• Announcements

    • Share your Suggestions!   01/01/2016

      Greetings, Do you want to help Black Desert be the best game possible? We are constantly looking for ways to improve the game, your feedback and suggestions are a key part of this process.  Everyone is welcome to visit our Suggestion Forum and share your thoughts with the BDO Team and the community.  Below I will give some advice on how to present your suggestions to ensure you are heard. How to make sure your contribution will be taken into account: Be precise and constructive.Take the time to explain your reasoning behind a feeling or a suggestion.Check if the suggestion you have in mind has already been shared. If it's the case, you can reply to it.Ask other players or friends you know what they think of your post before you click the "Submit" button.Be realistic. To add content requires a long time, but don't feel discouraged if it takes time to see changes.  I want to thank you in advance for any suggestions provided, and we look forward to reading your contributions!
    • Forum Rules   04/24/2016

      1. Inappropriate or infringing content Kakao Games Europe does not vouch for or warrant the accuracy, completeness or usefulness of any message, article, link or comment posted by other users in the Services, and shall not be responsible for the contents of any such message, article or comment.The messages express the views of the author of the message, not necessarily the views of Kakao Games Europe. The User can report any violation of the services policies by clicking on the report icon on the Forums.The User shall not use the Service(s) to post any material which is knowingly false and/or defamatory, inaccurate, abusive, vulgar, hateful, harassing, obscene, profane, sexually offensive, threatening, invasive of a person's privacy, or otherwise violating of any applicable law.The User shall not use the Service(s) to post any advertisement, link or information regarding content which infringes the Agreement.The User shall not post any copyrighted material unless the copyright is owned or licensed by the User or by Kakao Games Europe.The user shall not promote illegal or illicit activities including cheating and the use of exploits.  2. Naming policy The User shall not use on the Website, the Forums and in the Game character names, family names, guild names, clan names and/or nicknames that are:Vulgar, abusive, hateful, racist, defamatory, threatening, pornographic or sexually orientated;Referring to inappropriate parts of the human body or bodily functions;Referring to drugs or illegal activities;Related to the Nazi regime;Referring to figures or activities of religious relevanceRelated to political regimes or personalities involved or suspected of violation of human rights;Promoting violence, ethnically or national hatred;Impersonating an existing person, including Kakao Games Europe officials Violating the intellectual or industrial rights of a third party, including trademarks.The use of alternate spelling, for instance by replacing letter with number, in order to violate the above mentioned rules shall be considered a violation of the naming policy.The user will not create additional forum accounts in order to bypass any warning, suspension, ban or purport themselves as someone else.  3. Threats to the provision of the Services The User shall not make threats or attempt to disturb the provision of the Services in any way including spamming, denial of service attacks, performing actions whether alone or as a group, on the Service(s), that would affect the performances of the Service(s) or the experience of other end-users of the Services.Kakao Games Europe reserves the right to take any actions necessary deemed necessary to maintain the integrity of the Service(s).  4. Account sharing The User is not allowed to share the credentials of the User’s Account with anyone.Notwithstanding the above, Kakao Games Europe may request from you the name of your Account for events or in order to provide you customer support. However, Kakao Games Europe will never ask you for your Account password.  5. Violation of law The User undertakes to respect the legislation of the country from which the User launches the Game and accesses the Services.  6. Behavioral rules and guidelines 6.1. Thread bumping The User shall not bump own threads. Replies to own threads with the sole purpose of moving said thread to the top of the forum can lead to a warning with the possible consequence of losing writing permissions on http://forum.blackdesertonline.comIf the User wants to add more information to a post, the “EDIT” function can be used. It is permitted to reply to own posts once every 48h as long as the follow up post adds new and meaningful information related to the topic.Replies to other users posts with the sole purpose of increasing it's visibility are also considered thread bumping as well as spam and will be actioned accordingly.Normal replies to other users are not affected by the above mentioned rules.6.2. Posting Etiquette The user shall not post in all capital letters, use excessive punctuation, flamboyant fonts etc. to draw attention to its posts.Using the words Kakao, Kakao Games, Pearl Abyss or any Kakao Games Europe member’s name in a topic title is frowned on.The user shall not use misspelled versions of inappropriate words to circumvent the swear word filter. Doing so shows the User was fully aware of the nature of the word and it will be reflected in any potential penalties.6.3. Interacting with other users Post made with the sole purpose of upsetting or angering other users are not allowed. All posts have to be made in the spirit of mutual respect. The User shall not attack or insult other users for having different opinions or for making statements the User disagrees with. Challenging the opinions or statements of other users is permitted, attacking the person holding them is not. If the User finds the actions of other users in breach of the forum rules, the Report Function should be used in order to bring the case to the attention of the moderator team. The case will then be reviewed and appropriate actions will be taken. The user shall not "name and shame" other users. If a user is suspected to have broken Terms of Service / Terms of Use or taken part in fraudulent activities it should be reported directly to Kakao Games Europe by submit a support ticket.6.4. Quoting The User shall not quote posts who break the forum rules. The User is instead encouraged to use the Report Function in order to bring inappropriate content to the attention of the moderator team. Reported content will then be reviewed and appropriate actions will be taken.6.5. Abuse of Report Function The user shall not abuse the report function. The report function is intended to be used to make the moderation team aware of potential breaches of the forum rules not to get revenge on other users. If the User finds another user behaving inappropriate several times in a short time span, the Report Function can be used, highlighting one relevant post and indicating in the notes that other threads are affected too. If the User feels a thread is out of control, one post should be reported indicating in the notes the whole thread needs attention.  7. RP Forum Rules The RP Forums follow a more strict rule set. Any user wishing to participate on the RP forums is advised to review the specific rules before posting.  8. Appeal Forum Moderations Threads deemed inappropriate to a particular forum will be moved to a more appropriate forum or even removed completely. Threads that have been removed or closed are not to be re-posted. The User shall not discuss specific cases of moderated posts or disciplinary actions against users on the forum. If the User disagrees with an action taken by the moderator team, an e-mail should be send to forumdisputes@blackdesertonline.com. An uninvolved Community Manager will then review the case. 
    • IMPORTANT - REACH US IN THE NEW FORUM   05/04/2017

