• Announcements

    • Share your Suggestions!   01/01/2016

      Greetings, Do you want to help Black Desert be the best game possible? We are constantly looking for ways to improve the game, your feedback and suggestions are a key part of this process.  Everyone is welcome to visit our Suggestion Forum and share your thoughts with the BDO Team and the community.  Below I will give some advice on how to present your suggestions to ensure you are heard. How to make sure your contribution will be taken into account: Be precise and constructive.Take the time to explain your reasoning behind a feeling or a suggestion.Check if the suggestion you have in mind has already been shared. If it's the case, you can reply to it.Ask other players or friends you know what they think of your post before you click the "Submit" button.Be realistic. To add content requires a long time, but don't feel discouraged if it takes time to see changes.  I want to thank you in advance for any suggestions provided, and we look forward to reading your contributions!
    • Forum Rules   04/24/2016

      1. Inappropriate or infringing content Kakao Games Europe does not vouch for or warrant the accuracy, completeness or usefulness of any message, article, link or comment posted by other users in the Services, and shall not be responsible for the contents of any such message, article or comment.The messages express the views of the author of the message, not necessarily the views of Kakao Games Europe. The User can report any violation of the services policies by clicking on the report icon on the Forums.The User shall not use the Service(s) to post any material which is knowingly false and/or defamatory, inaccurate, abusive, vulgar, hateful, harassing, obscene, profane, sexually offensive, threatening, invasive of a person's privacy, or otherwise violating of any applicable law.The User shall not use the Service(s) to post any advertisement, link or information regarding content which infringes the Agreement.The User shall not post any copyrighted material unless the copyright is owned or licensed by the User or by Kakao Games Europe.The user shall not promote illegal or illicit activities including cheating and the use of exploits.  2. Naming policy The User shall not use on the Website, the Forums and in the Game character names, family names, guild names, clan names and/or nicknames that are:Vulgar, abusive, hateful, racist, defamatory, threatening, pornographic or sexually orientated;Referring to inappropriate parts of the human body or bodily functions;Referring to drugs or illegal activities;Related to the Nazi regime;Referring to figures or activities of religious relevanceRelated to political regimes or personalities involved or suspected of violation of human rights;Promoting violence, ethnically or national hatred;Impersonating an existing person, including Kakao Games Europe officials Violating the intellectual or industrial rights of a third party, including trademarks.The use of alternate spelling, for instance by replacing letter with number, in order to violate the above mentioned rules shall be considered a violation of the naming policy.The user will not create additional forum accounts in order to bypass any warning, suspension, ban or purport themselves as someone else.  3. Threats to the provision of the Services The User shall not make threats or attempt to disturb the provision of the Services in any way including spamming, denial of service attacks, performing actions whether alone or as a group, on the Service(s), that would affect the performances of the Service(s) or the experience of other end-users of the Services.Kakao Games Europe reserves the right to take any actions necessary deemed necessary to maintain the integrity of the Service(s).  4. Account sharing The User is not allowed to share the credentials of the User’s Account with anyone.Notwithstanding the above, Kakao Games Europe may request from you the name of your Account for events or in order to provide you customer support. However, Kakao Games Europe will never ask you for your Account password.  5. Violation of law The User undertakes to respect the legislation of the country from which the User launches the Game and accesses the Services.  6. Behavioral rules and guidelines 6.1. Thread bumping The User shall not bump own threads. Replies to own threads with the sole purpose of moving said thread to the top of the forum can lead to a warning with the possible consequence of losing writing permissions on http://forum.blackdesertonline.comIf the User wants to add more information to a post, the “EDIT” function can be used. It is permitted to reply to own posts once every 48h as long as the follow up post adds new and meaningful information related to the topic.Replies to other users posts with the sole purpose of increasing it's visibility are also considered thread bumping as well as spam and will be actioned accordingly.Normal replies to other users are not affected by the above mentioned rules.6.2. Posting Etiquette The user shall not post in all capital letters, use excessive punctuation, flamboyant fonts etc. to draw attention to its posts.Using the words Kakao, Kakao Games, Pearl Abyss or any Kakao Games Europe member’s name in a topic title is frowned on.The user shall not use misspelled versions of inappropriate words to circumvent the swear word filter. Doing so shows the User was fully aware of the nature of the word and it will be reflected in any potential penalties.6.3. Interacting with other users Post made with the sole purpose of upsetting or angering other users are not allowed. All posts have to be made in the spirit of mutual respect. The User shall not attack or insult other users for having different opinions or for making statements the User disagrees with. Challenging the opinions or statements of other users is permitted, attacking the person holding them is not. If the User finds the actions of other users in breach of the forum rules, the Report Function should be used in order to bring the case to the attention of the moderator team. The case will then be reviewed and appropriate actions will be taken. The user shall not "name and shame" other users. If a user is suspected to have broken Terms of Service / Terms of Use or taken part in fraudulent activities it should be reported directly to Kakao Games Europe by submit a support ticket.6.4. Quoting The User shall not quote posts who break the forum rules. The User is instead encouraged to use the Report Function in order to bring inappropriate content to the attention of the moderator team. Reported content will then be reviewed and appropriate actions will be taken.6.5. Abuse of Report Function The user shall not abuse the report function. The report function is intended to be used to make the moderation team aware of potential breaches of the forum rules not to get revenge on other users. If the User finds another user behaving inappropriate several times in a short time span, the Report Function can be used, highlighting one relevant post and indicating in the notes that other threads are affected too. If the User feels a thread is out of control, one post should be reported indicating in the notes the whole thread needs attention.  7. RP Forum Rules The RP Forums follow a more strict rule set. Any user wishing to participate on the RP forums is advised to review the specific rules before posting.  8. Appeal Forum Moderations Threads deemed inappropriate to a particular forum will be moved to a more appropriate forum or even removed completely. Threads that have been removed or closed are not to be re-posted. The User shall not discuss specific cases of moderated posts or disciplinary actions against users on the forum. If the User disagrees with an action taken by the moderator team, an e-mail should be send to forumdisputes@blackdesertonline.com. An uninvolved Community Manager will then review the case. 
    • IMPORTANT - REACH US IN THE NEW FORUM   05/04/2017

