Since this past weekend, the fledgling second early access of Fractured Online has been tarnished by the actions of a malicious hacker, who according to Dynamight Studios hacked his way into an admin account exploit and abused admin powers to “[teleport] around the world and [use] the admin command ‘unclaim city’ on all player cities” to destroy them one by one. As of last night, Fractured’s Jacopo Gallelli has an update for the players affected.
First, Gallelli confirms that the hacker didn’t steal admin login credentials, meaning that the database (and player passwords) weren’t compromised. Instead, the hacker “[exploited] a vulnerability in the server that hosted one of the game’s external services.”
Second, the team had originally hoped to restore all of the lost player cities, but apparently the studio had to roll the game back around a day and a half before the hack, meaning that many cities were saved but some will require manual restoration.
“Due to an issue in world saves, we haven’t been able to restore player cities as they should have been restored – that is, as they were ~30 minutes before the hack took place. Instead, we had to roll them back to the previous patch, i.e. as they were in the late evening (EU time) of November 17. This means player cities effectively suffered a rollback of 1.5 days, while the rest of player and world progress was untouched. We are aware this is an atypical response to the issue (the typical one would have been a full rollback), but we felt it was the right decision to minimize damage. Our GM team will help groups who have lost their city (or lost buildings within it) to reclaim it and rebuild it, including rebuilding player land parcels within the city.”
Gallelli further reports that the studio is working with security specialists to buff up the auth token system and backend; he ends by thanking players for their support – and for not review-bombing the game on Steam. A roadmap is on the way “in a couple of days,” he writes.