      Ladies and gentlemen ATTENTION please:
      It's time to move into a new house!
        As previously announced, from now on IT WON'T BE POSSIBLE TO CREATE THREADS OR REPLY in the old forums. From now on the old forums will be readable only. If you need to move/copy/migrate any post/material from here, feel free to contact the staff in the new home. We’ll be waiting for you in the NEW Forums!

      https://community.blackdesertonline.com/index.php

      *New features and amazing tools are waiting for you, even more is yet to come in the future.. just like world exploration in BDO leads to new possibilities.
      So don't be afraid about changes, click the link above and follow us!
      Enjoy and see you on the other side!  
    • WICHTIG: Das Forum zieht um!   05/04/2017

      Damen und Herren, wir bitten um Eure Aufmerksamkeit, es ist an der Zeit umzuziehen!
        Wie wir bereits angekündigt hatten, ist es ab sofort nicht mehr möglich, neue Diskussionen in diesem Forum zu starten. Um Euch Zeit zu geben, laufende Diskussionen abzuschließen, könnt Ihr noch für zwei Wochen in offenen Diskussionen antworten. Danach geht dieses Forum hier in den Ruhestand und das NEUE FORUM übernimmt vollständig.
      Das Forum hier bleibt allerdings erhalten und lesbar.   Neue und verbesserte Funktionen warten auf Euch im neuen Forum und wir arbeiten bereits an weiteren Erweiterungen.
      Wir sehen uns auf der anderen Seite!

      https://community.blackdesertonline.com/index.php Update:
      Wie angekündigt könen ab sofort in diesem Forum auch keine neuen Beiträge mehr veröffentlicht werden.
    • IMPORTANT: Le nouveau forum   05/04/2017

      Aventurières, aventuriers, votre attention s'il vous plaît, il est grand temps de déménager!
      Comme nous vous l'avons déjà annoncé précédemment, il n'est désormais plus possible de créer de nouveau sujet ni de répondre aux anciens sur ce bon vieux forum.
      Venez visiter le nouveau forum!
      https://community.blackdesertonline.com
      De nouvelles fonctionnalités ainsi que de nouveaux outils vous attendent dès à présent et d'autres arriveront prochainement! N'ayez pas peur du changement et rejoignez-nous! Amusez-vous bien et a bientôt dans notre nouveau chez nous

[Notice] Account Security

184 posts in this topic

Posted

How about you mention that part where we can't have a password we've ever set before. This is for whatever reason always left out.

Share this post


Link to post
Share on other sites

Posted

tfw an user posted yesterday about a compromised account and people only laughed at him

3 people like this

Share this post


Link to post
Share on other sites

Posted

Don't really see why they are worried about emails now... Anyone who activates a game will have their full email address listed on the account page of the user who gave it to them.

