UPDATE: Since this story broke, Gameloft has released two official statements concerning Order & Chaos hacking. You can read them both in full below.
Gameloft has admitted to Pocket Gamer that a number of Order & Chaos Online players have had their accounts hacked, and that the company is looking into the cause for the security breaches in its MMORPG.
The exact number of victims is unknown at this time, although the official forums for the mobile publisher have been swamped with gamers complaining about others gaining access to their characters - both on mobiles and via Facebook.
I spoke to Gameloft digital marketing and community manager for UK & Ireland Callum Rowley about the Order & Chaos Online situation today during a visit to the company's offices in London, and was told that Gameloft is investigating the breach.
Sniffing out the problem
No further details, however, could be given at this time, and no ETA as to when it will be fixed has been announced.
One such (as yet unconfirmed) theory being discussed on the forums - and the most damning if true - focusses on the encryption of packets sent between players when trade or chat is initiated.
If true, it would only require a packet analyser (or ‘sniffer’), which is essentially a small piece of code that intercepts packets sent to a device or network, to snaffle the bits up for the offender to read the username and password from the resulting file.
The current security issues appear to only be affecting those Gameloft Live users playing Order & Chaos Online. Other games in the company's catalogue have not been reported as being affected.
Thanks to Joe for bringing this to our attention.
20/10/2011 - UPDATE #1: We've subsequently been contacted by Gameloft, who have issued the following official statement:
Gameloft Live web version had suffered from a security issue, and approximately 100 users saw their accounts impacted by this problem. Among those, there are players of Order & Chaos Online, whose accounts have been affected.
All users who have contacted us saw their account situation restored.
As less than 1% of Gameloft Live users accessed Gameloft Live through the web version, we decided to close the web version of Gameloft Live.
We’re taking this situation very seriously. It is a priority for us to keep players' data protected.
27/10/2011 - UPDATE #2: Gameloft has contacted Pocket Gamer again with a second statement concerning Order & Chaos account hacking:
Following the security issue on Order & Chaos over the past few days, we would like to invite you to read the following statement:
Security issues are a potential risk for all successful MMORPGs and our main priority is the safety of user accounts. In order to guarantee the protection of our users, we have submitted an update to Apple that will fix this issue.
We assure you that we will be able to recover all lost data. We recommend users send Customer Care their Gameloft LIVE! login, character names and the approximate date their data was lost. Customer Care can be reached at: OnlineGames.firstname.lastname@example.org
Any other additional details will accelerate the process of account restoration. Please note that it will take us a couple of days to restore Gold & Runes once we have received all necessary customer details.
As different articles have put forward rumours and speculation about the number of users affected, we’d like to be clear on this point: only 98 people have contacted us with this problem and our teams are working very hard to ensure that we recover any data that may have been lost.
For more details, please refer to our official statement and Q&A on the Order and Chaos forum: