Information Recent Security Concerns & Reminder

Hello Maplers,

Recently, there has been much discussion surrounding security and privacy concerns at one particular Old School MapleStory Private Server. This Private Server, without letting its users know, logged very sensitive and detailed information about the contents on its users’ computers that, to our knowledge, no other private server has done before.

The purpose of this announcement is to inform our users of said server’s actions that were mentioned in recently leaked staff conversations where they openly talked about these sketchy practices, in order to emphasize the importance of this breach of trust and to address any security concerns that our own users may have.

The administrators of the server in question are currently using files that were developed over the course of 5 years at MapleLegends, which they have admitted to stealing and attempted to cover up by announcing them as their own source files when asked.

Because this server is using files that originated from MapleLegends, we wanted to immediately clear up any questions or concerns regarding whether MapleLegends has any similar logging practices that would violate our players’ trust and privacy.
The aforementioned server used a modified WzMss.dll that injects code directly into the MapleStory client. Using the injected code, they log all processes/windows that a user has open on their PC, including names of websites, and permanently store them on a semi-private discord channel. Furthermore, based on their staff conversations, they even considered logging every single button that their users press on their keyboards. Whether this actually occurred or not is unconfirmed; however, it was clearly implied that implementing this level of spying was a possibility, which is incredibly concerning for all players as well as the future of MapleStory Private Servers.

This has resulted in many questions for said server, as well as other MapleStory Private Servers. Do all private servers do this?

We at MapleLegends absolutely do NOT log any kind of 'processes' running on your PC nor do we see which buttons you press. We have no visibility into anything that the vanilla MapleStory client itself could not see. Information that a vanilla MapleStory client does display, such as your IP address and machine ID are logged by MapleLegends in the normal course of operation. The vanilla client also creates a 'Crash Report' when the client crashes unexpectedly, which shows the directory of the MapleLegends folder, as well as the memory address that caused the client to crash. Other in-game logs are created as well for the purpose of handling in-game reports and disputes. To reiterate, all MapleLegends logs happen inside the game itself, and nothing outside the game, such as your browser windows, history, or keystrokes, is logged.
If there is ever a change to the methods in which any of your information is collected, we'll be sure to announce this and disclose this in our ToS.

On an unrelated note, we want to remind everyone to keep their accounts secure. There has been an increasing number of reports regarding compromised accounts. After investigating the issues, it was found that many of these accounts had used identical information in other MapleStory server(s). We request to everyone, please do not use the same information you use at MapleLegends if you choose to play other private servers.

Not only can hackers steal your hard-earned items and mesos once they gain access to your account, they can also sell your account for Real World Currency or use it to violate other offenses under the ToS, which may get your account banned. The MapleLegends Staff cares about your account security, but we may not be able to help you if you lose your account due to a hacking incident. Please, PLEASE use unique information when playing elsewhere. This could save you a huge headache from being hacked, needing to collect information and make an appeal, and waiting for the results of our investigation, which may not work out for you at the end.

Also, here are some general tips on how to keep your account secure:

• Keep your password strong. Lengthy passwords with no recognizable pattern are the best. Do not use common information, such as your name or birthday, in your password. Use special characters, along with mix of numbers, uppercase/lowercase alphabets, in your password.
• Do not use the same password on any other services, especially on other private servers.
• If available, use Two Factor Authentication (2FA) on your email associated with your account, so hackers cannot get your account using the 'Account Recovery' feature of our site.
• Do not share your account name or password with anyone.

Thank you for understanding! Please stay safe.
*Disclaimer: This announcement is for awareness only and is not in any way an attempt to directly attack any other server, which is why the screenshots of the staff conversations are name-censored. However, we want to provide a wake-up call when it comes to what practices a malicious Private Server can do, and how easy it is for your account information to be compromised if treated incorrectly. Some individuals are still not taking it seriously and continuing to use poor passwords, poor PINs, or just straight up the same information in every server they play on, which can cost them their hard work on MapleLegends. We don't want this to happen to you, so please take your account security seriously.

~MapleLegends Staff~