• Announcements

    • IMPORTANT - REACH US IN THE NEW FORUM   05/04/2017

      Ladies and gentlemen ATTENTION please:
      It's time to move into a new house!
        As previously announced, from now on IT WON'T BE POSSIBLE TO CREATE THREADS OR REPLY in the old forums. From now on the old forums will be readable only. If you need to move/copy/migrate any post/material from here, feel free to contact the staff in the new home. We’ll be waiting for you in the NEW Forums!

      https://community.blackdesertonline.com/index.php

      *New features and amazing tools are waiting for you, even more is yet to come in the future.. just like world exploration in BDO leads to new possibilities.
      So don't be afraid about changes, click the link above and follow us!
      Enjoy and see you on the other side!  
    • WICHTIG: Das Forum ist umgezogen!   05/04/2017

      Damen und Herren, wir bitten um Eure Aufmerksamkeit, es ist an der Zeit umzuziehen!
        Wie wir bereits angekündigt hatten, ist es ab sofort nicht mehr möglich, neue Diskussionen in diesem Forum zu starten. Um Euch Zeit zu geben, laufende Diskussionen abzuschließen, könnt Ihr noch für zwei Wochen in offenen Diskussionen antworten. Danach geht dieses Forum hier in den Ruhestand und das NEUE FORUM übernimmt vollständig.
      Das Forum hier bleibt allerdings erhalten und lesbar.   Neue und verbesserte Funktionen warten auf Euch im neuen Forum und wir arbeiten bereits an weiteren Erweiterungen.
      Wir sehen uns auf der anderen Seite!

      https://community.blackdesertonline.com/index.php Update:
      Wie angekündigt könen ab sofort in diesem Forum auch keine neuen Beiträge mehr veröffentlicht werden.
    • IMPORTANT: Le nouveau forum   05/04/2017

      Aventurières, aventuriers, votre attention s'il vous plaît, il est grand temps de déménager!
      Comme nous vous l'avons déjà annoncé précédemment, il n'est désormais plus possible de créer de nouveau sujet ni de répondre aux anciens sur ce bon vieux forum.
      Venez visiter le nouveau forum!
      https://community.blackdesertonline.com
      De nouvelles fonctionnalités ainsi que de nouveaux outils vous attendent dès à présent et d'autres arriveront prochainement! N'ayez pas peur du changement et rejoignez-nous! Amusez-vous bien et a bientôt dans notre nouveau chez nous

[Notice] Account Security

184 posts in this topic

Posted

You failed to realise that the ones using the "3rd party website" was kakao itself... please even if you don't read the comments at least read the first post.

Share this post


Link to post
Share on other sites

Posted

Say Bye Bye to your accounts all who using 3rd programs for BDO :D ... If you are stupid enought to use it... so what i can say is "good for you" hope BDO CS will not help you.

It most likely has nothing to do with a 3rd party program. I have a pretty good idea what happened, but it was purely by an accidental search for a costume to help a guy that I found out what it was.

Share this post


Link to post
Share on other sites

Posted (edited)

Greetings Adventurers,

 

We recently received a report that account security may have been compromised on a third party website.
 

 

Additionally if you used the same or a similar password on any other services, it should be replaced.

 


Going to need Details
Which services? Which Site?
No ones going to do a thing until you inform them of which site/s & you will be held
responsible under TOS section 13 if something does happen in the time it takes you to inform us so we can deicde if its an issue or not.

Also remember you are subject to the law of the countries you supply the game to, which gives some of us more rights on taking this matter further if need, if we are 1 of the accounts affected!
 

 

Edited by prymortal
1 person likes this

Share this post


Link to post
Share on other sites

Posted


Going to need Details
Which services? Which Site?
No ones going to do a thing until you inform them of which site/s & you will be held
responsible under TOS section 13 if something does happen in the time it takes you to inform us so we can deicde if its an issue or not.

Hidden Content

 

Already pointed that out to @CM_Aethon yesterday.
But it seems they aren't going to give us more details and turn a blind eye to the fact that they are obliged to report this to several instances.
Especially if (based on this topic we can conclude, that at least password and e-mail address were used (and they could log in)) personal information was available for the 3rd party. Since we are forced to give personal information when buying Pearls :) it's not unlikely. --> for the future just change all information to : / , and you won't have to fill in anything.

But until they give us more information it's only guessing... which I find disturbing to say the least...

Share this post


Link to post
Share on other sites

Posted

fix valk shield

Share this post


Link to post
Share on other sites

Posted

fix valk shield

you just won my heart today  xD

app.gif

2 people like this

Share this post


Link to post
Share on other sites

Posted (edited)

We need more information on this.  Is it people who were trying to buy/sell gold/accounts, or was it related to cloudbleed?  We need the information.  Most companies explain what the breach was and how it affected the users when this happens.

