General

[quote=rbbbehal]Yes I just checked a hacking website yesteray. There was a thread named "Get Anyone's ID via MTS" But it has been deleted as of a few hours ago[/quote]

Haha, a lot of people BS things like that. and this isn't public.

D: Oh my gosh. I use MTS.

I was placed on the list and i just used mts as storage, nothing sold. However, via transactions there is a possibility to do more but i would find it a slim chance if true. I have actually known people who blame them being hacked on this. However, from what i gather, they weren't even on the list...

[quote=crapisgood]Nothing worth hacking me for, lmao.[/quote]

telling by the looks of ur bow master looks, i think ur worth hacking .

lol im not one , but im just saying wut you wrote attracts hackers.

I hate to sound like a bleep but all the "hackers" have is your ID/ign there is no such thing as a PW cracker and pic cracker, the only way you could of gotten hacked is if you gave your PW/PIC out or your PW/PIC is something like "1234" *there is a thing that makes it so you can skip your pic, but only the best of the pro hackers have em*. That's why you should have a strong password.

[quote=Tatterdragon]And at least one that probably won't [i]ever[/i] be hacked because she...
... is apparently in a very small minority.[/quote]

Lol.. when the last hacker burns out it'll be like the zombie apocalypse after the fall of modern civilization and the few remaining survivors come out of hiding.
We'll only need one channel on one server then..!

[quote=Glowy]:{ You're a Henry![/quote]

and Andy is poor :]

[quote=zilox24]You're poor[/quote]

:{ You're a Henry!

[quote=giblets]lol im glad i have a long password that involved caps, #s, letters, symbols and a pin that is randomized and long as well haha. GL HACKING ME IM NOT EVEN THAT RIIICH![/quote]

You're poor

@Tatterdragon Agreed with everything... my recommendation that Nexon implement a password strength tester is just an attempt at preventing the weakest (and sadly probably most common) passwords used for the game. You could of course paste in a far more secure password if you were aware of the added security benefits.

The big problem is getting anyone likely to be playing this game to bother to use better security. Right now of course there's a general panic about it, but a week from now it'll probably be back to using "123456" as a PIC, and "maplestory" as the password. At least a strength tester would force better "password hygiene" at a minimum.
(Interesting random thought tho.. Nexon could pick up an "off the shelf" password strength tester, but a PIC strength tester..? Hmm.. )

I briefly considered recommending using the 63 and 64 bit password generators at https://www.grc.com/passwords.htm but I'm afraid that would fall on deaf ears in this game. I doubt very many people in business or even the computing science field use anything even approaching that level of security.. .

Are you saying your account is under attack right now..? I wish Nexon would support an effective Game Master program. When something like this happens to a player they should be able to call on a Game Master for immediate help, not be told to log a ticket and wait months for an autoreply.

The Game Masters in Maplestory are hard-working people, they're just not supported at all by the company.

[quote=Snovvy]BobR: There won't be a rollback, true, but 19,000 is not a "tiny amount." 19,000 is quite literally "tons."

Rollback won't happen but the situation doesn't need to be downplayed. From what I've seen, roughly 30% of the people who log in on a normal basis are affected.[/quote]I'm not downplaying the situation, it's just a practical thing- they won't roll back the whole game for that small a percentage of total players.

Like I said before, if they could/would rollback individual players, then that would be a great solution to this and many other exploit situations, but as a general solution for that small a number of players it would adversely affect far too many other non-involved people for it to be a useful resolution.

Besides, we don't know how many of the people on the list have been hacked. It's not a list of people who have BEEN hacked, it's a list of people who MIGHT potentially be hacked. If most of the people on that list see themselves listed and are smart, they'll make sure their passwords and PICs are strong enough to withstand attacks and the total number of people actually affected by this whole thing might be kept quite low. We don't know anything for sure.

[quote=Snovvy]There are approximately 19,208 accounts on that list. That's a decent amount of players.[/quote]
But not all those players haven been, or will be hacked.

Also, even 19,000 players is a tiny fraction of the number of players that would be impacted by a general rollback.

If Nexon could/would do individual rollbacks so that hacked players could be restored, that would be great. But I don't expect a general rollback for this.

[quote=pantburken]it doesn't change the fact that personal ID's should have never been embedded in those pack3ts included in MTS listings.[/quote]
Absolutely agree with you there. That's extremely sloppy and lazy programming, and there's no excuse for it.

[quote=xDaSalesManx]whats the 411 on a roll back anyone know?[/quote]
There's little chance there will be a rollback. The problem hasn't affected a large enough number of players for that.

Also, until Nexon makes everyone change their passwords there's nothing to stop a hacker from just hacking you again after a rollback unless you change your password.
Which everyone should do- NOW.

[quote=BobR]You keep ignoring the fact that you're doing a DISSERVICE to players by dismissing the issue. Your rhetoric gives the impression you believe nothing is happening even when you grudgingly admit Nexon's gaffe in sloppily programming players IDs into the wrong place.

Many messages in this and other threads thanking you for reinforcing their delusion that nothing is happening, it's all hype and they're perfectly safe are evidence that you're not helping.

Instead of constantly haranguing about how it's all a lie, why not just concentrate on calmly HELPING players improve their security..?[/quote]

Which is what I've been doing all along by pointing out that as long as you have a strong password, there is absolutely nothing to be worried about. No critical information was released. I even started a thread about how adding characters makes a password all but uncrackable. As the rhetoric heated up about just how dire the situation was, I ratcheted up my "calm the heck down people" rhetoric, pointing out that there was 0 (and still is 0) evidence that the necessary login info was released. And it turns out I was right- no one was hacked through MTS. Only IDs were released, which is harmless to the overwhelming majority of players who have non-guessable passwords.

ID's aren't secure or secret in most systems we use in life. Email, operating systems, etc... It's PASSWORDS that matter.

Most people seem to be coming along to the realization that what they need is less panic and more password security, and that's what's important.

Do we act shocked and blame yahoo when we realize that "bobsmith at yahoo.com"'s login ID is bobsmith? Or what about Bill Gate's email being bill at microsoft.com. No, we don't panic, because it's not an issue. Same thing here- for the overwhelming majority of people, it's not an issue.

So honestly- if you think this truly is a hacking epidemic that puts MTS users at risk, you may as well say that anyone using gmail, yahoo, or hotmail is at risk, since all IDs are public. Any Unix or Linux system with a "root" account is at risk, since we know root's ID.

There was no magic hack through MTS. People with weak passwords likely had accounts compromised- but that's the ever-present symptom of weak passwords in every system. I certainly hope that anyone with a password of "11111" who was counting on their ID being the secret key is reimbursed, since the IDs were never public before. But the fact is the mass hysteria that was induced by these threads was simply out of proportion to the actual threat, which was incredibly minor.

I'm simply fighting against all the alarmist rhetoric (which has, fortunately, died down) with cold hard facts. With luck it's hopefully caused people to realize that as long as they have a decent password, there's 0 cause for alarm from this little MTS hack.

If some would prefer panic, then by all means spend your time worrying about the safety of your account. I for one would rather just continue having a good password and realize that this is a non-event.

If they ever leak passwords, ok then, now we're talking something of significance. But in that case we'd all be hosed, so there's no point in worrying about it.

[quote=supererer]Someone whispered to me my username and he had whispers disabled so I couldn't whisper back.
Should I be worried or concerned? I've already changed my password.[/quote]
As long as your password is "strong" (not easily guessable and not containing any common words), you should be ok.
It should have UPPERcase, lowercase letters, numbers and $ymbols in it to make it really hard to guess.
That way even if they have your username, you should still be safe.

[quote=iLikeMahClaw]Same as @OnyxApple For Me.[/quote]

and me

Someone whispered to me my username and he had whispers disabled so I couldn't whisper back.
Should I be worried or concerned? I've already changed my password.

[quote=myrdrex]Until that point this remains a completely over-hyped issue.[/quote]
You keep ignoring the fact that you're doing a DISSERVICE to players by dismissing the issue. Your rhetoric gives the impression you believe nothing is happening even when you grudgingly admit Nexon's gaffe in sloppily programming players IDs into the wrong place.

Many messages in this and other threads thanking you for reinforcing their delusion that nothing is happening, it's all hype and they're perfectly safe are evidence that you're not helping.

Instead of constantly haranguing about how it's all a lie, why not just concentrate on calmly HELPING players improve their security..?

Here is a question..now for all them ppl that lost alot and its known that its becuse of the mts and not there falt what so ever. Don't you think that its right for nexon to reimburse them? They didnt brake the ToS in enny way. Knowing nexon they will pull the so sorry for your lose bit -.-

@myrdrex: Hey buddy, i'm bob smith and i don't appreciate u giving out my email address......

