Rappelz Hacking Interview: All You Ever Wanted To Know
We’ll start with a brief explanation for all of our readers who aren’t up to date on the Rappelz situation. The hacker problem in Rappelz isn’t new but escalated in the last few months and now, according to the gaming community, seems worse than ever. So, some concerned players decided that they had to do something and posted an article (Rappelz Under Hacker Attack) in the MMOBomb.com MemberZone to alert to the issue. That article was received with a lot of controversy and spread like wildfire. Luckily, the team behind Rappelz contacted the MMOBomb team and kindly offered to answer any questions and try to clarify any doubts about the problem. The questions that follow were selected in collaboration with the Rappelz community.
1. Before the interview gets started can you please tell us your name, title and how the community may identify you?
Hello, I am [GM] Kyodan, and I am the Community Manager for Rappelz and I’ve been with the game for two years now. As Community Manager, I’m responsible for keeping our players informed about what’s going on in the game, so I want to hear everyone’s questions and answer their concerns.
2. Can you clarify our readers to what exactly is happening to Rappelz?
Our community has been afflicted with hacking by unknown parties who seem to be working for third-party gold sellers. The hackers usually take rare items from players and sell them in-game for rupees, our in-game currency. These rupees find their way to third-party gold sellers, who sell them to players (which is against our policy).
Our team has been fighting these hackers for quite some time, and it’s intensified recently because we’re close to containing the situation. These hackers want to take as much as they can from our community before we shut them down and we’re doing our best to minimize the damage.
3. Why hasn't gPotato done anything for over a year to ensure the safety of the items that are bought but heavy cash shop users when the hacking was first reported? Why are they addressing the issue only recently?
Our team acted immediately on the situation and we’ve done everything we can. We’ve hired more employees for the game, called on people from other departments to pitch in, and even brought on a new Chief Technical Officer to implement more thorough security controls for all gPotato games.
However, the hackers have been employing a multitude of different methods so we’ve had to continuously adapt. Every time we contained one issue, they would find new ways to defeat our efforts. We’re now so close to fixing the final security vulnerabilities that we suspect the hackers are ramping up their efforts, which is why you’ve heard so much about it lately.
Some of our players, who care deeply about the game, have been helping us test our security, and we really appreciate that. We’re also constantly improving security ourselves (during maintenance) and we’re planning a full security audit of our systems very soon. We’re taking this very seriously.
4. Most cash shop users are concerned about the safety of the items they buy (other than stamina savers, etc. which are used up rather quickly), that the items may be taken by hackers. What kind of guarantee can be given to them so that they consider using the cash shop again?
I can guarantee that everyone, non-cash shop users included, will have ALL their items restored. In the past, we only restored 40 items of the player’s choice. We felt that was unfair to our community and have changed our policy going forward. Unfortunately, this increases the time it takes to restore the items to a player, but this is the right path for us to take.
5. What is the timetable for the security breach being fixed?
I can’t give a specific timeline because we don’t want to jump ahead of ourselves, but I can say that we are rapidly approaching full containment of the situation. I’ll keep the community updated every step of the way and I’ll be able to share more details once we reach that final goal.
6. Why did you take so long to make a formal announcement about the issue?
I’d like to apologize directly to our players for this. We thought we could fix the issue quickly, but the hackers proved us wrong. We also felt it would be wrong for us to claim that the issue was contained (since it wasn’t), and finally we did not want to announce the hacking vulnerability in case it attracted more hackers.
Ultimately, we were trying to protect our community, but our silence created uncertainty and allowed rumors to spread. I don’t plan to make that mistake again. I have realized how important it is to keep our players informed from the beginning so we can all be on the same page.
7. When can players be assured that the hacking will stop and what measures have you taken to stop the hacking?
Without going into specifics (which could compromise our efforts), we’re stopping the hackers in various areas and fortifying our defenses against future hacks of this magnitude. We’ve brought in experts from outside of our company to speed up the solution and ensure the future stability of the game, so we’re definitely close to resolving this.
Once we have verified that the issue is contained, I will inform the community immediately. Rappelz will be an even more secure game going forward, and we’ll be keeping an eye out for new and better ways to keep hackers out.
