Runes of Magic US / AU

What are we at 160-180 hacked so far? Either that is alot of gold buyers, or alot of people opening phishing emails, or alot of people with keyloggers, or alot of people sharing account, or....yeah you get the point. Lets not forget the very first account hacked, A GMs account. They took a GM account first to send a very loud and clear message, you are not safe, you are not immune.

As per Dionaea : Will you get back everything? Everything that can be verified as being lost during the hack, yes. Which makes the research of hacked accounts so time consuming and causes the tickets to take time before they can be closed as solved. Give the support the time they need, cooperate when asked by support and give information needed, and our support will assist you to the best they can.

Ok so how does the verifying of what i had, goes? please elaborate on this one. I have screenshots of everything since 2 weeks ago, now will have to take them again to make sure. How do you check what i had and what not?

You can verify how much i spent on this game for the last 2 years on this game and that is why i am concerned about the whole situation. I lost potions in my first page of my backpack and they closed my ticket and that was it , so yes i am concerned, and yes i replied to their automated e-mail, still closed.

I am not raging at you Dionaea, but re-assuring paying customers would be nice. I don't want names or anything, let us know what actions if any are taken.

And i was saying funny, because you guys asked us to change our passwords and a lot of people did and they are getting hacked even more. Do you see my point, maybe i shouldn't have changed it after all. Not funny to the player that is for sure.

With the buyout are you getting more people to help out? more employees? just a bit of info would go a long way.

Thx

Come on people the real truth here is Frogster itself was hacked and they are to scared to admit it because of the repercusions that WILL follow. I'd love for them to explain how someone changes there Password and still gets hacked. Really come on already they could give a fly f about us. I would love to see my account get hacked since i've been changing my PW every 2 days now. If and when i get hacked the crap will fly since im not scared of frogster at all. I'll take the legal route against there company in a heat beat. I've spend a toon of money on this game and i'm really getting tired of the way they treat us. So bring it on

Quoted from "regentego;525334"

What are we at 160-180 hacked so far? Either that is alot of gold buyers, or alot of people opening phishing emails, or alot of people with keyloggers, or alot of people sharing account, or....yeah you get the point. Lets not forget the very first account hacked, A GMs account. They took a GM account first to send a very loud and clear message, you are not safe, you are not immune.

And even if you kill me, if this was a security breach on our side, don't you think 160-180 hacked accounts sounds a bit... small compared to the effort that would be needed to breach us and given the time this is going on now?

As a matter of fact, 160-180 (by your estimate) users who (not even willingly but accidentally) visited a trojan infested website (not even considering the ones who maybe violated EULA) is not that impossible. And still, that would be a simple explanation and we deem this too easy. We investigate each case. We investigate for possible security breaches. So far we found none.

Still, every hacked account is painful and one too many. Everyone of them needs to and will be helped, if they contact support.

Please do not drag out the argument about the GM anymore, I just linked the post where we said clearly, this was an inactive account. Inactive as not being used in a while. Inactive as in passwords unchanged for a while. He was not the first either if i recall correctly. So please lets not add to the panic with rumors which we already cleared up in several statements.

Thank you very much.

I like the "You are not safe,you are not immune" part though. This is indeed something, which we try to explain now in several statements. We on our side do everything possible to secure the safety of your accounts. So all we can ask for and all we can advice is how you can do that on your side as well.

So if my account is hacked by no fault of my own will I get my diamonds and gold restored? I don't have a lot of either but I am curious. That's really my only concern right now.

tdhanks76, our support will try to get you your account back in a first step and once the losses are confirmed get you your stuff back as much as they can, as long as the losses can be verified, yes. Which usually is the case.

I wasn't trying to infer or insight fear, I was just going over all the things Tunashake told us people were doing to to get hacked, don't blame me those are your peoples words. I too though the no one was immune was a nice touch, sort of like a good movie trailer!

