Saturday, March 19, 2011

Trion Worlds patches security hole in Rift

On Friday a member of the Rift player community with the handle ManWitDaPlan discovered an exploit in the login protocol for Rift which allowed the Rift client to access accounts without authentication. He promptly communicated directly with Trion's technical staff to convey the details about the exploit. An update to the game was released Friday evening which closed the hole.

Shortly after Trion learned of the exploit, James "Elrar" Nichols, Assistant Community Manager, posted this statement:
We have some things in the works right now and have been passing on your feedback, concerns, and thoughts throughout the day (no matter how radical or unlikely).

Sharing sensitive information about our actions (no matter how broad) naturally also informs those carrying out these attacks. This puts us in a tight spot with how much information we can provide, and the questions we can answer.

Apologies we can't be more forthcoming at this time, but we appreciate your understanding - its always our goal to ensure you can play and enjoy the game securely, and unfettered.
Later in the evening ManWitDaPlan posted:
Got word back from Steve Chamberlin, the development lead for Rift. This hole is sealed...the issue I found is no more.
In recent days the official forums had seen a marked increase in the number of complaints of hijacked accounts—players wrote of logging in to find their characters broke, or naked, or missing. Some players wrote of struggling with the hijackers over control of their accounts.

The closing of this security hole and the recent implementation of the Coin Lock feature should sharply reduce the number of hijacked accounts.

The login exploit and resulting hijacked accounts is the first blemish on what had until now been a very smooth and successful launch by Trion.

The response by Trion to the report of the exploit was very quick; just a few hours elapsed on Friday between when Trion first learned the details of the exploit and the restart for the update which closed the hole.

Update:  On Saturday, RIFT Executive Producer Scott Hartsman posted a statement addressing the situation.

No comments:

Post a Comment