Dear players,
It came to our attention that Gala Lab, the developer of Flyff and Rappelz, has been accused of being hacked and leaking the personal data of its users.
While the accusation is based on true information published by Google, it is manipulated to damage the company and mislead the players, so we will explain the situation.
What happened?
Google engineers published an article on 19th July 2024 regarding the spread of viruses made by a famous group of hackers. One of the viruses has been found to be digitally signed by Gala Lab using a certificate for Windows executables which was valid from November 2020 to January 2023. Digital certificates allow to certify that an executable is emitted by a specific company, allowing to bypass more easily the user approval and antivirus protection.
Does that mean that Gala Lab is compromised by a Chinese hacking group?
No, it means that the private key of a certificate owned by Gala Lab has been found by hackers. This private key file has been shared on the hacking community (“dark web”), in the same way as these forums share various stolen things such as credit card numbers for fraudulent uses.
How did a private key certificate owned by Gala Lab leak?
The source code and resource files of the Korean version of “Flyff Online PC” and “Rappelz Online PC” have been compromised in 2020 by a thief specifically targeting these games. These old games released in the early 2000s are developed using older technologies which makes them easier targets for hacking. Amongst the development files leaked was the private key certificate file used to publish updates of the Korean version of Flyff PC and Rappelz PC, which were then shared on hackers’ forums and reused by a malware developer.
Why have users not been notified by the hack?
The law requires the company to inform users when their personal data is at risk or has been compromised. As this is not the case in this incident, and only source code and development resources of Gala Lab's PC games were stolen, there has been no need for our users to be notified of the incident.
Does that still mean that Gala Lab has security issues?
After the issue that happened in 2020 the company immediately invested in additional security measures to prevent it from happening again. We also did a deep investigation and confirmed that the hack was limited to files related to PC games development. Since this issue has been resolved, currently, Windows executable published by Gala Lab can be trusted.
In summary:
Gala Lab has not been targeted by a famous hacking group, they reused a file shared by a thief related to PC games.
The certificate file leaked several years ago, and the company took additional measures, so it does not happen again.
Not a single information related to personal data has been leaked.
Flyff Universe and Flyff Legacy were not part of this issue and completely unaffected.
PC Flyff and PC Rappelz are now not affected by this issue.
Thank you.