An Update On Token Exploits *Updated (12/15/15)

David [Hi-Fi] Moore

Stax the Foyer wrote:

"David wrote:

Moore"]• We manually roll back exploiter's accounts - meaning they can lose months of progress, including anything they gained fairly.

If so, this means that they were allowed to play with exploited rosters for months.

No. It means their accounts are rolled back to a full and accurate save file. Which can be weeks or months back.

woopie

"David wrote:

Moore"]

Stax the Foyer wrote:

"David wrote:

Moore"]• We manually roll back exploiter's accounts - meaning they can lose months of progress, including anything they gained fairly.

If so, this means that they were allowed to play with exploited rosters for months.

No. It means their accounts are rolled back to a full and accurate save file. Which can be weeks or months back.

The comment was referencing the time it took to finally catch and roll back the accounts of the cheaters. By stating that the roll back could be weeks or months back, you're confirming that the honest players had to deal with cheating players for quite some time before they were punished.

orionpeace

"David wrote:

Moore"]

Stax the Foyer wrote:

"David wrote:

Moore"]• We manually roll back exploiter's accounts - meaning they can lose months of progress, including anything they gained fairly.

If so, this means that they were allowed to play with exploited rosters for months.

No. It means their accounts are rolled back to a full and accurate save file. Which can be weeks or months back.

Whether you rolled the account back to previous state is irrelevant to the duration they were able to use covers obtained through cheating. Which was his point.

You may take away all their progress over a 2 month period, but during those 2 months they were actively competing in Events and displacing other non-cheating players.

rbdragon

"David wrote:

Moore"]...

4. While we thank all of you for playing fairly and by the rules, we are not currently considering compensation for the great majority of the community who have refrained from cheating.

...

Cheaters are not allowed to keep anything gained from exploiting or cheating. Their accounts are either removed from the game completely or rolled back to a point before cheating occurred - which includes removal of any items gained by exploiting/cheating.

It's great that cheaters don't get to keep their ill-gotten gains, and I agree that compensation is not necessary for players simply because they played by the rules.

HOWEVER...

There are a couple things here that is simply not being taken into consideration:

How many players lost out on more rewards that they should have received because they placed behind players that had "unbeatable" rosters via cheating? How many players lost points in PVP to cheaters? How much ill will does the collective group of players have towards this game given how this all looks (Perception is reality after all)?

Rolling back accounts is absolutely the right thing. But gifting everyone a little something just to say sorry we allowed this to go on for so long could go a long way. It's not like it costs you anything, and in the long run, could gain you a lot.

XandorXerxes

woopie wrote:

"David wrote:

Moore"]

Stax the Foyer wrote:

"David wrote:

Moore"]• We manually roll back exploiter's accounts - meaning they can lose months of progress, including anything they gained fairly.

If so, this means that they were allowed to play with exploited rosters for months.

No. It means their accounts are rolled back to a full and accurate save file. Which can be weeks or months back.

The comment was referencing the time it took to finally catch and roll back the accounts of the cheaters. By stating that the roll back could be weeks or months back, you're confirming that the honest players had to deal with cheating players for quite some time before they were punished.

Guys - if I cheated yesterday, but my previous account only has a "full and accurate save file" that was created 3 months ago, I lose three months of progress.

I assume incremental updates are performed fairly regularly (though not immediately after opening a token apparently), but full/verified backups are only performed on weekly or longer intervals (the response indicates potentially a few months). So every event / 10 minutes / whatnot my game backs up incremental changes, and every few months the devs copy the entire profiles. They're loading the last full profiles, not the incremental changes.

Stax the Foyer

"David wrote:

Moore"]

Stax the Foyer wrote:

"David wrote:

Moore"]• We manually roll back exploiter's accounts - meaning they can lose months of progress, including anything they gained fairly.

If so, this means that they were allowed to play with exploited rosters for months.

No. It means their accounts are rolled back to a full and accurate save file. Which can be weeks or months back.

Thank you for the clarification.

Moon Roach

The mention of "full and accurate save file" is interesting, from a technical viewpoint. What prompts the taking of roster backups, how frequently, and how long are they kept?

Or is this a reference to a database backup, you have to restore a 100 PB backup from months ago just to check on one guy's roster.

I wonder what happens if there's no save file from before the cheating occurred. If that's even possible.

I also wonder what kind of transactional information is retained, that would indicate that cheating has been taking place, and would allow the pinpointing of when it started.

David [Hi-Fi] Moore

RWTDBurn wrote:

Sorry, but it's hard for us to believe this when this exploit has been known about and in the wild for 2 years now and you haven't fixed it. Ignoring an exploit for 2 years is the very definition of looking the other way.

Deep breaths please. Lots of paranoia and misinformation going around.

Every online game in existence has a small percentage of players seeking to exploit. We have always monitored cheating and removed the offenders. Procedure is no different here.

Demiurge are continually looking at ways to fix exploits and are actively investigating the best way to fix this particular exploit. It is an ongoing, challenging task. By its very nature (again, "online game") it's difficult to fix everything in an absolute manner. And we've always been able to catch and remove offenders. This continues - and will continue.

