Comment

Comment on Rainbow Six Siege ravaged by massive server breach that gave its players billions of paid currency for free

pirateKaiser@sh.itjust.works ⁨19⁩ ⁨hours⁩ ago

Wow didn’t have the same problem. In 2006 you didn’t have instant microtransactions, which in turn unlock in game currency, which then can be spent. This is a chain of events which would normally be handled by an event database if it were to be made easy to roll back. You can imagine it working much like a ctrl+z undo, it’s a stack of events which is deterministic and can be played back, forward or from a specific time. In theory you would identify the malicious transactions, roll back the actual database and then replay without them. Why they don’t do it? This is an incredible amount of overhead engineering with no value to be sold to the VPs of the company/project leads. It’s basically insurance for an edge case. It would also cost them much more money/server resources in addition to the traditional database they also have to run in parallel for all other functionality. It’s such a hard sell for a company who’s only interest is the bottom line.

source

Sort:hotnew top

teft@piefed.social ⁨18⁩ ⁨hours⁩ ago
That’s not how you’d do it. You can refund anyone who made purchases during the time frame you want to roll back since I highly doubt the game state database is the same as the microtransactions database. Then you revert the server to its previous state. Everyone loses everything they did during the rollback period but the server is stable as it was at the earlier time and in the original state.

Also wow added microtransactions in 2010 and they definitely had rollbacks after they added the microtransaction because it happened to my character once in Mist of Pandaria.

source
panda_abyss@lemmy.ca ⁨11⁩ ⁨hours⁩ ago
I’ve rebuilt databases from logs and snapshots several times.

It should be pretty easy (and by easy I mean labour intensive and exhaustingly detailed) to pick a snapshot, identify real money in, then undo all skin/item purchases and revert all money to the original amounts.

That’s kind of best case scenario to the user base. Nobody gets screwed.

It’s also possible the hackers didn’t just modify the tables so there’s an audit trail, or they have change data capture enabled, or can replay the database transactions out of the box.

This is all very stack dependent.

source
- pirateKaiser@sh.itjust.works ⁨9⁩ ⁨hours⁩ ago
  Yes, this is the obvious workaround. I was trying to explain why ‘they can’t just roll back’ and why i don’t believe they have the setup to do it automatically
  
  source