      Ladies and gentlemen ATTENTION please:
      It's time to move into a new house!
        As previously announced, from now on IT WON'T BE POSSIBLE TO CREATE THREADS OR REPLY in the old forums. From now on the old forums will be readable only. If you need to move/copy/migrate any post/material from here, feel free to contact the staff in the new home. We’ll be waiting for you in the NEW Forums!

      https://community.blackdesertonline.com/index.php

      *New features and amazing tools are waiting for you, even more is yet to come in the future.. just like world exploration in BDO leads to new possibilities.
      So don't be afraid about changes, click the link above and follow us!
      Enjoy and see you on the other side!  
    • WICHTIG: Das Forum zieht um!   05/04/2017

      Damen und Herren, wir bitten um Eure Aufmerksamkeit, es ist an der Zeit umzuziehen!
        Wie wir bereits angekündigt hatten, ist es ab sofort nicht mehr möglich, neue Diskussionen in diesem Forum zu starten. Um Euch Zeit zu geben, laufende Diskussionen abzuschließen, könnt Ihr noch für zwei Wochen in offenen Diskussionen antworten. Danach geht dieses Forum hier in den Ruhestand und das NEUE FORUM übernimmt vollständig.
      Das Forum hier bleibt allerdings erhalten und lesbar.   Neue und verbesserte Funktionen warten auf Euch im neuen Forum und wir arbeiten bereits an weiteren Erweiterungen.
      Wir sehen uns auf der anderen Seite!

      https://community.blackdesertonline.com/index.php Update:
      Wie angekündigt könen ab sofort in diesem Forum auch keine neuen Beiträge mehr veröffentlicht werden.
    • IMPORTANT: Le nouveau forum   05/04/2017