Share this post


Link to post
Share on other sites

Posted

tfw an user posted yesterday about a compromised account and people only laughed at him

I know right, and the thread was deleted after he was suitably mocked. Disgusting :(

Share this post


Link to post
Share on other sites

Posted

I personally enjoy the fact that the forum itself has no SSL or security what so ever.  Nothing like typing a password in that the entire world can see.

Share this post


Link to post
Share on other sites

Posted

THIS IS WHY YOU DON'T USE FACEBOOK TO LOG INTO EVERYTHING LOL!!

Only 3rd party website that would even have access to you BDO account is facebook to my understanding so probably that.

I seriously can't think of any site related to BDO that I registered to, other than this forum ...

do you log in with facebook?

 

Share this post


Link to post
Share on other sites

Posted

THIS IS WHY YOU DON'T USE FACEBOOK TO LOG INTO EVERYTHING LOL!!

Only 3rd party website that would even have access to you BDO account is facebook to my understanding so probably that.

Steam?

Share this post


Link to post
Share on other sites

Posted (edited)

THIS IS WHY YOU DON'T USE FACEBOOK TO LOG INTO EVERYTHING LOL!!

Only 3rd party website that would even have access to you BDO account is facebook to my understanding so probably that.

do you log in with facebook?

 

Nope. Never did it anywhere. Also not Steam for me.

Edited by Galaxis

Share this post


Link to post
Share on other sites

Posted

tfw an user posted yesterday about a compromised account and people only laughed at him

This, this, this

So much this

Share this post


Link to post
Share on other sites

Posted

tfw an user posted yesterday about a compromised account and people only laughed at him

he did admit that other people had his password.

Share this post


Link to post
Share on other sites

Posted

@CM_Aethon @PM_Jouska Could we please get the name of the third party site that has been compromised, so we can avoid it? Also, the RU client has two step verification, could we communicate to the developers that we would like that added into our version?

1 person likes this

Share this post


Link to post
Share on other sites

Posted

Steam?

BDO isn't on steam yet right?

Share this post


Link to post
Share on other sites

Posted (edited)

Maybe you should finally enable SSL here because posting about security while forums are not secured doesn't look serious at all.

 

@CM_Aethon @PM_Jouska Could we please get the name of the third party site that has been compromised, so we can avoid it? Also, the RU client has two step verification, could we communicate to the developers that we would like that added into our version?

Has nothing to do with the devs. RU publisher has done it on their own but they are competent and take account security seriously.

Edited by Ateena

Share this post


Link to post
Share on other sites

Posted

This thread is a great example why you should never try to sell a product to an intelligent consumer group.

 

If you are honest, they hate you.

Dishonest, they can tell and hate you.

Vague, they think you think they are dumb and hate you.

Share this post


Link to post
Share on other sites

Posted (edited)

Intelligent consumer group.

Lol'd.

Maybe you should finally enable SSL here because posting about security while forums are not secured doesn't look serious at all.

 

Has nothing to do with the devs. RU publisher has done it on their own but they are competent and take account security seriously.

tfw you don't know what ssl is but you bring it up as if you do :S

It is 100% to do with pearl abyss(Black Desert Developers).
There are also different laws regarding any http encryption & client sided security in russia, than in EU and NA.

Not to say those laws are the reason we don't have it implemented, because i don't know. I just know the laws. Lol.

Edited by War
1 person likes this

Share this post


Link to post
Share on other sites

Posted

BDO isn't on steam yet right?

Its not

 

In other news,

-No account password reset

-No clue what "3rd party" it might be

-everyone freaking out

yaaaay, A+ job on handling the situation kakao,
Step-by-step plan for next time:
1. reset affected accounts first.
2. Investigate the issue quickly
3. Release a proper statement as to where you think the flaw is, and what has been obtained (e.g only usernames? emails? hashed passwords? etc.)
4. Do a deep investigation into the issue and keep your player base up-to-speed as to what's happening and what you're currently doing to resolve the issue.

Share this post


Link to post
Share on other sites

Posted

Maybe you should finally enable SSL here because posting about security while forums are not secured doesn't look serious at all.

 

Has nothing to do with the devs. RU publisher has done it on their own but they are competent and take account security seriously.

I'll give the NA/EU team the benefit of the doubt, maybe their licensing prohibits those alterations.

1 person likes this

Share this post


Link to post
Share on other sites

Posted (edited)

In other news,

-No account password reset

 

Greetings Adventurers,

 

We recently received a report that account security may have been compromised on a third party website. In response, we have reset the password for any related accounts. We strongly urge any user whose password was reset to contact customer support in order to change your e-mail address. Additionally if you used the same or a similar password on any other services, it should be replaced.

