informa
2 min read
article

White-Hat Hacker Helps Solve Rift Security Exploit

A player of Trion Worlds' Rift MMO has helped the development team identify and patch a security hole that opened up to 1 percent of user accounts to hijacking and griefing.
A player of Trion Worlds' Rift MMO has helped the development team identify and patch a security hole that opened many user accounts to hijacking and griefing. Reports of compromised accounts started spreading through the Rift community last week, leading developer Trion Worlds to implement a Coin Lock feature to prevent item and money sales when a user logs in from a significantly different location than they had previously. But grief-causing hackers were reportedly still able to gain unauthorized access to accounts and delete characters with impunity. A programmer and Rift player going by the handle ManWitDaPlan was one of these victims, and used the occasion to investigate the security hole that was causing the rash of reported account theft. He eventually identified an account-control exploit and reported his findings to the Rift forums on Friday afternoon. Trion's response was immediate and impressive, ManWitDaPlan said in an interview with MMO community site ZAM. "Steve Chamberlin, the dev lead for Rift, was on the phone with me within five minutes of my sending the technicals on the exploit, and while I was talking to him, the engineering team was likely already editing and recompiling code," he said. "A patch was deployed just over two hours after the exploit was revealed," he continued. "The phrase 'epic win' is cliched from its overuse as a meme, but it nevertheless certainly fits here." Rift executive producer Scott Hartsman offered his "heartfelt thanks" to ManWitDaPlan for his help with the fix, and said that less than 1 percent of accounts had been impacted by the problem. "However, 1 percent of a surprisingly large number is still very noticeable," he acknowledged (the game reached 1 million registered account last month). Hartsman said Trion continues to hire more employees to handle these and other issues with the game, and will soon be rolling out a two-factor authentication scheme that should help foil account hackers.

Latest Jobs

Treyarch

Playa Vista, California
6.20.22
Audio Engineer

Digital Extremes

London, Ontario, Canada
6.20.22
Communications Director

High Moon Studios

Carlsbad, California
6.20.22
Senior Producer

Build a Rocket Boy Games

Edinburgh, Scotland
6.20.22
Lead UI Programmer
More Jobs   

CONNECT WITH US

Register for a
Subscribe to
Follow us

Game Developer Account

Game Developer Newsletter

@gamedevdotcom

Register for a

Game Developer Account

Gain full access to resources (events, white paper, webinars, reports, etc)
Single sign-on to all Informa products

Register
Subscribe to

Game Developer Newsletter

Get daily Game Developer top stories every morning straight into your inbox

Subscribe
Follow us

@gamedevdotcom

Follow us @gamedevdotcom to stay up-to-date with the latest news & insider information about events & more