      Aventurières, aventuriers, votre attention s'il vous plaît, il est grand temps de déménager!
      Comme nous vous l'avons déjà annoncé précédemment, il n'est désormais plus possible de créer de nouveau sujet ni de répondre aux anciens sur ce bon vieux forum.
      Venez visiter le nouveau forum!
      https://community.blackdesertonline.com
      De nouvelles fonctionnalités ainsi que de nouveaux outils vous attendent dès à présent et d'autres arriveront prochainement! N'ayez pas peur du changement et rejoignez-nous! Amusez-vous bien et a bientôt dans notre nouveau chez nous

[Notice] Account Security

184 posts in this topic

Posted

If you need to change your password, you also have to change your whole email address too?! What about those of us who do not have multiple email addresses at our disposal, we have to create a whole new one we'll never check because of this? What the hell. 

:DD Creating new email is so hard?

How much time it takes for you to set up new email? 2minutes?

Share this post


Link to post
Share on other sites

Posted

i'm not supplying a photo ID just to have my email changed incase this happens again...

2 people like this

Share this post


Link to post
Share on other sites

Posted

This is why we need  2-Step Verification.... please.

PLEASE!!

Share this post


Link to post
Share on other sites

Posted

Just tried to log on and it seems my password has also been reset. This email (alias) is only used for BDO, for reasons like this.

Now, if this alleged third party site got hacked how the hell would Kakao know MY email was taken.

Kakao either got compromised or one of their bargain basement service protectors did.

Yeah this is not time for people to whiteknight the issue.  We need to know more.  You never, ever, trust a gaming company to do what's right for you. This is why you don't just assume you're "safe" and "ok" if your password didn't get reset.

So far there are too many inconsistencies to who got their passwords reset and why. People who didn't use 3rd party sites with the same email address also got their passwords reset.  We really need to know what 3rd party sites they're talking about and what information was stolen (was it clear password? encrypted hash? what other personal information was taken?).

We're getting the usual cryptic messages that's why people are questioning it.

1 person likes this

Share this post


Link to post
Share on other sites

Posted

Just tried to log on and it seems my password has also been reset. This email (alias) is only used for BDO, for reasons like this.

Now, if this alleged third party site got hacked how the hell would Kakao know MY email was taken.

Kakao either got compromised or one of their bargain basement service protectors did.

Aye, it doesn't really go over well with the idea that the forums haven't had an SSL certificate for half a day does it?

Thanks for your report as well ^_^

Share this post


Link to post
Share on other sites

Posted

ITS TRU i got my pearls stolen thanks to a GM was able to recove them but if it can happen to me it can happen to u

Share this post


Link to post
Share on other sites

Posted

ITS TRU i got my pearls stolen thanks to a GM was able to recove them but if it can happen to me it can happen to u

You don't have to divulge, but outta curiosity, did you register to any third party sites?

Share this post


Link to post
Share on other sites

Posted

BDO isn't on steam yet right?

As far as I know it is not. However, you can add every game ever made to your steam library and log into it from there. Many people do.

Share this post


Link to post
Share on other sites

Posted

As far as I know it is not. However, you can add every game ever made to your steam library and log into it from there. Many people do.

That doesn't actually tie the game to steam though.

Share this post


Link to post
Share on other sites

Posted

Just tried to log on and it seems my password has also been reset. This email (alias) is only used for BDO, for reasons like this.

Now, if this alleged third party site got hacked how the hell would Kakao know MY email was taken.

Kakao either got compromised or one of their bargain basement service providers did.

They don't, that's why they state it.
Many people use the same passwords across accounts because they are lazy and or don't know any better.
It's not uncommon to assume that 70% of the people on these forums have the same email password as they do game password.

Yeah this is not time for people to whiteknight the issue.  We need to know more.

No, you don't.
I doubt you'd be qualified to.

What is it you expect to do with the information that's out there?
I'm really curious.

Even so, as i stated. It would give a vector of danger to those whos data is dumped on that site. I haven't checked myself as technically that's a felony in my country, America.

1 person likes this

Share this post


Link to post
Share on other sites

Posted

They don't, that's why they state it.Many people use the same passwords across accounts because they are lazy and or don't know any better.
It's not uncommon to assume that 70% of the people on these forums have the same email password as they do game password.

