStation Network offline last April as well as cyber assaults on Spanish banks and government websites.

The Spanish National Police claim to have "dismantled the local leadership of the shadowy international network of computer hackers known as Anonymous," though the Times article casts doubt on whether or not the three individuals arrested were solely responsible for the Sony brouhaha.

The cyber shenanigans will end up costing Sony somewhere in the neighborhood of $173 million due to damages, IT spending, legal fees, lost sales, and expenses related to customer win-back programs.

Suspected Sony hackers arrested in Spain originally appeared on Massively on Fri, 10 Jun 2011 11:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Sony loses $3.2B, spends $170M in response to hacker attacks

Justin Olivetti — Mon, 23 May 2011 11:00:00 EST

Filed under: MMO industry, Legal, Miscellaneous

Sony's bad year is getting a smidge worse. The company, which had previously predicted a healthy profit for the past fiscal year, is now expecting a loss of $3.2 billion for the period of April 2010 through March 2011.

The reverse in fortunes is mostly due to writing off a $4.4 billion tax credit, although the company has been struggling with both the recent earthquake and hacker attack that disrupted operations of both its physical operations and online services. Sony CFO Masaru Kato doesn't beat around the bush: "In the first quarter, we saw quite a major impact on our manufacturing activities."

Sony also has spent over $170 million in response to the hacking intrusion last month. These funds went to rebuilding the network, providing identity protection coverage, investigating the attacks, free game time, and customer support.

This is the second straight year that Sony has operated at a loss, although last year's $439 million wasn't nearly as severe as this promises to be.

Sony loses $3.2B, spends $170M in response to hacker attacks originally appeared on Massively on Mon, 23 May 2011 11:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Talking Sony and identity protection with LifeLock

Justin Olivetti — Tue, 10 May 2011 09:00:00 EST

Filed under: Interviews, MMO industry, Miscellaneous

As Sony continues to struggle to restore service to both the PlayStation Network and Sony Online Entertainment's MMOs following a hacking intrusion that resulted in millions of customer identities being compromised, players are understandably concerned about how secure their information is with similar companies.

Even though Sony promised to provide a year's worth of identity theft protection for affected customers, part of the responsibility for safeguarding against such theft lies with us. As such, we spoke with Mike Prusinski, the Senior Vice President of Corporate Communications for LifeLock, an identity theft protection service. We asked him about what we should be doing to protect our identities online -- and what Sony could have done better in the first place.

Massively: What are the most common ways that people have their identities stolen?

Mike Prusinski: Though there are no statistics that point to one way over another, consumers get their personal information lost through stolen laptops, hackers, stolen mail, trash, skimming devices, scams (email, phone calls and personal visits), peer-to-peer networks and public websites.

Continue reading Talking Sony and identity protection with LifeLock

Talking Sony and identity protection with LifeLock originally appeared on Massively on Tue, 10 May 2011 09:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

SOE releases further breach details, 24.6 million accounts compromised

Jef Reahard — Tue, 03 May 2011 09:00:00 EST

Filed under: Events, real-world, MMO industry, News items, Miscellaneous

There's an old adage that things are always darkest just before the dawn, and right now the folks at Sony Online Entertainment -- as well as millions of customers -- are enduring another round of grim news. The San Diego-based MMORPG publisher has just announced that approximately 24.6 million accounts may have been stolen, in addition to the 12,700 credit or debit card thefts reported yesterday.

A new SOE press release reports that personal information including names, addresses, email addresses, login names, and hashed passwords has been illegally obtained by hackers. Another 10,700 direct debit records were pilfered from accounts in Austria, Germany, Netherlands, and Spain, including bank account numbers and the information mentioned above.

SOE plans to compensate consumers with 30 days of free subscription time as well as an additional day for each day its systems are down. The company will also provide "a complimentary offering to assist users in enrolling in identity theft protection services and/or similar programs."

SOE releases further breach details, 24.6 million accounts compromised originally appeared on Massively on Tue, 03 May 2011 09:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

A second breach of Sony's internet security? [Updated]

Larry Everett — Mon, 02 May 2011 18:20:00 EST

Filed under: MMO industry, News items, Miscellaneous

We have all heard that Sony's PlayStation Network was compromised nearly two weeks ago. The online services for the PlayStation 3 have yet to recover or come back online since the incident. This morning, Sony's PR director Patrick Seybold claimed that there was no truth to the rumor that credit card information was stolen by hackers. However, SOE cautioned gamers to be vigilant nonetheless.

