Announcing the Vulnerability Bug Bounty Program

We rewarded both the person who first reported the issue to us through BugCrowd as well as the person who first reported it to the player support.

In the future, the plan is to reward the first reporter. However, the preferred channel is absolutely through BugCrowd. I am personally reading every vulnerability report but I cannot read every message sent to the player support.

Being the first person to report a vulnerability on the forums is not something I want to reward for the obvious reasons.

6 Likes

Perhaps the best compromise is to have players not familiar with BugCrowd report first through customer support ( for time stamp ) and have customer support send an email referring them to BugCrowd.

or if BugCrowd has current, or future, infrastructure for contacting a user if customer support were to forward the ticket directly to BugCrowd. I am not sure BugCrowd’s business model.

4 Likes

To clarify - I’m a :woman:

No, they didn’t, but it is not important to me at all. I didn’t do it to get a reward - I wanted fairness.
i have sent videos and screenshots as well as a description of the exploit using the contact form that was linked to my post. I don’t know if I was the first one to do so. doesn’t look like that, but it doesn’t matter to me either.

The really bad side of the story is that a very small part of the community have gone really really mad.
The fact that i used the same LineID as my ingame nick and the forum nick made me easy to find.
I received threats, insults, pictures and videos with ■■■, rape and violence fantasies from several hundred people via line. People who were blocked in the game sent me voice messages. They insulted me, screamed around and wished me an imminent death.
My line ID went through various E&P line groups and the group members were actively encouraged to insult and intimidate me.
People who were in an alliance with me were also victims of insults and harassment. We reported several users who were in the German speaking ingame-chats and insulted us.

For my protection and to protect the reputation of my alliance, I removed my forum avatar, deleted my line, renamed myself in the game and left my alliance - left my brothers in arms without a word. This whole situation really got me down and I hope that they won’t find me again. I did nothing wrong. But others did. Maybe I can get a free rename without spending gems from SG - as a backup if they will find me again. That would be very very nice.

23 Likes

Wow, that’s the price for coming out and do what it’s right to do. And nothing in return to mitigate it.
Surely not something encourage me to do the same. Anyone, i guess.

If i ever find something like this, i’m really troubled if it’s really worth report it.

From my part, maximum respect and empathy.

You and your friends don’t deserve this.

8 Likes

BugCrowd

Looks like SGG has a private BugCrowd area. Sort of like this forum software is run by Discourse.org for SGG

User ID

But given @CertainHeredity unfortunate experience, I would definitely recommend using a different ( or disposable) email / User ID.

Perhaps @mhalttu might mention that in the top post.

Hi @CertainHeredity, I am really sorry to hear that you have experienced inappropriate, and even toxic or threatening behavior from any part of the Empires & Puzzles Community. We find this absolutely deplorable and have a zero-tolerance policy towards harassment.

If you are the victim of or witness inappropriate behavior in our game, please contact us so we can act swiftly to take all appropriate moderation action. Please contact support using the in-game support button, you can find more information here.

As with all support requests, it is important to include as much detail as possible, such as exact player names, Alliance names, time and date of the abuse, and any screenshots you may have.

Unfortunately, any inappropriate behavior that occurs outside of the game and our official channels (such as Line chat) is beyond our control. I would strongly recommend that you immediately contact the Customer Support for whichever Communication App, Forum, or Unofficial Group that was used when the incident(s) in question occurred as quickly as possible and with as much detail as possible.

If you still feel the need to change your name in-game, please contact Support and ask for me in the ticket, or you may PM directly here and we would be happy to grant you a free name change.

22 Likes

Please read Petri’s post above this one. We have a zero-tolerance policy towards harassment. It saddens and frustrates me that @CertainHeredity had to face such behaviour.

I double-checked that her report wasn’t the first one we received through BugCrowd. However, I did send her a small gift as a thank you and an apology on behalf of (the small subset of) the community.

We take your privacy seriously. If you report vulnerabilities to us through BugCrowd or Player Support, we will never share your personal information or your account information with the other players.

22 Likes

You not only did the right thing, it was also Brave and very noble. I’m so sorry you had to go through this.

10 Likes

That is just awful :scream::sweat:. Players were taking advantage of a bug and somehow you are the villain for calling them out?!

