We do our very best to avoid vulnerabilities, but no system is flawless. The recent Morlovia case is the perfect example of why I started this program.
We actually got a number of reports about the issue through BugCrowd and our support channels but unfortunately, by the time those reports reached us, it was already too late to prevent widespread abuse and the resulting disciplinary actions.
Even though we heard about the issue too late this time, we are still paying $1000 both to the person who first reported the issue in BugCrowd as well as to the person who first reported it to the player support.
It’s worth pointing out that there were about 20 people who abused the issue already during the summer event. If one of them had reported the vulnerability to us before Morlovia, we would have paid the reporter a bounty of $5000.
I really want to emphasise this. Anyone of those players could have reported the issue and they’d now have an extra five thousand dollars to spend as they please. Instead, their account is suspended forever.
If you happen to uncover a similar issue in the future, please take the time to think about your choice: free cash or a locked account. It is my sincere hope that you’ll make the right choice!