Our policy (and you'll find this to be common among tech & game companies) is not to actively discuss exploiting and cheating methods as this can lead to further exploiting. So, while we are trying to communicate and provide clarity, some things are likely going to remain unsaid.

Mawtful

XandorXerxes wrote:

Guys - if I cheated yesterday, but my previous account only has a "full and accurate save file" that was created 3 months ago, I lose three months of progress.

I assume incremental updates are performed fairly regularly (though not immediately after opening a token apparently), but full/verified backups are only performed on weekly or longer intervals (the response indicates potentially a few months). So every event / 10 minutes / whatnot my game backs up incremental changes, and every few months the devs copy the entire profiles. They're loading the last full profiles, not the incremental changes.

It's hard to say, because the announcement is worded like the sandboxing hadn't happened yet - which would be giving cheaters a heads up and that's silly. However, I'm almost certain that Demiurge didn't execute their plan first - otherwise we would have had rumours going around the forum of people suddenly being sandboxed out of alliances.

So Demiurge's record of my account may be a few months old, but I've linked to FB and I've had to restore from there a few times in the past and never lost any progress, so can I assume that it's backing up regularly.

What's stopping cheaters from deleting their app, reinstalling, and then grabbing the back up off FB? Should maybe take 30 minutes to get through that awful first time user experience and then they're back in the game.

Should have been like Ozymandias - you only get to monologue if there's no chance for your plans to be disrupted.

evil panda

David, I appreciate the continued dialogue. Since I was one of those who raised the integrity challenge a few pages back, I feel that I owe you a response.

This last message was, honestly, a lot better in the sense that you've come out there and said D3 will never tolerate cheating of any form. This is exactly what your customers needs to hear. Backed up by subsequent action, of course. If your company's top priority is severely punishing these cheaters and closing this exploit - and you guys follow through - then I think it will all be fine.

The first message really sounded like there was an opportunity for high spender shenanigans. I don't want to pile on any further, but hopefully a lesson learned.

atomzed

Mawtful wrote:

What's stopping cheaters from deleting their app, reinstalling, and then grabbing the back up off FB? Should maybe take 30 minutes to get through that awful first time user experience and then they're back in the game.

Because D3 would know that the player already cheated, and will just roll back the person?

Guys, (not just at you mawt), I can understand there's a lot of paranoia and rightly so due to the severity of the exploit.

D3 had made a statement about their stand...if you don't trust what d3 said, then there's nothing much else they can do. No matter the level of details they provide, it won't work as you no longer trust them.

Might as well quit the game.

Unknown

In light of further responses, I have taken down my previous comments.

I hope this gets resolved to everyone's satisfaction.

Good luck everyone.

Dayv

Moon Roach wrote:

The mention of "full and accurate save file" is interesting, from a technical viewpoint. What prompts the taking of roster backups, how frequently, and how long are they kept?

Or is this a reference to a database backup, you have to restore a 100 PB backup from months ago just to check on one guy's roster.

I wonder what happens if there's no save file from before the cheating occurred. If that's even possible.

I also wonder what kind of transactional information is retained, that would indicate that cheating has been taking place, and would allow the pinpointing of when it started.

This kind of information would be interesting, but it also falls into the category of stuff that they probably won't share because it could inform crafty-yet-dishonest players of new directions to look for exploits.

Pylgrim

The further clarifications have helped, thank you.

I have come to appreciate the attempt at transparency of announcing the whole issue. Perhaps not saying anything publicly and just going ahead with the sandboxings and roll-backs would have spared them this much drama? The only people who'd noticed and be affected by it, then, would have been the cheaters, so if they came to post complaining about it, they'd basically be outing themselves as cheaters. D3, then, would have been seen as proactively dealing with them, as opposed to the perceived impression of being late and insufficient. Maybe next time act first, then reveal what you've done?

Nevertheless, the damage is done, sadly. If you have been paying attention to my posts for the past two years you've surely seen that I've never been one to ask for compensation about anything. However, I think if there was a time and a place for compensations, it is now. Don't see it as "rewarding honesty" which, I agree, is silly. Good, lawful behaviour is the lowest bar expected and deserves no further reward. Rather, see it as a PR a move to regain the trust and goodwill of your players, which it's at a critical low. See it as a true compensation to all the people who, unknowingly, received fewer or lesser rewards because cheaters took the top ones with their unfair advantage.

donietsche

RWTDBurn wrote:

there is an alliance that fell out of the top 10 for the season likely due to a member or two being sandboxed or rolled back. On their current roster there is a member that appears to have a slightly different name that has 6 fully covered 5*s (4 are fully maxed) with at least one of each of the 2 others that he/she is working on. In the past I would have thought he was just one of those ultra rare whales as most games have a few of them. Now my first instinct is that he's cheating. You have lost my trust because the integrity of the games is not intact. So this person is either cheating and still in the game or even worse, has spent ton of real world money that has helped keep this game alive and well but will likely be viewed and accused of cheating by most of the player base because of how poorly you've handled the exploit and the cheaters caught using it. That is the reality of the situation.

the alliance you are "mentioning" felt off t10 simply because its members don't care (and never cared) about chasing season placement only for placement's sake.

