So say you love a game passionately, but you see a few flaws that you feel could be corrected with a reasonable amount of effort. You love the community and the majority of the employees working for the company responsible for the game, so how do you spur the change you desire, to make the game a better experience for everyone? How about hack the personal information of your fellow players, and threaten the publishers with the mass release of people’s private information unless they meet your demands? Such is the situation facing Frogster, the German publisher responsible for the free-to-play MMORPG, Runes of Magic.
The biggest fan you wish you never had
In mid-January, a hacker posted on the Runes of Magic forum that he had hacked the servers for the MMO, and was prepared to release the personal information, including e-mail addresses and payment information of fellow gamers, unless his or her demands were met. Posting under the name Augustus87, the demands were quickly pulled off the forums, but not before copies were made, and a screen shot was sent to Kotaku.
At first glance the demands are fairly selfless. The poster wants less censorship on the forums, improved treatment of Frogster’s employees, better treatment of the customers (ironically) with more respect, and a better control over the game’s “cheating.” For a passionate fan of the game, his demands are almost noble. Then he went and threatened to release the private information of 1,000 of his fellow gamers every day. To prove it wasn’t an empty threat, he then released the personal information of 2,000 users, including their billing information. The police were then notified.
In an interview with Gamesindustry.biz, Frogster claimed that the names were from 2007, before a major security overhaul occurred. The developer then revoked the access, account settings and forum privileges of the 2,000, in order to “protect the affected players” (the affected could then create new log in data to retrieve their game data).
Augustus87 claimed to have the information of 3.5 million users, which in Germany, where Frogster is located, makes him a felon. Although German police do not seem to have made much progress in identifying the person responsible, an investigation is ongoing.
Despite the threat to the users, and despite the method the hacker is using, many forum posters have claimed their support of Augustus87. Frogster has long faced criticism (likely both fair and unfair) for its security, and many accounts have said to have been hacked, although no proof has ever been found to confirm that — which may be the specific reason behind the hacker’s demand to “tell the truth” about lost e-mails or accounts.
“We promptly assembled a task force and are of course making every effort to get to the bottom of this incident. We are utilizing every means at our disposal to minimize the damage and to prevent such threats in the future,” Frogster claimed in a statement from mid-January.
“We have already implemented additional security measures today. As soon as all the necessary steps have been taken with regard to operational and criminal processes, we will inform you of further developments on this matter.
“This incident is very distressing to all of us. It is targeted not only at Frogster as a company, but also at Runes of Magic as a virtual biosphere and at you as players. We are always open to constructive suggestions. However, giving your opinion on blackmail and extortion is surely not the correct approach.”
Dealing with terrorists
According to Augustus87’s post, if his demands were not met within two weeks, he would then begin releasing an increasing number of accounts every day. He also threatens to do the same if the original post is removed, which it was almost immediately. Whether the 2,000 accounts were released in retaliation to the post being removed, or if it was simply to prove it could be done isn’t clear.
But now Frogster has an answer of sorts to the demands: No. In a second interview with Gamesindustry.biz, Frogster’s COO Dirk Weyel has said that the company will not negotiate or cede to the hacker’s demands.
While this makes sense in a general sort of way, and most democratic governments follow the same policy, Weyel is essentially saying that his company will not improve its workers’ conditions, nor will it consider improving its customer service.
“Of course, we looked at what it means. Why is someone so angry? Why do they want to harm Frogster and the user base? Obviously, in any community you have people who complain. Some of them are reasonable, and some complain in a way that is unacceptable. What this guy did is definitely criminal, but is also unacceptable in terms of the way that the he communicated.” Weyel said in answer to those concerns.
“On the other hand we can also try to make sure we’re communicating as openly as possible with the community — which is an ongoing process. I’m not saying that our community management is perfect, or that they always do the right thing, but we know that our community is our most important asset, so we always try to be as open and transparent as possible.”
“So we can try and keep continuously improving in that area, but we can’t accept people hacking and threatening us.”
A fragmenting Frogster
The attack is one of many issues currently facing Frogster. Late last year, the company saw a split among the executives, as the former director of marketing decided to waive a contract with the publisher, and instead joined Frogster’s former director of research and development. Together the duo – -along with others — have founded Neonga, a rival publisher with plans to introduce its own free-to-play MMORPG to rival Runes of Magic.
Earlier today, Frogster’s CEO, Andreas Weidenhaupt, announced that he would be leaving the company in April. To top it all off, Frogster is in the midst of a friendly takeover from the company Gameforge, leaving the future even more uncertain for the publisher.