Runes of Magic lead community manager Mike
“Silberfuchs” Kiefer today posted an announcement on the RoM forums
basically admitting that they had a security leak in the past, resulting
in at least one hacker stealing a bunch of login usernames and
passwords. The weird thing is that the hacker is now "demanding that
forum communication practices and technical aspects of Runes of Magic
operation be changed" or else he will release the login data he has.
What's even more bizarre is that some of the forum posters seem to think that the hacker's actions are justified.

Below is the full text of the CM's announcement:

Hacker Attack

Community Statement


13/01/2011

Dear Players,
As many of you are already aware, we have all fallen victim to a virtual attack.

An anonymous attacker has threatened to release log-in data unless his
terms are met. He is demanding that forum communication practices and
technical aspects of Runes of Magic operation be changed. To support his
claim, the attacker has already posted the log-in details of approx.
2,100 accounts to the forum. To protect the affected players, the posts
in question were naturally removed immediately and secured as evidence.
The attack constitutes a serious criminal offence, and we immediately
informed the German State Office of Criminal Investigation and pressed
charges.

It is important to note that the data released was outdated log-in data
from 2007, long before our comprehensive password reset initiative.
Nevertheless, we immediately blocked the relevant accounts (account
management, forum, and game access) of the affected players for their
protection. Accounts changed by you after the password reset have not
been affected thus far.

We promptly assembled a task force and are of course making every effort
to get to the bottom of this incident. We are utilising every means at
our disposal to minimise the damage and to prevent such threats in the
future. We have already implemented additional security measures today.
As soon as all the necessary steps have been taken with regard to
operational and criminal processes, we will inform you of further
developments on this matter.

This incident is very distressing to all of us. It is targeted not only
at Frogster as a company, but also at Runes of Magic as a virtual
biosphere and at you as players. We are always open to constructive
suggestions. However, giving your opinion on blackmail and extortion is
surely not the correct approach.

In conclusion, you may rest assured that all players not affected by the
attack can log in to the game and play without any problems or
hindrance. Should you have any remaining questions on this matter, you
can always count on the Community Management team for advice. Just send
them a PM and they will gladly assist you.

Mike “Silberfuchs” Kiefer, Lead Community Manager: Runes of Magic