I believe they welcome other teams to do so if that's their goal or idea of "fun".

Check the name of the players: they are the same since the beginning of the season, and their rosters are the very same as well (actually they improved).

The person you're referring to is one of the few 100% legit whales in the game. You may like it or not, but he totally earned his roster, both as a paying customer AND as a player.

He already took shots in the past for no reason at all (in the early days of 5* rosters), and I find grotesque that now he's once again the object of malicious remarks. Because, as I said, he definitely earned every single cover in his roster.

Lystrata

I've refrained from posting for a while, because... I am at a loss for words. Torn. Cannot decide if this is pitchfork worthy, or the most hilarious PR nightmare I've seen in a while.

I stopped financially supporting MPQ months and months ago, due to a particularly off-putting encounter with customer 'service'. I have been grateful many times since then that I no longer sink money into this product... but none moreso than right now.

You have cheaters.
You know about these cheaters.
They plausibly did IG harm to fair-playing people.
They have definitely done harm, going forward, to fair-paying whales, who will now all be looked at through a lens of suspicion. (Frankly, I think these people have more reason to be tinykittied off than the rest of us, as they'll be the ones that suffer the most once the dust settles.)
Yet... these cheaters can expect little more than a rollback and a slap on the wrist, because they gave you money at some point.

And you think you can legitimately say this game's integrity remains in tact?

Mind blown. Torn. Outrage, or hilarity. Cannot decide.

KingDreadnaught

RWTDBurn wrote:

For example (and I will not include any names), there is an alliance that fell out of the top 10 for the season likely due to a member or two being sandboxed or rolled back. On their current roster there is a member that appears to have a slightly different name that has 6 fully covered 5*s (4 are fully maxed) with at least one of each of the 2 others that he/she is working on. In the past I would have thought he was just one of those ultra rare whales as most games have a few of them. Now my first instinct is that he's cheating. You have lost my trust because the integrity of the games is not intact. So this person is either cheating and still in the game or even worse, has spent ton of real world money that has helped keep this game alive and well but will likely be viewed and accused of cheating by most of the player base because of how poorly you've handled the exploit and the cheaters caught using it. That is the reality of the situation.

The one and only that has fully covered 5*s would be Me at this point. I do not mind to clarify if that referred directly to me and my alliance.
I'll make my final word here, I do not care whoever on this game think I'm a cheater or used any type of glitches to achieve my roster.
1. I spent more than enough to built my roster.
2. None of any member in my alliance have ever done such glitches or cheated to achieve their rosters.
3. I believe if D3 has to "hesitate" due to my high amount of spending, to sandbox me execute me, I will say it to D3 right here, DO SANDBOX me if you found me as a cheater or have done this token exploits glitch thing.
4. I really would like to see the list of the cheaters posted by D3 to clarify to the entire MPQ members here who are legit or who deserve to be executed. I have lost a lot of faith in my other "friends" outside of my alliance that I eventually found out they were not legit as I thought.
5. For all who has doubt in me, us my alliance, keep eyes on us. If any of us get sandboxed or disappear permanently from alliance(not switching alliances on several reasons or purposes for couple of days),You can go celebrate. However, I doubt that's going to happen.
6. As myself with a strong roster which I am proud, I would like to make one and only chance to all who witness this to contact me directly to make peace not war. For whoever I sniped, if you seek peace, let me know and I'll avoid if I could.

My apology for this long response. I am sick and tired of gossips, rumours or any accusation. If I am not legit and cheated my way up to today, Sandbox me, right here right now.

Goodluck to you all,
KingDreadnaught.

GritsNGravy

This sucks and makes me question every person I see with a high level roster now... something more needs to be done with this. Is the exploit even fixed yet? If not it just seems like every "whale" is potentially a new account that you haven't gotten around to banning yet...

Eddiemon

GritsNGravy wrote:

This sucks and makes me question every person I see with a high level roster now... something more needs to be done with this. Is the exploit even fixed yet? If not it just seems like every "whale" is potentially a new account that you haven't gotten around to banning yet...

I just question everyone who has a blue surfer cover cause that's the one I need to make him usable.

Moon Roach

DayvBang wrote:

Moon Roach wrote:

The mention of "full and accurate save file" is interesting, from a technical viewpoint. What prompts the taking of roster backups, how frequently, and how long are they kept?

Or is this a reference to a database backup, you have to restore a 100 PB backup from months ago just to check on one guy's roster.

I wonder what happens if there's no save file from before the cheating occurred. If that's even possible.

I also wonder what kind of transactional information is retained, that would indicate that cheating has been taking place, and would allow the pinpointing of when it started.

This kind of information would be interesting, but it also falls into the category of stuff that they probably won't share because it could inform crafty-yet-dishonest players of new directions to look for exploits.

Yeah, agreed.

When I see stuff like this, I start wondering how they do it and how I would do it. The outrage takes a poor second place. Sometimes I think I don't fit in here. (which is as close as I can find to "rueful smile")