Please Take Note !!!

A GM has posted on the Official forums that it is not ONLY inactive users that need to change their passwords every 120 days, it now applies to EVERYONE and you must change your password by June 10 or it will be randomly generated to a new one.

go here for more info:

http://rappelz-forum.gpotato.com/viewtopic.php?f=2&t=996572

Change by June 10th and then continue to change it every 120 days forever? Omg, lame sauce.

Dunno how you all feel about this, but as a victim of hacking I think this is a good thing. I admit it that this is lazy mans way of dealing with this issue but as they say in my country "Bolje ista nego nista" (Better something then nothing).

It's been more then a half year and I still didn't stand on my feet after the hack. Isden is taking a brake off Rappelz so I toke all his e3 pets. If it wasn't for him I would have to lvl up alts. Deva (which I wove vewy much ) is also been a great help, and I can't thank him enough.

I wandered off for a while, but just wanted to paint you a picture how does hacking affects your gaming. Here is only a tip off the iceberg, but the greatest part is the feeling of exposure of your own security and privacy.

Take this amends seriously; change password often and make them complex (combination of numbers, lower and upper case). I do hope they make more actions about this matter.

Sorry about long post, but I had to share my exp. with you.

Maeven

Change your passwords all you want, it has nothing to do with the hacking...

flamingsword wrote:Change your passwords all you want, it has nothing to do with the hacking...

Why do u think that? How else can they infiltrate without a pass? I'm not a hacking expert but in my opinion there is 2 key elements in hijacking acc: 1. Know acc pass, 2. User must not be online (ex. I was hacked 2 weeks after my rappelz break began)

Like I said, this is just my point of view.

So, what if I told you that someone NEVER changed their pass in 5 years, NEVER got hacked, what would that tell you?

MyAxeRockz wrote:So, what if I told you that someone NEVER changed their pass in 5 years, NEVER got hacked, what would that tell you?

I would say that you either have a secure pass that is strong or that you don't have any items of interest to hackers.

Btw, I picked up some hostility from you post. Am I mistaking or u kinda attacked my last post?

The big issue here is that the page where you change your password isn't secure, although all other login pages are. Finally today we got ItOki's attention about it, and they are "lookin into it"

They didn't even know it wasn't secure, hey claimed it was, until users posted the scripts and screens to prove it isn't. That means everytime u enter a new pass change requet someone could Intercept it...never mind making "10 million users" do this 4 times a year, as opposed to some who have never.

I've had the same crap password or years, changed it several
Months back to something much more secure.

So gala forces a policy change they haven't though though fully, and they won't even allow lengthy passwords that are more complex!? This is such a bad joke. Besides the fact it's forced instead of suggested. That puts the burden of security on us, not them. They just want an easy way out IMO.

I also know of two people who were hacked who aren't getting their stuff back simply because gala is having a "hard time tracking the items" one was r7 and got a r5 weapon back only.

Vashtii wrote:The big issue here is that the page where you change your password isn't secure, although all other login pages are. Finally today we got ItOki's attention about it, and they are "lookin into it"

They didn't even know it wasn't secure, hey claimed it was, until users posted the scripts and screens to prove it isn't. That means everytime u enter a new pass change requet someone could Intercept it...never mind making "10 million users" do this 4 times a year, as opposed to some who have never.

I've had the same crap password or years, changed it several
Months back to something much more secure.

So gala forces a policy change they haven't though though fully, and they won't even allow lengthy passwords that are more complex!? This is such a bad joke. Besides the fact it's forced instead of suggested. That puts the burden of security on us, not them. They just want an easy way out IMO.

I also know of two people who were hacked who aren't getting their stuff back simply because gala is having a "hard time tracking the items" one was r7 and got a r5 weapon back only.

Wasn't aware that pass changing isn't secure! This flushes all the pass changing to toilet...

Maeven wrote:

MyAxeRockz wrote:So, what if I told you that someone NEVER changed their pass in 5 years, NEVER got hacked, what would that tell you?

I would say that you either have a secure pass that is strong or that you don't have any items of interest to hackers.

Btw, I picked up some hostility from you post. Am I mistaking or u kinda attacked my last post?

Nonono, was just pointing it out;)

In light of new facts, seems to me that the issue is even more complex beyond my comprehension. Was naively believing that simple change of pass will help you repel hackers, but if their pass change server is not safe maybe they will doom us all with this mandatory pass change -.-

I do hope it will help, but as I pointed out I'm a naive optimist...

There are a few theories on how the hacks are being done, nobody seems to know completely for sure as Gala is not releasing any information on it. But the fact that their password changing site is not visibly secure is not helping (even if it isn't the weak link of hacks) the link in my opening post is to the forum topic about password changing and if you read all the comments, most people are NOT happy at all with this.

The only way I see this really helping is if the problem is a database leak of usernames and passwords on Gala's end. But that's a big IF so...I guess we'll find out soon, if the hacks die way down after this is implemented then that may be the case. Though I would like to be optimistic about this, for once I'm finding it hard...

I highly doubt everyone that got hacked has changed their password recently. So I call BS on that. The hacks are so systematic the only explanation is if the hacker(s) have an extensive list of usernames/passwords, which can only be retrieved from Gala's own database.

And if the leak is not patched, and GMs are sending us on a goose chase by making us change their passwords, who's to say the hackers won't just fish up the new passwords from the leaky database?

I'm not saying you shouldn't change your passwords, the above is all just speculation, but I'm calling BS on all of Gala's suggestions so far and would really like to see them actually try to get to the bottom of things.

xROMULUSx wrote:

The only way I see this really helping is if the problem is a database leak of usernames and passwords on Gala's end. But that's a big IF so...I guess we'll find out soon, if the hacks die way down after this is implemented then that may be the case. Though I would like to be optimistic about this, for once I'm finding it hard...

This would indeed require a pw change.:: however they want continued changes, this leans toward what zyp days below , that they are continually compromised. Again, gala hasn't fixed the issue they are making us attempt to avoid bad things while they chase their tails. All this is to
Menus an inconvenience, if information is compromised it probably will continue tO be, and it's inevitable I'll get hacked, so might as well wait it out as much as try to out dodge a hacker gala can't find.

which is exactly why I'm finding it hard to be optimistic...what they are doing is a temporary fix at best. Though, who knows maybe they have fixed their leak, or are working on it...they won't exactly tell us if they have because they would most likely never admit a DB leak to us. Who knows what's really going on, it would just be nice to see some real evidence that they are working towards a permanent solution, and this isn't happening.