Over the past few weeks RIFT Junkies as well as ZAM and a few other website have been getting a lot of flack and accusations about being the source of all the account hacking’s. Again and again we would deny, but people kept coming back. There wasn’t much we could do to fight back the amount of complaints, there was so many people being hacked. We did end up with a mention from Vespera on the official forums stating that it wasn’t us and they trust the RIFT Fansites and I personally posted a bunch of links people could check out to see that we didn’t have any malware present on the site. But that wasn’t enough for most people. Going through all of this some of us here at RIFT Junkies have never been this stressed out before, but, we kept on pushing forward.
Finally, last night on the official forums, a user by the name of ManWitDaPlan (coincidence?) made the nightmares go away. He made a shocking post titled “ATTENTION TRION – I HAVE VERIFIED THE AUTHENTICATION SYSTEM CAN BE BYPASSED, BY SUCCESSFULLY LOGGING INTO ANOTHER ACCOUNT WITHOUT NEEDING ITS CREDENTIALS.” and “This is a huge security hole. Accounts can be accessed without needing any information at all from clients.” (post found here) He was indeed correct. This was the holy grail security hole that Trion has been trying to locate and fix. How else could you possibly explain all of the account hacking’s in such a short duration of time? Just minutes after he made that post Trion had contacted him and then shortly after patched the security hole as well as made changes to the coin lock system.
Now that this fiasco is seemingly over RIFT Junkies would like to personally thank everyone who stood by our side through this whole mess. It has been both stressful and confusing, but we made it through. I hope RIFT continues to prosper for many years to come and that this was only a minor set back.
Interview with Josh York, Trion Systems Designer: 1.7 Itemization and Beyond
Carnival of the Ascended: Reasons to Celebrate
RIFT Lite: Telara on Display
