Fractured Online Hacked! menu

User Tag List

Results 1 to 1 of 1
  1. #1
    Scumstation's Avatar Super Moderator ♰♰♰♰♰♰♰♰♰♰♰♰♰♰♰
    CoreCoins Purchaser Authenticator enabled
    Reputation
    418
    Join Date
    Jun 2012
    Posts
    608
    Thanks G/R
    82/170
    Trade Feedback
    13 (100%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Fractured Online Hacked!



    From The discord:

    Hi everyone, we have just been the victims of a serious attack. A hacker managed to log into an admin account - my account, specifically - and used it to delete all player cities. This wasn't done by compromising my PC and stealing my data, but via a backend hack.

    We have no idea what could drive a person to do something like this, but it happened. Cities will be restored partially by taking data from a previous save, partially by had by Game Masters.

    Logins are suspended now. We will keep you updated on the progress of the investigation.
    Fractured - The Dynamic MMO

    November 19 Attack Breakdown
    November 20th, 2023 at 6:24 pm

    A due overview of the attack that happened on Sunday, what we’ve been doing about it and what is coming next.

    Hi all,

    here comes a due overview of what happened on Sunday, what we’ve been doing about it and what is coming next.
    What Happened

    In the morning of Sunday 19, 2023, a hacker managed to login with the character of an administrator, and used its admin powers to destroy all player cities (yes, he/she teleported around the world and used the admin command “unclaim city” on all player cities).

    The violation didn’t involve stealing admin login credentials (email / password), but a game auth token that could be used to login an admin character. The token wasn’t harvested from the PC of the administrator or the company network, but by exploiting a vulnerability in the server that hosted one of the game’s external services.

    We have no indication there has been a database violation for the time being. Since some users have raised concerns about how we store passwords in case there was a violation, we store them (technical explanation ahead) hashed and salted with a slow hashing algorithm (bcrypt). An 8-character password stored this way takes centuries to be brute-forced – and we’re using a password with the minimum number of characters allowed ( as an example here.
    Reconstruction

    Due to an issue in world saves, we haven’t been able to restore player cities as they should have been restored – that is, as they were ~30 minutes before the hack took place. Instead, we had to roll them back to the previous patch, i.e. as they were in the late evening (EU time) of November 17. This means player cities effectively suffered a rollback of 1.5 days, while the rest of player and world progress was untouched.

    We are aware this is an atypical response to the issue (the typical one would have been a full rollback), but we felt it was the right decision to minimze damage. Our GM team will help groups who have lost their city (or lost buildings within it) to reclaim it and rebuild it, including rebuilding player land parcels within the city.
    What Now?

    This is what we’ve done so far:

    We’ve separated the API servers that serve requests from game clients from those that serve requests from game servers.
    We are working with multiple IT security specialists (penetration testers, white-hat hackers) to find possible additional issues in our backend.
    We have changed specifics of the functioning of game auth tokens.
    We have fixed the issue in world saves that prevented us from having a small rollback of 30m max for players cities too.

    This is what is coming next:

    We continue with the security research and reinforcing our backend.
    We start reinforcing our game client too – there are a few exploits there which are non-critical but can be very unpleasant for other players when exploited by cheaters.

    Community Response

    The response of the Fractured community during this ordeal has been
 just incredible – I don’t know how else to define it.

    The amount of supportive messages and displays of appreciation for the game (and personal) we’ve received, ranging from guild masters speaking on behalf of groups to single players, has been simply incredible. The supportive attitude extended even outside of our internal channels, such as on reddit (1 – 2), where people had been mostly critical of the game during our first launch one year ago.

    We were afraid we could be hit by a wave of negative reviews on Steam, but only a couple of those showed up, and recent reviews remained steady around 80% positive. After reopening today, CCU (=players connected at the same time) hit a new peak of 1100, continuing the positive trend that saw the game slowly gain players every day since launch.

    I know it sounds clichĂ© to say that the community – you – are our biggest asset but
 it’s true. You gave us the energy to work non-stop on solving this, and continue to do so. THANK YOU!
    Last edited by Scumstation; 11-20-2023 at 08:07 PM.

    Fractured Online Hacked!

Similar Threads

  1. Replies: 6
    Last Post: 02-23-2019, 05:47 AM
  2. [Selling] RPG Elemental Knights Online/Red Knights Online/Blue Knights Online hacks(ios/android
    By Rasckal in forum General Trading Buy Sell Trade
    Replies: 0
    Last Post: 09-11-2015, 12:29 PM
  3. [Selling] DC Universe Online Hack - Unlimited Power [Mana]
    By DCUOHacker in forum General MMO Buy Sell Trade
    Replies: 1
    Last Post: 12-07-2014, 08:00 PM
  4. Gaia Online hacks, bots, cheats?
    By Lady Khold in forum Gaming Chat
    Replies: 3
    Last Post: 10-06-2007, 06:52 PM
  5. knight online hacks
    By gbcjr in forum Gaming Chat
    Replies: 1
    Last Post: 08-06-2006, 04:28 AM
All times are GMT -5. The time now is 10:59 PM. Powered by vBulletin® Version 4.2.3
Copyright © 2024 vBulletin Solutions, Inc. All rights reserved. User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2024 DragonByte Technologies Ltd.
Digital Point modules: Sphinx-based search