Quoted from "Dionaea;525341"

Please do not drag out the argument about the GM anymore, I just linked the post where we said clearly, this was an inactive account. Inactive as not being used in a while. Inactive as in passwords unchanged for a while. He was not the first either if i recall correctly. So please lets not add to the panic with rumors which we already cleared up in several statements.

Actually, the original thread on this topic indicated a GM account had been hacked. Do you really think ignoring it will make it go away? Thanks for the insight into the Frogster rationale on problem resolution although it doesn't exactly inspire confidence.

Is anyone surprised that someone wants to do Frogster harm? They have the worst track record in regard to customer service I have ever seen.

What do you think the next hacker you piss off will do when it comes to recompense? At the very least, I'm sure they'll top the last effort just as this one is doing compared to the last one. That's just the nature of the hacker community.

In order to head off the next attack, you could actually focus on customer service and try not to turn all your consumers into enemies. Nah, that's far too logical. Forget I mentioned it. Carry on.

Quoted from "Deltaninethc;525347"

Actually, the original thread on this topic indicated a GM account had been hacked. Do you really think ignoring it will make it go away? Thanks for the insight into the Frogster rationale on problem resolution although it doesn't exactly inspire confidence.

I am not referring to this or any other thread, but to the information I have.

Quoted

Is anyone surprised that someone wants to do Frogster harm? They have the worst track record in regard to customer service I have ever seen.

Not to sound like a broken record, but please read our previous statements in this thread. Our customer support works hard to assist every hacked account, no security breach has been found as of yet.

Quoted

What do you think the next hacker you piss off will do when it comes to recompense? At the very least, I'm sure they'll top the last effort just as this one is doing compared to the last one. That's just the nature of the hacker community.

Not to sound like a broken record, but please read our previous statements in this thread. Our customer support works hard to assist every hacked account, no security breach has been found as of yet.

Quoted

In order to head off the next attack, you could actually focus on customer service and try not to turn all your consumers into enemies. Nah, that's far too logical. Forget I mentioned it. Carry on.

Please read my previous posts, not to sound like a broken record, but as stated numerous times: We investigate on all frontiers, including our side not only the players side. So far no security breach has been found. We advice our users what they can and should do on their side, while we do everything on our side to secure the accounts. Noone is pointing fingers at anybody. It would be useless anyways. All we all want is for players to have fun and not being hacked. We rely and need your cooperation. We assist to the best we can.

We will continue to investigate. As soon as we have any new information to share, we will. In the meantime, please read our advices. They are not given to annoy you or to blame you for anything, they are given to make sure you are aware what you can do while we continue to do what we can do. Our customers are not our enemies,our customers are our players and customers. Please stop flaming or enraging this thread or adding to un-profound panic. It is not helping nor is it fixing this any faster.

Thank you for reading.

Quoted from "Dionaea;525349"

Not to sound like a broken record, but please read our previous statements in this thread. Our customer support works hard to assist every hacked account, no security breach has been found as of yet.

You have been found lacking on numerous occasions despite your testament. Has nobody at Frogster noted this yet? Really?

Quoted from "Dionaea;525349"

So far no security breach has been found.

Really? LOL...just LOL.

Quoted from "Dionaea;525349"

They are not given to annoy you or to blame you for anything, they are given to make sure you are aware what you can do while we continue to do what we can do.

You must have missed the post by a Frogster agent blaming the people being hacked for buying gold. That really wasn't good customer service. Just saying.

Quoted from "Dionaea;525349"

Our customers are not our enemies,our customers are our players and customers. Please stop flaming or enraging this thread or adding to un-profound panic. It is not helping nor is it fixing this any faster.

Are you reading the same forum I am reading? There have been plenty of examples of your consumers asking for resolution to problem after problem only to be baited by the pink hat crew and the Frogster staff until they are banned or ragequit. Do you honestly not see the detrimental nature of this relationship?

