Gameloft still having issues with Order & Chaos security breach, ‘not sure’ if all data is recoverable

Unfortunately we have to follow some good Gameloft news with some bad Gameloft news regarding Order & Chaos MMORPG and the security breach that we have been reporting on since the start of it. The company revealed over on the Order & Chaos forums that it “can’t be sure” if the lose data can be recovered.

Gameloft’s post on the forums was a very informative one as it answers a few questions many players have had since the security breach. Part of the problem was on their shoulder with lack of encryption on the data packets sent to and from the game which contained login information. Part of the problem was the forums were not SSL protected, part of the problem happened to be the Gameloft Live site (currently shut down for right now) and lastly, part of the problem were players using programs and going to sites that happened to be phishing apps and sites.

While Gameloft states that they will be able to, most likely, recover most data lost in the security breach, they can’t be sure that it will recover all of it. In the cases that they can’t recover it for some players, Gold and Runes will be used to compensate for the lost gear and gold. Here is the full Q&A post from a Gameloft Rep over on the forums:

Q: How much does GL know about the hacking (i.e. methods, etc.)
A: Well, so far we do know some of the accounts are hacked due to phishing sites and other similar methods, but other than that we can only trust the customer to report the method used to reach that point.

Q: What steps has GL already taken to prevent the hacking?
A: As we already stated, with Update #4 we will add SSL to encrypt the packets during login.
Next step, maybe we’ll add a Secondary Password, or more encryption methods. At the moment, it’s till under discussion.

Q: What fixes are in the pipeline, and how soon will they actually be in place?
A: As soon as we get U#4 by Apple reviews. That might take a day, that might take a month. (Hopefully closer to the first, than to the latter.)

Q: Are there any plans to change the uncoded packet issue, specifically, that appears to be at the heart of this problem?
A: Yes. So far we’re adding SSL encryption. We’ll see if we’ll add more down the road.

Q: A GL rep made statements to CNET recently about the hacking that many forum members take issue with — to whit, that the problem was only with the GL Live website; that closing the website solved the problem; and that all accounts had been restored. Would GL like to clarify or correct those statements?
A: That’s pretty accurate. Smiley

Q:  Is there an ETA on fixing/restoring the hacked accounts?
A: We can’t be sure we’ll recover all the data. Most of it, yes. But in those cases that we cannot recover everything, gold and runes will be used to compensate the losses. We can’t promise anything in terms of deadlines, we cannot even estimate on how fast it will go, but we’re hoping that by the end of this week, all accounts should be fixed. (Again, underlining hoping, meaning that we’re not sure.)

Q: Are you concerned that this is hurting the long term viability of the game?
A: The hacking issue is a major concern for the Development Team, and a critical issue for O&C, but with the new security mechanism in the new update, we’re looking forward for a smoother experience for our users.

As you can see through some of the answers that Gameloft is planning on adding much tighter security measures to Order & Chaos shortly. Unfortunately some of these should have been in place already like encryption of data being transmitted. What is even more unfortunate is that, if you follow all the threads going on right now, the hacking is still happening and people are still getting their items taken and accounts hijacked. Some people still haven’t had their accounts fully restored or items retrieved from some time ago.

We will keep our eyes on the forums and keep everyone up-to-date as Gameloft works on a solution to the problem.

Developer Website: Order & Chaos Forums

Website Referenced: PocketGamer

Share This

You Might Also Like