At around 5AM last night, I detected an attempted attack on the server database. Looking into this issue, I found a potential exploit that may have been used to gain unauthorized read-only access to the database, including potential access to customer information. This bug was fixed by approximately 6AM.
First, I would like to sincerely apologize for this incident. While I did not write the original code involved, I take full responsibility for the issue and feel terrible that I did not spot it previously.
The database contains the following sensitive information: username, e-mail (if provided), hashed password (not stored in plaintext), IP address. For a very small number of users (<30) that have provided it, the database also contains their real name (if provided), mailing address (if provided), as well as a "credit card description" if you opted for the site to remember your credit card. This does NOT contain your full credit card number, but does contain the type of card, the last four digits, and the expiry date.
Although the password is hashed, if you use the same password at other sites, I recommend you change those at this time.
Again, I do not know for sure that any information was actually leaked, however, out of an abundance of caution I am planning to do a database rollback and then reset all account passwords of users who have an e-mail address on file.
Since full credit card numbers were not leaked, it is unlikely you will need to contact any credit monitoring agencies. However, here is their contact information should you wish to do so:
- Experian: 888-397-3742; www.experian.com; P.O. Box 9532, Allen, TX 75013
- Equifax: 800-525-6285; www.equifax.com; P.O. Box 740241, Atlanta, GA 30374-0241
- TransUnion: 800-680-7289; www.transunion.com; Fraud Victim Assistance Division,
P.O. Box 6790, Fullerton, CA 92834-6790
My sincere apologies again, and I will keep you posted on this process.
UPDATE: The database has been rolled back to the previous day's backup (1/19). All accounts with a valid e-mail have had their passwords invalidated, please reset your password. If you previously logged in via Steam or Kongregate, you should be able to continue logging in that way, however you should still reset your 8BitMMO password.
This does not affect your Steam/Kongregate passwords (unless you used the same password at both sites). If you used the same password on the 8BitMMO forums or Wikia, you should change those passwords as well.
UPDATE 2: E-mails are now going out about this, however, it may take a while for all the e-mails to make it out of the system.
I've been meaning to get March of Industry running on mobile for a long while now, and so I've been spending a little bit of time here and there to make it happen. It's finally ready to share, so you can now play it on your Android phones & tablets (I don't have an iPhone, so no iOS version. Sorry.)
The mobile version is the same as the PC version, but with touch controls. It even uses the same account system as PC version, so your save files will automatically sync between mobile and PC. It fully supports blueprint modding, translations, and GIF captures also.
I am giving the Android version out free to anyone who bought either the PC MarchOfIndustry.com (Stripe) or Steam copies of the game. (This includes Steam codes given out as Novemberbit rewards). Just go to this page to download the APK.
And if you didn't, then FYI it's unreasonably cheap in Google Play. 😛
At 3PM Pacific, we'll be celebrating our official 1.0 launch! But it hasn't been quick to get here. 8BitMMO's development originally started in 2001, and had a great many rewrites in the intervening fourteen years.
Over the years, I have saved screenshots of what the project looked like. I've also provided below some insights as to my thought process and other stuff going on in my life. This post ended up being far more personal than I intended, but maybe it'll end up being useful to someone out there. Indie dev isn't an easy road. I've had great victories and bad times both. So ready your modems, because this post is gonna be long.
If you bought the Second Pocket Universe / Town Expansion tier during Octoberbit and filled out the survey, those have now been delivered / expanded. If you didn't fill out the survey yet, please do.
Have been expanded, enjoy!
Second Pocket Universes
You can get a list of your pocket universes with /listpockets, it will show a map id for each pocket you own.
You can then teleport to each pocket with /telepocket <map id>, ie: /telepocket 123456
In your inventory, you will find a brand new Townstone. Place that in your pocket where you like, then return to the survey. On the main page, there is a new reward option: "Second PU - I received it and placed TS, now ready for expand." Submit that to notify me that you are ready for the town expansion to 5x5.
Well, I'm off to the Game Developer's Conference all next week to do Business. Before I go, I'll leave you with two teasers.
1) Autocap v2 is the new map system. Unlike autocap v1, now it will be fully automated, and with any luck, the map should update by itself roughly once a week (instead of once per six months :P). Kartud has been working hard on this, and we hope to have something running by the end of next next week.
2) I've been working on a new weapon, the Laser Rifle. It will have a range and hit effect like the laser turret (and I may be balancing upwards the laser turret's damage too). To balance out its range and firepower, it will have a reload sequence between shots -- so make each one count.
Just got my Intel Steam Machine earlier today, played around with it a bit and got a SUPER early test build of 8BitMMO running on the hardware! Check it out! 😀
Special thanks to Tom Miller / Honin Myo Audio for music used in this video!
* Into The Wilderness
* Grassy Meadow