Here's an update to my earlier post about the Mario Super Sluggers online card collecting game that Nintendo is doing as part of the launch of the new Wii video game.
It seems that three weeks into the game, people have started to discover that the website where you save the cards you found online is not as secure as Nintendo would like us to believe. It seems that it is relatively easy for a user to use another member's screenname and use the "forgot my password" function to easily retrieve what is supposed to be secure password information.
Don't believe me? Try it for yourself -- I created a new dummy account TIHSLLUB. You don't even have to know the answer to the hint question it asks because all you need to do is leave it blank and hit enter. Faster than you can say WTF it reveals your password, granting access to anyone trying to "hack into" your account to steal your precious "Toadsworth" card.
This information came to light on Tuesday when someone posting under the name of "sundryreyes" on the Gamespot.com forums foolishly revealed that he had a "secret" to getting cards. After a little baiting back and forth, I got the answer out of him and his secret was the method described above. Its not really a secret but rather a HUGE security flaw on the part of whoever designed that subsite for Nintendo.
Up until it was revealed on Tuesday night, I was enjoying the online fun of trying to find the cards, but now it just seems so pointless to find more since anyone can access my account by using the password retrieval method described earlier. I hope the moderator of the website forums sees what is going on and takes action as soon as possible.
I find it amusing though that Nintendo would use such cheap methods to ensure user account safety. The "hack" was so simple, even a child could do it.
I bet you thought I was going to say "caveman", didn't you?
2:00 PM ET -- It seems that the moderators of the website have finally caught on and put a stop to the shenanigans going on with the stolen login information. If they had a better system to begin with, none of this would have happened.
It seems that three weeks into the game, people have started to discover that the website where you save the cards you found online is not as secure as Nintendo would like us to believe. It seems that it is relatively easy for a user to use another member's screenname and use the "forgot my password" function to easily retrieve what is supposed to be secure password information.
Don't believe me? Try it for yourself -- I created a new dummy account TIHSLLUB. You don't even have to know the answer to the hint question it asks because all you need to do is leave it blank and hit enter. Faster than you can say WTF it reveals your password, granting access to anyone trying to "hack into" your account to steal your precious "Toadsworth" card.
This information came to light on Tuesday when someone posting under the name of "sundryreyes" on the Gamespot.com forums foolishly revealed that he had a "secret" to getting cards. After a little baiting back and forth, I got the answer out of him and his secret was the method described above. Its not really a secret but rather a HUGE security flaw on the part of whoever designed that subsite for Nintendo.
Up until it was revealed on Tuesday night, I was enjoying the online fun of trying to find the cards, but now it just seems so pointless to find more since anyone can access my account by using the password retrieval method described earlier. I hope the moderator of the website forums sees what is going on and takes action as soon as possible.
I find it amusing though that Nintendo would use such cheap methods to ensure user account safety. The "hack" was so simple, even a child could do it.
I bet you thought I was going to say "caveman", didn't you?
2:00 PM ET -- It seems that the moderators of the website have finally caught on and put a stop to the shenanigans going on with the stolen login information. If they had a better system to begin with, none of this would have happened.
No comments:
Post a Comment