OT: Yah, it's being blown way out of line. just keep ur passwords strong and ur pics long and u will be safe.

[quote=OnyxApple]Yeah. I was on "the list", but I don't feel like anything is going to happen because my pass and pic are solid.[/quote]
@giblets
And that's precisely why this is hyperbolic nonsense blown WAAAAAAY out of proportion.

Yes, IDs were leaked. But that's not remotely close to an account hack being release. With a remotely decent password people have absolutely nothing to be worried about.

This is the exact same thing as someone knowing your yahoo or gmail email address! Just because they know you are "bob smith at yahoo.com" doesn't mean they can access your account. It's the password that lends access.

If any evidence surfaces that passwords and pics are both leaked, ok, THEN we have a legitimate concern.

Until that point this remains a completely over-hyped issue. As of now no critical account information was leaked. No hacker has access to any account that has a password that can't literally be guessed or above a handful of characters long.

Fortunately, it seems more and more people are finally starting to realize this. It's slowly changing from a "OMG the world is ending! topic to a "oh well, they don't have the info they need anyways" topic, which is where it belongs.

lol im glad i have a long password that involved caps, #s, letters, symbols and a pin that is randomized and long as well haha. GL HACKING ME IM NOT EVEN THAT RIIICH!

[quote=FullCircle]To the people who are saying its fake:

Stop being children and check the websites for yourself instead if posting on a thread that's intention is to only alert people. The hack is very real with many points of evidence backing it up. You are not helping. You are not cool. Please go away if you don't have anything constructive to say.[/quote]

you say this so nicely and calmly. yay for you! and grr at that list, now people can find me on my mules. :c

This is just weird...I never shared my info, and any kind of maple related non-official Nexon websites I have never been to. My password has nothing to do with my username or any of my IGNs...so how the hell was I ever hacked? Still don't get why they only took an evo ring 1 when I had a whole lot of other stuff.

[quote=AntiPure]This is seriously beginning to get out of hand. I wonder what the fix will be.[/quote]
A fix would be to change the coding so it doesn't send the other player your Login ID during an MTS transaction.

For the people already compromised, Nexon needs to do another mandatory password change so EVERYONE will have to change their passwords.
They also need to add a password "strength test" when you enter your new password and REJECT any stupidly simple ones like "123456" and force you to use stonger passwords. Many sites already do that, and while some kids might think it's a pain, it'll be far less painful than getting hacked.

[quote=timesealer62]guys, just use this site to see how strong your passwords are. If it takes less than a week to hack, then you should change it IMMEDIATELY.

lul it would take 83 million years for someone to hack my passwords. [/quote]

WOAH! It would take 16 Billioon years for some-one to hack my password! O.o

[quote=AntiPure]This is seriously beginning to get out of hand. I wonder what the fix will be.[/quote]

2x drop & exp, anyone?

[quote=SasukeIIV]So why haven't I seen the top MTS merchants get hacked?[/quote]
Maybe they're the hackers ;O

[quote=xDaSalesManx]dam guess its afkn inside the cash shop for me lol im already aware of my id being on the list
for a friend told me so anyways wouldn't this be the best answer to the problem
1. Roll Back
2. For Nexon to allow us to change our id's[/quote]

Changing ID's will screw everything up even more, it will probably make all of nexon's system go crazy :S

There's a list on nexon forums of all the people who've used MTS over the past few days.

[quote=oVee]LOL nexons soulution to everything...
ROLL BACK![/quote]In this case a rollback wouldn't accomplish anything. If you still had the same "123456" password, the hackers would just hack you again and steal all your stuff for the second time.
The only way people are going to be safe from this thing is to change their passwords to something VERY "strong", and not a simple easy to guess word or numbers.

LOL nexons soulution to everything...
ROLL BACK!

@Jeneko: No strong pass

@BobR:
Email's been hacked

[quote=Nohatin]You seem like trolling to me, didnt you see she gave the link of what hime said?, isnt that enough?, dont belive no one cares its just YOU thats gonna get hacked from this.[/quote]No one actually reads any more, they just skip to adding their own comment and ignore everything else. That's one thing that makes guides and stickies almost pointless a lot of times.

Shouldn't this be sticky-ed to the front page?
Best that [b]everyone[/b] should know about this.

