We’ll start with a brief explanation for all of our readers who aren’t up to date on the Rappelz situation. The hacker problem in Rappelz isn’t new but escalated in the last few months and now, according to the gaming community, seems worse than ever. So, some concerned players decided that they had to do something and posted an article (Rappelz Under Hacker Attack) in the MMOBomb.com MemberZone to alert to the issue. That article was received with a lot of controversy and spread like wildfire. Luckily, the team behind Rappelz contacted the MMOBomb team and kindly offered to answer any questions and try to clarify any doubts about the problem. The questions that follow were selected in collaboration with the Rappelz community.
1. Before the interview gets started can you please tell us your name, title and how the community may identify you?
Hello, I am [GM] Kyodan, and I am the Community Manager for Rappelz and I’ve been with the game for two years now. As Community Manager, I’m responsible for keeping our players informed about what’s going on in the game, so I want to hear everyone’s questions and answer their concerns.
2. Can you clarify our readers to what exactly is happening to Rappelz?
Our community has been afflicted with hacking by unknown parties who seem to be working for third-party gold sellers. The hackers usually take rare items from players and sell them in-game for rupees, our in-game currency. These rupees find their way to third-party gold sellers, who sell them to players (which is against our policy).
Our team has been fighting these hackers for quite some time, and it’s intensified recently because we’re close to containing the situation. These hackers want to take as much as they can from our community before we shut them down and we’re doing our best to minimize the damage.
3. Why hasn’t gPotato done anything for over a year to ensure the safety of the items that are bought but heavy cash shop users when the hacking was first reported? Why are they addressing the issue only recently?
Our team acted immediately on the situation and we’ve done everything we can. We’ve hired more employees for the game, called on people from other departments to pitch in, and even brought on a new Chief Technical Officer to implement more thorough security controls for all gPotato games.
However, the hackers have been employing a multitude of different methods so we’ve had to continuously adapt. Every time we contained one issue, they would find new ways to defeat our efforts. We’re now so close to fixing the final security vulnerabilities that we suspect the hackers are ramping up their efforts, which is why you’ve heard so much about it lately.
Some of our players, who care deeply about the game, have been helping us test our security, and we really appreciate that. We’re also constantly improving security ourselves (during maintenance) and we’re planning a full security audit of our systems very soon. We’re taking this very seriously.
4. Most cash shop users are concerned about the safety of the items they buy (other than stamina savers, etc. which are used up rather quickly), that the items may be taken by hackers. What kind of guarantee can be given to them so that they consider using the cash shop again?
I can guarantee that everyone, non-cash shop users included, will have ALL their items restored. In the past, we only restored 40 items of the player’s choice. We felt that was unfair to our community and have changed our policy going forward. Unfortunately, this increases the time it takes to restore the items to a player, but this is the right path for us to take.
5. What is the timetable for the security breach being fixed?
I can’t give a specific timeline because we don’t want to jump ahead of ourselves, but I can say that we are rapidly approaching full containment of the situation. I’ll keep the community updated every step of the way and I’ll be able to share more details once we reach that final goal.
6. Why did you take so long to make a formal announcement about the issue?
I’d like to apologize directly to our players for this. We thought we could fix the issue quickly, but the hackers proved us wrong. We also felt it would be wrong for us to claim that the issue was contained (since it wasn’t), and finally we did not want to announce the hacking vulnerability in case it attracted more hackers.
Ultimately, we were trying to protect our community, but our silence created uncertainty and allowed rumors to spread. I don’t plan to make that mistake again. I have realized how important it is to keep our players informed from the beginning so we can all be on the same page.
7. When can players be assured that the hacking will stop and what measures have you taken to stop the hacking?
Without going into specifics (which could compromise our efforts), we’re stopping the hackers in various areas and fortifying our defenses against future hacks of this magnitude. We’ve brought in experts from outside of our company to speed up the solution and ensure the future stability of the game, so we’re definitely close to resolving this.
Once we have verified that the issue is contained, I will inform the community immediately. Rappelz will be an even more secure game going forward, and we’ll be keeping an eye out for new and better ways to keep hackers out.
8. Can’t you implement a locking NPC that would only lock items to an account when the email is verified?
We, as a publisher, are unable to create new content for the game, including NPCs. However, we’re taking this great idea into consideration and will bring it to the attention of our developers. Our community has been great in providing constructive ideas and solutions, many of which we’ve put into use. I am proud of the ingenuity that our players display and hope to funnel these ideas into improving Rappelz for everyone.
9. If and when you get to fix the issue, what is going to be done about all the items that were replicated in order to restore people’s possessions?
Unfortunately, we are currently unable to do anything about the replicated items in the game’s economy. This is due to the nature of the hacks: once an item is sold from the hacker to another player in a legitimate trade, it would be wrong for us to take that item away from the player who bought it in good faith. As a result, our only option is to recreate the item for the victim, which creates inflation in the economy.
We are planning ways to fix the Rappelz economy the moment we have cleared out the hackers. We have ideas for events that will restore balance to the economy while at the same time giving our players exciting things to do. Rest assured, we will do something about it.
10. Do you believe the major security hole in your software could drive away potential customers? Not only new players for the game in trouble but for your new games? Not only players but potential clients wanting to use your services to help launch their own game? Major security holes can really affect your company reputation and credibility.
The hacking issue has not been kind to our game, our company, and more importantly, our players. We’ve lost some very loyal players because of the hackers, and I’m sure the issue has turned away new potential players as well.
