Jump to content
The Official QONQR Community Forums

Wave of hacking (Serious issue)

Recommended Posts

Hi everyone. (I did a copy past of my previous post. This forum is a ghost town)

During this night, we had 5 of our players in France who switched faction. When I say switched, they didnt by their own. They have been hack. If I'm correct 5 French players and one spanish player switched.

Please be aware of this hacking, it's not a joke, consider we have lost 230 M bots tonight. The drama is that : Qonqr is not secure. A Critic issue is discovered

Share this post

Link to post
Share on other sites

We are investigating this.

Here is what we know:

Several of the accounts used the same password.

Most of the accounts belonged to people who knew each other personally.

The accounts were all switched from the same IP Addresses.

The person who logged in, got into each account on the first attempt, so they knew the password for each account.

What you should know:

QONQR never stores passwords, not even in the logs.

Passwords are hashed (one way encrypted) and can never be decrypted

When you authenticate to our servers, we hash the password you gave us and compare it to the encrypted password in the database to see if they match.

Access to our database in the could is restricted tightly and we are confident no one breached the system.

What you should do:

Don't use the same password as other people you play with.

Don't share your password with anyone.

Share this post

Link to post
Share on other sites

Thanks for the detailed explanation on what happened.

Restoring hacked accounts was the only way of solving this problem.

Today is a sad day however... And I really wonder, and everyone should, what motivated someone to hack the game. Because IT IS ONLY A GAME! Or is it ? Probably not. Because many players are deeply involved in this game, people who learned to know each other and even met in real life after they met in the game.

We saw some players disappearing from the official leading board so it is obvious from this that these players are pointed out as the culprits.

I have an idea on their motivations but it will never be an excuse for hacking the game even if everyone here once thought about hacking enemy accounts to make them lost everything. Just because some players really come to hate other players from what they did or what they said or because paid players are pointed out as too powerful.

Silver, despite the awesome work and efforts you put in the game system, I really feel like there is a problem between paid and non paid players. I don't have any clue on this and I may be the only one in the world thinking like this and I also understand you have to live, earn money and pay your salaries, but I can't help but think there is a balance problem. And for sure, this has contributed if not 100% to the hacker(s) motivations, which again I do not approve or agree in any way.

Yes, today is a sad day for me ..

Share this post

Link to post
Share on other sites

There´s no excuse for hacking, but at the same time, I think I get why this happened. To me, this is the next stage of the hypercuber problem. Balancing paying and non-paying players is really hard, I get that, and I also get that you have every reason to be afraid to lose paying users who make your work possible with the money they spend.

And your balancing is already great, it works pretty good for usual players.

But as soon as someone is willing (and able) to spend lots of money at once, that balancing doesn´t work anymore, and it ruins the game for everyone in that area (e.g. DodgyArab in the UK, Buoyeros in France).

That´s good for you in short term planing, because you get lots of money at once, but bad for you in long term planing, since it makes every other player that might buy something quit until the game gets boring for the hypercuber.

Also, if you have passionate players in that area, they´ll feel like you don´t treat them fair, and as soon as that happens and you refuse to take action, attacks like this one are likeley to happen. I don´t say it´s okay, I´m saying that this might happen again, and the only way to stop it from happening is taking action to cap hypercubing at some point.

Of course, everything I´ve just written is just my opinion, feel free to correct me

Share this post

Link to post
Share on other sites


I can understand the reasons because of the cubing. In the meanwhile a anti-qubing attack was announced.

But I need to do a facepalm.

Lithagon. Who had made a illegal monitoring site, where all passwords can be retrieved in plain. So the passes. And SQL Injektion worked.

Bouyeros and all else. Using the same pass for the site/QONQR/GroupMe and sometimes even EMail.

The hacker. Thinking of some principles of games or such?

All. Read the Comics. Especially faceless. Faceless will blow up swarms headquarters. That ironic.

And now think of what would habe happened, if ll of ~80 accessible accounts would have been switched? And there were important. Like bouyeros, guldukat, demoniac, lithagon, etc. The info is abstrous. I could now walk to two people, and knock at theie door. RL Name.

Some good thing in the Portal wouldnbe an accessible login history.

Share this post

Link to post
Share on other sites

Devs, I habe to wonder ... how come that "(You) are still unsure how the person(s) responsible obtained the player passwords", yet, you decide to ban the player responsible for that? In a game were spying is an essential part of the game and traitors come in every colour and form, I don't see how a ban is the righteous thing to do, when first and foremost the players sharing their passwords are the truely unfair players here? If the account-switcher got his information from another player, which might have had access, how is that any different to any other game mechanic where using every possible information about your opponent in the end will be used?

The players sharing their passwords are clearly at fault here, not the one getting an opportunity presented on a silver platter. Weren't you as devs and judges going against account sharing as it's deemed unfair? and yet now you reward them by turning back the time after all their bots got destroyed by their very own fault? I call bullshit.

(clarification: I don't know any of the players involved, but I did lose qredits and some bots yesterday, after your badly thought out decisions)

Share this post

Link to post
Share on other sites

a sad wake up call about password security, please review Silver's advice about passwords, do not use the same for everything, in this case size matters

you don't like cubing? it's ok, but buy the bot regen and support the game, devs can only limit cubing if all players contribute to the game in a smaller scale.

my 2 cents.

Share this post

Link to post
Share on other sites

@Moonwarden, After 3 months of Qonqr I have a home in this game. I have friends, brother in arms. I won Atlantis once (and made good quedits out of it, thank you all FL for that). So I like the game and I commited yesterday not only to the bot regen but some upgrades too.

I figured this: In the old times, I spent 30 to 50$ every so often to get a new game. Why should this change ? No Pb, I have paid 35$ for Qonqr and if Qonqr keeps me busy I'll repay time to time.

But now I have in front of me a guy plus a suposed familly who spend more than 1000$/Y. This is not exageration. In a day I saw 100$ burning in nanos & refresh.

As a mater of fact my 35$ are nothing compared to this user andhis 20 (rough approx) multis. So what ? I have no chances. Should I contuinue or not ? What is the point ?

I'll continue but definitly a cap on cubes would tend toward a fair game. And if the cap does not happen I'll soon be fed up by money replacing strategy, Qubes replacing frendship...

Moonwarden, I've made a first step. Will Qonqr progress in this way also?

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now