Notice Account Security

Hi Royallers,

We have recently noticed a surge of unusual login activity on our website's control panel where malicious user(s) have been attempting to log in using predefined credentials likely obtained from data leaks of various other services to engage in credential stuffing. There is no evidence which shows a breach of our systems or database, and we are confident that all our data is still safe and secure on our servers.

Further countermeasures for brute-forcing attempts have been implemented, and we have made the decision to ban any accounts which have had a successful login attempt made by malicious user(s) for your protection. This does not mean that all of the affected game accounts were compromised, but rather that just a successful username/password attempt was made out of the credential stuffing data the malicious user(s) gathered from their non-MapleRoyals sources. And in most cases, the additional secure PIN and PIC checks were able to stop the attacker from gaining full access to the account.
If you have recently received a random account ban, this is likely the reason. You will be required to change your account password, PIN, and PIC to keep your account secure. Please make a ban appeal for us to help you get your account safely unbanned by clicking here to create a thread (a forum account is required).

In addition to game accounts, some forum accounts using the same username/password combination have also been accessed. We will be looking into recovery options for these as well.

We would like to take this time to remind all users about the importance of using unique credentials for your game accounts here on MapleRoyals.
Never use the same password that you have also used on any other online service, and ensure you have a strong PIN and PIC for your accounts.
To change your account's password, PIN, or PIC, please login to the control panel, then choose the option from the left-side of the control panel and follow the instructions on screen.

If you have any further questions let us know on the feedback forum and we will try to add them to this post:

Q: Will there be a wipe?
A: No, we don't have plans on wiping our server data and having people start over.

Q: Will there be a server-wide rollback?
A: No, while we're still investigating only a relatively small amount of accounts got in-game and were thus affected.

Q: I didn't get banned, do I need to change my password, PIN, or PIC?
A: While your account is safe, it's always good to ensure that your account security settings are unique from any other service that you use. We recommend taking a moment to review your account security settings in the control panel to ensure that your account is protected.

Q: Will hacked accounts be compensated?
A: While using secure account details for MapleRoyals that you don't use elsewhere online is the responsibility for the user, we are exploring recovery options to help our players that got affected by this large scale operation.

Q: Am I allowed to play on my other accounts if one of my accounts is currently blocked because of this?
A: Yes, you can still play your other accounts but please make sure you change your account details to a secure password that you don't use anywhere else.


- The MapleRoyals Staff

 

The affected accounts were temporarily banned on 2021-02-09 to prevent malicious users from further accessing the account as they got IDs and passwords from other sources online where some players used the same login details. Those details were used in a credential stuffing attack.

If your account has been affected by this carefully read the following information:

We have changed your password for your own protection. We wont provide this password to you.
In order to play again you need to:
- Go to www.royals.ms/controlpanel and choose the 'FORGOT PASSWORD?' feature to reset your password by email (keep in mind the control panel is case sensitive). Do not set your password back to what it was before.
- Log in on the control panel with the new password you registered and reset your PIN (email verification is required for this step which is also done in the control panel).
- You should now be able to log in on the game client and set up your new PIN to then start playing again!


If for some reason you're unable to remember your email or lost access to the email you signed up with, and are unable to recover that email from your email provider you can:
Don't post this information on any public post like a ban appeal, only make a thread at:

Spoiler: Email recovery

https://royals.ms/forum/forums/support-requests.111/
with the following details:
EMAIL RECOVERY
1) Your character names (IGN):
2) The date of birth associated with your account (DD-MM-YYYY):
3) The email addresses you think might be associated with your account:
4) Your account username (Game Login ID):
5) The last time you played:

Only choose this option as a last resort after you have tried all the email addresses you can think of that you might have used. Processing these requests will take a long time so really give it your all before you follow these steps.


We have restored the accounts that were accessed by the malicious users back to a state before the malicious users logged in on them to restore your mesos and items because we noticed brute force attempts on PINs with the help of a bot net. Extra security measures to prevent brute forces have been put in place since 2021-02-09.
If you reset your PIN while you were banned but weren't able to reset it again on March 1st, you've been given another (randomized) PIN to reset which does lead to you being able to log in on the game client and set a new PIN.

Cyber security is very important as malicious internet users are at an all time high in 2021. We suggest that you protect yourself from these types of attacks by never using the same login credentials anywhere online and looking into getting a password manager to stay organized in your daily online activities as you can never be too sure about the data security of the platforms that you use.