8. Can’t you implement a locking NPC that would only lock items to an account when the email is verified?
We, as a publisher, are unable to create new content for the game, including NPCs. However, we’re taking this great idea into consideration and will bring it to the attention of our developers. Our community has been great in providing constructive ideas and solutions, many of which we’ve put into use. I am proud of the ingenuity that our players display and hope to funnel these ideas into improving Rappelz for everyone.
9. If and when you get to fix the issue, what is going to be done about all the items that were replicated in order to restore people’s possessions?
Unfortunately, we are currently unable to do anything about the replicated items in the game’s economy. This is due to the nature of the hacks: once an item is sold from the hacker to another player in a legitimate trade, it would be wrong for us to take that item away from the player who bought it in good faith. As a result, our only option is to recreate the item for the victim, which creates inflation in the economy.
We are planning ways to fix the Rappelz economy the moment we have cleared out the hackers. We have ideas for events that will restore balance to the economy while at the same time giving our players exciting things to do. Rest assured, we will do something about it.
10. Do you believe the major security hole in your software could drive away potential customers? Not only new players for the game in trouble but for your new games? Not only players but potential clients wanting to use your services to help launch their own game? Major security holes can really affect your company reputation and credibility.
The hacking issue has not been kind to our game, our company, and more importantly, our players. We’ve lost some very loyal players because of the hackers, and I’m sure the issue has turned away new potential players as well.
The issue we’re seeing in Rappelz does not affect our other games, however. We tailor each game’s infrastructure to the unique needs of that game, and unfortunately the unique needs of Rappelz opened us up to unique security flaws which are now being fixed. We also bring our experience as publishers to every game we release, and we have learned a lot that will improve the security of all our games.
In the end, our games succeed because of the players and we know we have to do some serious rebuilding efforts to regain their trust right now. The Rappelz community will receive events and rewards, but we want to first make sure that everyone feels safe and secure in knowing that their accounts are protected.
11. What compensation are you going to give the players who were hacked and had to wait months to get their items returned?
Once all hacked accounts have been restored and the hackers themselves have been dealt with, we will determine what compensation we can give to the players who have been affected. Though I feel there is no suitable compensation for what they’ve gone through, we will do what we can for them and it will be our first priority once the hacking is fixed.
12. Are you open to the idea of Trainee or Mini [GM]'s? These [GM]'s can serve as unpaid legally signed in interns/employees. They will not all have all of the in-game powers like "real" [GM]s (no item creation abilities, NPC creation, or banning) and their duty will revolve around creating community events, muting game-currency sellers, providing assistance to players in-game and serving as intermediaries between the community and the staff.
We have tried this idea in the past and it didn’t work well. Even with limited responsibilities, some individuals found ways to take advantage of their position. The last thing we want to do is subject our players to more problems, so this option will not be considered in the near future. That being said, we are exploring lots of other possibilities and I really appreciate the community’s willingness to pitch in.
13. What factors determine the order of restoration? People have jumped ahead in the line over others who have waited twice as long. Are cash shop sales a factor in this?
Our team takes tickets in bunches and we make sure we answer a certain number of hacking tickets each day. Due to the amount of reported hacks, we’ve divided our efforts: half of us are taking the newest cases, half are taking the oldest ones. We want players who have just been hacked to get their items restored quickly so they can rejoin the game, but of course we need to tend to the players who’ve been waiting a long time to be restored.
Unfortunately, through this process, some of our players get the impression that we’ve skipped them. I would like to make it clear that this is entirely untrue. We haven’t skipped anyone and we will take care of absolutely everyone. Cash shop sales are not a factor at all.
14. For the people who have been denied being restored and all those that were only given "a certain amount, no more than 40 items back", will they be getting fully restored as the hack have now been proven/admitted to be not the players’ fault?
We have changed the policy, but it doesn’t apply to anyone who was affected in the past. Our focus now has to be on what we can do for our players and the game going forward.
15. How have the last couple of months been? We are curious as to how gPotato feels after handling the workload that you've been given with the events, hackings, and restorations?
The hackers have been diverting a lot of our time away from improving the game and hosting engaging events that we’ve wanted to do for quite some time. We’ve definitely got a lot on our plates, but we’re dedicated to improving Rappelz for our players. I feel for everyone who has been affected by this issue (directly and indirectly), and appreciate all the feedback that has been given to us. Our community is very passionate about Rappelz, and I admire their love for the game. We’re all looking forward to spending more time with them.
