IGN:Zebiih Problem: All valuables stolen due to "weak" account security. Details: On tuesday 9.2.2021 after hearing of the breach i logged to my account to notice that my character was moved to El Nath, with keybindings reset and equip and inventory swept clean of all the valuables i had/borrowed. Main items I lost were: 149att Claymore (not mine, borrowed from Trungkien) 17att Bwg 16att Bfc 12att Fs Maybe some apples on top of that and other little stuff but that's irrelevant. I humbly request further investigation on this matter and a possible compensation to get back on my feet rather than having to say goodbye to the awesome community. I like to thank admins for hard work. This breach wont be a simple matter to solve to please every1 on the server, atleast with the current manpower in staff. I dont assume the process to be fast but i'd like even some closure on this matter as soon as it's possible. -Zebi
I'd like to add that 2-step verification via email should be a thing / implemented in Royals atleast when failing to log in one/multiple times on a foreign IP/MAC address. As it was told on the original notice about account security that Royals database wasnt breached, meaning the most the hackers have got are people's username/password/email. Which still leaves PIN/PIC undiscovered. Even with the most simple PINs/PICs i refuse to believe all the accounts that have been "hacked" were found out on first try but forced via programs trying tens/hundreds/thousands different PIN/PIC combinations. Having the 2-step email verification on new connections shouldnt be too hard to implement with the new control panel (i suppose). it would've almost fully prevented this big scale breach and also could be helpful tool for admins to pinpoint hackers via players not allowing connections from foreign IP/MAC. Also i dont find it too big of an inconvinience on players since PIN is always asked if connecting from another IP.
email verification upon foreign login alongside pin. Pin can be easily brute forced since there's only 4 digits so a lockout + email reset should work. But that aside I still refuse to believe there wasn't a breach considering that many people do not play other private servers and had all the securities in place.
Fyi update Did some research on this couple days ago and found out this breach to royals was possible due to recent COMB (compilation of many breaches (https://blog.1password.com/what-comb-means-for-you-and-your-business/ )) on top of what i heard a rumor that there were a invunerability in the mapleroyals web site's control panel being able to brute force pin/pic infinite times without restrictions. So people stay sharp with your infos being unique and a note to staff to upgrade the account safety with the current and evolving times.
As the Admins have restored the accounts that were accessed by the malicious users back to a state before the malicious users logged in on them to restore your mesos and items, please login to your account to check if the items are restored successfully. Edit to include quote by Admins: We have changed your password for your own protection. We wont provide this password to you. In order to play again you need to: - Go to www.royals.ms/controlpanel and choose the 'FORGOT PASSWORD?' feature to reset your password by email (keep in mind the control panel is case sensitive). Do not set your password back to what it was before. - Log in on the control panel with the new password you registered and reset your PIN (email verification is required for this step which is also done in the control panel). - You should now be able to log in on the game client and set up your new PIN to then start playing again! If account was not restored, please post details of the items you have lost so far and I will forward them to the Admins for confirmation
Hey! Happy to hear that! Although havent got any of the missing equips back yet, stated in the first post. (If character rollback will happen i'll level 200 twice on hero )
Can you confirm the last known date of you holding these items? 149att Claymore (borrowed from Trungkien) 17att Bwg 16att Bfc 12att Fs
8.2.2021 in the evening at like 7pm servertime i closed all my clients, that i had open for the prior 4 days straight. (unfortunately decided going to sleep early that night, closed my clients, shut down my pc and shit hit the fan on server..) (edit: wrote wrong date mistakenly.)
Hello, please continue to remain patient as our Admins have had a tremendous workload given recent events. Your issue is being looked in to--please don't bump your thread. Thank you!
Over 3 months since last update on the matter? getting kinda ridiculous, how long will it take to "investigate"? Will these cases just get prolonged to a point pretty much every1 who it have affected like me have quitted and the majority of server has forgotten it ever happening to just close it with a silent refusal? ps. It's been literally over a third of a year since the incident on server with nothing but getting GM blog saying it's been dealt with..
If the thread was simply (Closed) without any response, that would be a silent refusal As acknowledged by you at the initial post "I dont assume the process to be fast", the investigation does take time The investigation isn't such a simple matter, especially with multiple requests from players with different reported timings This would indeed be faster if the affected player was you only, but that isn't the case
Hello, unfortunately we cannot take responsibility for issues related to a player's personal account security and cannot assist with recovering your stolen items. I'm really sorry that we can't do any more for you in this situation.