Edited by Sidney

Share this post


Link to post
Share on other sites

Posted

are you lose your minds on kakao??to change my pass i understand but to chAnge my email??wtf?i dont wont to change my email guys!!!!!FU you and your game if you block my account.

are you lose your minds on kakao??to change my pass i understand but to chAnge my email??wtf?i dont wont to change my email guys!!!!!FU you and your game if you block my account.and i dont youse any 3d party to play my game

 

 

Share this post


Link to post
Share on other sites

Posted

smells fishy O.o have u changed ur passwords already? like, i donno if i should D: how big of a deal is this? do they mean EVERY SINGLE player should do this?

Share this post


Link to post
Share on other sites

Posted

sorry guys i dont read right the reason why you do this.sorry again kakao

Share this post


Link to post
Share on other sites

Posted (edited)

yes... 2 step verification... pretty please?

I'm guessing its time for everyone to change their passwords... just because those accounts were affected doesn't mean that everyone else's account isn't vulnerable.

Edited by Koleopteros

Share this post


Link to post
Share on other sites

Posted

This is why we need  2-Step Verification.... please.

....the 2-step verification is the worst thing i have ever seen and ever used in the past.... sorry....

Share this post


Link to post
Share on other sites

Posted

I agree that you're not trolling, but I think the edge of certain aspects of your posts does cause reflexive reactions in some people. You've given lots of useful information and I give you props on that, but if you truly do work in this field, you know not to feed the trolls and some of your tones and words do exactly that in a way that does not seem professional. I know that this has nothing to do with work or anything but anyone that works in such mediums should always bring a level of professional courtesy when working on the internet, chiefly because it helps avoid such bitter retaliations against otherwise credible postings/posters as yourself sir. 

Agreed.
It's just that I despise professionalism.
Changing myself to another entities standards so that they may have better control over a situation due to the surroundings goes against everything that allows free thinking people to think freely and thus solve problems.
That is my experience with professionalism thus far.
I let my work speak for myself, and if people don't like when I do it, there are others on my team who i'd gladly allow present. I don't have a lust for fame, i just like solving problems. Being kept in a cage deters that. This isn't to say you're incorrect, because you are. It's a issue i deal with in the world i work in daily, an issue caused by my own stubbornness. But who knows our limits better than the tester?

I'll have more on the topic on this thread when i get to work.

1 person likes this

Share this post


Link to post
Share on other sites

Posted

 O.o

 

War/never changes ? ''Inter arma, silent leges.'' 

It's just that I despise professionalism.

You fire bullets, but you actually don't know where they go, does it?

gtt.jpg

Share this post


Link to post
Share on other sites

Posted (edited)

Daum... I'm dying out of laughing. xD

This kind of statement, really? So vague that you make sure no one gets hurt... except your own customers?

Knowing that you guys use verification services provided by a third party, which mandatorily requires your customers to provide government-issued photo IDs?

Holy shrapnel!... Such lack of professionalism... Such irony... Guys, you made my day. <3

Edited by Samgbre
Grammar.

Share this post


Link to post
Share on other sites

Posted

I agree, more info please. I would kind of like to know the websites that it could EVEN be suspected, then I would know not to expose myself to them. . What if Im good right now, but later I stumble upon it and im hacked... not ok anymore cause you didn't tell everyone there was a venomous Snake other there....

2017-04-25_11160102.JPG

Share this post


Link to post
Share on other sites

Posted

if it was  akako games them selfs lets look at the payment options . pay pal  pay safe and your debt card. That's the 3 payment options.

Share this post


Link to post
Share on other sites

Posted

Except not everyone has photo-ID, nor can afford it...

I've never owned photo-ID... Why would i need to? If i get asked for ID, i usually show my birth certificate with an old out-dated student card. No one has ever asked for photo-ID from me before.

Couldn't you think of a better method of changing email addresses?

1 person likes this

Share this post


Link to post
Share on other sites

Posted

It's not my intention to troll but if you want to use that as a cop out be my guest. It's not easy to accept when you're wrong. I know.

I believe you, you seem to be one of these people who will blindly defined a company no matter what. I've never understood that.

You failed to realise that the ones using the "3rd party website" was kakao itself... please even if you don't read the comments at least read the first post.

I wouldn't be surprised, this does not make sense and CM(s) have been very quite on the issue. I guess they need a Reddit shaming... again.

Share this post


Link to post
Share on other sites

Posted

 O.o

 

War/never changes ? ''Inter arma, silent leges.'' 

You fire bullets, but you actually don't know where they go, does it?

gtt.jpg

Hard to tell what the effect of firing a bullet will have. I'm not sure anyone knows for sure what the outcome will be haha.
 

