Notice Regarding Yesterday's Events

I just want to give the MapleRoyals community an update and reassurance as to what occurred yesterday which you may have seen on the forums as well as during the day.

Due to an insecure file located on our server, an unknown attacker gained access to that file which contained a password used by Matt in multiple locations including his PayPal, SolveDDOS, and MySQL account. The attacker first tried to use Matt's credit card to make a fradulent purchase, which was blocked. He then contacted Matt attempting to extort money from him under the guise of "helping to protect our server." When Matt refused, he began to take a dump of the forum as well as game database and threatened to release it.

While this dump of data was taking place, the password obtained by the attacker was changed in all locations, locking him out of the SQL database midstream. While the attacker has a copy of the game database, rest assured your data is completely safe. All passwords are hashed using multiple types of encryption (which our hacker friend thought would be easy to break... still waiting on him to reveal in plain text our passwords ).

Because we knew the information was safe, we did not react in the way the hacker was hoping and then got angry, therefore deciding to DOS the server. Thankfully, due to the hacker exposing our public IP address and DOSing us, we were able to work with our host to install some additional security which should help us down the road.

In the end, while we did have long periods of downtime yesterday, no permanent damage was done, and that can be seen by our record number of GTOP100 votes yesterday as well as number of people on the server last night after things had begun to stabilize. On behalf of the entire staff, I would like to thank the Royals community for their patience and dedication to this server. I expect our hacker friend to be back on and to post saying "I HAVE ALL YOUR PASSWORDS, YOU THINK YOU ARE SECURE?! HAHAHAH" or something to that effect. If it does happen, I ask that the players do not respond or do anything, simply go about your normal business. The staff will take care of it, that's what we are supposed to do.

 

WOW! You guys really dealt with a lot of horrible sh*t last night. I'm so happy that you found a way out of this.

 

Agreed. It gives us all even more faith in the Royals staff.

 

Is there a chance that anyone else's paypal accounts have been compromised?

 

No way whatsoever.

 

Should we change our password? Funny thing is, I just made an entirely new email to use for this pserver.

All I can say is thankyou for your hard work, so many players take it for granted.

 

You can change your password if you want, but again since the database stores the password as an encrypted string rather than plaintext, it can't be cracked. This is also why I couldn't tell you your current password even if I wanted to. Only thing that can be done is change the password.

 

Man you guys are on top of your stuff! Bravo