Black Desert Online locks (some) player accounts in the wake of data breach


Black Desert Online appears to be in the midst of an account-security fiasco, as a recent forum post from GM Rhotaaz has announced that the “account information of a number of users has been posted publicly on various sites and platforms.” A subsequent investigation by Kakao Games “revealed that the account information came from a leak that was not associated with [the studio],” and therefore “it’s difficult for [Kakao] to verify [that] the list that was posted includes all affected accounts.”

In order to ensure the security of players’ accounts, all affected Black Desert accounts have had their passwords reset and have been locked “pending verification from the original owner.” In order to verify their identities, each player whose account has been locked must contact customer support from a new email address with a message that contains the original e-mail associated with his or her account as well as a photograph depicting his or her government-issued photo ID (to verify name and date of birth) alongside either a physical newspaper showing the current date or the player’s screen showing his or her open support ticket.

Needless to say, many players are less than pleased about this turn of events, with some users on the game’s subreddit balking at the prospect of handing over photos of identification documents (even with all but the necessary information — legal name and date of birth — redacted) in the wake of such a massive data breach. As for how the breach occurred in the first place, speculation runs rampant, but neither Kakao nor any other source has come forward with any information, though a Reddit post on the topic claims that the data “is unencrypted and validated data (i.e., working accounts). This doesn’t mean the data was stored in plain-text but was obviously stored in an easily solved encryption method.” [This claim has since been rebutted by Kakao; see update below.]

Source: Official Forums, r/BlackDesertOnline. Thanks, Pasha!
Update 12:30 PM EDT
We’ve spoken to a representative for Kakao, who has clarified for us that only affected users will see a password reset and account lock. Moreover, the breach wasn’t widespread. “Only a relatively small number of users were affected,” the rep told us, but he said he couldn’t reveal the exact number or the precise details on how the company encrypts player data: “Although we cannot go into detail on how we are encrypting our user’s data, we ensure you that we use the latest standards and technologies.”
Previous articleThe Daily Grind: Would you play an older MMO with completely new graphics?
Next articleDestiny 2’s fall patch turns Eververse gear into Universal Ornaments as Bungie revamps the Bright Dust economy

No posts to display

oldest most liked
Inline Feedback
View all comments