White-Hat Hacker Helps Solve Rift Security Exploit

A player of Trion Worlds' Rift MMO has helped the development team identify and patch a security hole that opened many user accounts to hijacking and griefing. Reports of compromised accounts started spreading through the Rift community last week, leading developer Trion Worlds to implement a Coin Lock feature to prevent item and money sales when a user logs in from a significantly different location than they had previously. But grief-causing hackers were reportedly still able to gain unauthorized access to accounts and delete characters with impunity. A programmer and Rift player going by the handle ManWitDaPlan was one of these victims, and used the occasion to investigate the security hole that was causing the rash of reported account theft. He eventually identified an account-control exploit and reported his findings to the Rift forums on Friday afternoon. Trion's response was immediate and impressive, ManWitDaPlan said in an interview with MMO community site ZAM. "Steve Chamberlin, the dev lead for Rift, was on the phone with me within five minutes of my sending the technicals on the exploit, and while I was talking to him, the engineering team was likely already editing and recompiling code," he said. "A patch was deployed just over two hours after the exploit was revealed," he continued. "The phrase 'epic win' is cliched from its overuse as a meme, but it nevertheless certainly fits here." Rift executive producer Scott Hartsman offered his "heartfelt thanks" to ManWitDaPlan for his help with the fix, and said that less than 1 percent of accounts had been impacted by the problem. "However, 1 percent of a surprisingly large number is still very noticeable," he acknowledged (the game reached 1 million registered account last month). Hartsman said Trion continues to hire more employees to handle these and other issues with the game, and will soon be rolling out a two-factor authentication scheme that should help foil account hackers.