3.4.5c Patch Notes

Improved realm infrastructure in preparation for 3.5.0 launch.

At 6:53pm on November 26 (New Zealand time), we deployed this 3.4.5c patch and it contained a significant bug. Due to a typo in a database key comparison function, if two users returned to the character selection screen at exactly the same time, there was a chance that one person was logged into the other's account.



This was not apparent to us during testing because it requires a lot of players to be online before it occurs. Upon it being reported, we took the realm down at 8:26pm and restored the old version that did not have this problem.



417 players had their accounts accessed by another user. Of those, only 150 actually tried to log into a character. Most of these either logged out within a few seconds or were kicked off as the owner logged in again immediately.



No personally identifiable information or payment information could have been leaked during this process.



So far, we have banned four users (and some associated friends) who stole items from or vandalised accounts they accessed. Because this problem was entirely our fault and not due to poor security by the affected users, we have decided that we will attempt to restore lost items. This process may take us a while because we don't have item restoration tools yet and release is in a week.



We are very sorry about both the problem occurring and our slowness with this reply. We wanted to make sure we had full and correct information before posting.



The version of this patch we are redeploying today does not contain the same problem and has additional precautions to prevent anything like this occurring in the future. At 6:53pm on November 26 (New Zealand time), we deployed this 3.4.5c patch and it contained a significant bug. Due to a typo in a database key comparison function, if two users returned to the character selection screen at exactly the same time, there was a chance that one person was logged into the other's account.This was not apparent to us during testing because it requires a lot of players to be online before it occurs. Upon it being reported, we took the realm down at 8:26pm and restored the old version that did not have this problem.417 players had their accounts accessed by another user. Of those, only 150 actually tried to log into a character. Most of these either logged out within a few seconds or were kicked off as the owner logged in again immediately.No personally identifiable information or payment information could have been leaked during this process.So far, we have banned four users (and some associated friends) who stole items from or vandalised accounts they accessed. Because this problem was entirely our fault and not due to poor security by the affected users, we have decided that we will attempt to restore lost items. This process may take us a while because we don't have item restoration tools yet and release is in a week.We are very sorry about both the problem occurring and our slowness with this reply. We wanted to make sure we had full and correct information before posting.The version of this patch we are redeploying today does not contain the same problem and has additional precautions to prevent anything like this occurring in the future. YouTube |

Lead Developer. Follow us on: Twitter Facebook | Contact Support if you need help! Last bumped on Dec 8, 2018, 4:27:19 AM

Posted by

Chris

on Grinding Gear Games on