Sections

Trion responds to RIFT security fears

Monday, 21st March 2011 00:49 GMT By Brenna Hillier

RIFT developer Trion Worlds has been swift to act on recent hacks of user accounts, following assistance from a white hat in exposing serious security flaws.

“Both the login fix and the Coin Lock addition have been doing their part in signficantly reducing overall incidents over the last 18 hours,” Trion’s Scott Hartsman said on the Rift forums.

“Neither one is a silver bullet, but so far it is looking to be a solid one-two punch for the weekend.”

Trion’s continuing efforts including blocking bots and hackers, hiring additional security staff, and developing a two-factor authentication process.

Hartsman also gave a shout-out to ethical hacker ManWitDaPlan, who identified a gaping rift – ha ha – in Trion’s security and brought it to the developer’s attention, who told fansite Zam that Trion’s response was extraordinary.

“The response was insane,” he said. “I wasn’t contacted by some support flunky with no authority to do anything but read from a script, I was on the phone with the development team lead.

“I sent the technical details and got a call back within minutes. Left work to head home, and by the time I got home the server team lead was calling.

“Before I finished eating dinner the exploit was fixed, some extra features were improved, and all of Telara was cursing my name for making them go hunt down an unlock code in their email.”

Furious Fanboys reported a comment from ManWitDaPlan on calls for Trion to reward the hacker.

“For those of you that say ‘give ‘em lifetime accounts’, etc. I don’t want to go into any details aside from saying that this was apparently a pretty big hole and Trion seems very happy with me for some reason. I’ll be around for a while…”

Thanks, Massively.

Latest

3 Comments

  1. OlderGamer

    The coin lock is an amazing little idea. If your account gets logged into with a drasticly different ip, like say from china and your from the UK or USA, the account becomes flagged and instantly locked.

    Meaning that your toon can not be deleted. It can not use the auction house. It can not destroy inventory iteams. It can not use the in game mail. It can not buy, sell or trade to other toons.

    If you find your accoutn coin locked you can use your email and a code to unlock it. I tested it out and it works flawlesly. I hope it holds up long term.

    Right now the only thing a chinese hacker can do to your toon is build it for you lol.

    #1 3 years ago
  2. Phoenixblight

    @1

    Blizzard has this system only it locks in general no getting in the first place.

    #2 3 years ago
  3. Kaufer

    If Hotz acted the way ManWitDaPlan did, he wouldn’t have been sued now.

    #3 3 years ago

Comments are now closed on this article.