If you’re a player of an NCSoft MMO, you might be feeling a bit nervous lately, because recent concerns and hacks on account security have raised some definite red flags with the distributor. Some of the victims were compromised using the traditional methods of unsafe websites and phishing scams, but others have apparently been found to have their characters stripped and exploited without having done anything at all. The supposed core of the problem may lie in a vulnerability somewhere within NCSoft’s authentication system of sites, and the latest security statement by the Game Surveillance Unit’s Scott Jennings (a person whose word I respect in the industry due in part to Broken Toys) is an acknowledgment and a reminder of the dangers of such things.
The playerbase for NCSoft games such as Aion and Guild Wars has been understandably upset over security holes that could end up with months of work undone in only a few short clicks. Stories vary in threads like the “Account Stripped…so what happens now?” thread on Aion fansite Aionsource. Sadly, through no fault of ours, my legion recently suffered a devastating loss of legion warehouse mats and supplies – hundreds and in some cases thousands of items taken from the warehouse and sold by an account with access to the warehouse that had been compromised. We’re still working to get the items back.
During times like this, it’s hard to be positive, but as always I like to find the silver lining in the black-clouded storm. If anything, the whole situation with NCSoft with regards to the integrity of their security is a cautionary tale. It’s a signpost in the road that shows how high of a priority account security should be when it comes to MMOs. With technology advancing at a crazy rate these days, the good that potentially could be done with it is only overshadowed by the potential evils. With the convenience of having a single account tie to multiple items comes the risk of having them all hacked. With the ease of clicking links to get on-demand delivery of content comes the equal ease of mining information from the computer through malicious code on sites. The list goes on, but the point is that in the grand scheme of things, protecting users’ characters, accounts, and most importantly, credit card info is of paramount importance and security holes need to be found, fixed, and dealt with.
It’s also a cautionary tale developers can learn from when it comes to quelling, communicating, or otherwise reassuring the angry mob with pitchforks, too. Community tends to be overlooked or pushed to a lower priority when it comes to developer teams. The community folks I know seem like they are underpaid, overworked, yet passionate about the ideals of a game design supported in part by player feedback. It’s still important, however, to make sure you are communicating properly and frequently in times of widespread problems, something that NCSoft and other developers should be taking very seriously. Scott Jennings’ statement is a good start, and at least an official communique from someone investigating the problem. While it isn’t a solution, it’s at least the beginning of what will hopefully be a speedy fix to NCSoft’s account woes
Subscribe for Optimism!