16. Why is there little to no [GM] presence in-game? More importantly, to watch and regulate the in-game economy, making it more appealing for gamers to want to purchase from the cash shop rather than a rupee site.
Currently our top priority is containing the hacking issue and taking care of the players who have been affected by it. Our team will ramp up presence in the game once we have reached these goals. As mentioned before, the hackers have been taking up the majority of our time – time that was intended to be used on improving the game for our community.
17. Why are the moderators taking all the heat on the forum without any real support or clarification from anyone from gPotato?
The moderators are my front line force and have been taking care of our forums while we’re behind the scenes, working on the issues affecting our community. I’ve been communicating with them on a daily basis, so they do have my support, and I appreciate their efforts and dedication during this tough time. Though tempers flare and ideals clash, at the end of the day, we’re all on the same team!
I want to personally thank the moderators for holding down the fort. It’s my goal to deliver good news to the community – they deserve it.
18. Why are players still receiving the message when Gala-Net knows the fault is on their side and is not on the players’ side, and we quote right from one of your emails a member just received on January 3th, 2012?
“In the future, please use more caution as we will NOT be able to restore your account again. Please read over these account safety tips.”
Not one of the safety tips reply’s to Gala-Net being at fault. Is this a statement that you feel should be corrected, being that the party at fault is Gala-Net and not the end users/player?
This was a mistake on our end: the obsolete phrase was part of a template that was meant to address accounts that got hacked due to issues like account sharing, so our policy then was to only restore such accounts once.
Now that the issue has changed, we have changed our template. Unfortunately, this phrase slipped through. It was inaccurate and has been removed, so thank you for bringing it to my attention. As long as the hacking issue persists, we will restore ALL accounts fully.
19. Some players are actually thinking that Rappelz may have to shut down due to the hackers. Can this be true?
No. We are absolutely committed to securing our game without disrupting service to our players. We can restore the security of everyone’s accounts without resorting to such drastic measures. To close the game, even temporarily, would be letting these hackers harm our community even more. Rappelz will remain open, we will stop the hackers, and our players will get to enjoy the game they love.
I want to thank our community for staying loyal to us during this ordeal, and I know that 2012 will be a stronger year for Rappelz. We’re already planning our next major update and we’ve got lots of great content for the year ahead. I am certain that the toughest times are behind us, and we are determined to improve the Rappelz experience for everyone. This is our game – YOUR game – and we’ll do what it takes to make it better than ever before.
💣 Feature | Why Rise of Immortals is Doomed (MemberZone)
It seems that most of the MOBA style games coming out these days aren't really trying to do any revolutionary things with their game-play.By MemberZone - 11 years ago
You May Enjoy
Lost Ark Bringing 48vs48 PvP And Artist Advanced Class Tomorrow
It's time for massive battles and painting.By Troy Blackburn - 1 week ago
Apex Legends Adds Third Studio To Help Develop The Shooter's Next "10-15 Years"
When a game rakes in billions, it's easy to see why you want to plan out another decade plus.By Michael Byrne - 1 day ago
Ex-Blizzard Veterans Reflect On "Difficulty" Leaving Company After Forming New Studio
"I still believe Blizzard can re-emerge as a haven for creatives with a positive culture for all employees."By Matthew D'Onofrio - 6 days ago
It’s Almost Time To Go On Another Adventure With Drizzt In Neverwinter’s Menzoberranzan Module
The game’s 25th module concludes the story-line written by R.A. and Geno Salvatore.By QuintLyn Bowers - 1 week ago
Divine Knockout’s Next Update Brings Changes To The Talent System And Progression
The idea behind the changes is to make player choice matter.By QuintLyn Bowers - 5 days ago
There’s A Robocraft Sequel On Its Way And You Can Sign Up For Playtesting Now
Freejam announced Robocraft 2 on Reddit.By QuintLyn Bowers - 1 week ago
1: They request VERY personal information (I assume in order to verify my identity as being the account holder). They asked for my name, birthday, drivers license number, address,email, telephone number, last four digits of my SSN, and game account information (log in ID and missing in-game items).
I was weary, but complied with the request form I was emailed. I never received any reply to it/them (as I was sent numerous copies of said form.)
