What's that, Furcadia?

Monday, September 17th, 2007 – Layered Technologies was subjected to malicious activity that may have compromised the safety of up to 6000 different accounts.

Compromised information could include Names, Server Login details, Phone Numbers, and e-mail addresses.

Layered Technologies told their clients that it would be in their best interests to do the following:

Change the login credentials for all host details they have submitted in the past 2 years. This includes any login credentials for the following: Cerberus, Modernbill, Encompass, and all servers you own and operate with LT, all services that may have submitted passwords in the past for such as Webmail, Remote Desktop, SSH, MySQL, cPanel WHM, FTP Backup storage or similar services.

The effect on Furcadia users will probably be minimal. Lothus Marque, who brought this to my attention, said:

My bet is that if it HAS been compromised, the average Furcadian won’t be affected unless whoever has the login info decides to wipe the server on a whim. DEP should change their system logins quickly – if they haven’t already – regardless, although I do estimate that getting into a small online game’s (that’s mostly free to play) server is probably of less importance than some of the other clients Layered may host. However, DEP does store all player’s email addresses, not to mention all Digo market transactions and objects (though CC information should be safe, as it should usually stay with the ePayment company) so you might want to keep an eye on your accounts for a while. Even if it hasn’t been compromised, it’s always a good idea to be sure of your position if something happens at a later date through any direction.

The most sensitive thing that likely could have been taken is character login information, e-mail addresses, and possibly home addresses and telephone numbers. As Lothus stated, the likelihood of a small-time operation like Dragon’s Eye Productions being a direct clear-cut target of an attack like this is low to the point of non-existence. The threat is lessened even more-so, depending on how DEP stores the information. (If it is encrypted, the hassle for a person to try getting into said information would be extensive for little-to-no gain when dealing with a small-time operation like Dragon’s Eye Productions.)

We got in touch with Felorin and sanctimonious on this matter, as it is of direct relation to Dragon’s Eye Productions. Felorin got back first, and quickest. He assured us that the 11 years of no-hacking, (which includes a year of pre-development,) that Furcadia has had is still unblemished – There was no unauthorized access to the Furcadia server.

As soon as DEP was aware of the possible compromise, they immediately began to change passwords and review the server’s log file to make sure nobody accessed sensitive information on the server.

Felorin did admit that it was possible that someone might have managed to gain access to some sensitive information stored on the server. sanctimonious, however, assured us that there was nothing to be worried about because there is no evidence to indicate that the Furcadia server’s information was part of the information that was stolen.

As an increased security measure, Felorin stated that the people at Layered Technologies does not have root-password access to any of the servers that Dragon’s Eye Productions has hosted there. The downside is that there was the possibility that someone could have used passwords that Layered Technologies does have to gain access to information, but again, there is no evidence that Furcadia was invaded in any way.

sanctimonious assures me that there no server logs, accounts, e-mails, paypal accounts, or anything else specific to players was touched at all by this. Of notable mention, all information used for the Digo Market, (Specifically credit card numbers, and paypal information,) are not stored on any machine owned by Dragon’s Eye Productions. In order for that information to be obtained, PayPal, or one of the other financial services would have to be hacked.

As Felorin said, “I’d bet those are pretty heavily secured machines!”