The hacker claims he has access to player data, and will start releasing it online unless he gets what he wants.
A hacker who goes by the name of “Cpt.Z3r0” is attempting to hold free-to-play MMO Runes of Magic, and its reported four million players, hostage. Zer0 claims that he has access to all of the RoM systems, and will start shutting things down if his demands aren’t met.
Z3r0 said that he would release 1,000 email address, as well as the login details for 1,000 users, each day until Frogster did what he wanted. Z3r0 warned that that number would increase if Frogster restricted access to his message in any way. In order to prevent catastrophe, Runes of Magic’s Western publisher, Frogster, must ease up on its moderation of the forums, be more honest with its customers, secure the game against cheaters, stop monitoring the internet and network usage of its employees, and – rather ironically – take better care of its customers’ information. Z3r0 gave Frogster two weeks in which to make the necessary changes, and said that failing to meet this deadline would be another cause for him to increase the number of customer’s account details he released.
In response, Frogster’s lead community manager, Mike Kiefer, deleted z3r0’s thread and issued a statement, saying that the details that he had released so far – the login information of around 2,100 players – were from an old database from 2007. Since then, he continued, Frogster had implemented much tighter security for its customer database, and that the z3r0 couldn’t have gotten access to it. Despite this, Kiefer said, Frogster was treating the threats very seriously. Any affected accounts had been locked down, and the publisher had informed the German State Office of Criminal Investigation, as well as set up a “task force” of its own to get to the root of the problem.
Z3r0 responded to this statement with a rather creepy YouTube video, saying that Frogster needed to take his threats more seriously, but that he was kind, and would give them the two weeks he had promised. He suggested that Frogster should stop wasting their time trying to silence him, and instead should take the time to change its ways and be more respectful to its customers. Z3r0 also said that he had hacked and verified over half a million user accounts, and was working on hacking the rest.
Of course, even if Frogster’s claims that z3r0 only has access to an outdated, four-year-old database are nothing more than spin, it’s hard to see the publisher giving in to his demands. What’s more likely is that it will seek out and fix any vulnerabilities or exploitable systems, and then throw its weight into finding z3r0 and pressing every charge it can. Frogster’s two-week time limit runs out on January 27th, however, so we’ll see what – if anything – happens then.