“The only thing necessary for the triumph of evil is for good men to do nothing.” ― Edmund Burke

Little comfort, given the uncalled for responses you’ve received, but I thank you for doing something. Infinite blessings for doing, as @LadyAchilles has mentioned, the right thing.

8 Likes

Speaking personally, and only as a new player, with basically 0 chance to spot a bug or vulnerability before anyone else…the in game support directs you to the forums to make a post about a suspected bug before allowing a direct chat with them. So if a newer player discovered something, a forums post might be the first thing that happened :woman_shrugging:t2: .

I know it would probably be a rare case, but I do feel the reaching of in game support should be much easier than having to come to the forums for the moderators to provide a picture chart of the steps you must take to directly message them.

#newplayerexperience :joy:.

2 Likes

As I said, the best way to report a vulnerability is through BugCrowd because I read the reports personally. However, we have also asked the members of the support team to have a very low threshold for escalating potential vulnerability reports to the developers.

2 Likes

Again, I am saying for new users, nothing points to the BugCrowd platform without first visiting these forums and searching multiple threads, not just for the BugCrowd info, but people actually have to come here to find how to contact in game support initially. It’s very cumbersome. If something were added in game to direct to the BugCrowd or an actual direct chat with support, instead of the “report a bug” linking here to the forums, it would be more helpful.

That’s all.

#newuserexperience

Don’t all games want new users to be able to interact with them? Maybe I’m wrong :woman_shrugging:t2:

This post, which is on the forum is titled with “Announcing”, which is to inform us of the program, and further tells us how to go about reporting such issue. I don’t see how that takes away from being able to simply engage on the forum with other users and even staff when necessary @sithstress

1 Like

2 posts were merged into an existing topic: :compass: Sixth Path of Valor (Valour; PoV6) Log and Discussion – Starts Nov 23

6 posts were split to a new topic: Joon not hit by purple tiles

Are these as… completely mad. What a sick behavior. They cheat and blame you for their punishment.
But one thing makes me really sad: This is a game and what ever happens should stay inside this game and not reach you or any other player in reality.

You are doing a good job and I hope SG will have a reward for you and the stress you got.
Anyway try to play anonymous for the future, because there is always a chance to find players with a strange sense for iustice. And these low minded people are always looking for someone to blame for their own mistakes.

Normally I end my comments with cheers but the situation is too serious so do not let them disappointing you anymore and be proud of your behavior.

Reeder

1 Like

Good morning guys, everything okay? I will report any errors, I would be happy to help where I can.
Have a nice day everyone.

Bonjour je peux comprendre beaucoup de choses mais la je suis dégoûté de votre jeu
OK j ai abusé d un beug ok j aurais pas dû
Mais après avoir été puni en étant passé en gemmes négatifs pour ça
Je me vois banni maintenant ?
Moi personnellement je suis pas venu me plaindre après avoir utilisé ma carte bleue pour récupérer telluria ( par exemple ) que j ai up au niveau maximum pour m entendre dire pas longtemps après qu elle serait revu à la baisse et qu elle deviendrais quasiment obsolète et que du coup j ai payer pour rien
Je suis un joueur qui mettais plusieurs euros par mois sur votre jeu et je suis vraiment dégoûté de vos choix
J espere que vous changerai d avis rapidement
En attendant je ne vous dis pas merci ( on verra ça plus tard … peut être !!! )

1 Like

I really hope you guys took the needed precautions for this Christmas Seasonal Event. None of us - players and staff, would like to see again what happened during Return of Morlovia.
Speaking of that, i hope you are also closely following everything else on the map - from weekly rare quests, to all kind monthly events, to seasonal events, even Atlantis and Valhalla. They all seem to work on nearly the same principle, so i wouldn’t be surprised if they can be (or already were) exploited.

MODERATOR NOTE:

This thread is NOT for posting of “bugs”. Please use the :mag: function to search for a pre-existing thread on the topic OR create a new topic.

If you cannot create a New Thread; check this thread for the reason why: GUIDE: Forum (Discourse) Trust Levels [New, Basic, Member, Regular, Leader]

AGAIN, this is NOT a thread to post “bugs” on…

3 Likes

Cookie Settings