1. Hello!

    First of all, welcome to MapleLegends! You are currently viewing the forums as a guest, so you can only view the first post of every topic. We highly recommend registering so you can be part of our community.

    By registering to our forums you can introduce yourself and make your first friends, talk in the shoutbox, contribute, and much more!

    This process only takes a few minutes and you can always decide to lurk even after!

    - MapleLegends Administration-
  2. Experiencing disconnecting after inserting your login info? Make sure you are on the latest MapleLegends version. The current latest version is found by clicking here.
    Dismiss Notice

Important Security Notice

Discussion in 'MapleLegends Announcements' started by Kimmy, Feb 9, 2021.

Thread Status:
You must be a logged-in, registered member of this site to view further posts in this thread.
  1. Kimmy
    Offline

    Kimmy Administrator Staff Member Administrator Game Moderator

    11,119
    11,074
    551
    Sep 9, 2014
    6:37 PM
    Moderator Post
    Hello everyone,

    It has come into our attention today that a brute-force accident has happened at MapleRoyals. While normally it's less of a big deal when it's a small server, MapleRoyals is played by a lot of our users in past or present, which means some of our users may be affected too.

    MapleRoyals also use a PIN and PIC system on their website, which we believe based on information they have given on their latest announcement has been brute-forced as well (Their announcement: https://i.imgur.com/NmT3uG4.png).

    We have an anti-brute-force system in-game, and we do not use a PIN system on our website, since we do not have such thing as a 'control panel'. We keep the information on our site very minimum since we do not think the information on the website is a need.

    A few days ago we've mentioned how we learned there was brute-force activity on our server as well, which made us add Captchas into the website. We believe as soon that was done our problems were solved, which hopefully is true.

    Unfortunately, based on logs we believe we have a number of users that the hacker has got into from our website. For those we believe have been accessed from the website have their account currently disabled and banned.

    If you look at your 'My Account' page and notice you are currently banned than please create a ban appeal on our forums.

    NOTICE: Just because they got access on the website (which doesn't require you to enter a PIN) wouldn't automatically mean they got access in-game as well. If you kept your PIN secure and different from other servers you hopefully escaped from an actual compromise of your characters.

    We try our very best to keep everyone secure, and unfortunately, we failed as well. As soon we've learned about it we have immediately taken action and fixed what we've learned.

    Login changes

    With this maintenance, login changes have been done.
    • The PIN will appear again at ALL time for the time being. This allows you to change your PIN in-game

    • Any NEW PIN cannot be simple strings such as '1111' or '0000' anymore.

    • If you use the same PIN as ANY other server please change it immediately once we are back up

    • If you currently use a very simple PIN such as 0000 and so on you should change it immediately once the server is back up. We may start to block your access to the game if you do not do this in the near future

    • Additional security layers have been added to prevent any possible method of brute-forcing from within the game itself. It was already not possible, but we improved it even further.

    We are also looking in ways where we can enhance the PIN system itself by modifying the client. However, that's not something we can simply do in one day.

    How to change your PIN
    - On the PIN screen in-game enter your PIN
    - Instead of pressing OK press 'CHANGE PIN'
    - Follow the instructions

    As another reminder:

    DO NOT use the same information as any other unofficial / 'private' server you play ever
    DO NOT use the same FORUM NAME as your LOGIN ID. If you did this I allow you to change your forum name for free.
    DO NOT link anything you own (Facebook/Twitter/etc) with MapleLegends (same username, password, etc)
    DO NOT USE THE SAME INFORMATION INCLUDING PIN AS OTHER SERVERS
    DO NOT USE THE SAME INFORMATION INCLUDING PIN AS OTHER SERVERS
    DO NOT USE THE SAME INFORMATION INCLUDING PIN AS OTHER SERVERS
    DO NOT USE THE SAME INFORMATION INCLUDING PIN AS OTHER SERVERS

    We are extremely sorry for the inconvenience and hopefully, we improve the security on our side going into the future as well.

    Thank you!
     
    • Informative x 6
    • Like x 3
    • Friendly x 2
    • Great Work x 1
    • Creative x 1
Thread Status:
You must be a logged-in, registered member of this site to view further posts in this thread.

Share This Page