MapleStory Mass Hackings

And so, Nexon America issues a notice regarding player account security and updating passwords voluntarily. What prompted this made me look through a few of the MapleStory forums and it turns out that there was massive account database leak regarding user login IDs. I logged onto my own account to see if it’s been “hacked” and lo and behold, it was. While I’m not too down by the loss (I don’t play the game anymore so the billions of money’s worth of items I’ve lost mean nothing to me), I’m more appalled at Nexon being completely incompetent at maintaining something as important as this. Curious as to how they did it, I went to test it out.

Apparently, going to the login page and inputting the wrong password will yield the right password but encrypted. This is unfathomable security if anything. Any one with a mediocre level of programming and logic base understanding can break and decrypt what Nexon put out. I managed to decrypt the jumble of text in a matter of less than a half hour. Now, I did nothing to the person’s account that I decrypted, but I seriously have to question Nexon’s campaign for players protecting their own accounts.

Why campaign to players that regular and voluntary password change will increase their account security when Nexon themselves are lacking in database security? The whole thing blows wild blow goats over my head trying to understand where they think they’re going and who they think they’re fooling. While the MapleStory player base doesn’t contain the brightest kids on the planet, the majority of them can figure out and point trails back to Nexon as the primary reason behind this massive account hacking. The hypocrisy here lies in that they urge players to increase the security of their accounts while they themselves do a craptastic job about it.

This whole thing deserves a triple facepalm.

13 comments on “MapleStory Mass Hackings

  1. Nexon: Best company, or best company?

    But seriously, what the heck? First there’s the usual customer service and glitch-fixing problems, then the MTS ID leak, and now it’s confirmed that it’s actually not that hard to get a password. That is terrible. Nexon is terrible.

  2. Interesting. How did you manage to find this text? Did it look something like? wEPDwUJNTUzMjY0MjE1ZGQRxgv1PH/lYVIGqwCEEo8Opo3V/g==

  3. Several things that I am still rather curious about–

    1) As an earlier comment had asked, what was the length and strength of this password that you cracked?

    and 2) After cracking the password, how would one get ahold of said account’s PIC?

    Thank you in advance for your response!

  4. The PIC is very easy to crack if it’s only composed of numbers with the use of a software (as far as I’ve heard).

      • I am a very experienced hacker (rank 1337), and I can defeat the most powerful firewall just by clicking on it. Because of my superior abilities, I am able to crack hashes in my head in seconds, as well as code large complex programs in short amounts of time.

Comments are closed.