Why aren't refunds given to hacked accounts?

Lately there's been a lot of people who had their accounts hacked due to "poor security" (lul) and lost items/mesos because of it. When asked for a refund they're completely denied of it and are only told to change their passwords (as if they're not going to after being hacked haha but anyways). Now you might go "yeah well they deserve to not get refunded it if they can't keep their accounts safe" BUT over a year ago Christopher Chance, a former game master might I add, got hacked and he got refunded. In that thread it's very clear that the GMs have the logs to see EVERYTHING that's been lost and not only that but where and possibly when they were dropped/traded (so don't say the technology isn't there). I don't understand why he gets a refund but everyone else doesn't. He very well may have had the password maplestory123 also but nobody there told him "oh you gotta change your password buddy sorry". You might argue that Chance was more high profile and lost a lot more stuff than others but none of that should matter at all. It doesn't matter if you lose 1 snail shell or 2bil, if you refund 1 person, why can't you refund the other?

Here are just some of many people who got hacked recently and have been denied a refund:
https://royals.ms/forum/threads/hacked.69335/
https://royals.ms/forum/threads/i-was-hacked.70746/
https://royals.ms/forum/threads/account-hacked.70049/
https://royals.ms/forum/threads/account-hacked.69990/

You guys are obviously able to investigate whether someone's hacked claims are authentic or not and not only that but find out who did it and what was lost, so why don't you guys? Telling people too bad so sad because of poor account security is inexcusable, if anything that says to me that you guys cba to look into it.

Oh and I'm not trying to target any specific gms here, it just so happens that the gms who responded to these threads are Michael and Tim. Also I'm sure none of the gms (except for Matt) have a final say in anything, they probably discuss every issue together and make a conclusion collectively so please don't go on a witch-hunt.

 

It seems to me that they are not favouring one person over another, but rather their policy of refunding has changed between a year ago and now, where they are consistently denying refunds.

This I think is fair:

• Server has been growing rapidly
• It takes a lot of work to investigate a particular incidence
• Imo, the burden on the gm's is unreasonably large to refund every single account that gets hacked. So if they can't be consistently helping everyone, they shouldn't be helping anyone.

 

Fair points, especially the fact that the server has grown a lot during these past few months. But considering how accounts don't get hacked that often I don't think this should be a problem for gms to do player-by-player investigations, especially knowing seriousness of being hacked. It might sound insensitive of me to say this but something requiring a ton of work shouldn't be what decides whether something gets done or not.

I will say this though, I've always been someone who'd rather help than not help if given the chance and knowing that these gms are able to help but refuse to for reasons they believe are justified is a real kick the balls. I know this can be seen as being unfair but I'd rather help 1/10 people than 0/10.

 

I believe they consider "poor security" to be when you use the same password for everything. So when other websites get hacked and have the info dumped, Royals won't do refunds because nowadays having the same password for everything is "poor security" and can be avoided with using different passwords.

 

I'm pretty sure that Christopher Chance got hacked when he was a member and not a game master.

 

I am just posting to assure you that no favouritism has occurred as I am a fellow victim of the recent hackings. All cases are thoroughly investigated and not just slapped with poor account security. I have made my opinion along with others clear on this matter in staff discussions and won't be revealing them here due to it being a ongoing discussion and the fear that my views are skewed or biased due to my situation.

 

Just wanted to add that another example of poor security is having your forum name be part of your login information. At that point, you've already given away 1/2 of the information. If you have an easy password (or used elsewhere) then it's pretty easy to get hacked.

Another reason that helping everyone who gets hacked has become unreasonable is the sheer amount of people who are getting hacked nowadays. It may seem like a small number to you, but considering how only admins are able to help, and they already have a lot on their plate with game issues as it is, I find it kind of unreasonable to expect them to refund people who were being a tad careless with their information. And we really do want to help people. It would be great if we could help 1/10, 3/10, 10/10. But if we don't do 10/10 people will say we are favoring certain players or ignoring others. We cannot just do some, it has to be all or nothing because if we don't keep things fair for everyone, I can only imagine the backlash it would bring. As it is, helping everyone who had poor account security just isn't feasible imo and since we can't help every single person, it's fairer to not refund anyone. On another point, I kind of also am of the mindset that if you had poor account security, used same information in multiple places, shared info, that it is more of player error (which we have never refunded for) since you put yourself at risk.

If it was the case that they got hacked and haven't used their information elsewhere, haven't told anyone, I definitely think they should be refunded though since the player took precautions to make sure they were safe and were still hacked anyway.

 

These accounts with poor security only have themselves to blame. Especially since we're living in the 21st century where the topic of increased cyber security is constantly being brought up and reinforced.

Having your ID as JohnDoe and your password as JohnDoe123 isn't helping you at all.

Stop using the same ID and password for every website. I cannot emphasize enough on how important this is, and how often this is the reason why your account is being breached without your permission. There are constant data breaches even on huge companies like Facebook, Ebay, Steam, Tumblr, etc. You can even just watch the 1st minute of this video here to show you how easily accessible your accounts are if you're using the same ID and password eveytime.

That being said, I have never been hacked in Royals, and hopefully never will because I have taken the necessary precautions to make my login information unique to Royals.

 

My accname/password combination is unique to royals afaik. They were used separately on different websites however and score weakly on the howsecureisyourpassword test.

 

Of course there are more steps that I haven't said in my previous post that you can take to increase your security online; such as using capital letters and lower case letters, using symbols, making your password longer than 15 characters, not using words, dates, names, etc.

I just wanted to emphasize that using the same ID and pass on every website more often than not is the biggest reason why there are security breaches. Humans are creatures of habit and even I am guilty of using the same login info on multiple websites.

