That Was Quick — Rift Accounts Being Hacked By Gold Sellers

I guess it’s a sign of how well Rift is doing, but apparently there are a lot of players reporting account hacks.

The Ancient Gaming Noob, Wilhelm, puts a big chunk of the blame on Rift’s 16 character limited passwords. I’m not so sure that it is such an issue seeing as most players won’t be using passwords that long anyway. Most likely, a lot of players are using a simple easy to remember password that is susceptible to dictionary attacks. However, even 16 char passwords are susceptible to rainbow table attacks.

Still, using all 16 characters with a combo of uppercase, lowercase, numeric, and punctuation characters will put you at the head of the curve, or as Wilhelm puts it, above the low hanging fruit.

My opinion, as always, is that the plague of account hacking by gold sellers is the result of in-game currency being such an integral part of character progress.

There will always be players looking for the easy way out by buying gold.

There are a two things that developers can do to minimize this plague.

  1. Stop requiring gold for character progress, or at least minimize the need for it. At most, gold should only be used for trade between players, and all trade should be face to face.
  2. Flag and permaban players who buy gold.

Point 1 is self explanatory, however, gold sellers will always try and get around it. Point 2: Permanently banning players will put a hole in the gold market faster than you can say “Rift Gold.” After a few players are caned for buying gold the news will get around that it’s not only gold seller accounts that get banned, and any player not wanting to lose their account will be too scared to buy gold.

And it’s easy to do to. Every gold transaction is logged anyway, and if it isn’t it should be. The devs know the source and destination of the gold. If the gold comes from a seller, and it’s easy to tell who is selling gold, the buyer can be flagged for further review. If it turns out they’ve bought gold. Wham! Gone! Hooray.

As I said, once word gets around, the gold sellers are out of business.


  1. wasdstomp

    I think the biggest problem is gaming companies making everyone use email addresses as usernames. It could just be coincidence, but I never heard about so much hacking until Blizz and now Trion use it.

    I guess the best option is to change your password once a week, or make some gmail or hotmail acct for your gaming that you never use when filling things out asking for an email.

  2. Stropp (Post author)

    I agree, email addresses are used for so much these days, they are very public. Give me a real username anyday.

    Again, this is one of the reasons why I suggest not tying gaming accounts together with a single username/email address. I don’t even like OpenId and do not use it. No point giving hackers access to all my accounts everywhere.

Comments are closed.