Tera, a Korean MMO that debuted in the US in 2012, has shut down its in-game chat system after some players discovered a potentially serious vulnerability. According to the players’ report (Google docs), Tera’s chat interface uses HTML, which people can exploit to blast players with external images and links, as well as to collect people’s IP addresses. More importantly, someone truly unethical could use it to spread malware. It’s an interesting wrinkle for a game that’s been up and running for five years, and it’s not entirely clear if its North American publisher, En Masse, has known about the vulnerability before the players published their report.
However, according to a forum post by the publisher, it only found out about the issue from players on Discord and from the report, which was posted on Reddit. The post says En Masse and the game’s developer Bluehole Studio are “taking these claims very seriously,” but they found “no evidence that the vulnerability is being exploited in [malicious] ways or that any player information has been compromised” at this time.
Bluehole has already begun working on a fix, but to be able to investigate the vulnerability thoroughly, En Masse has decided to shutter all in-game chat features except guild chats. An update added to the players’ report says they’re expecting the patch to arrive next week. Until then, the situation will likely make it tough for players to communicate with each other… but then again, they could see it as time away from typical MMO chitchat. Silver linings.