I don't know why people don't have a junk email with a different password than their main email that they use for game logins, etc. That way, even if their information gets stolen by a website, they won't have any of your login credentials. 

Share this post


Link to post
Share on other sites

Posted

I don't know why people don't have a junk email with a different password than their main email that they use for game logins, etc. That way, even if their information gets stolen by a website, they won't have any of your login credentials. 

1. Laziness.
2. They don't know any better.
3. They think either/or/and that `This can't and won't happen to them because they are a special snowflake of good karma and there is no reason for anyone to target them because of ${x}`

Those are the most common cases I've seen.

1 person likes this

Share this post


Link to post
Share on other sites

Posted

They don't, that's why they state it.Many people use the same passwords across accounts because they are lazy and or don't know any better.
It's not uncommon to assume that 70% of the people on these forums have the same email password as they do game password.

It makes no sense that they would force a password reset  for their customers. If this was done with every compromise then we'd be doing it every week.

Something is fishy here.

Share this post


Link to post
Share on other sites

Posted

So if it's a 3rd party site why have none of the sites reset all their users passwords or announced a data breach?

Also how do you know specific accounts involved? 

 

Doesn't sound like a 3rd party site to me unless it was the payment portal or something similar on your end, not ours. 

Share this post


Link to post
Share on other sites

Posted

Yeah this is not time for people to whiteknight the issue.  We need to know more.  You never, ever, trust a gaming company to do what's right for you. This is why you don't just assume you're "safe" and "ok" if your password didn't get reset.

PS. Like I said. If you want to know so badly, go look for it. As stated- I found it in 10 minutes.
Again, not sure what you're expecting to do with the information there, as anything you would be doing unless your name is on that site(and even then they've reset your password anyways) would be a felony in most countries for Identity charges and computer hacking if prosecuted.
For those of you who are slow, what i'm implying is, if you login to someone elses shit and you get caught;

68120100.jpg

It makes no sense that they would force a password reset  for their customers. If this was done with every compromise then we'd be doing it every week.

Something is fishy here.

What?
What are you even talking about lol. I don't think you're following what's happening here. You more than likely got screwed on your own account because you were account sharing, chances are this had nothing to do with you, and if it did then damn, that sucks.

So if it's a 3rd party site why have none of the sites reset all their users passwords or announced a data breach?

Also how do you know specific accounts involved? 

 

Doesn't sound like a 3rd party site to me unless it was the payment portal or something similar on your end, not ours. 

1. Because it's not a data breach. READ THE -----ING POST.

2. BECAUSE IT'S ON THE DATA DUMP LMFAO.

3. you clearly have never experienced this specific type of issue before. The first time I was introduced to this(though it's been happening for AGES) was the rsclient data dump back in like 08. That is the exact dump, in fact, that pushed me to get into cyber security & risk management in the first place.

Share this post


Link to post
Share on other sites

Posted

You don't need it.Why would they give that out.

I can't think of any practical reason to give this to an end user and i deal with situations like this on a daily basis.
Not to mention, smarty pants. Giving the site out publically would increase the vector of attack and possibly jeopardize emails. Many people use the same password for multiple accounts. If you couldn't figure that out yourself i don't know what you expected to do with the site once you got the name for it.

Transparency and due diligence I'd suppose. 

Right now it seems that there is some 3rd party company that may have peoples info and further down the line from that the source that hacked that info and whomever / whatever they intend to do with it in the coming days, months years etc.

There is an argument for keeping it internal but if there is nothing shady about this 3rd party relationship then Kakao should be protecting all of us not them.  There is a chance this is a 3rd party that people may visit directly, there is a chance that this is a 3rd party that other sites also use and have chosen not to or don't have the means to tell their customers. .In the event of something like this informing the consumer so they are aware enables them to be smarter in the long term, both in their dealings with you and outside of your domain. 

Share this post


Link to post
Share on other sites

Posted

ripperonis 

Share this post


Link to post
Share on other sites

Posted (edited)

Transparency and due diligence I'd suppose. 