Going to need Details
Which services? Which Site?
No ones going to do a thing until you inform them of which site/s & you will be held
responsible under TOS section 13 if something does happen in the time it takes you to inform us so we can deicde if its an issue or not.

Also remember you are subject to the law of the countries you supply the game to, which gives some of us more rights on taking this matter further if need, if we are 1 of the accounts affected!

 

1. No, they don't. Unless the breach was on their end, legally they are under no need  to go into any more details than provided, and even then, it would not be the direct attack vector that the attack came from as that would give way for more potential vectors of attack, which is not, ever, good. 
2. This would cause more trouble than wanted in this situation & it's not something they'd legally need to  provide.
3. People are going to do what they told and after re-reading the OP and viewing the situation, it's the start of a best course of action(more info on that in a minute.)

4.(your hidden content) - The "Law", specifically in reference to 
RFC 2196, protects them from this particular type of event assuming the information they've provided matches up. In this  case, mainly that the security breach was not carried out on their own systems & technology.

Before you quote legal texts you should always know what you're working with.

 

On the topic of this topic.

So after re-reading and thinking on this thread last night, it turns out that i've misread the original post myself(post criticizing others to do so, lol) and assumed  that the attack vector was limited to a source providing a data dump of information gathered via whatever methods. After reading over the post, it turns out that there may be two attack vectors. Either that one, or the possibility that the source(whoever brought the issue to Kakao) had their site breached, which prompted them to inform Kakao of the breach in worry/case that the users registered on said site(unaffiliated with kakao as i'd assume) may have been using the same password for multiple accounts(meaning the third party site, Kakao site and thus black desert and possibly email. It's more common than you'd think).
Smart move, to whoever made the choice to inform them of that.

What does this mean for you?
Well, it means that if you were not requested to reset your password then you weren't registered on that site, thus, you have little to worry about. That being said, i'm the last person to shy away from changing your passwords anyways, i'd do it just because there is a minor reason to but that's just me. If you did recieve a reset email from Kakao And make sure it is kakao, Proceed to follow these step(s):

  1. Reset all your passwords.

Problem solved.

For those of you who are worried about registering on said third party site, if the siteadmin is smart, they've disabled registration on it, where this can't be guaranteed, you can follow these step(s) to protect yourself until it's smart for kakao/third party site to provide more information:

  1. Don't register on any third party sites in regards to bdo.

You need to trust that if you haven't received a password reset, you're fine.
If the data breach was on Kakao side, they'd be singing a whole  different song than the one they are singing now.
The current attack vector, even with it being a potential 2, are still small.

You can do what you want with the information I've given you.
Thanks.

I believe you, you seem to be one of these people who will blindly defined a company no matter what. I've never understood that.

I don't blindly defend anything. I'm against the notion of that. At the same time, i don't like to assume I UNDERSTAND exactly how something is either. I question and seek, when i don't understand.
My intention is not to Defend, it's to speak reason and some sense of logic from experience into situations. If this comes and or has the effect of defending an entity then that is that. Every action has a reaction & response.
You in particular set yourself up for failure by sharing your passwords with anyone at all.
But that does not eliminate the possibility that you were affected by what is going on now.
But from my stand point, if this was brought to me(and it is often) the first thing i'm going to criticize and look into is the fact that you've shared your password with others.
That's one of the big sins of personal cyber security.

2 people like this

Share this post


Link to post
Share on other sites

Posted

Nerf Wizard please.

Share this post


Link to post
Share on other sites

Posted (edited)

 

My intention is not to Defend, it's to speak reason and some sense of logic from experience into situations. If this comes and or has the effect of defending an entity then that is that. Every action has a reaction & response.
You in particular set yourself up for failure by sharing your passwords with anyone at all.
 

When did I say I shared my passwords. Now can you see where I'm coming from, you are making stuff up.

Edited by Saccharin

Share this post


Link to post
Share on other sites

Posted (edited)

Except not everyone has photo-ID, nor can afford it...

I've never owned photo-ID... Why would i need to? If i get asked for ID, i usually show my birth certificate with an old out-dated student card. No one has ever asked for photo-ID from me before.

Couldn't you think of a better method of changing email addresses?

They do this to prevent selling of accounts and such. The only other company that i know that ask for this is world of tanks. I have a ID but considering how things are in the world. I am to paranoid give it anyone other then cop if ask for lmao.

Edited by Dalenos

Share this post


Link to post
Share on other sites

Posted

my account is incredibly secure..../watches game close instantly after loading into the world over and over for an hour and half.....yep, not even I can play it...

nice work, 10/10 product....trying to take EA's golden poo award as a developer/publisher away.....the audacity. 

Share this post


Link to post
Share on other sites

Posted

Lookup 'mail.com', lets you setup multiple addresses with different passes, connects to other email servers. Just one of many free email services out there for those in need.

Share this post


Link to post
Share on other sites