Ragnarok Online Hacked, User Data Leaked

Thanks to GameSpot for their article indicating a major hacking incident on the PC MMORPG Ragnarok Online. According to the piece, developers Gravity initially "..reacted by rolling back the game's data a day, as a number of users had created items with game-master privileges", but then the problem worsened and revealed an apparent server-side hack, as opposed to the client-side hacking of Shadowbane, as "...a full list of user IDs and passwords was leaked to the general public... allowing anybody to gain access to any user account." There's also a very informative post on the GameFAQs messageboards detailing the spread of the 'user.txt' file around messageboards and P2P networks. The official Ragnarok site currently only has a form for players to reconfirm their identities via email, and has offered no official statement.

Maybe for the better

I know, I know. Hacking anything is bad.
Well, but from what I have seen of the online mm* communities, there is a very big incentive ($$) to create and maintain characters, maybe now they will be forced to start living in the 'real world', where noone is willing to blow upwards of $500 for a collection of bits that may or may not exist alltogether.
It just all seems like a big copout to me.

What will those geeks do now? Go out and play frizbee? Damn, that be too much.

eh?

[The+J+Kid]

What no link to the user.txt?

Is this the same Slashdot that linked to the DoomIII Alpha, that we know and love?

=P

Re:eh?

[syukton]

Oh, don't be silly.

It should be a link to a .torrent file; duh. ;)

Hard but necessary to protect against

[korpiq]

This will get worse until it will be sufficiently resolved. Not this particular incident, but virtual entertainment centers getting hit with the old "in-out, in-out" trick.

Now, will game industry take the lead in security development like it has taken in hardware limit pushing?

Re:Hard but necessary to protect against

This will get worse until it will be sufficiently resolved.

Indeed.

wtf? why?!

[Lord+Bitman]

Uhm.. excuse me, but why would the passwords be storedin plain text? Is there something I'm missing here, or are MD5 and crypt's weaknesses so completely crippling that it's better to just store passwords as they are typed in?

Re:wtf? why?!

[ErnieD]

That's the first thing I wondered myself. How could they be so completely amateur as to store plaintext passwords in a database that was apparently not secured from outside access. A database like this should have NO REASON for any kind of outside world contact, ESPECIALLY with the sensitive content stored within. And the fact that they AREN'T SURE whether credit card info was compromised or not is even more amazing. Sounds like someone needs to teach these guys what log files are. Don't think I'd ever trust anything with this company from now on, especially personal information.

Re:wtf? why?!

[lightspawn]

? Is there something I'm missing here, or are MD5 and crypt's weaknesses so completely crippling that it's better to just store passwords as they are typed in?

Dude, MD5 is, like, so 90's.

All the cool kids use SHA.

I hope subscription data wasnt as easily hacked

[FauxReal]

Id be triple checking my credit card statements for the next couple weeks just in case. I wonder how damaging this is for the company's business itself... how many customers will pack up and leave?

Re:I hope subscription data wasnt as easily hacked

This incident is bound to upset both players of Ragnarok.

so you can email them back on request

[DrSkwid]

why would the passwords be storedin plain text?

because paging a sysop to give you a new password is too much trouble

Re:so you can email them back on request

[LordLucless]

Who needs to page a sysop?

Automated password generation ain't hard. I stick it on every website I do that uses a password-based login system.

Ha!

[Schezar]

I used to play this back when they first put up an English server. The game is absolutely beautiful, both graphically and musically.

Playing the game, however, was worthless. You know most MMORPGs, where you hit the rats with your little stick until you get enough XP to use the bigger stick to hit the bigger rats until you get enough XP to get the...

Rag is just like that, only with -nothing- else to do. The chat interface was practically useless, and party system didn't work so well. The only reason I played it as long as I did (about two weeks) was the fact that the game itself is pretty enough to distract you from the fact that the gameplay is.. well, useless. Not fun.

On another note, I have a few friends who still play the game off and on. Funny how I remember their usernames... If -only- I knew their passwords....

Actually

[dr+ttol]

The RO server is 31MB. I know this because I know someone that got into their system using the SQL exploit (this was a month before Slammer used the same technique). He retrieved the actual server software and released this on the net so that anyone could emulate the server (if you had 1GB+ ram). He has done a lot to the RO folks, and I wouldn't be surprised if it was him that did it.

Re:Actually

Great! now you've clued the FBI(or whatever TLA) to where to narrow the search.

Online game companies will learn from this example

[Rudeboy777]

What an incredible story. I'd say somebody will lose their job over this but it seems EVERYBODY will likely lose their job over this. I can't see Gravity surviving the legal action and loss of business that will occur, and rightfully so if their security was as weak as it appears. This is a fuckup of epic proportions and the company's silence is telling.

Glad to see it happen

I played Ragnarok free beta for about 3 months and the pay for beta period for about 4 months, and in that time i have never seen worse customer service by any company ever, they simply did not care about any of the players. The final blow came in February when some 12 year old kid reported me to the game master as being a bot because i didnt say "hi" back to him, two days later my account was blocked and my character deleted from the server, they didnt bother talking to me in game, they just took his word and deleted my character and any attempt at contacting the company only resulted in a prefabricated email in broken english. Since then all of my friends that would have been paying customers have left the game because of this severe mistreatment. The thing about this is that im not the only one that this has happen too, literely hundreds if not thousands have been banned unfairly like this. Its honestly no surprise that there are so many hacking attempts on the game. I sincerly hope this latest hacking attempt drives away the american users and they go out of buisness.

Re:Glad to see it happen

[Tyrdium]

Yeah, I played ROi for a month or so and loved the game itself, and was planning on paying for it. I was about to send in my money, but decided otherwise. They've done tons of stuff to piss people off, and they don't seem to care at all about actually keeping customers. They've had tons of lag issues, they had a big problem with the payment system, they rolled back the characters right after issuing a statement that they wouldn't roll them back, ad nauseum. The forums (before they put this thing up) were awful. Everybody was constantly in an outrage about ROi. Not to mention the fact that it takes 6 months for a feature currently in one of the Asian ones to get put in ROi. Did I mention the fact that the English translation utterly, utterly sucks? Think even worse than Zero Wing. Yeah.

Re:Glad to see it happen

[Yuan-Lung]

Yeah, I played ROi for a month

eh... I believe that call it "iRO"...

Re:Online game companies will learn from this exam

[Schezar]

The US isn't their market: Korea is. RO was a flash-in-the-pan money grab in the US. Korea is where their long-term income originates.

Beta find another hobby

[August_zero]

I played this game during one of the free betas, and the thing that entertained me the most was the god awful Engrish statements that the company issued with some frequency. Even the EULA was hilariously mis-translated. All i could do was wonder, why would a company that is intending on making money with a product, not even expend the minimal effort to properly localize a game to another country before releasing it there?

I let it pass for a while but it was obvious that they are just of their league. The game had already gone through something like 200 patches when I was playing it a year ago, sometimes 2 or more would come out in a single day, and over half of the promised features never worked. Even Electronic Arts could learn a thing or two about terrible support practices from these folks.

Ditch Ragnarok.. play Everquest instead

[samsarajr]

Does anyone actually pay to play this Ragnarok?? I saw it last time in Thailand but thats it.. Go play a real MMORPG like Everquest or DAoC instead.

Everquest is crap. (So is RO, so is AC...)

[Schezar]

Everquest is crap.

More to the point, the MMORPG genre as a whole is, currently, crap. They're glorified chat rooms that let you click on monsters in order to obtain the power to click on bigger monsters.

The underlying problem is the whole "leveling" concept. MMORPGers for some reason feel the need to be rewarded based on how long they've been playing. "I'm 76th level you 75th level n00b. My member is larger than yours."

Just look at the outcry whenever someone out there is caught using a bot to level. It's sad that people will spend hours and hours of their time doing something so simple and tedious that a shell script can do the exact same thing.

-walk west- -attack monster- -loot monster corpse- -heal- -repeat-

Computers have the power to automate menial, repetitive tasks, yet these people seek these tasks out! All for the sake of having a bigger number next to their pseudonym in a giant chat room.

So what is a "real" MMORPG, as you mention? What makes Everquest better than Rag Online, or an old MUD? They're all fundamentally the same.

Of course, I'm somewhat biased against MMORPG players. ;^) Read my journal.

Automation

[August_zero]

Really the same things could be said for most all activities. What do you do in your daily life that isn't a repetative menial task that could probably be done better by a machine?

Some people enjoy these types of games (I am not one of them) for any number of reasons, whatever.

Delay of Game

[Schezar]

What do you do in your daily life that isn't a repetative menial task that could probably be done better by a machine?

Aside from masturbation, almost nothing. A machine does the dishes, a machine washes my clothes. A machine takes me to and from work.