Right now it seems that there is some 3rd party company that may have peoples info and further down the line from that the source that hacked that info and whomever / whatever they intend to do with it in the coming days, months years etc.

There is an argument for keeping it internal but if there is nothing shady about this 3rd party relationship then Kakao should be protecting all of us not them.  There is a chance this is a 3rd party that people may visit directly, there is a chance that this is a 3rd party that other sites also use and have chosen not to or don't have the means to tell their customers. .In the event of something like this informing the consumer so they are aware enables them to be smarter in the long term, both in their dealings with you and outside of your domain. 

Transparency at the risk of user security is not worth it, which is why they are not giving it.
The site could put users email at risk.

They'd probably end up doing more damage posting what site had it than fixing it the way they have now.

r i s k
m a n a g e m e n t .

Edited by War

Share this post


Link to post
Share on other sites

Posted

Nah. We need to know

Share this post


Link to post
Share on other sites

Posted

Nah. We need to know

Then go find out.

Share this post


Link to post
Share on other sites

Posted

If you need to change your password, you also have to change your whole email address too?! What about those of us who do not have multiple email addresses at our disposal, we have to create a whole new one we'll never check because of this? What the hell. 

I agree with you but gmail, hotmail, yahoo, all free.  I have two accounts in gmail, one I use for everything one is only for a small number of things and I don't give it out much so I don't have fifty pages of spam crap in it when I log in it is only important stuff and even if you check your gmail from your phone or tablet those easily handle multiple accounts and in the case of my phone if I get an email in either account I get a notification on the lock screen.  Just put an alarm in your phone or get an app from the windows store and set an alarm on your desktop to check the other address occasionally it's better than having somebody steal your account or worse try to use your linked paypal account to rip you off, don't laugh happened to me on my rift account I made the mistake of linking my paypal and some tard broke into my account after banging on it for weeks and made a 150.00 transaction through paypal that wiped out my checking account.  Personally I'd like to see the sort of setup that RIFT had and i think some others do it too where a code is sent to your phone or email email if you log in from an unfamiliar IP address or computer (I assume they must be checking mac address or something not sure) for the first time.  Then you can't get in without that code being provided.  Mostly they're trying to stop people from selling their accounts I'm sure.  

Share this post


Link to post
Share on other sites

Posted (edited)

Transparency at the risk of user security is not worth it, which is why they are not giving it.The site could put users email at risk.

They'd probably end up doing more damage posting what site had it than fixing it the way they have now.

Yeah ok...the info is already out there. 

Given the way Kakao manages things this does not feel like its "keep xyz safe".  It feels like oh we don't want backlash because this 3rd party should have never had the info in the first place and we're going to be screwed if they tell it now.

 

Again ^ another reason to be transparent - to stop people from assuming the worst or even worse than what actually is and just deal with the problem in the moment.  Your reasoning is akin to the Samsung nightmare and their initial choice to not sound the alarm.  Its definitely a way to manage risk but not one that ensures or maintains trust in the relationship.  Fall on the sword and work through it.

Edited by Trixologist

Share this post


Link to post
Share on other sites

Posted

Then go find out.

Oh, you're just trolling. Alright then. Ignoring you. 

Share this post


Link to post
Share on other sites

Posted

Yeah ok...the info is already out there. 

So we have this thing called an attack vector. 
Posting a site that most of you don't have, in a place where all of you can see it..

INCREASES THAT ATTACK VECTOR. Immensely.

I'd have to make fun of them.
Daily.
For ever.
If they did that.
It'd be one of the dumbest sec choice this year.

Oh, you're just trolling. Alright then. Ignoring you. 

No. I'm not. I found the site. If you want it so bad for clearly illegitimate reasons i'm assuming, go find it yourself. They've given you everything you'd need to know to ensure your current level of safety. If you didn't get a password reset your shit is safe from that attack vector. Sure you can keep up? I don't troll son. I shut kids like you down just fine without that. Get Facts.

Share this post


Link to post
Share on other sites

Posted

I think PA should also send an email to inform players about this.

Relying on twitter / game launcher is unlikely to cover all players affected.

Share this post


Link to post
Share on other sites