2: I was emailed an acknowledgement email in which states, gpotatoe/Aeria states they acknowledge me having an issue and will assist in account retrieval.....as soon as I submit the (mentioned above) information. (Yes, I agree is was odd that they asked for the information BEFORE I received the "We have received your request for assistance" email.) I have kept every email/response I ever received from ANY of the developers of Rappelz in regards to this matter.
3: I finally gave up on gpotatoe/Aeria ever doing anything about my situation. But...I had a glimmer of hope when Webzen took over. I emailed them, and forwarded them all the emails (to and from) gpotatoe/Aeria about my situation. I have never received a single response from Webzen.
I have records and records of in-game store purchases for my account. Bank statements showing the ridiculous amounts of cash spent on Rappelz...My original account creation email/welcome to Rappelz email....the numerous emails sent regarding my account being stolen.....and not a SINGLE...not ONE reply from Webzen. Three says from today will mark seven years to the very day my account was stolen....I participated in the Rappelz beta....I had played for years...so yes, I did amass quite a lot of in-game items, etc.....it was a hard thing to have it ripped away. All those hours and hours I poured into leveling my characters....the money spent.....just to have a person (or persons) rip it away from you simply because they can....because they want to.
If you play Rappelz now.....I pray you never have it happen to you.
If you are thinking about playing.....know this: It CAN happen to you....it might happen to you...
so....I strongly suggest you reconsider spending ANY money for in-game items that can vanish in an instant.
Hackers are on the rise on Rappelz (and have been for a while) and everyone knows it....(but, if it doesn't happen to them.....no one is concerned.)
IF you do play....and IF it happens to you.......my wish for you is that someone in Webzen support will hear your case and do something for you..............no one has done it for me.
It was a very hard lesson to learn, but I now know never buy in-game items....and simply because a company has a support "team"....doesn't mean they are there to support the players.
Like many people, I was sitting at my computer, eagerly awaiting that glorious email that said "Hey...you lucky person....you have been selected to be in the Rappelz beta testing..." And, finally, it arrived.
I was hooked on Rappelz ever since. I have seen many MMORPGs come and go....but Rappelz remained. Expansion after expansion rolled by....some good....some...meh. But always it has been my favorite game.
Four months ago, that was all taken away. Four months ago, I went to login and level my new character....when..an odd thing happened....the login ...failed. I tried several more times...all ended in failure. Self...(I said)....maybe we have forgotten our password. And so, I tried to do a "password recovery" option....which ended in "Your email associated with the account is not recognized".
My account had not only been hacked...but the email associated with the account changed.
I have emailed the owners of Rappelz several ....several times...and no reply has been given as of yet. I have asked for the home office phone number of Rappelz....and never received a reply.
I have no way of re-acquiring control of my account....it all has to be done via Rappelz end of things....and it seems ....they are either un-wolling to do so.....or not in any hurry to do so.
So , I leave this message to anyone remotely considering playing Rappelz.....
Speaking from experience.....if something happens to your account...do not expect a speedy solution.....do not expect customer service to keep you informed.....
Player Beware !
And because they dont have brains they think people are account sharing. How stupid can you be.
We know your ip adress sure everyone can change that even all hidden numbers in your pc to trace it down. Just look on the internet.
Well so long as there are people who buy gpotatoes they go on like this, rude and not caring at all and being stupid.
Now they do nothing at all only blaming the players, just take them where it hurts their wallet.
Only that will stop their lies and mayby they learn from it to be polite and not rude to their costumers. Because if you ask for help or something you get a really rude attitude from them.
They say they looked into the mac adress and its this adress, yes my cousin use this adress too but i cant help it when he buys rupees and use my account for trade his buyings. They say they know the rupeeseller why they let him into the game than. Terms of agreement is the only thing they say but they can not say its me that have done it, only by ip or mac adress that also can be changed. I am a user of the cash shop i do that a lot and sell my things that i buy with gpotatoes.
They have to inform you and make sure you can not get hacked, but still hacking is going on and if they say you bought rupees they take whatever they want even if its an item that is not yours, if they are so good what they say, they can trace the trade etc, than they had seen it was not a pet of mine, now in my eyes is gala a thief. Is there not any law against that?
Also hacking is still going on, no service at all from gala only if you say you go to court but than they say we have terms of agreement, they hide againt that. There will be no further discussion they say.