Quoted from "aardvark3;525333"

Somehow the concept of such extensive and expensive technologies, evasive technologies and key loggers being employed to crack a free game and steal a little bit of gold or diamonds where it costs so little to buy gold on the net just seems a bit absurd on an account to account basis. A keylogger once installed in a computer isn't going to be used on a free game. No one is going to go through the trouble of installing it on a computer in a blind hope they can get into the right game. There is bank account information, personal id information amd a multitude of other information worth thousands and millions of times as much in real world money on that computer so lets steal a little of fantasy world gold and diamonds after spending all that money and time. This just doesn't seem to be the way the accounts are being hacked.
Someone has established a back door access to the servers and comes in and shops the accounts to find what they want Then through the server just enters the account that has what they want at that moment places and takes it bypassing the login process. That is the only way there is enough profit to make it worthwhile to a hacker. Since they are already in the server they just delete their tracks and no one knows where the items go.
Remember this is done for a profit and spending a lot of time or money makes it not worth the hackers time or effort. They have to be able to acces hundreds or thousands of accounts instantly and be able to cover their tracks just as fast to make their time and effort profitable. There is no way they can do it by working on the accounts individually only through a server can they get what they need.

I love how everyone is a master of server mechanics now, and knows 'exactly' what's going on, there's some paranoia that's striking the community right now I can say that for certain.

A lot of people are saying things that are just plain wrong probably because they've had very little experience in the field.

First, there's no way you can prove one way or another what's going on without server level access yourself, you can claim that Frogster's been hacked which may very well be true, but without server access you can't say for certain.

There are so many different things I could respond to, but I'm not sure I have the patience at the moment to respond to them.

The best thing to do is still collect as much information as possible in my opinion and try to secure your own accounts.

If the 'hacker' had root access to the servers there are much worse things they could do, even write ability to the SQL they could do a lot with. However based on what they've done so far they've shown in no way that they did, they made a GM character at one point that was lower level than Aquila but that looks to be a 'GM' power otherwise it wouldn't make much sense to make the character lower level than Aquila.

The logical conclusion there is that if they tried to make a 'GM' character that they didn't have the means to make one any other way.

Being able to access the 'logs' database or the account database seems more plausible, but I've yet to understand why they don't do certain things like other 'hackers' do, like changing user passwords, etc.

Whoa quick timeout Dio, the GM account was the first, I saw it with my own eyes.

BUT! You said it was an inactive account, not used in months right? Sooooo how does an inactive account get a Trojan? Or a keylogger? How does someone get a GM password not used for months?

Quoted from "Dionaea;525341"

And even if you kill me, if this was a security breach on our side, don't you think 160-180 hacked accounts sounds a bit... small compared to the effort that would be needed to breach us and given the time this is going on now?

As a matter of fact, 160-180 (by your estimate) users who (not even willingly but accidentally) visited a trojan infested website (not even considering the ones who maybe violated EULA) is not that impossible. And still, that would be a simple explanation and we deem this too easy. We investigate each case. We investigate for possible security breaches. So far we found none.

I respect your efforts to calm the community down, but I'm afraid that will only happen after the issue is a distant memory in the minds of the gamers who experienced it. There is a reason the Anniversary Diamond Fiasco never left. Siege getting borked back in January was a close second.

Not everyone who is hacked is going to put in a support ticket. After Support's track record, many will simply up and leave, believing that their items will not be returned. I myself lost a hero-statted cape back in December, though I do not know how- one night it was on my character, the next, poof. When I sent in a ticket to support, they told me to uninstall my addons and then reinstall the game. I did so, logged back in, still no cape, update the ticket, and then they tell me they can't return my cape because they don't know what was on the toon. I lost a LOT of time and got nothing for my efforts.

It is impossible to obtain an estimate on just how extensive the cracking has gotten. You need to keep looking for the exploit this person/people are using, hire someone with experience in the field of IT administration to see how many attempts there have been to bypass current security measures, and then perhaps consider installing a new client verification system until the compromises in the old one can be identified.

Quoted

Still, every hacked account is painful and one too many. Everyone of them needs to and will be helped, if they contact support.

