Runes of Magic US / AU

Quoted from "UncleMart;518911"

Forum rules prohibit me from saying any of the toons names, but your main toon wasn't one of them

Quoted from "vfwiffo;518915"

As far as I know, Artemis is the only server affected, and it affected enough to see a one-server only pattern. That likely means that the server itself has been compromised. Changing password would only work if the breach was one time and has been plugged; otherwise your new password is as vulnerable as your old one.

And, good luck to good people at Artemis. Hope this is contained now.

Quoted from "UncleMart;518924"

Personally, my opinion on this is that Frogster has had their database compromised or someone has managed to find a security hole. These accounts are almost ALL level 70, all have megaphones. They're being identified by details. The only way someone could do this is by either going through accounts till one fits the purpose or someone has access to the actual database details and can flick through until they see a level 70.

Quoted

The only fix I can think of for now is that you give you login name (NOT YOUR PASSWORD) to a close friend who plays and if your friend see's you login and start doing this to attempt to login with the wrong password. This will have the effect of blocking the account for 30 minutes, which might just save them.

This does however need urgent attention as player can potentially stand to lose items/gold/diamonds or even real life money.

Quoted from "UncleMart;518924"

Well, the way (most) mmo's work is they have a gateway/login server which will authenticate people, once they're authenticated they get redirected with a security certificate to the actual game server.

A certain other well known MMO game had a serious security hole where they could totally bypass the actual sending of the login/password and just use a player # (randomly picked) which would allow them to login to any account, they just didn't know which one. This went on for a couple weeks till a very smart player (who actually worked in computer security) managed to find the security hole and let the company know. A few hours later the patch was rolled out and there were no more hackings.

The problem with this story is that the game company just kept on saying "You shouldn't give you details to other people" and "You shouldn't use hacks or third party programs". Me and my girlfriend BOTH got hacked and we both had major security (I've also worked in computer security) and I knew the whole time that the problem was on the games end.

Personally, my opinion on this is that Frogster has had their database compromised or someone has managed to find a security hole. These accounts are almost ALL level 70, all have megaphones. They're being identified by details. The only way someone could do this is by either going through accounts till one fits the purpose or someone has access to the actual database details and can flick through until they see a level 70.

This is very worrying indeed though.

The only fix I can think of for now is that you give you login name (NOT YOUR PASSWORD) to a close friend who plays and if your friend see's you login and start doing this to attempt to login with the wrong password. This will have the effect of blocking the account for 30 minutes, which might just save them.

This does however need urgent attention as player can potentially stand to lose items/gold/diamonds or even real life money.

Quoted from "UncleMart;518894"

Since they downgraded the forum, you can't view who's online anymore to track down a GM easy. I would have gone to the EU forum and got someone to take care of this.