#1 Added by Tamarea 6 years ago
Hello,
We just discovered that a Ryzom player exploited a flaw in our system, and was able to access our internal Support tools. He was recently able to cheat, removing all items from apartments and mektoubs on two of a player’s characters.
We were able to uncover him using our control system, and all his accounts are banned for life from Ryzom.
How did he do it?
The player was contributing to improving the game, and, for that. had an account with GM (Game Master) privileges on our “Yubo” test server. Some months ago, following a short technical incident, which was corrected some hours later, the “Yubo” accounts had access to Atys. This player took advantage of this incident to create a character on his “GM account”, on Atys. He used this character to access special WebIG technical support tools, although he was not able to connect to the Atys server. He was still able to read tickets, internal technical support notes, the inventories of many characters and guild halls, item statistics, and so on. (He was unable to access player’s personal information, whose access is restricted to SGMs). After looking at the information on boosted items that a player (Caellan / Diwlawen) was about to “sell” during an event, he connected to Caellan and Diwlawen, bought their apartments and freed those mekoubs containing the best quality items, pretending that this disappearance was a bug. We have at the moment no proof to confirm or deny any possible theft of the items, but we continue the inquiry.
What measures were taken?
For the player who cheated:
This is a double infraction: exploit over a long time, of a flaw which gave him access to an internal tool + theft of two accounts in order to take away some items of equipment from their owner. Each of these two infractions carries the penalty of a life ban from Ryzom servers.
In consequence, all the accounts of this player are banned for life.
For the player who was victim of the cheat:
The apartments and mektoubs of Caellan and Diwlawen have been restored, and the player got back all his items. A “yubo cuddle toy” will be offered to him in compensation.
For the security:
Ulukyn (Dev) has recoded the access system to Atys and WebIG, to replace it with a simpler but more secure system. So, even if a “Yubo” account is able to use a flaw to connect to Atys or WebIG, it will not be able to access to any “power” or critical applications.
The security system has just been reinforced and, AS AN EXTRA PRECAUTION, EACH PLAYER WILL BE FORCED TO CHANGE HIS/HER “RYZOM” PASSWORD BEFORE BEING ABLE TO CONNECT AGAIN.
In addition, inquiry continues to discover if there was any theft of items before the destruction of the apartments and mektoubs and if so, if there were or were not any accomplices.
What is the identity of the banned player?
It is Glorf/Lopyrech. Given that Lopyrech is a guild leader, the leadership of this guild was just left to one of his Higher Officers.
We remain at your service to answer your potential questions.
Best regards,
The Ryzom Team
Last edited by Tamarea (6 years ago)
---
#2 Added by Agan 6 years ago
#3 Added by Reson 6 years ago
#4 Added by Otantika 6 years ago
#5 Added by Arcueid 6 years ago
#6 Added by Azazor 6 years ago
#7 Added by Azazor 6 years ago
#8 Added by Azazor 6 years ago
#9 Added by Deed 6 years ago
Last edited by Deed (6 years ago)
#10 Added by Tamarea 6 years ago
Pour précision, le compte auquel lopyrèch m'avait donné accès, on me filant ses logs, c'était son compte yubo. Je voulais marcher sur la canopé, alors il m'a dit qu'il avait un accès à yubo (donné par les admins comme précisé au premier poste) et qu'il pouvait me donner ses log et PWD. J'ai dit banco.
Edited 2 times | Last edited by Tamarea (6 years ago)
#11 Added by Kigan 6 years ago
Deleted by Tamarea (6 years ago) | Reason: Such a comment hasn't got its place there.
#12 Added by Nudge 6 years ago
#13 Added by Eeri 6 years ago
#14 Added by Ladykiri 6 years ago
#15 Added by Fyrosfreddy 6 years ago
This topic is locked
powered by ryzom-api