Major Rift Account Security Exploit Found, Fixed

[argh44z]

Looks like there was a major hole in how Rift authentication worked, which was exploited by many gold sellers, and as a result MANY people got hacked. It basically allowed people to login as any other account w/o knowing password or email details. A guy on the rift forums independently found what the exploit was:
Account Security Discussion

(it looks like it was some kind of man in the middle attack)

Looks the hole was fixed with the emergency client/server update tonight:
Account Security Discussion
Account Security Discussion

[cdmichaelb]

They needed email address to log in basically?

[argh44z]

Nope - they didn't need your email OR password. In Rift's authentication method, internally there is a accountID associated with each account (look at C:\Users\<username>\AppData\Local\Temp\tkt*.tmp) that look like random numbers between 1 and a few million. The hackers went through random IDs until they found one that worked, performed the exploit, and were able to be authenticated and clean out the users.

Good that they fixed it so quickly, it would have probably cost them a lot more accounts if it hadn't been discovered and fixed quickly.

[Deviltry1]

DDDDDDDDDDDD

And you expect this company to make a worthwile MMO? ) SERIOUSLY!

[akiyar]

DDDDDDDDDDDD

And you expect this company to make a worthwile MMO? ) SERIOUSLY!

They contacted the guy who found it within an hour and a patch was released that same day to plug the hole AND fix some other issues that can arise if you get hacked. That is pretty damn good if you ask me. It was pretty stupid but it happens and at least they don't try to cover it up and wait to do something about it.

[argh44z]

DDDDDDDDDDDD

And you expect this company to make a worthwile MMO? ) SERIOUSLY!

They've already made a pretty good one.

Major banks and even governmental institutions have had breaches like this in the past. Adobe and Microsoft are continually plugging holes in Flash and Windows. Security is tough, and the fact that they fixed this within hours is pretty impressive.

Hell, the standard of the authenticator industry, RSA SecurID authenticators got recently breached a few days ago:
http://en.wikipedia.org/wiki/SecurID...tem_Compromise

[Narugold]

DDDDDDDDDDDD

And you expect this company to make a worthwile MMO? ) SERIOUSLY!

Remember the whiptail respawn bug?
Whiptails are still in the 30-70g on my server.
Economy = Wrecked.

Nice to see that Blizzard is such a better company

[Deviltry1]

Remember the whiptail respawn bug?
Whiptails are still in the 30-70g on my server.
Economy = Wrecked.

Nice to see that Blizzard is such a better company

At least they have real raids, real PvP content, real quests, real class designs.

Valor in PvP doesn't work, Armor in PvP doesn't work (at least for warriors, which are the main physical damage source in warfronts at 50), grey weapon or epic weapon - scaling doesn't work, strength basicly useless for warriors - intended plate wearing and str stacking doesn't work.

But what do we have? Crappy BG design where you go 10+ vs 10+ most of the time - no skill, just a zergfest, as you cannot track that much cooldowns, you just go in blindly and hope for the ebst - check.
Great talent system, where you AGAIN go blindly, take EVERY GOD DAMN TALENT IN THE TREE and KICK ASS - check.
and so on

[cdmichaelb]

Are you seriously crying about warrior? The most powerful class when it comes to pvp or pve?

Obviously you don't know the game rift at all, probably played it to level 7 with a retarded spec and soul combination and decided it sucked and logged off.

[argh44z]

At least they have real raids, real PvP content, real quests, real class designs.

I disagree with you that Rift doesn't have all those things. However, I played WoW since beta (it started losing its luster for me in early wotlk and I've been cancelling/resubbing on and off since). Rift at the moment is far far far better than WoW was at this point in it's history. It's a new game, and a promising one at that.

[Esset]

Crappy BG design where you go 10+ vs 10+ most of the time - no skill, just a zergfest

^ This, can't stop laughing! Tell me one BG in WoW that ain't a zergfest, I beg you!

[cl3ver]

Rift Launch > WoW launch

Go back to the WoW forums Deviltry.

[sol82]

Rift is better than WoW, Deviltry. Get over it. Besides, every single thing you said was completely wrong.

Wait...you're from Lotham, aren't you...

[zubzero]

These are 2 different games some people like rift some still like wow.. thats it.

You dont have to fight for "ur" game.. its stupid.

[StupidDog]

Pay no attention guys, he's just pissed because there are only 4 people left in wow for him to play with.