While their game and some other behavior, including their communication, still seems to be utterly shit, I think it's just fair to hear out the other side and also point out some weird behavior from the OP of the thread with the original security breach claims.
Here is Naica Online's statement on their Discord:
Seeing that the mods here also removed their warning post, I guess they were slightly trigger happy on that warning and didn't fully verify the claims.
Personal TL;DR after reading following all this and also following their Discord since yesterday:
Anti-cheat was non existent in Naica Online, so yes, plenty of exploits – not uncommon for plenty of indie titles like this though
OP of the original post likely did make up the part of being able to receive account credentials
It seems more like that OP just used data of data breaches of other services/games and those users just re-used these email / password combinations. "Hackers" trying to do that (creating a false narrative of a new leak by just using data of older breaches) is unfortunately pretty common.
Now Naica still made the mistake to not have enough/any restrictions on login attempts. That's still pretty bad, but of course nowhere near as bad as a full breach and passwords saved in plain text. They also said that they fixed that, not sure if that happened now or sometime during these 6 months.
Now more about "gamingsec".
As somebody also following some infosec topics, I originally found some of the answers of "gamingsec" aka "SEO" in his thread a little bit suspicious and then joined the Naica Discord yesterday, to see some more interesting behavior:
- "gamingsec" said hey weren't willing to share it with any other journalists (or anybody else) but MassivelyOP because
"Common sense would dictate that journalists will do anything for a scoop, so they could be lying." and
" Again, journalists lie plenty." – That's an incredible weird stance to have as a ethical white-hat hacker with journalists playing a major part in publishing & verifying in a majority of data breaches.
- MassivelyOP never confirmed/verified the data breach
nor wrote about it,
yet he claims MMOBomb copied their article about this potential breach from MassivelyOP (?) – MMOBomb seemingly just referred to his thread. (Also not greatest journalism there.)
- When a Naica dev dropped into the discussion yesterday for a first casual denial, they got suspiciously quiet about and since then did not follow up on anything.
- Naica still bad but likely no breach of credentials via "gamingsec" and also likely no plain text password storage
- Best case "gamingsec" likely was just a little overzealous and maybe young, worst case they tried to spin a false narrative around a data breach and passwords saved in plain text
Disclaimer: Not affiliated with any of the mentioned parties.
Source: Original link
© Post "Naïca Online (Naica Online) Issued a Statement, Denying That Were Was a Breach of Account Credentials And That They Stored Passwords in Plain Text" for game Gaming News.
Top 10 Most Anticipated Video Games of 2020
2020 will have something to satisfy classic and modern gamers alike. To be eligible for the list, the game must be confirmed for 2020, or there should be good reason to expect its release in that year. Therefore, upcoming games with a mere announcement and no discernible release date will not be included.
Top 15 NEW Games of 2020 [FIRST HALF]
2020 has a ton to look forward to...in the video gaming world. Here are fifteen games we're looking forward to in the first half of 2020.