Since launch, Trion World's new MMO, Rift, has been under constant attack from hackers trying to steal accounts. Trion Worlds have been fighting back against the attacks with the help of a benevolent hacker who spotted a huge security flaw in Rift's system, and contacted the developers to help them fix the problem. Trion Worlds have since launched a "one-two punch" of security updates over the weekend to help protect player accounts.
The hacker goes by the name ManWitDaPlan, and refers to himself as a "white hat", an ethical hacker whose day job involves running a security firm that works to secure and destroy sensitive data. His Rift account was hacked in March, so when he spotted a loophole in the Rift servers that would allow a malicious user to access someone else's account without needing their user name and password, he got in touch with Trion straight away. Five minutes later, he was talking to Rift lead developer Steve Chamberlain, and the engineering team was working on a fix for the problem.
"Trion hit this like Jackie Chan channeling Bruce Lee," said ManWitDaPlan, speaking to ZAM , "which is what you do when you find an exploit. No playing the blame game, no whining, just find and fix and slam the door on the hackers."
Rift executive producer Scott Hartsman posted on the Rift forums on Saturday to thank the helpful hacker, "We'd definitely like to thank Mr. ManWitDaPlan for the well-timed assist. Sir, we salute you and offer our most heartfelt thanks." It's rumoured that ManWitDaPlan received a lifetime subscription to Rift for his troubles. All he would say is "Trion seems very happy with me for some reason. I'll be around for a while…"
In the Saturday forum post, Hartsman also outlined a few new security measures for Rift, saying that, so far, hacks have affected about 1% of the Rift community. Trion Worlds are hiring more staff to combat the ongoing attacks.
"Both the login fix and the Coin Lock addition have been doing their part in signficantly reducing overall incidents over the last 18 hours." says Hartsman, adding that "neither one is a silver bullet, but so far it is looking to be a solid one-two punch." Meanwhile he encourages players to make sure their email passwords and Rift passwords are different, saying that attacks are likely to continue. "This will remain something that we will continue keeping an eye on, forever."