And so, Nexon America issues a notice regarding player account security and updating passwords voluntarily. What prompted this made me look through a few of the MapleStory forums and it turns out that there was massive account database leak regarding user login IDs. I logged onto my own account to see if it’s been “hacked” and lo and behold, it was. While I’m not too down by the loss (I don’t play the game anymore so the billions of money’s worth of items I’ve lost mean nothing to me), I’m more appalled at Nexon being completely incompetent at maintaining something as important as this. Curious as to how they did it, I went to test it out.
Apparently, going to the login page and inputting the wrong password will yield the right password but encrypted. This is unfathomable security if anything. Any one with a mediocre level of programming and logic base understanding can break and decrypt what Nexon put out. I managed to decrypt the jumble of text in a matter of less than a half hour. Now, I did nothing to the person’s account that I decrypted, but I seriously have to question Nexon’s campaign for players protecting their own accounts.
Why campaign to players that regular and voluntary password change will increase their account security when Nexon themselves are lacking in database security? The whole thing blows wild blow goats over my head trying to understand where they think they’re going and who they think they’re fooling. While the MapleStory player base doesn’t contain the brightest kids on the planet, the majority of them can figure out and point trails back to Nexon as the primary reason behind this massive account hacking. The hypocrisy here lies in that they urge players to increase the security of their accounts while they themselves do a craptastic job about it.
This whole thing deserves a triple facepalm.