It has now come to light via Nikkei.com that there was a reported second security infraction in Sony's gaming network. Nikkei claims that nearly 12,700 credit card numbers were stolen from Sony Online Entertainment this past Sunday in a second attack. As we reported this morning, all SOE sites have been brought offline because of "an issue that warrants enough concern for [SOE] to take the service down effective immediately," according the the site.

Michele Sturdivant, a spokeswoman for Sony, countered this allegation in The Wall Street Journal. "We temporarily took down SOE's services as part of our continued investigation into the external intrusion that occurred in April," Sturdivant affirmed. "This is not a second attack."

[Update: SOE has posted a security update to The Station.com. "We are today advising you that the personal information you provided us in connection with your SOE account may have been stolen in a cyber-attack. Stolen information includes, to the extent you provided it to us, the following: name, address (city, state, zip, country), email address, gender, birthdate, phone number, login name and hashed password." The notice further suggests that "information from an outdated database from 2007 containing approximately 12,700 non-US customer credit or debit card numbers and expiration dates (but not credit card security codes) and about 10,700 direct debit records listing bank account numbers of certain customers in Germany, Austria, Netherlands and Spain may have also been obtained" but that the "main credit card database" was not compromised in the attack. It appears this is part of the larger PSN attacks and not a separate security breach.]

A second breach of Sony's internet security? [Updated] originally appeared on Massively on Mon, 02 May 2011 18:20:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

SOE takes services offline due to serious issue

Justin Olivetti — Mon, 02 May 2011 09:30:00 EST

Filed under: MMO industry, News items, Miscellaneous

This Monday morning, Sony Online Entertainment customers are waking up to discover that all of their games' services are down. Apparently, the company has discovered a serious issue while following up with the previous weeks' hacker intrusion and is taking steps to rectify it.

The Station.com posted the following notice:

Dear valued SOE Customers,

We have had to take the SOE service down temporarily. In the course of our investigation into the intrusion into our systems we have discovered an issue that warrants enough concern for us to take the service down effective immediately. We will provide an update later today (Monday).

We'll update this story as it develops.

SOE takes services offline due to serious issue originally appeared on Massively on Mon, 02 May 2011 09:30:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

PlayStation Network credit card info appears to be safe: 'No unauthorized activity relating to Sony'

Justin Olivetti — Thu, 28 Apr 2011 17:30:00 EST

Filed under: MMO industry, Legal, Miscellaneous

It looks like the beleaguered Sony finally caught a break. The company, which has struggled for over a week following a hacker attack that stole massive amounts of player information, says that it looks as though user credit card information remains secure and encrypted. It turns out that Sony had encrypted some personal info but not all of it.

Gamespot also reports that several financial companies, including MasterCard, WellsFargo and American Express, have witnessed "no unauthorized activity relating to Sony."

Sony's Patrick Seybold passed along the positive news: "The entire credit card table was encrypted and we have no evidence that credit card data was taken. The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack."

Sony's PlayStation Network is still offline while it's rebuilt with a higher level of security. The company saw its shares drop 4.5% today on the Tokyo exchange to $27.71.

PlayStation Network credit card info appears to be safe: 'No unauthorized activity relating to Sony' originally appeared on Massively on Thu, 28 Apr 2011 17:30:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

The Daily Grind: Do you trust MMO companies after the Sony debacle?

Justin Olivetti — Thu, 28 Apr 2011 08:00:00 EST

Filed under: Culture, MMO industry, Opinion, The Daily Grind, Legal, Miscellaneous

It's hard to believe that it's been over a week after a major intrusion into the PlayStation network, and Sony is still trying to put the pieces back together. Many customers were dismayed to hear that their private information was compromised by the attack.

Free Realms and DC Universe Online players are among those who have to feel shaken up at the revelation that Sony wasn't the impregnable fortress they perhaps hoped. It's unsettling to realize just how much personal info you hand over to these companies -- your name, address, birthday, credit card information, passwords -- when that info could be grabbed by hackers.

In light of the Sony debacle, do you still trust MMO companies with this information, or has it made you think twice about the corporations to which you're handing the keys to your life?

Every morning, the Massively bloggers probe the minds of their readers with deep, thought-provoking questions about that most serious of topics: massively online gaming. We crave your opinions, so grab your caffeinated beverage of choice and chime in on today's Daily Grind!

The Daily Grind: Do you trust MMO companies after the Sony debacle? originally appeared on Massively on Thu, 28 Apr 2011 08:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Player identifies "huge security hole" in RIFT's authentication system, Trion seals it

Justin Olivetti — Sat, 19 Mar 2011 13:00:00 EST

Filed under: Fantasy, Game mechanics, Rumors, RIFT

Hacking and account hijacking have been severe issues for RIFT ever since launch, even though Trion Worlds anticipated the onslaught from the beginning. Yesterday we saw Trion implement the so-called Coin Lock patch to prevent hackers from selling other players' items in-game, which some see as a novel (partial) solution to the problem.