Every pet card, every tamed pet, every CS item, and all the best gear was taken from every character I had. I had played on the Tortus server since the very beginning and played every race/class there was to play (can be verified by my achievements page) and absolutely loved that game.
To have nothing whatsoever replaced is a crock. I spent many years gathering and taming, raising, chanting, etc, etc, etc only to have it all stolen. Apparently there is no record of the many, many transfers it would have taken for all the items to be removed, so I am just out of luck.
I will not hold my breath til I have any items restored and I doubt I will be back until Gala-net security is more than the joke it was then.
I really do believe that the peop0le responsible for the hackings and the money generated by them is going into galanets pockets - i think its about time they were investigated by the IRS, if theyre not behind the hacking directly then they should still be investigated because if u are recieving thousands of dollars per month and generating so much money then u have some liability to ensure that the sytem u are putting out on the market cannot be expolited by a black market, its like money laundering, as far as we know this could be a criminal organisation emmploying nerd to hack the game making money to saponsr god knows what type of criminal activities, so if u own something that generates large sums of money or is being hacked leading to criinals stealing large sums of money then its past time that some type of law enforcemant takes a look at this case
It has been going on for years with no fix (they say they enhance this or that, but it does nothing).
There are incompetent or corrupt network security technicians working for Gala.
This issue should have been resolved a long time ago. It is not rocket science.
This GM's response is weak and fools only the stupid.
Not really sure what mod you are but thanks for the over all support you and the other mods have given us in the past and in the future. As for the over all interview I want to thank mmobomb for helping us get some of the question we wanted answered and also the very nice web broadcast you did with helping getting the word out there.
Just a update on a player side after Rusty and I sent you the article that you published to get this interview. On the Fenrir server is the only server I can speak of.
1. Spam Botz have slowed down to almost not being seen anymore.
2. You can now delete your block list of spam botz and not have them PM right away.
3. People are still saying they are being hacked but have not really answered if they have changed their password sense the Log in Page has been more secured. So it is possible they are still using a old password that the hackers could have already have had.
4. Tickets seem to be getting addressed much faster.
5. Older hacked cases are being worked now and people are slowly but getting their hacked items back
6. Newer hacked cases seem to be getting restored at a much faster rate.
7. Gala issued a statement saying these items have been fixed.
■ Our security is continuing to strengthen! We've successfully closed off various holes and exploits:
• Password change form is now more secure and encrypted
• Exploits in the Rappelz login screen have been found and fixed
• Various database issues have been fixed
■ Our servers and network infrastructure will be rebuilt within the month
■ In-game detection of spammers has improved immensely"
So even though some people would like to still flame about what was not done in the past at least we are seeing improvements taking place as of now.
Again MMObomb thank you for replying to my email we our community was in need of some answers and helping us at least get some answers. Also some actions being done to save this great game and community.
As a moderator and a player, I can only ask that you have patience during the securing of Rappelz and restoring of hacked items. Lodge your tickets with Customer Support and follow-up using your ticket number. Your forum gripes may make you feel better temporarily, but in the end, you still have to put in a ticket with Customer Support to address your issue.
Lastly, I'm not here to do 'damage control'. I just wanted to voice my opinion as a moderator/player of Rappelz.
If things go as well as I hope, I might commemorate a full square foot of my wall to a portrait captioned, "Kyodan, the almighty yak".
You make it sound like this is some new problem that's developed over the last few months. I quit the game for a year because I was traveling when I came back most of my friends from e3/e4 had quit because they were hacked and you did shit about it. These were devoted players who have played for over 5-6 years.
I played for roughly 2 months or so got a Sin from 1-150, Sin tamed a Kenta and Cerb then quit for 8 months for travel and school. Now I come back roughly a 3 weeks ago, nothings changed except the fact Itoki the one person most people trust is gone.
After seeing how well you handled this, showing you're a smooth talker I'm going to assume that's how you got your new position. Also lets face it, you have no bloody clue when or how to fix this issue.
Vindictus is also currently suffering from hackers, mostly botters and easy boss kills. The market is ruined.
Mabinogi just recently over the New Years weekend had some massive account killing hack/exploit that caused Nexon to shut down the game for a extended period and doing rollbacks.
I don't know how bad it is in Rappelz, but seeing that MMOBomb can get a actual interview with a GM has got to be infinitely better than Nexon's quiet patch-n-forget system.