 

Please note that a password reset can take up to 90 minutes. Spamming the reset request will result in your account being blocked.  We do apologize for any inconvenience this process has caused, but we place paramount concern on matters of security, and will take any steps necessary to protect our players.


As always, your support is appreciated.

 

intelligent consumer group.

Bout sums it up. 

Edited by War

Share this post


Link to post
Share on other sites

Posted

I'll give the NA/EU team the benefit of the doubt, maybe their licensing prohibits those alterations.

the beta forums have ssl applied to it, everything here but the posting itself uses ssl (including logging in to your forum account)

its probably an issue with ipb which prevents it from being forum wide (hence maybe the push to swap to the new forum?)

Share this post


Link to post
Share on other sites

Posted

I'll give the NA/EU team the benefit of the doubt, maybe their licensing prohibits those alterations.

That's generally what prevents it.
Legalities.

To put it simply...
This wouldn't be the first time i've seen a foreign based company prohibited from placing this type of security on end users.

Share this post


Link to post
Share on other sites

Posted

 
 

 

Bout sums it up. 

Not my point, my point is that there is NO info on what 3rd party has been affected, was it a payment solution? was it a fan site? what?

Share this post


Link to post
Share on other sites

Posted (edited)

Not my point, my point is that there is NO info on what 3rd party has been affected, was it a payment solution? was it a fan site? what?

You don't need it.
Why would they give that out.

I can't think of any practical reason to give this to an end user and i deal with situations like this on a daily basis.
Not to mention, smarty pants. Giving the site out publically would increase the vector of attack and possibly jeopardize emails. Many people use the same password for multiple accounts. If you couldn't figure that out yourself i don't know what you expected to do with the site once you got the name for it.

Edited by War

Share this post


Link to post
Share on other sites

Posted

You don't need it.Why would they give that out.

I can't think of any practical reason to give this to an end user and i deal with situations like this on a daily basis.

So an end user can properly secure their information.

If its a payment solution, end users can expect their info being used for illegal purchases as well and secure themselves against it.

If its a fan site, users can know if its an account that shares a password of theirs, what they've put on the forums, etc.

If its an automatic login system (like the facebook integration) that uses tokens and no passwords have been obtained, users know that and can do shit about it.

 

Don't give me the "daily basis" crap, I've dealt with assholes breaking into my shit quite a few times, and its pretty handy to know exactly what the hell they have and if I should change shit, and to what extend.

Share this post


Link to post
Share on other sites

Posted (edited)

So an end user can properly secure their information.

If its a payment solution, end users can expect their info being used for illegal purchases as well and secure themselves against it.

If its a fan site, users can know if its an account that shares a password of theirs, what they've put on the forums, etc.

If its an automatic login system (like the facebook integration) that uses tokens and no passwords have been obtained, users know that and can do shit about it.

 

Don't give me the "daily basis" crap, I've dealt with assholes breaking into my shit quite a few times, and its pretty handy to know exactly what the hell they have and if I should change shit, and to what extend.

1. As the OP states. If it has affected you, you get your password reset. Problem solved.

2. What does this have to do with you.

3. What does this have to do with you.

4. Lmfao. Facebook token system getting compromised for bdo accounts that are data dumped somewhere. Mk.

5. This is my career.

 

I'm more than positive that if any of these came about, they'd let you, us, know.
They'd be liable if they were the cause of security risks outside of their own game.
Clearly because they did not give the site and stated exactly what the vector of attack was in the OP(if you were educated you'd of noticed?), none of your conspiracy is the issue as it stands.

If you're as interested as you claim to be, how about you go look for the site yourself? I found it in 10 minutes.
This is literally why us cyberSec nerds qualify for risk management roles as well(I'm actually pretty sure it's a relativity labeled position).

I do agree that we need 2fa. I do agree that we need HTTPs.
Please keep in mind that those have their flaws as well, and in some cases, can be easier to bypass than what is currently being used. Simply because you see nothing doesn't mean there isn't.

Edited by War
1 person likes this

Share this post


Link to post
Share on other sites

Posted (edited)

Well, since you're here and divulging information.

What third party sites DID you register to? ;)

Just tried to log on and it seems my password has also been reset. This email (alias) is only used for BDO, for reasons like this.

Now, if this alleged third party site got hacked how the hell would Kakao know MY email was taken.

Kakao either got compromised or one of their bargain basement service providers did.

Edited by Saccharin
Spelling is hard.
1 person likes this

Share this post


Link to post
Share on other sites