Black Desert Online appears to be in the midst of an account-security fiasco, as a recent forum post from GM Rhotaaz has announced that the “account information of a number of users has been posted publicly on various sites and platforms.” A subsequent investigation by Kakao Games “revealed that the account information came from a leak that was not associated with [the studio],” and therefore “it’s difficult for [Kakao] to verify [that] the list that was posted includes all affected accounts.”
In order to ensure the security of players’ accounts, all affected Black Desert accounts have had their passwords reset and have been locked “pending verification from the original owner.” In order to verify their identities, each player whose account has been locked must contact customer support from a new email address with a message that contains the original e-mail associated with his or her account as well as a photograph depicting his or her government-issued photo ID (to verify name and date of birth) alongside either a physical newspaper showing the current date or the player’s screen showing his or her open support ticket.
Needless to say, many players are less than pleased about this turn of events, with some users on the game’s subreddit balking at the prospect of handing over photos of identification documents (even with all but the necessary information — legal name and date of birth — redacted) in the wake of such a massive data breach. As for how the breach occurred in the first place, speculation runs rampant, but neither Kakao nor any other source has come forward with any information, though a Reddit post on the topic claims that the data “is unencrypted and validated data (i.e., working accounts). This doesn’t mean the data was stored in plain-text but was obviously stored in an easily solved encryption method.” [This claim has since been rebutted by Kakao; see update below.]