Results 1 to 4 of 4
  1. Orbital Bee Cannon
    IGN: SaptaZapta
    Server: Kradia
    Level: 225
    Job: Hero
    Guild: Matriarchy
    Alliance: Dominion

    Default Nexon's official MapleStory forums have been breached


    Note: this is not an announcement from Nexon, but an observation by players.

    The official forums were defaced, and apparently a script attempting to collect account information was found in their code.

    It is recommended that you NOT go to the forums until Nexon issues some kind of official statement.

  2. Idiot. Male
    IGN: Enfris
    Server: Reboot GMS
    Level: 173
    Job: Evan
    Guild: Forever alone.jpg
    Alliance: Forever alone.jpg
    California

    Default Re: Nexon's official MapleStory forums have been breached


    Account information shouldn't be an issue other than your profile name, email, and IP.
    The page where you login isn't part of Vanilla forums and is part of Nexon's oauth system so it can share your username/email, profile name, IP, and maybe some other meta stuff with the Vanilla forums software. That login page passes a secret token to the forum software and then it creates or logins into a forum account as needed. Passwords shouldn't be shared and it'd be dumb for even Nexon to do that (that oauth login page handles the actual login process and token generation)*. (EDIT: Just checked, they use a mixture of both oauth and a slightly modified jsConnect (the Vanilla SSO plugin). Passwords still aren't shared regardless of authentication method.) It all seems to be localized to the forums database/software and the official main website and the actual game seem to be clear so other than your email and IP, I wouldn't worry about it too much. I'd be a lot more worried if an unauthorized post was made on the official Nexon websites since I believe that you need access to the Nexon America intranet to access their Umbraco (their CMS) management pages. (Which is also why when something happens in the middle of the night or in the weekend, posts on social media and the forums are made much more faster than the official website posts since that requires someone in the office. I distinctly remember this happening before but they blamed it on an error with their software when they probably thought it wasn't worth driving to the office to make a damn post.)

    EDIT: Unlike when you login to the actual MapleStory game**, your forum account and Nexon account is technically independent from each other. That's why when you go on the Nexon websites and you see that you have been disconnected/timeout, your forum account may still be logged in. And why when you change your profile name on the Nexon Launcher, you have to relog (so the updated token from the login page can update your profile name on the forums). And I see an image that's floating around that appears to be a packet editor, not code injected into the forums as some have been saying (could be wrong of course, not even really sure what I'm looking at). And the page where an image with a short message that takes over the page of page 1 on that banana thread is the hacker editing a comment from Neospector and using HTML to take over the page (remember when KTBN said he was really excited to use HTML on the forums when it first launched? That's typically why people don't enable HTML so things like this won't happen.)

    Also, I think it's all from the user "inb4" on the forums. S/he abused a hole in Nexon's custom modifications to the forum software that allowed it to pick other avatars from other Nexon games earlier this week and if you hover over the "Edited at x:xxam" things from the suspicious OneLetter posts, it says it was edited by "inb4". Probably gave him or herself admin powers.

    *Source: I've used Vanilla forums before and helped someone with single sign on logins. Also, you can look up how Vanilla forums handle single sign on stuff and unless Nexon made serious modifications, which I highly doubt, it should work pretty much the same as everyone else's.
    Vanilla jsConnect docs: http://docs.vanillaforums.com/help/sso/jsconnect/
    **Technically they are independent as well, but as far as I'm aware, the game server does read directly from the global account database unlike the forums.
    Last edited by maplefreak26; 2016-12-21 at 02:28 PM.

  3. Mercury Male
    IGN: Ivangoldes
    Server: Now Bera
    Level: 230
    Job: Marksman
    Guild: Olimpo
    Alliance: Aliança
    Farm: Ivangold
    brazil

    Default Re: Nexon's official MapleStory forums have been breached


    Thank you Maplefreak for the information
    But geez, the hacking thing took a new level, has this happened before in the old forums? I was mostly here until this year .

  4. Default Re: Nexon's official MapleStory forums have been breached


    thanks maplefreak. ok i am less panic now. i have not posted on official forums recently so hopefully i am fine

    on their site they only stated this
    http://forums.maplestory.nexon.net/d...forum-downtime

    how reassuring, lol

  5.  

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •