Why account security is everyone’s business.


A terrible problem has always plagued the online business world, that problem is theft. Sadly where there is either money exchanged or hard work being done there will be groups who strive to profit illicitly from it.

There is big business to try and steal payment credentials, user information and even virtual goods, all of that business is illegal but that just makes it more profitable.

For WarpPortal as operators of MMOs we are of course targets for theft as well. If we stored payment info, which we do NOT store or have, we would be constantly tested by those illicit groups. But we do have game account information, and to some people those are worth money too. Any account or item that can be stolen is that much less that they have to earn themselves in-game. And by they I mean gold selling rings. Through the years it began as rooms full of low paid workers controlling multiple machines/clients to try and maximize item and gold production, which would then be sold off to players that wanted to skip the game play and skip to the “reward” phase. Of course virtually every MMO had policies and rules against this and it became a war of attrition for the gold sellers to earn and sell before the GM teams caught and banned. Those were the happy days of MMOs. That industry still exists but has taken on more sinister tactics in recent years.

Around five or six years ago we started to see more and more stolen credit cards being used to make subscriptions and occasionally buying item mall items. This is a huge problem because not only does it hurt the person they stole the cards numbers from, but it dilutes the game economy, loses us the revenue from those sales and often comes with penalty fees for accepting such payments. We had to adjust our fraud prevention measures to compensate for this. Unfortunately such measures cost time and resources and usually slow down the players from conveniently making payments (24 hour wait on 1st payments is one of these measures). We at WarpPortal have managed pretty well but industry wide it is a growing problem, as credit cards get maxed out buying subscriptions for dozens of games, purchasing online goods and services like iTunes, or gift cards. The Credit card industry is playing catch up with the web to try and better verify safe vs unsafe transactions, but it will never go away as long as there are profits to be made.

The final face of this evolving problem is that of account/item theft. The black market industry of RMT (Real Money Transaction) which began as sellling gold or accounts that the Gold Farmers produced has merged with the botting / Trojan virus creating world. Those Gold sellling sites do pay big money for the freshest new lists of hacked emails/game accounts/Credit cards. They acquire them through any means they can, of which below are the common ones.

  • Trojan viruses: distributed keyloggers via website banners, programs, spam mail etc
  • Social Engineering: Offers to give you gold if you put your account info in this “official form” instead uses that info to add to their list of targets.
  • Power Leveling Service: You give your account info and a payment they will level your character for you, and conveniently keep the info.
  • Brute Force attacks: If they find out an email or account name they try, sometimes for months, to crack the password via repeated guesses.
  • Bot / Utility Program : Downloading suspicious programs that perform a function, in addition it keylogs the accounts.
  • Direct DB hackings : This could be hacking the actual game provider, or a fansite forum, relying that people tend to use same email/pw even account name across several services.

What this means is that the security of accounts relies on many things to remain safe. Strong Passwords, which are not duplicated in other services like email, forums other games; not using suspicious programs or giving the account information over to “forms” that aren’t actually on the actual provider site; and not logging in to your accounts in locations that you personally have not secured. Of course if you share your information with friends or family you also have to be concerned if they have also followed all those steps too, if they get violated by a keylogger or tell other people, your account then becomes at risk too.

All of this may sound very doomsdayish, but it just requires a bit of vigilance to keep yourself as safe as possible.

  1. Strong passwords, only used for our service, use different strong passwords for other services. Else if one location is compromised your whole nest of accounts are compromised too.
  2. Don’t use suspect programs, or visit shady websites. Certainly have all your virus and firewall shields up at all times. A good firewall will alert you that a program is trying to talk to the internet, that is an indicator of something is amiss.
  3. Don’t share account info, because when you do you have to be worried about every sharers PC security as well.

Ragnarok is certainly a target, there is money to be made by stealing your stuff, don’t let them do it. We at the WarpPortal will do everything we can on our end to protect you, but you have to practice a bit of safety-fu too!

Please change all your Ragnarok Account passwords by May 1st. Anyone that changes the Ragnarok Passwords between February 1st and May 1st will receive a free Battle Manual and Bubble Gum on May 2nd via the Code the Redeemer NPC in Eden Group 2nd floor, per account. Those that don’t will have their password changed as part of our every 90 day password update program on May 1st.

Please change all your Ragnarok Account passwords by May 1st. Anyone that changes the Ragnarok Passwords between February 1st and May 1st will receive a free Battle Manual and Bubble Gum on May 2nd via the Code the Redeemer NPC in Eden Group 2nd floor, per account. Those that don’t will have their password changed on May 1st.

Thank you,
Jason “Heimdallr”
Ragnarok Online Producer

 

4 thoughts on “Why account security is everyone’s business.

  1. The email address that used for registration was not activated as a wp account, so obviously I’m not able to follow the suggested ways to change password. Is there any solutions for such situation?

  2. how if by chance we cant change it(the pass), like cant display webpage or sumthing???

  3. One thing I’d prefer to say is always that before purchasing more laptop memory, look into the machine into which it could well be installed. If your machine can be running Windows XP, for instance, the actual memory ceiling is 3.25GB. The installation of above this would just constitute some sort of waste. Make certain that one’s mother board can handle an upgrade quantity, as well. Great blog post.