June 20, 2003 Ragnarok US Hack
The June 20, 2003 Ragnarok US Hack was a hack which occurred on June 20, 2003 in California, in the United States on the iRO Ragnarok Server.
Background[edit | edit source]
On June 20, 2003, several users had created in-game items, presumably a lot of them, using Game Master accounts, which led to Gravity Interactive (US) which had been formed in January of the same year, to revert the data back 2 days to data from 18 June 2003. At the time, Gravity did not explain the reason for the rollback, but by means of compensation, they provided users with extra experience points to compensate for the 2 days they had lost. The incident continued on, when on June 22, 2003, a file titled user.txt appeared on several messageboards and P2P applications.[1]
The usernames and passwords stored by Gravity at the time were unencrypted, meaning that the file user.txt was simply shared as it was, rather than decrypted and shared. The data related to people who had pre-registered for the beta test. As a result of this file being shared, several people logged into other accounts on the service, with legitimate users noting that their account had been logged into when accessing their account. Gravity then responded to this by sending out emails to everyone effected, requesting them to change their passwords and verify themselves -- but by this time the damage had already been done as some users who had mail accounts with the same password were unable to access their email to reset their passwords. As a result, Gravity temporarily shut down servers to mitigate damage, and did not respond when asked if this leak also could potentially relate to credit card information.[1]
Interesting asides[edit | edit source]
In the research for this article, a comment was found[2] from a Slashdot user which indicated that the previous (or current) attack utilised the SQL Slammer injection vulnerability, which was widely used by the Slammer Worm, a piece of malware which also abused this vulnerability.
The RO server is 31MB. I know this because I know someone that got into their system using the SQL exploit (this was a month before Slammer used the same technique). He retrieved the actual server software and released this on the net so that anyone could emulate the server (if you had 1GB+ ram). He has done a lot to the RO folks, and I wouldn't be surprised if it was him that did it.
References[edit | edit source]
- ↑ 1.0 1.1 Gamespot (2003) Ragnarok Online hacked, user data leaks. Available at: https://archive.ph/lGiHU(Accessed: 29 October 2023).
- ↑ https://web.archive.org/web/20210213213859/https://games.slashdot.org/story/03/06/24/0531236/ragnarok-online-hacked-user-data-leaked