Following a recent attack on the Runes of
Magic database, Frogster has issued an official response that states it
has introduced comprehensive protection measures and filed criminal
charges against the hacker.
According to Kotaku,
user augustus87 claims to have access to the account names and
passwords of 3.5 million Runes of Magic players. He is threatening to
release the information gradually until his demands are met, which
include changes to forum policy and better online security. He has
already publicly posted the login details of around 2,000 players, but
Frogster quickly deleted the post and stated that the data was outdated information from 2007.
Regardless, Frogster temporarily blocked
the compromised accounts and is asking all players to change their
passwords. More details can be found in the official response after the
jump.
Official Response to Hacker Attack on Frogster
Comprehensive protection measures introduced and criminal charge filed
Berlin, 18.01.2011: An anonymous hacker published
two posts on the player forum of Runes of Magic, one early on the 13th
of January, and the other during the course of the 14 of January 2011,
in which he threatens to publish customer data and internal company
information. To reinforce his claims for changes to forum policy and
some of the technical aspects of the game’s operation, he publicly
posted the login details of around 2,000 players. To protect the
affected players, the posts in question were immediately removed and
secured as evidence by Frogster. This attack constitutes a serious
criminal offence and Frogster immediately informed the German State
Office of Criminal Investigation.
The data released consisted of logins registered
in 2007. Frogster immediately blocked the compromised accounts on a
temporary basis (account management, forum, and game access) and has
personally informed the affected players about how they can reinstate
their accounts and the reason for the suspension. As a precaution,
Frogster calls for all players to change their game-, forum-, and
payment system passwords.
Once the hack had been discovered, Frogster
immediately assembled a task force and is currently using everything at
its disposal to investigate this situation. Right after the
publication of the attack, Frogster systematically inspected all of its
systems for weak spots and backdoors and implemented new firewalls,
new user privileges and passwords, as well as introducing further
security measures.
Frogster takes protecting its players from these
types of risks and threats very seriously and uses all means to contain
and prevent them. At the same time, the publisher is pushing on with
its continual process of expanding and optimising its technical
infrastructure.
Regarding the claims of the attacker, Frogster
emphasises that its team is always open to constructive criticism and
suggestions for improvement. However, the company considers blackmail
attempts, which put the privacy and security of players in danger to be
wholly unacceptable and will not concede to them. Frogster’s approach
to forum policy is very much in line with the industry and follows the
forum rules which are publicly available to all users: https://forum.runesofmagic.com/announcement.php?f=64&a=82.
Frogster does only intervene in cases of severe breaches of these
regulations. Certain technical aspects of the game operations are
subject to legal requirements, and there are other aspects over which
the Berlin-based games publisher has no direct control.
Players unaffected by the attack can continue to
log into and play Frogster’s online games as normal. On Friday,
Frogster provided its player community with the following statement: https://forum.runesofmagic.com/showpost.php?p=2838322&postcount=1.
Frogster’s community management and customer
support teams are available to answer any questions their players may
have. A forum thread has also been set up to act as the central point
of information for general security queries which can be found here: https://forum.runesofmagic.com/showthread.php?p=2850025#poststop.
In the interests of data privacy, Frogster asks
representatives of the media strictly not to publish any of the player
data released by the hacker, or publish any pictures which make this
content visible, nor to embed the hacker’s videos into articles, nor
provide links to these videos.