Hacker Helps Fix Rift Security Exploit
A hacker helped Trion Worlds, developer of the recently released MMOG Rift, fix a security exploit that put thousands of accounts at risk.
Rift has been the subject of numerous cases of account theft since its release at the beginning of this month. ManWitDaPlan, who describes himself as a “white hat”, or ethical hacker, was one of the victims and so set about identifying the exploit.
Once he had done so, he posted on the official Rift forums to say he had found the cause of the problem, inviting someone from developer Trion to get in touch.
“Trion’s response has been spot-on,” he told fansite ZAM. “Steve Chamberlin, the dev lead for Rift, was on the phone with me within five minutes of my sending the technicals of the exploit. A patch was deployed just over two hours [later].
“The response should become a textbook example of how an MMOG company should respond to any discovered bug – contact the person that found it, verify their findings, act to secure the bug. Reported discovery to implemented fixes in two hours? I’ve never seen anyone in IT respond to bug reports that fast.”
Writing on Rift’s official forums, executive producer Scott Hartsman said: “I’m very happy to confirm that we did fix a login vulnerability, with significant assistance from an extremely clever user. No personal information or any such was leaked out, and no outside attacker penetrated our servers, networks, or databases.
“We’d definitely like to thank Mr. ManWitDaPlan for the well-timed assist. Sir, we salute you and offer our most heartfelt thanks.”
However, Hartsman was at pains to point out that Rift was still some way from being completely secure, saying: “It’s important to remember is that while a hole was identified and fixed as rapidly as we possibly could, there are still hackers and botnets trying account/password combinations from compromised web sites and past MMOGs.
“Those attacks have been coming constantly since we launched the game. Our staff has been, and will continue to be, working around the clock to get those impacted back in shape. We’ll continue hiring on even more people to help people with issues of all kinds, as quickly as we can.”