In the MMORPG Naïca Online, passwords are stored insecurely and the developers apparently do not want to do anything about it.
What is Naïca Online? The MMORPG started its beta on November 10 on PC and Android. You take on the role of beast men, coexisting with humans. After creating a character, you explore the game world in pixel graphics, team up with other players, delve into dungeons, and fight monsters – including boss enemies.
The MMORPG is supposed to appeal mainly to fans of the 16-bit game era, like the SNES. Here’s what it looks like:
A Major Security Flaw in the MMORPG
What is the problem? Players have discovered that their password and the associated email address for the account in MMORPG Naïca Online are stored in plain text format. This means that users’ email addresses and passwords are not encrypted. Hackers could easily read and use them.
This becomes problematic especially when players use the same password in combination with that email address as a login for other online services or games. Hackers would then also have access to those services.
How long has the problem existed? The issue was identified during the alpha phase, which took place in the fall of 2020. It still exists in the beta phase, however.
What do the developers say about it? When the security flaw was reported in October 2020, the team responded:
The alpha is no longer relevant, so there is currently almost no interest in fixing the issues players found there. Wait for the open beta. We wouldn’t have the time to look into this anyway.
What is the situation now? During the beta, the problem still persists and there is no fix. This is probably because the developers have since abandoned their MMORPG. A few days ago, the team announced in the Discord channel that they are no longer working on Naïca Online and most of the staff had to leave the studio. Only 2 people are currently working there, and they have started a new project.
In the official Discord channel, moderators even punish hints about the security flaw with a warning. This was brought to attention by Reddit user gamingsec, who found these problems and informed the developers.
This is how the community reacts: The behavior of the developers is seen as irresponsible, and players are very upset.
- ANTI_D3_NECKBEARD says on reddit: ‘The MMORPG really has poor management. Thanks to the person who discovered the security flaw.’
- False-Adhesiveness writes (via reddit): ‘I wonder if this was all a scam or if the developers are just incompetent.’
- op_is_a_faglord expresses disappointment (via reddit): ‘This sounds really sad, but somehow it’s what I now expect from an indie MMORPG in early access.’
What do you think about this situation? Should the developers be obliged to fix such issues even for a discontinued game?
If you like MMORPGs with colorful graphics, check out the MeinMMO list of the 6 best anime MMORPGs.