However, this may not be enough to stop the truly malicious invaders from getting into RIFT accounts. One player, identified as "ManWitDaPlan" on the forums, claims to have circumvented the account login completely, leaving a "huge security hole" for hackers to exploit:

"I have verified the authentication system can be bypassed by successfully logging into another account without needing its credentials. Worse, all it took was about thirty seconds of time once I got all of the details locked down. I did trigger Coin Lock, but I was fully able to access that handy delete-character button, so this exploit is a griefer's dream. I will not post details on how to do this (so don't ask), but I'm positive that I can reproduce this at will and likely on any account on the system."

Later in the thread, a Trion representative added: "We have some things in the works right now and have been passing on your feedback, concerns, and thoughts throughout the day (no matter how radical or unlikely). Sharing sensitive information about our actions (no matter how broad) naturally also informs those carrying out these attacks. This puts us in a tight spot with how much information we can provide, and the questions we can answer."

And it looks as though the problem may be fixed, as ManWitDaPlan posted late last night: "Got word back from Steve Chamberlin, the development lead for Rift. This hole is sealed."

Player identifies "huge security hole" in RIFT's authentication system, Trion seals it originally appeared on Massively on Sat, 19 Mar 2011 13:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Turbine upgrades LotRO's compromised account reimbursement policy

Justin Olivetti — Sat, 26 Feb 2011 20:00:00 EST

Filed under: Fantasy, Lord of the Rings Online, Free-to-play, Legal

Account security is a worrysome topic in Lord of the Rings Online these days, especially following a reported rise in hacks and thefts among the playerbase. A couple months ago Codemasters implemented a stronger policy to help players recover lost property, a direction that Turbine followed yesterday when it revised its compromised account reimbursement policy.

Sapience announced on the LotRO forums that this policy is significantly updated and expanded from the old one. Now when a player's account is hacked, Turbine gives a seven-day window to report the issue, during which the company can restore "most" of the lost items and compensate players for items that cannot be replaced. This, however, is not a true rollback and does not cover accounts compromised before February 24th.

Turbine also reassured players that the studio is making it much tougher for unauthorized intruders to delete or sell rare items like raid gear, which should add another layer of protection from losing one's goods.

Turbine upgrades LotRO's compromised account reimbursement policy originally appeared on Massively on Sat, 26 Feb 2011 20:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

The Road to Mordor: Hacked!

Justin Olivetti — Fri, 21 Jan 2011 19:30:00 EST

Filed under: Fantasy, Lord of the Rings Online, Game mechanics, MMO industry, Free-to-play, The Road to Mordor

"My kinship had just finished an instance run about a week-and-a-half ago and was in the process of reloading back into the world when I got the message that I was being disconnected because I had just logged into the Brandywine server. Huh? Suspecting the worst, I immediately hit up the Turbine Account page and changed my password then re-logged back into the game, which would boot the hacker offline just like I had been booted minutes earlier.

"I was lucky and did that before the hacker had time to switch servers to where my active characters are. Other kinmates have not been so lucky."

So goes the frightening tale of Pumping Irony's Scott, who shares this in the hopes that others may avoid a similar scare. Unfortunately, it seems as though stories such as these are becoming more and more common in Lord of the Rings Online, where the worst threat to your quest may not be the eye of Sauron but the malicious intent of hackers gutting your account while you're offline.

Today we're going to step off the path for a temporary side trail into the gloomy undergrowth of account security and an MMO under siege.

Continue reading The Road to Mordor: Hacked!

The Road to Mordor: Hacked! originally appeared on Massively on Fri, 21 Jan 2011 19:30:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

APB Reloaded blog talks hackers and cheaters

Jef Reahard — Tue, 14 Dec 2010 11:00:00 EST

Filed under: MMO industry, News items, Free-to-play, All Points Bulletin, Crime, Dev Diaries

Bjorn Book-Larsson has a lot to say about APB Reloaded, the forthcoming reanimation of APB's corpse, courtesy of free-to-play publisher GamersFirst. Book-Larsson, the company's COO/CTO, has been blogging about the resurgent title for a few weeks now, and veteran players and prospective newbs alike will want to take a gander at his latest entry.

The blog focuses on APB's anti-cheat protections and, while it doesn't go into great detail for obvious reasons, Book-Larsson does make a decent case for APB Reloaded's level playing field. First off, he points out that the server-driven game is "more resilient to cheaters than most other F2P MMOs" due to the fact that F2P titles generally don't spend the same kind of money on infrastructure in comparison to your average P2P title. "In APB we are going to run a giant experiment to basically determine if hardware costs/specs have progressed far enough to make F2P server-driven games financially viable," he says.

Book-Larsson goes on to discuss the aim-bot problem, as well as various denial-of-service attacks that GamersFirst has dealt with over the past few years. It's an interesting read for anyone curious about APB Reloaded or MMO security, and also offers a humorous bit of insight relating to the over-reporting of cheaters.

APB Reloaded blog talks hackers and cheaters originally appeared on Massively on Tue, 14 Dec 2010 11:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Mortal Online busting out tremendous banhammer on hackers

Krystalle Voecks — Tue, 27 Apr 2010 11:00:00 EST

Filed under: Exploits, Game mechanics, PvP, News items

Hackers beware. The team at Star Vault have their eyes on you, and it's time to stop any and all shenanigans you've got going on in Mortal Online. Or else, you say? Or else the banhammer awaits you -- and according to their most recent update, it means an instant, permanent ban that could leave you staring at the login screen in frustration.

According to a post by Maerlyn on the Mortal Online forums, there is currently no set date on when software monitoring will come into play, or even what method they'll use to monitor for third-party applications or changes in the game files that are being reported. A follow-up posting by Tazaterra in the same thread indicates that anyone who has modified game files needs to stop at this time.

With the game still being tweaked pending release, we're glad to see the team at Star Vault is taking a proactive stance on this before the floodgates officially open. In a game where PvP is everything, players need to know that anyone using exploits, hacks, bots or the like to tip the game balance will be dealt with swiftly and before it causes game imbalances.

[via TTH]

Mortal Online busting out tremendous banhammer on hackers originally appeared on Massively on Tue, 27 Apr 2010 11:00:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments

Warhammer Online developer diary on combat with hackers

Eliot Lefebvre — Sat, 07 Nov 2009 18:00:00 EST

Filed under: Fantasy, Bugs, Exploits, Warhammer Online

Hackers, as everyone knows, were scheduled to be the mirror class to Choppas... wait, no, that's not right. We're not talking about one of the classes of Warhammer Online, we're talking about that scourge of the paying and fair-playing populace of every MMO. The most recent developer diary on the game's official site is with John Cox, development manager, discussing some of the ways and means that allows Mythic to fight against the scourge of hacking and try and keep the game on the level.

Cox discusses a number of techniques, starting with the most obvious: that several people working on fighting the hacks are part of hacking communities, observing silently and sometimes even testing them internally to develop a response. He also discusses why some of the progress on fighting illegal behavior is a bit slower than the community would like, and why it's not always as possible to shut things down straightaway on the server end. With a discussion of some of the holes in detection, which includes an explanation of why the game briefly had Vista users almost universally flagged as hackers, it's an interesting look behind the scenes at Warhammer Online's efforts to fight the good fight. (That is, the one not involving Order versus Destruction.)

Warhammer Online developer diary on combat with hackers originally appeared on Massively on Sat, 07 Nov 2009 18:00:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments

Leaders have questions, and Darkfall's Tasos Flambouras has answers

Seraphina Brennan — Thu, 16 Apr 2009 16:00:00 EST

Filed under: Fantasy, Darkfall, Game mechanics, Guilds, Interviews, PvP

Darkfall blogger extraordinaire Paragus recently sat down with some of the biggest alliance leaders of Agon, collecting questions to take back to Aventurine's very own Tasos Flambouras for answering.

While not all of the questions are actually questions (we see those declarative statements, you can't hide them from our prying eyes), Tasos attempts to provide answers to some of Darkfall's biggest problems. Crashing during battles, game mechanics overthrowing battle strategies, six hour sieges, political options in the interface, inability to purchase the game, and the burning question of what Aventurine is doing to deal with cheaters are all covered in this lengthy two page interview.

The entire interview has been posted to MMORPG.com. If you're looking for a peek inside of the mind of Aventurine, or the mind of Tasos, in the very least, don't hesitate to jump on over and catch his answers to some burning questions.