I:

1. Read. Unless you read the same book over and over again, it's not menial.

2. Mountain bike. Different terrain every time, very difficult, couldn't be automated.

3. Carpentry. Machines do all the menial stuff. I do the unique and interesting work.

4. Dancing. If you write a bash script that can dance for me, more power to you.

5. Roller-hockey. See the above

6. Tennis. (And all other sports for that matter) Again, see above

The leveling aspect of MMORPGs is the very definition of menial. Most players even admit that they don't enjoy it. They just want the levels to be able to do the other, "fun" things in the game. They "work" at leveling in order to be able to "play" with the levels they get.

It would make sense to remove the whole leveling part that no one likes, so people can get to the fun part of the game. But wait! The "fun part" isn't infinite! Players would quickly do everything of interest to them and then quit. The leveling serves only to delay the inevitable "finishing" of the game. It dangles the carrot of fun things to do -later-, forcing the players to pay for the game longer.

Re:Delay of Game

[August_zero]

Lets break it down:

Reading: menial, sure the images of the story and such in your head and the imagination you pair up with the literature is nice, but the task it self is a basic mechanical eye motion followed by information that is for the most part automatic and requires no special effort from you the reader. You read automaticially, there are countless experiments that have been conducted on this area of cognition, the old red colored "blue" word type stuff.

Mountain Bike: In the same way, lifting up boxes and moving them across the room can be called an exciting unique experience for each box with it's unique contents. A wheel can roll down a hill. In the other direction it's all about increasing potential energy, a helicopter does it faster and easier than you do.

Carpentry: Most anything you make could be manufactured, and you are just cutting wood when you really get all down to it.

Dancing: A pole with a couple of flail like arms could pass for dancing in most night clubs, erotic dancing would take some scripting though.

Roller hockey: Chase ball, hit ball. hit other guy, drink beer.

Tennis: With the right technology, sure. have to be able to track the ball and move to an optimum position to hit it. A simple AI program could do it, but the robotics needed to build the player are more difficult.

You do those things for because you like some aspect of either the process (mountain biking), or the final reward (carpentry), or for the social interaction that may come with it (dancing)

People play MMORPG for one of three reasons: Social, Gaming, or Conditioning.

People that play for social reasons will play indefinately because the interaction is what keeps them entertaining, and while it is easy to bash chat rooms the simple fact is that the public loves them, and social gamers love talking to other people even if half of them are mutants living in their parents basements.

The "gamer" types, of which I am, get bored very quickly, you are correct. I want to paly a game and when it takes me 50 hours of beating up rats to be strong enough to slay some stupid dragon so that I have a .01% of getting a quest item that I need 20 of to build a +1 sword. Needless to say I am yet to find a MMORPG that holds my attention for more than about a week. Thus, i don't play them.

Conditioning is for the people that like the little rewards "oooo! I found a Blue helmet!" These people are just easily entertained, they are unique from the other two groups because they don't interact much with other players (they play solo) and they are unbothered by the lack of content, they just take pleasure in the accumulation of vast piles of imaginary wealth and power. These are the types that will cheat at any game if given the chance since they only strive for "material" gain.

Now please explain why your past times, are conducted for any better reason?

Re:Delay of Game

[Schezar]

Now please explain why your past times, are conducted for any better reason?

Aside from reading, the rest of those activities either make my body stronger/faster/not fat, or they leave me with a physical, tangible object in the real world. Physical benefit. ^_^

I suppose my whole point was really just that the whole levelling thing in MMORPGs exists solely to keep people around paying their monies longer.

I played an MMORPG once. The Realm, by sierra. It was a long time ago, but I had fun. I had fun because I never leveled: I wrote a macro that did it for me while I was at school. None of the tedium, all of the fun. Problem was, I did everything there was to do in short order, and then I had no reason to keep playing the game.

These games are supposed to be "Massively Multiplayer," but require no actual interaction with others aside from that necessary to group-level. (Leveling again!) Want to simulate an MMORPG? Play nethack with an IRC window open.

And yes, I am somewhat biased against MMORPGers ;^) My slash journal has a tidbit about an old "friend" of mine who was addicted to Asheron's Call.

Re:Delay of Game

[August_zero]

Nethack? Please, that game is far more interesting and faster paced then all available MMORPGs combined. I have played Nethack and Hack for the better part of the last 20 years. (not Rogue though, thats going back a bit too far for me) and in that length of time, I still find new things everytime I play it. Thats a game!

I used to play Ultima Online, way back when it launched, and the only reason I played it for as long as I did, was because while the ingame content was a joke (only 8 dungeons, no quests, only like 4 types of armor and maybe a dozen weapons) It was full PvP, and the best part was, that when you killed people, you could actually dismember their corpse and keep body parts. We had entire sacks full of heads. I quit playing the game when a glitch resulted in our ship sinking and all 300 or so of our heads were lost.