 

Sure having a weak password is no one's fault but yours but that doesn't mean you guys can't help. While this is a whole other discussion but a big part of why people feel unfair about favoritism is because the forums are public. People will look around for other threads that are similar to theirs and compare how other people's cases are being treated to theirs. I won't go too much into it but if character issues become private then nobody other than yourself will know about your issues, unless you yourself decide to share it with others. Nobody will know whether this other person got refunded or not and there won't be any arguments on whether this person was treated fairly or given favoritism.

Funny enough the only reason why I even know about these cases and part of why I was able to make this thread is because the forums are public, and I along with everybody else here is able to freely browse around.

 

Seems like it might be a good idea to reimpliment the security pin.

 

Not a bad idea at all, I'd be all for it if we're able to disable it.

 

I actually agree with the staff that no reimbursement/refund should be given, if the cause of being hacked is due to the own users' poor security. U should take care of your own acc, make sure u dont use the same password on other servers. And make sure your password is strong too! Its alot of unnecessary job for the staff if they have to keep refunding ppl who keeps getting hacked due to their own fault. Yes, its not impossible to check what was hacked, but its alot of tedious work that shouldn't have been included in their workload.

However, if the cause of being hacked is due to the lapse in royals' security. Then the players should get refunded because the fault now lies with the server.

In the 4 examples stated, the cause of being hacked was due to the players' own poor security sense. Thus the fault lies with the players themselves. It would be nice if the staff took the extra effort to help them recover their items. But it is not smth that the staff owes to those players, esp at times like this whereby there's a huge influx of players (and thus amt of work to do for staff). So, its perfectly reasonable not to refund these ppl.

Anw, there was a sudden influx of hacked acc. So its logical to assume that user particulars and details (username password etc.) was leaked from some other websites. And unfortunately, hackers used the leaked info to attempt on royals (in which some were successful, thus the trend of recent hacked cases)

 

What would be the reason to start improving on your account security when you expect the admins to come save you?
Don't you think you have quite high demands from a free to play server where the admins are volunteers?
There were hackers being unbanned with a second chance in the past, that doesn't mean hackers should get a second chance now, times change.

Not even relevant he wasn't a GM at the time.

One person was helped and now you use that as an argument saying it's unfair, can't have both.

Just looking at the amount of support issues the workload is already more than what the admins have time for, and that's just the things you can see posted.
It's very easy to say work harder when you don't have to do anything yourself, would it be so difficult to assume that they were denied for a valid reason?
Not like they sit there laughing and refuses to click the "solve problem button" (doesn't exist)

 

I don't understand why you're getting so defensive over this, is this really the tone a forum moderator should be using when speaking with others? Way to set an example. You don't need to agree with me on any of these points but I'd appreciate it if you'd stopped making false assumptions.

At the end of the day I'm just another person on the internet, my words mean just as much or as little as anyone else's, don't take it so seriously.

 

People behind those data breaches are not gonna try to steal your mapleroyals account. They wouldn't even know what mapleroyals is. Those guys are after bank accounts, credit cards, SS #s....not private server accounts. Everyone just shares accounts and get "hacked"

 

Okay so after looking around a bit more I found this case that goes against everything you guys have said. To those who are too lazy to read it I'll summarize it: Tim lent his gun to his friend who got hacked and took matters into his own hands and refunded himself. As I said in my original post, gms probably aren't allowed to make big decisions on their own, they have to discuss it with other staff members and decide collectively as a team what the best course of action is. Just by taking a look at the character issues sub-thread you can see that even gms make their own threads for refunds and require other gms to approve it. So it's fair to assume that this case is like every other has been thoroughly discussed and ultimately given a yes to the refund. Now I ask, what makes Tim's case so special? To me it looks like every other hacked case out there so why does Tim receive special attention and get a refund?

I won't take people's opinions on what they believe is right or wrong but Matt, the owner of the server said that they haven't refunded hacked accounts in a long time.

Yet Tim receives a refund. I do see that in Matt's quote he says "if we ever find security loopholes in which we're at fault for we'll provide refunds" but he also says in the same sentence that they're confident that this is currently not the case. Also, how would they prove that it wasn't the user's fault for getting hacked? For all we know Tim's friend could have legitimately been an idiot and had a part of his username in his password. Actually, even guessing your username right is pretty impressive in itself unless your username is the same as your forum name or 1 of your in-game characters (which I'm positive at least 1 of us here is guilty of.) All he had to do was play innocent and make a believable claim that it was the server's fault. Not saying that was the case but it's definitely possible. Another issue here is that if 1 person fell victim to a security loophole, couldn't that happen to anyone then? What makes 1 person more likely to be hacked due to a loophole in the security than another when we're all playing the same game? But the biggest issue at hand is had this been anyone else other than a gm, would it have received any sort of attention whatsoever? Maybe I'm the only one that sees it this way but the only reason this case received any sort of attention is because a gm was involved, and not only that but the gm that got involved in it stepped up personally to handle the case. Would a thorough investigation been made if this happened to a relatively unknown player who lost 5mil?

Before anyone jumps to the conclusion that I'm trying to point fingers at Tim for being unfair, I just want to get it out there that I believe every case should be handled this way. It's just a bit hypocritical of you guys to have a firm stance on something but then make a special exception for yourself. I do understand that you guys would rather support the practice of helping no one as opposed to helping 1 and ignoring 10 others, but this case makes it hard for me be on your side. Not to mention the general response here is "it's your fault for having a weak password and getting hacked so you don't deserve help" yet you guys also make it seem like you do want to help... so I honestly don't know which side you guys are on. Like what if I use the same password for my bank account as my ashleymadison account and someone took all my savings, is the bank just gonna close the door on me?