Silkroad Online Forums

If you have a stall in Hotan selling item, global chat, reverse scroll...
You might be the next on their list.
Stall in Hotan on the following servers got hacked in the past few weeks.
Azteca, Eos, Mena, Mercury, Oasis, Olympus, 2xTibet, Venus, Xian

Do not WAIT any longer, CHANGE YOUR PASSWORD IMMEDIATELY!

Over the past few months, many user have started thread related to database leaks.
I use accounts on each server to record stats on rev6, those account are level 1, naked, useless account...
10 of the 48 accounts I have got hacked in the past few week, which 6 of them got hacked this week ALONE!

If you have a stall in hotan in those town:
Mercury, Oasis, Olympus, 2xTibet, Venus, Xian
Odds are the hacker emptied your account, or logged your account and will hack your account RIGHT before or after this inspection.
Change your password now if you are in those server. Keep reading for more information.

I have personally forwarded the information to Joymax.
Though, I believe again, that I am being ignored.
Time to make this subject public.

Is there a Database Leak: Yes
Can you prove it: Yes

In the past 3 months, due to multiple complaints from users, we at rev6 started a new program to have a dedicated player login on every ISRO server on Silkroad Online. Thus for the past 3 months, there hasn't be any or rarely any unique kill that was missed, and the new Global Chat section rarely miss recording any global chat.

How did we manage to do such a thing?
We have 48 accounts which login to Silkroad after each Server inspection and stay online 24/7 recording all the statistic.
In the past 3 weeks, there was a total of 10/48 accounts which we use that have been hacked.

First I will go in detail about what account I used.
Due to my laziness, I didn't felt like creating 48 accounts.
We released publicly in the past a list of 40,000 Silkroad account created in 2006 using the password 123456. Those are super old unused account created by random player all around the world.

So we took the courtesy to use those account, created a new player for each server in early January 2012. Everything was running smoothly up until the beginning of February. In the past 3 weeks, there was 4 accounts which got a password change from 123456 to something else. Weird... Maybe the account wasn't inactive, thus I though.

This week alone, past 4 days, there are 6 accounts that got a password change. Now that wasn't just weird, but suspicious.
Those account contain a level 1 player to record stats for rev6, they are useless account but are setup near the Global chat/reverse scroll Silk seller stall in Hotan (figured recently that the account got hacked because the hacker is attacking every stall in Hotan now)

I started analyzing all the account that got their password change and realized something.
The 10 accounts that got a password change do not have any e-mail confirmed but still use the secret answer method.
The accounts where created in 2006 and have no silk on them and most of them have no players or a player lv1-30 range and the account was abandoned.

How can someone be able to change the password of 6 accounts in 1 week? or 10 accounts in 3 weeks?

There is 2 theories:
#1 - The player who created the account in 2006 realized that someone logged on he's account and he used he's secret answer to change the password.
#2 - There a database leak (SQL Injection most likely live still happening now as you read this).

Please note, the account was created in 2006.
There is no player on those account higher than level 30.
The account has been dead for 5 years
Nobody should know the secret answer on those account, even those that created the account must of forgotten the secret answer by then.
Nobody should be able to know the account name just by looking at a level 1 player in hotan.

Now the question is Why would someone hack a level 1 player standing still in Hotan inside the following servers:
Azteca, Eos, Mena, Mercury, Oasis, Olympus, 2xTibet, Venus, Xian

Those server are at HIGH risk of player being hacked.
Thus the question, why would a level 1 standing in a crowd of stall selling global chat and reverse scroll get hacked?
The hacker has targeted high level on lots of servers and is now targeting Silk seller and stall in Hotan.
Odds are if you have a stall char, you have lots of gold/silk.

So basically by looking at a level 1 stall with a random name.
The hacker is able to obtain the following information:

Account Name
MD5(Password) Hash
E-mail address
Secret Answer

In my case, he changed the password as my accounts where logged 24/7 and auto re-log in the server on disconnect.
But he was able to get the account name and secret answer, the only thing that truly confirm that it a database leak.
Is that the hacker was able to get the Secret answer.

Thus if your account isn't email protected.
The hacker can just use your secret answer and change your password.
Then he can hack your account and empty it or create an email and steal your account forever.

If your account is e-mail protected, your only line of defense stand in your Password MD5 HASH
When you send a password to joymax, they apply the famous MD5 algorithm without any SALT to protect your password.
If Joymax would of used a SALT to secure your password, your account would of been safe from a database exploit.

The only way you can protect your account at this point is by the following:
Change your password into a 10-16 characters password using lower case, upper case, numbers and symbol inside your password.
If you want to be truly secure, use one of the following symbol in your password: ,./;'[]\<>?:"{}|
There exist a lot of database and website dedicated to reverse MD5 password that do not use SALT.
Most database reverse password using symbol such as: !@#$%^&*()-=_+

At this point of time, blocking the best player stats or any type of Rev6 stats page would be meaningless.
If anyone know anything about how or where the exploit is executed, please come forward.

We forward the issue 24h ago to Joymax, we believe that they will maybe fix the issue.
But we fear that when they do find and fix the issue, they won't let anyone know about it.
Thus, until Joymax claim that the issue is fixed, your Silkroad Account on Silkroad or Silkroad-R security is compromised.

It is your choice to trust or not what I'm saying.
Due to the increase of player complaints I have released a prevention method on if a database leak existed.
Now this exploit confirm that the database leak DOES exist.

Hacker was able to obtain the secret answer of 6 accounts within 5 days and change their password.
For those that believe Joymax will do a rollback, there has been worst exploit made public that Joymax refused to acknowledge that existed and refused to do any rollback.

If you have any information related to people that have talked related to this exploit.
Please come forward as soon as possible.
I am currently doing an investigation to figure out where the exploit is coming from.
I suspect a SQL injection Read-Only on a Joymax page.

Thus any help related this matter would be GREATLY appreciated.
This exploits has existed for too long, iSro server are taking huge damage due to that exploit.
I believe iSro server will die and SroR will be targeted next.

Please ASK EVERYONE TO SECURE AND CHANGE THEIR ACCOUNT Password! THIS IS A TOP PRIORITY

123456 isn't particularly secure....

Nobody should know the secret answer on those account, even those that created the account must of forgotten the secret answer by then.

123456 was my SRF password for 4 years lol.

I didn't forget mine.

If someone created an account, it's his property.

It is JoyMax's property actually.