(UPDATED) Naïca Developers Respond To Security Exploit Claims

Jason Winter
By Jason Winter, News Editor March 10, 2021
Share:

UPDATE (March 10): The developers of Naïca have spoken up in their defense, repudiating the claims of Redditor gamingsec about their game's security, particularly the accusation that account information could be easily obtained. In addition, the MMORPG subreddit mods who originally "verified" gamingsec's claims have investigated further, saying that the passwords obtained for Naïca were re-used from compromised accounts in other games, notably Town of Salem.

It now appears that the primary error made by the developers was that they didn't have any captchas or a limit on the number of login attempts -- not that there was no encryption on passwords; they now claim to have addressed those issues. They posted a long statement about the situation on their Discord, which we're reproducing below.

ORIGINAL STORY (March 8):

Last week, we told you about the demise of indie MMORPG Naïca, which would be going into maintenance mode just four months after its open beta launch. Since then, new details have emerged regarding the poor handling of the game's security and its developers' dismissal of those concerns.

Redditor gamingsec posted this morning about his interactions with the dev team and, as he put it, their "Poor Security, Worse Business Practices." He said that he informed the developers about "a number of vulnerabilities/exploits" during the alpha in October that allowed gameplay advantages and -- most concerningly -- access to user account credentials. According to gamingsec, only one such issue, one that crashed the game, was ever addressed.

He initially approached the developers in private, and they dismissed his concerns by saying that "Alpha is not relevant anymore" and he should "Wait [for] the open Beta!" When he later advised players in the official Discord to change their account credentials, he said he was "met with suppression from their moderation team, who consistently delete these posts."

gamingsec has (rightly) not made this method of access public but says it still exists in the game in its current form. He did demonstrate a currency exploit in a video.

Reddit, at least, seems to be taking the issue more seriously than the Naïca developers. A moderator replied to gamingsec's post asking for verification of his claims, which appears to have been swiftly provided. The mod said that the /MMORPG subreddit will "look at putting a full embargo on anything Naica-related or from the same developers" while also re-iterating the recommendation to change your passwords to the game.

For what it's worth, most of the comments seem to fall more in the "incompetence, not intentional malice" camp regarding the security and other issues with the game. Regardless of the reasons, between this and its rapid shuttering of its first game -- which it accepted money for -- it's going to be very difficult for the same dev team to get positive attention for its next project.

Share:
Got a news tip? Contact us directly here!

In this article: naica.

About the Author

Jason Winter
Jason Winter, News Editor
Jason Winter is a veteran gaming journalist, he brings a wide range of experience to MMOBomb, including two years with Beckett Media where he served as the editor of the leading gaming magazine Massive Online Gamer. He has also written professionally for several gaming websites.

Discussion (0)


You May Enjoy

Skull And Bones Associate Director, Antoine Henry, Leaves Ubisoft

Skull And Bones Associate Director, Antoine Henry, Leaves Ubisoft

The departure follows a myriad of other troubles for the game.

By QuintLyn Bowers - 1 week ago
New World PTR Opens Up To Players Today, Including New Expedition Mutators

New World PTR Opens Up To Players Today, Including New Expedition Mutators

It is limited-availability, so you’ll want to get in early.

By QuintLyn Bowers - 1 week ago
Lost Ark Introduction Video Gets You Up To Speed Before February Launch

Lost Ark Introduction Video Gets You Up To Speed Before February Launch

Refresher course on classes, lore, ships, home base, crafting, dungeons, PvP -- all in five minutes!

By Jason Winter - 1 week ago
Genshin Impact Was The Most-Tweeted-About Game In 2021; Apex Legends Was #2

Genshin Impact Was The Most-Tweeted-About Game In 2021; Apex Legends Was #2

Over 2.4 billion tweets were counted in the year, and no, they weren't all about NFTs.

By Jason Winter - 1 week ago
Destiny 2’s Latest Trailer Offers First Peek At The Witch Queen’s Domain

Destiny 2’s Latest Trailer Offers First Peek At The Witch Queen’s Domain

Savathûn’s Throne World is an all new destination filled with a unique kind of Hive enemies.

By QuintLyn Bowers - 1 week ago
 Tilted Towers Returns To Fortnite In Version 19.10, And So Does The Grenade Launcher

Tilted Towers Returns To Fortnite In Version 19.10, And So Does The Grenade Launcher

There’s also a lot going on in Creative.

By QuintLyn Bowers - 10 hours ago
See More
Live Giveaways