This is the situation as is:
A bit ago I play “The Grinns Tale” on my account, as usual, and all is fine and well. After a while I go out for two or three hours and when I return and open the game again, I notice half the game content being deleted. At first I assume it is a server issue but after refreshing a couple of times, the situation remains as is. When I notice that at the same time I gained quite some resources in game, it becomes obvious someone deliberately deleted that content since that not only explains the disappearance of this content but also the sudden gain in resources. Looking at the town map it’s obvious he worked his way through it and I must have opened the game when he was somewhat halfway. Quite some content has been deleted including premium content for which I, obviously, paid MONEY.
Since I’m not suffering Alzheimer yet and have none else here in this house able to use my computer –I live on my own- and quite certainly am not demented enough to share my password with anyone, there are only two possible answers. Either someone discovered how to get into my kong account or he discovered how to get into my Grinns Tale account at the Nexon server.
I decided to send a message about my problem to the game dev, and to kongregate, which by the way has an amazingly troublesome system to address a simple and probably not even uncommon issue like this.
I decided to leave all as is, not change the password or options and see if this friendly fellow whom decided to clean my content is, or is not, Nobel prize material and possibly try again. There’s little personal information in my account and half the content deleted or all the content makes little difference at this point. So I waited, either on a response to my messages or another alien invasion.
And surely, as I admittedly expected, the invader isn’t really the type that will ever qualify as a rocket scientist since I noticed him using my account again. Anyone with an IQ bigger as my shoe size must have known that I might have noticed the previous invasion since HALF my game content disappeared. He surely couldn’t have expected me to overlook this detail. I was keeping track of my activity and suddenly see I had been playing a game I didn’t play. Long live logs. Which explain also where the exploit is situated; on kongregate itself.
Now there’s some personal flavor to this invasion and if I had to bet money on whom it is, I probably would end being a winner. But since I lack evidence there’s little reason to point the finger at anyone in public. I also think I know what they exploit at kong to be able to enter other accounts but mentioning that in public is an as great idea as leaving a bag of peanuts among monkeys. They too be all over it.
I again sent a message to Kong about this latest development which is probably floating somewhere among all the others.
What we are certain about now is that there’s a problem. Actually there are two problems. First; a part of my game content is gone of which some did cost quite some kreds. I doubt very much this specific problem is my problem since I didn’t add a “Ya’ll can come and use my account as you please” message on my profile together with the password and many happy thanks. What I’d appreciate is this “deletion” problem being solved but, to be honest, it isn’t that high on my wish-list. I’m what some call a whale and play here purely for pleasure. I could care less about ten, a hundred or a thousand bucks. As such, I’m not too bothered about the deletion itself as, and this is actually top on my wish-list, I’d like to know who exactly is this fellow who felt inclined to enter my account. Surely you should be able to compare visitor IPs and differentiate between the one I always use and the anomaly that suddenly appears also using my account. Since he’s no Einstein, a quick comparison should directly reveal what other account he normally uses with that very same IP. He’s, contrary to what he probably considers himself, no L33T hacker and thus we likely got a simple case of one and one being two. I’d be grateful being informed who he is. We shouldn’t have to bother about violating any rights since he did forfeit his the moment he violated mine.
The second problem, which is maybe a slightly bigger one, is that this exploit can be used on any account. Anyone on Kong is subject to this same issue which implies that not only their information and private mail is accessible to all “in the know”, and willing, but that also their kreds can be used as pleased by any invader. Once you’re into an account, everything but that which requires the password is free to use. That’s not a pretty idea.
I address this issue here since I can’t even be sure he didn’t use my private mail to send an “forget the previous mail, all is solved” message to anyone I informed about it before.
So; Houston, we got a problem.