Patch 7.2's Account ID protection measures have already been circumvented

[GrizzlyTank]

Yeah, so long as that ID is being distributed to client it's not safe to use.

And even then, the damage is also largely done to existing accounts.

[Kaurhz]

I can't wait for it to be more public knowledge, and for it to get wider coverage again, by content creators and article writers.

Just because it would force their response; where they need to admit to essentially having used elementary obfuscation on the account ID that was defeated in a couple of hours by a spreadsheet (ChatGPT probably could do it too)... Just because they feel so inclined to double down on their absolute trust in the client design, rather than actually explore alternative measures.

Things like this need to go acknowledged.

....
Then again, don't know why I 'can't wait', because they're only going to deliver the same mantra of "It's against our Terms of Service, please stop it..."

[ONLYSTEEL]

Then again, don't know why I 'can't wait', because they're only going to deliver the same mantra of "It's against our Terms of Service, please stop it..."

Even the incompetent disasters at SE are predictable now.

[brinn12]

Truly, as people say, being a game developer is one of the hardest jobs in the world you're just starting out. Emphasis on 'starting out'.

[WutWut]

Truly, as people say, being a game developer is one of the hardest jobs in the world you're just starting out. Emphasis on 'starting out'.

I think even a developer just starting out would know that a) trusting your client on security measures and b) rolling your own encryption are both horrible ideas. Both of these concepts were both beaten into my skull during school. (I know you don't disagree, just making sure this stays on the front page :-)

[Rehayem]

I'm working to become a fullstack developer and move into cybersecurity. In any other company, the servers would be taken down day 1 to make sure the issue can be patched, whereas SE allowed this to continue for 8 months to begin with and still failed at their own wannabe cryptography.

Can't wait for SE to blame all of this on legacy code and threaten the developer with a lawsuit again lol

[brinn12]

I think even a developer just starting out would know that a) trusting your client on security measures and b) rolling your own encryption are both horrible ideas. Both of these concepts were both beaten into my skull during school. (I know you don't disagree, just making sure this stays on the front page :-)

So my point was that once they’re in the big companies, people will pay for their work no matter the quality. But that doesn’t last forever.

[Rinoa_353]

This is proof that SE made a big mistake pulling many senior devs away from this game to make games that flopped. They should keep those devs strictly on this game only moving forward when it's their biggest money maker too.

[NaoSen]

LMAO LMAO LMAO LMAO LMAO THIS IS WHAT I SAID AND I GOT TRASHED FOR IT AHAHAHAHA PEOPLE HAVE TOO MUCH FAITH IN SE

Have to hand it to you there, that was basically the one time I trusted them not to mess up because of the sheer level of stupidity it would be to not do it correctly and it not being hard to do correctly (do it server side, its extra processing that they should be able to afford). It's crazy to think how bad it must be for that to be a problem.
I stand corrected.

[Kazuke_Miso]

Have to hand it to you there, that was basically the one time I trusted them not to mess up because of the sheer level of stupidity it would be to not do it correctly and it not being hard to do correctly (do it server side, its extra processing that they should be able to afford). It's crazy to think how bad it must be for that to be a problem.
I stand corrected.

At the end of the day, this company is one that constantly pumped out excuses that make absolutely no sense, like how putting the glamour dresser in apartments will cause server crashes.

Either they are flat out incompetent, or they are too lazy to actually fix anything.