Has it occurred to any of you that possibly a MWLB member/or GM who is related to all these hackings somehow got access to the database from within Nexon's headquarters while working there? The most penetrable aspect of computer security is from within, and not without. If -Hime- is so sure that it is not Nexon's security being bypassed, and assuming that she is speaking the un-ignorant truth, then it may very well point to the possibility of the security being infiltrated.
But then again, even with this theory, it can only go so far without evidence since we don't know how Nexon manages their in-company security. Are the database computers locked somewhere in the company? Do they require special admin priviledges that are only open to 1 person? How about GMs? They will never ask for our passwords. Why? Because they have access to foresee all that is about our account? Could it be possible that one GM slipped up and didn't lock his/her screen during a bathroom/lunch break and someone took that chance and stole some information? That person may also very well be connected to some other players? Possible, no?
When they hired the MWLB, for sure, it was from the player base itself. How certain are they that these players aren't after something else? How certain are they and what precautions have they taken to ensure that those players, upon joining the MWLB, will have no possible dealings with such data? And mind you, MWLB must be local to work in Nexon's offices. So it's not just a remote job.
As for GMs, there is no real possible conviction against any GM that verifies that s/he has no affiliation with the database outside of the work place. i.e. if a GM can view player info and have access, there is no real guarantee at all that the GM will not reveal/sell that info.
Anyway, hopefully this post raises more thoughts on this issue than just SQL injections, hash-table key collissions, and other sorts of concrete system bypasses.
But then again, even with this theory, it can only go so far without evidence since we don't know how Nexon manages their in-company security. Are the database computers locked somewhere in the company? Do they require special admin priviledges that are only open to 1 person? How about GMs? They will never ask for our passwords. Why? Because they have access to foresee all that is about our account? Could it be possible that one GM slipped up and didn't lock his/her screen during a bathroom/lunch break and someone took that chance and stole some information? That person may also very well be connected to some other players? Possible, no?
When they hired the MWLB, for sure, it was from the player base itself. How certain are they that these players aren't after something else? How certain are they and what precautions have they taken to ensure that those players, upon joining the MWLB, will have no possible dealings with such data? And mind you, MWLB must be local to work in Nexon's offices. So it's not just a remote job.
As for GMs, there is no real possible conviction against any GM that verifies that s/he has no affiliation with the database outside of the work place. i.e. if a GM can view player info and have access, there is no real guarantee at all that the GM will not reveal/sell that info.
Anyway, hopefully this post raises more thoughts on this issue than just SQL injections, hash-table key collissions, and other sorts of concrete system bypasses.