[quote=clerichealer]I am actually surprised how this could actually happen.[/quote]
Nexon has some of the sloppiest programming I've ever seen in a commercial product.
There's no reason for a player's User ID to be sent to the buyer as part of the info during an MTS purchase.
The servers need to talk back and forth to transfer the NX to the seller's account, but the ID should NOT be sent to the other player involved.
It's just sloppy, lazy programming.

Oooh dam that's interesting o_o

A hacker got my account name. I changed my info and took everything off mts. Am I safe?

[quote=BobR]Change your password to something that's safe, change your PIC to something that's safe.[/quote]

Yup, and if it's already a strong password and PIC, there's no need to do anything at all. This is very much a non-issue for anyone that has a halfway decent password/PIC.

[quote=gorffrog]Well i guess it's too late for me. [/quote]
Change your password to something that's safe, change your PIC to something that's safe.

Well i guess it's too late for me.

[quote=waver144]Wait, did hime admit there is an exploit then continue to say MTS is safe to use? o.o o.o[/quote]
Hime acknowledged that Nexon is aware there's an exploit being used and is working on it.
Also said it's safe AS LONG AS you have an updated password and secure PIC.

Read the actual post here: http://forum.nexon.net/MapleStory/forums/thread/8165829.aspx

its kinda obv. seeing how some Rtard publically released the hack T_T

[quote=NYJetsFan117]is it in the fm or basilmarket?[/quote]

The MTS.

im very skeptical about this

[quote=strongchakra]way to roam in a hacking forum then spreading the news to a legit forum. i guess there's more hackers than legits on this forum..disappointed.[/quote]

So you want people to be less aware? Derp.
I don't why you're disappointed anyways, why do you care what people do.

[quote=strongchakra]way to roam in a hacking forum then spreading the news to a legit forum. i guess there's more hackers than legits on this forum..disappointed.[/quote]

It doesn't onlike work like that. Many Basilers visit hacking forums so they know what they can expect. "Know thy enemy", that kind of stuff. And as a moderator of this place we constantly have to clean up links to hacking forums. To check the link we have to click and access it, so yeah...

@Steven735: "OFFICIAL" means nothing more than "You can only discuss this subject in this thread." Trust me, us moderators get more attention than we want and considering Ciel doesn't get credit for what she's saying here, it isn't even the type of attention people are normally craving for.

@Mydrex: Again this thread is to focus the discussion in one point, because one thread creates less panic than many small threads. That the people who wrote both threads were moderators does not add extra authority to the claims made in them and if we were forced to say something you don't want to hear I'm afraid I'll have to say that's not our problem. :S

way to roam in a hacking forum then spreading the news to a legit forum. i guess there's more hackers than legits on this forum..disappointed.

Remember, just because a method of finding someones password is not released to the public, doesn't mean that there's no possibility of it being found by someone. I know it sounds crazy, but it is very possible.

[quote=Andre3006]@myrdrex:

I actually fully disagree with you on the fact that hackers knowing a Mapler's UID is harmless. It's unchangeable, therefore once they have it it's only a matter of time and patience before they hack someone.

All it takes is one more exploit and more accounts will be hacked.

Other than that this isn't a big threat. If someone befriends you and recommends you go visit x-site or download x-program just don't do it.

Let me tell you that I admit to hacking people's accounts. How? Because I got their IDs and eventually got their passwords, plus I had a PIN bypass when the PIN system was vulnerable. Even so, this was a while ago and I have quit hacking and have been hacked lolz.[/quote]

But that's precisely my point- the ID isn't enough, you need the password, just like every other computer system out there.

It's all about the strength of your password. And, to top it off, they also have PICs, which makes it even that much more improbable to brute-force your way into an account.

Yes, if they have a stupid password then the ID is all you need. But that's like every other game and computer system out there. (Like I said, here's the ID to their Linux database server: root. Now go log in with only that, or go brute force it).

IDs in many games are public for a reason- they aren't the security, the password and PIC is. Sure it's great to have that 3rd layer of security, but as long as you have a good password and PIC, it in no way makes it any more realistically possible for someone to gain access to your account.

Have a good password, have a good PIC, and the time it would take to brute force into the account is longer than MS will be around for. @WiizDynasty When you say "it's only a matter of time", don't forget you're talking YEARS here with a _good_ password (12+characters for each password and PIC), that would need to be dedicated to your specific account! I don't think you have too much to worry about as long as you take the time to have a decent password.

This ID issue would only be a theoretical threat for those foolish enough to have counted on having a secret ID and a password of "password" and PIC of "1234". They would indeed be hurt here, otherwise this is a non-issue.