Leaders have questions, and Darkfall's Tasos Flambouras has answers originally appeared on Massively on Thu, 16 Apr 2009 16:00:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments

Blizzard Authenticator adds new layer of security, for a price

Chris Chester — Thu, 26 Jun 2008 20:00:00 EST

Filed under: World of Warcraft, Exploits, MMO industry

When you play online games these days, you always have to be mindful that you don't leave yourself vulnerable to viruses, account fraud, and hacks. Something as seemingly simplistic as a hidden keylogger in a UI mod can open the floodgates to strangers to come on your computer and take your account information. Stories abound of players losing accounts they've dumped thousands of hours into because they didn't take the proper precautions. While some of the blame certainly lies with the players, there are some critics who have charge that the MMO industry doesn't do enough to prevent fraud.

Enter the Blizzard Authenticator. This new keychain SecurID device can be attached to your World of Warcraft account, making it impossible for anybody to access it without the Authenticator plugged into the computer They'll be debuting the device at the upcoming Blizzard Invitational, but it should be available on Blizzard's online store soon at the low, low price of $6.50. It's a small price to pay for peace of mind.

Blizzard Authenticator adds new layer of security, for a price originally appeared on Massively on Thu, 26 Jun 2008 20:00:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments

Account thieves make mainstream news

Kyle Horner — Tue, 22 Apr 2008 15:00:00 EST

Filed under: Culture, Exploits, News items

Some determined hackers have gone to great lengths to steal MMO accounts. So much so that they've managed to get noticed by the mainstream news outlets. We guess that's what happens when you hack over 10,000 websites just to get your hands on somebody else's MMO account.

Essentially, these guys hacked into thousands of websites and added a small amount of code that redirects users into an invisible attack from some China-based servers. Apparently if you've got your antivirus program of choice up-to-date you shouldn't worry. Although the article points out that some of these attacks are directed at ActiveX controls, so update that as well if you haven't recently.

We all know how terrible it would be to have our accounts hacked into and stolen. Many of us spend hundreds of hours in our favorite worlds, which many of us also pay for through our credit cards. Strangely enough, Lord of the Rings Online is mentioned as one of the games targeted by the hackers.

[via TenTonHammer]

Account thieves make mainstream news originally appeared on Massively on Tue, 22 Apr 2008 15:00:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments

Security researchers warn of dangers in online games

Michael Zenke — Tue, 01 Jan 2008 11:15:00 EST

Filed under: Economy, Exploits, MMO industry, News items

Always on the lookout for new opportunities, criminal elements have been interested in MMO players for some time now. A great 'in' to credit card records and personal information, player accounts are also ripe with virtual goods that can be easily liquidated into in-game currency and then resold for real funds. A warning last year about hackers interested in World of Warcraft accounts has been mirrored in recent weeks by researchers cautioning players of Korean and Japanese titles.

Security software groups Ahnlab and Symantec have both seen increased reports of criminal hackers working to gain access to eastern MMOs in recent months.

For more on this subject, the site SecurityFocus has up a recent interview with the writers of the book Exploiting Online Games, discussing the reality of security research as it pertains to Massive titles. The authors indicate that MMO development houses are still a ways off from fully appreciating the dangers of lax security measures managing these systems.

Security researchers warn of dangers in online games originally appeared on Massively on Tue, 01 Jan 2008 11:15:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments

MMO security irresponsibly bad, experts claim

Chris Chester — Tue, 27 Nov 2007 17:02:00 EST

Filed under: Bugs, MMO industry

MMO players have more to fear than simply kobolds and virtual super villains. According to several security engineers interviewed by TechNewsWorld, gamers face greater risks than many of them realize, as lax security measures on the part of publishers expose players to identity theft, malware, and potential hack attacks. And as persistent online worlds continue to grow in size, they only become more lucrative targets for online ne'er-do-wells. They attribute much of the risk to the fact that so much of the actual game software lies on users' home computers, and is not adequately shielded by firewalls and other protective measures.

Unfortunately, the solutions posed by the so-called experts betray an obvious lack of experience with MMOs and the people who play them. They cite enterprise networks as an example of having the kind of network security that gamers need to ensure that they're protected from intrusive attacks... So they suggest that people play games from work to alleviate the risk. While I'm enthusiastic about such a prospect personally, I highly doubt that most employers are too keen on the idea of their employees logging in while on the clock and using up company bandwidth to grind for Sporeggar rep. They also suggest purchasing expensive security products, but that's not something I'd imagine most people haven't considered and disregarded already.

A more prudent suggestion, though not one explicitly cited in the article, is to instead be extremely mindful of what kind of mods you download for your favorite games, and from where you download them. If you don't give hackers an open door to your system, than there's probably not too big a cause for concern, unless you're unlucky enough to have bought pre-hacked products.

MMO security irresponsibly bad, experts claim originally appeared on Massively on Tue, 27 Nov 2007 17:02:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments