Frogster, publisher of the popular "Runes of Magic" video game, says that they will not give in to the demands of a blackmailing hacker who has threatened to release personal information and payment details of customers.
Last month, a hacker calling himself Augustus87 posted a message on the Runes of Magic forum making a number of demands - including that staff should be treated more fairly and that security should be improved to protect the personal data of game players.
The message was quickly deleted, but some quick thinkers took a screenshot to capture it for posterity:
Part of the message read (the typos are the hacker's own):
I HAVE ALREADY COMPROMISED ALMOST EVERY SYSTEM AND IM GOING TO SHUT THEM DOWN SERVER BY SERVER IF FROGSTER DOES NOT AGREE TO THE FOLLOWING REQUESTS:
#1 - NO CLOSED THREADS ANYMORE JUST BECAUSE U DONT LIKE THE DISCUSSION OR THE TOPIC. RESPECT FREEDOM OF SPEECH!
#2 - NO DELETED THREADS ANYMORE SAME REASON AS #1
#3 - BETTER TREATMENT OF FROGSTERS EMPLOYEES WORLDWIDE!
#4 - MORE TRANSPARANCY TO YOUR CUSTOMERS! TELL THEM WHAT IS GOING ON AN STOP LIE TO THEM. DONT TREAT THEM LIKE CHILDREN. BE RESPECTFUL!
#5 - SECURE THE GAME CLIENTS AGAINST CHEATING AND OTHER NOT WANTED MODIFICATIONS. YOU KNOW WHAT TO DO. DO IT!
#6 - TAKE CARE OF ALL PERSONAL RELATED INFORMATION! DONT LIKE ABOUT LOST INFORMATION LIKE EMAILADDRESSES OR EVEN ACCOUNTS! TELL THE TRUTH!
#7 - STOP SPY ON YOUR EMPLOYEES! WHILE INSPECTING YOUR NETWORKS AND SERVES I DID FIND A SNIFFING PROCESS WHICH STORES ALL RUNNING TRAFFIC OF ALL EMPLOYEES INTO A DATABASE AND FILESYSTEM ALLOWING TO RECONSTUCT CYBERMOVEMENTS OF EMPLOYEES FOR MONTHS. EMAILS WEBSITES CHATS EVERYTHING IS STORE AND CAN BE USED AGAINST YOUR EMPLOYEES. STOP SPYING THEM! I WILL LOOK FOR MORE OF THOSE PROCESSES ON YOUR INFRASTUCTURE.
YOU HAVE T W O W E E K S TO FULLFILL THESE REQUESTS.
IF YOU DONT OR IF YOU REMOVE THIS THREAD WITHOUT NOTICE IM GOING TO INCREASE THE NUMBER OF RELEASED COMPROMISED ACCOUNTS TO THE PUBLIC BY EVERY DAY THE THREAD IS NOT ACCESSABLE ANYMORE!
Clearly who was behind the message felt very passionately about the "Runes of Magic" game. However, his fellow players are likely to have lost some sympathy when he published personal information on 2000 users, including their billing information, to prove he had access to the data.
For its part, "Runes of Magic" publisher Frogster deleted the messages from its forum and issued a statement saying that the data released was from users who registered in 2007, and that affected accounts had had their credentials reset. Hopefully users were also advised to change their login details on other websites if they were silly enough to be using the same password.
In a GameIndustry.biz interview, Frogster Chief Operating Officer Dirk Weyel has confirmed that the firm will not negotiate with the blackmailer or cede to the hacker's demands, and has called on the services of the police to investigate the case.
Hmm. I hope at the very least Frogster is taking a fresh look at their security, and investigating as a matter of urgency what could be done to better protect its customers' data in future.
All online businesses need to learn to take security seriously - they don't just need to protect their valuable corporate information, they also have a duty to properly protect the personal data belonging to their customers and partners.
Frogster announced the resignation of their CEO, Andreas Weidenhaupt, earlier this week.