The issue we’re seeing in Rappelz does not affect our other games, however. We tailor each game’s infrastructure to the unique needs of that game, and unfortunately the unique needs of Rappelz opened us up to unique security flaws which are now being fixed. We also bring our experience as publishers to every game we release, and we have learned a lot that will improve the security of all our games.
In the end, our games succeed because of the players and we know we have to do some serious rebuilding efforts to regain their trust right now. The Rappelz community will receive events and rewards, but we want to first make sure that everyone feels safe and secure in knowing that their accounts are protected.
11. What compensation are you going to give the players who were hacked and had to wait months to get their items returned?
Once all hacked accounts have been restored and the hackers themselves have been dealt with, we will determine what compensation we can give to the players who have been affected. Though I feel there is no suitable compensation for what they’ve gone through, we will do what we can for them and it will be our first priority once the hacking is fixed.
12. Are you open to the idea of Trainee or Mini [GM]’s? These [GM]’s can serve as unpaid legally signed in interns/employees. They will not all have all of the in-game powers like “real” [GM]s (no item creation abilities, NPC creation, or banning) and their duty will revolve around creating community events, muting game-currency sellers, providing assistance to players in-game and serving as intermediaries between the community and the staff.
We have tried this idea in the past and it didn’t work well. Even with limited responsibilities, some individuals found ways to take advantage of their position. The last thing we want to do is subject our players to more problems, so this option will not be considered in the near future. That being said, we are exploring lots of other possibilities and I really appreciate the community’s willingness to pitch in.
13. What factors determine the order of restoration? People have jumped ahead in the line over others who have waited twice as long. Are cash shop sales a factor in this?
Our team takes tickets in bunches and we make sure we answer a certain number of hacking tickets each day. Due to the amount of reported hacks, we’ve divided our efforts: half of us are taking the newest cases, half are taking the oldest ones. We want players who have just been hacked to get their items restored quickly so they can rejoin the game, but of course we need to tend to the players who’ve been waiting a long time to be restored.
Unfortunately, through this process, some of our players get the impression that we’ve skipped them. I would like to make it clear that this is entirely untrue. We haven’t skipped anyone and we will take care of absolutely everyone. Cash shop sales are not a factor at all.
14. For the people who have been denied being restored and all those that were only given “a certain amount, no more than 40 items back”, will they be getting fully restored as the hack have now been proven/admitted to be not the players’ fault?
We have changed the policy, but it doesn’t apply to anyone who was affected in the past. Our focus now has to be on what we can do for our players and the game going forward.
15. How have the last couple of months been? We are curious as to how gPotato feels after handling the workload that you’ve been given with the events, hackings, and restorations?
The hackers have been diverting a lot of our time away from improving the game and hosting engaging events that we’ve wanted to do for quite some time. We’ve definitely got a lot on our plates, but we’re dedicated to improving Rappelz for our players. I feel for everyone who has been affected by this issue (directly and indirectly), and appreciate all the feedback that has been given to us. Our community is very passionate about Rappelz, and I admire their love for the game. We’re all looking forward to spending more time with them.
16. Why is there little to no [GM] presence in-game? More importantly, to watch and regulate the in-game economy, making it more appealing for gamers to want to purchase from the cash shop rather than a rupee site.
Currently our top priority is containing the hacking issue and taking care of the players who have been affected by it. Our team will ramp up presence in the game once we have reached these goals. As mentioned before, the hackers have been taking up the majority of our time – time that was intended to be used on improving the game for our community.
17. Why are the moderators taking all the heat on the forum without any real support or clarification from anyone from gPotato?
The moderators are my front line force and have been taking care of our forums while we’re behind the scenes, working on the issues affecting our community. I’ve been communicating with them on a daily basis, so they do have my support, and I appreciate their efforts and dedication during this tough time. Though tempers flare and ideals clash, at the end of the day, we’re all on the same team!
I want to personally thank the moderators for holding down the fort. It’s my goal to deliver good news to the community – they deserve it.
18. Why are players still receiving the message when Gala-Net knows the fault is on their side and is not on the players’ side, and we quote right from one of your emails a member just received on January 3th, 2012?
“In the future, please use more caution as we will NOT be able to restore your account again. Please read over these account safety tips.”
Not one of the safety tips reply’s to Gala-Net being at fault. Is this a statement that you feel should be corrected, being that the party at fault is Gala-Net and not the end users/player?
This was a mistake on our end: the obsolete phrase was part of a template that was meant to address accounts that got hacked due to issues like account sharing, so our policy then was to only restore such accounts once.
Now that the issue has changed, we have changed our template. Unfortunately, this phrase slipped through. It was inaccurate and has been removed, so thank you for bringing it to my attention. As long as the hacking issue persists, we will restore ALL accounts fully.
19. Some players are actually thinking that Rappelz may have to shut down due to the hackers. Can this be true?
No. We are absolutely committed to securing our game without disrupting service to our players. We can restore the security of everyone’s accounts without resorting to such drastic measures. To close the game, even temporarily, would be letting these hackers harm our community even more. Rappelz will remain open, we will stop the hackers, and our players will get to enjoy the game they love.
I want to thank our community for staying loyal to us during this ordeal, and I know that 2012 will be a stronger year for Rappelz. We’re already planning our next major update and we’ve got lots of great content for the year ahead. I am certain that the toughest times are behind us, and we are determined to improve the Rappelz experience for everyone. This is our game – YOUR game – and we’ll do what it takes to make it better than ever before.