Please do not drag out the argument about the GM anymore, I just linked the post where we said clearly, this was an inactive account. Inactive as not being used in a while. Inactive as in passwords unchanged for a while. He was not the first either if i recall correctly. So please lets not add to the panic with rumors which we already cleared up in several statements.

Thank you very much.

I like the "You are not safe,you are not immune" part though. This is indeed something, which we try to explain now in several statements. We on our side do everything possible to secure the safety of your accounts. So all we can ask for and all we can advice is how you can do that on your side as well.

I am curious as to what you will say when the person/s responsible see this statement, and proceed to go after an active GM account.

Ask yourself the following questions:

1. What is the intention of the cracker'/s actions? Can anything be done to prevent the loss of static items such as item mall items, gold, or diamonds?
2. How can we improve security on the client side as well as the server side?
3. How many of those who had their accounts cracked had active anti-virus/malware up and running, in addition to a firewall? Would those programs have been effective in stopping this from happening, and if not, what steps can the game take to ensure account safety despite an incoming trojan/virus/worm? (There are measures that can be taken regardless of the state of the client-server connection).
4. Who has the highest likelihood of having done this?

You need to answer them, both to yourself and to us, if you want the panic to stop. Knowledge is the bane of fear, you know.

Quoted from "LadyMacV;525355"

Not everyone who is hacked is going to put in a support ticket. After Support's track record, many will simply up and leave, believing that their items will not be returned.

Yes.

My husband and I returned to the game a few months ago, after about a year away, hoping
1) that siege was out of beta and stable now, and
2) that customer service and overall communication had improved.

Now that this hacking has endured for 5 weeks? (6 weeks?), and from what we can tell, nothing has happened to prevent the hacking or protect our investments. I asked this question last week in the forums and my posts were deleted.

If either one of us get hacked, we're gone and never looking back. I suspect, and as your quote predicts, that we aren't alone.

Quoted from "regentego;525353"

Whoa quick timeout Dio, the GM account was the first, I saw it with my own eyes.

BUT! You said it was an inactive account, not used in months right? Sooooo how does an inactive account get a Trojan? Or a keylogger? How does someone get a GM password not used for months?

Was not the first, from what i know.

We warn for general issues, regentego, not for the "only reason this is happening". Right now i think many things add up.

Old, maybe even inactive accounts, or accounts daily logged into, with old passwords. A sign for brute force, but i am no tech.

Accounts that changed passwords recently, a sign for keyloggers, but I am no tech.

I can only tell you information I have, and that is no security breach has been found as of yet.

The reasons why inactive and active accounts are breached can have many reasons and do not necessarily need to be connected. I am no tech.

All I can tell you is we keep investigating and we keep you informed. But it does not help you if I sound like a broken record by repeating umptybillion times that which i already said in this thread.

I can not force you to believe me, I can just give advice and inform you

The most important thing is that we take this as serious as you do and do not stop investigating. Also any hacked account who contacts support and cooperates will get full assistance.

And as soon as I have new information for you I share it.

@LadyMacV

Quoted

[COLOR=black !important]After Support's track record, many will simply up and leave, believing that their items will not be returned[/COLOR]

And that I can not understand. Our support always has, and always will assist everyone. The keywords being cooperation and following instructions and giving information needed. Plus the loss needs to be trackable in our logs. If it can not we will not refund. This is normal procedure. Else our economy would go really into the drains because we would refund everything on hearsay. I know sometimes this can be frustrating. But still, we need to follow our procedures.

Quoted

[COLOR=black !important]I am curious as to what you will say when the person/s responsible see this statement, and proceed to go after an active GM account.

My worst nightmare is I get hacked I do all I can to prevent that, still just today my scanner found 24 viruses on my computer. Are they all gone? Can I be sure they have all been found? I will have grey hair by tomorrow morning.

Quoted

Ask yourself the following questions:

1. What is the intention of the cracker'/s actions? Can anything be done to prevent the loss of static items such as item mall items, gold, or diamonds?
2. How can we improve security on the client side as well as the server side?
3. How many of those who had their accounts cracked had active anti-virus/malware up and running, in addition to a firewall? Would those programs have been effective in stopping this from happening, and if not, what steps can the game take to ensure account safety despite an incoming trojan/virus/worm? (There are measures that can be taken regardless of the state of the client-server connection).
4. Who has the highest likelihood of having done this?

You need to answer them, both to yourself and to us, if you want the panic to stop. Knowledge is the bane of fear, you know. [/COLOR]

1. I am not the hacker so i do not know. The first one to not be a hacker and show me he truly understands a hacker gets a cookie. I am no tech, so i can not answer the second part of your question, only my broken record that we do all we can on our side to maintain the safety of your accounts.

2. Client side we tried to explain several times. Server/software side: I already answered several times that our software and client is under heavy investigation. No loop holes have been found, no security breach has been found.

3. Pandora's Box. If you want me to answer that question: I cant. I think noone can. We do everything we can on our side to secure the safety of your accounts (sorry for broken record) but I am no tech. And if I would be I would probably not tell you what steps we take to protect them. And for what protection do the clients use? Can we really control that? I hope they read our advices and do what they can.

4. Part of the investigation

It's clear to see that a lot of us have been hacked. Let's try to gather information into a focused area, hopefully this thread... If you've been hacked, what items have you lost? How many people have been hacked in your server? For me, I've noticed a trend that the hackers are targeting many players in my server, Grimdal, who have tons of megaphones. Any other info post it here!

Quoted from "Dionaea;525368"

We do everything we can on our side to secure the safety of your accounts

This is a lie. You could have taken a look at and fixed customer service and listened to the player base way back when augustus87 threatened to exploit an insecurity. You have, therefore, not done "everything you could on your side to secure the safety of accounts".

The fact is, the payoff for a few gold spams over a few weeks until it is fixed is not worth the effort for the marketing income alone. Someone put some real thought and skill into this effort and I would be looking for a Robin Hood rather than an Al Capone on this. It looks like y'all have pissed someone off, once again, that was better than the guy you have working security.

Not only is the bad customer service causing user attrition, now it seems to be yielding vengeful acts. Frogster, you've been told over and over what needs to be done to earn the respect and loyalty of the user base. You have consistently refused to heed any advice.

Kindly invest in better customer service or better security, plox. You can't take the cheap route all around, obviously.

The least of my fears is that I will get my stuff back. Anytime I or all the other players I know have submitted a ticket it was handled in a reasonable manner and everyone got back anything they lost. I have always found them responsive and very good as long as we followed the instructions and didn't keep resubmitting the ticket.
My fear is as soon as I get the stuff back I will be hacked again. From what has been said no matter what you do and what security measures you take you will be hacked if you play this game.
Changing passwords, not changing passwords, antivirus,using the on screen keyboard nothing has stopped the hackers. My computer is restricted to gaming and doesn't go on the internet other than this game and Steam I have complicated passwords it didn't help. As the ad for Jaws said is it safe to go back into the water.

Meh...if an inactive for 6 months GM account can get hacked, then something don't make sense. No keylogger or Trojan can get stagnant information. If it's not being entered its not recordable. I'm not a tech guy at all. I'm a logic dictates guy. I suppose you can force your way onto an account but guessing a GMs login, password and secondary with nothing to go on is one amazing trick!

You really have to make someone mad!

Quoted from "LadyMacV;525355"

Can anything be done to prevent the loss of static items such as item mall items, gold, or diamonds?

Answer: Turn your gold into something that isn't gold. I'm not a economics person, but I believe it has to do with "market liquidity" or something along those lines. You pick something that has a relatively stable value and you buy as much as you can. Now x-amount of gold is x-amount of items for the same value of gold. Store it in a bank box or a guild vault, resell it for the same price (to break even) or more (to profit) after the hacking issue is resolved.
Would probably only work for economics-savvy people with low to medium gold amounts. I can't imagine someone with over 300k gold trying to do this. x_x;

For item mall and diamonds you're probably out of luck. Supposedly Support would restore those if they were stolen. >_<