Hackers stole 30,000 Blackwell Deception Steam keys; Dave Gilbert responds

He is not sorry, I'm sure.

Having been vilified in Blackwell Deception, the skeevy street psychics of the world elected not to warn poor Dave.

Remember yesterday when Wadjet Eye Games was giving away Blackwell Deception as a Halloween freebie? I mentioned that there had been something of a Steam snafu, as some Internet knaves had connived to skim hundreds of Steam keys to sell for profit. Later some RDBK forumgoers noticed that the Steam problem had been solved, and the game was available once again free of charge on the world’s largest digital distribution platform. When studio founder Dave Gilbert’s head finally hit the pillow, he thought he had weathered the storm.

Dave likes to wake up early, as he explained to me last month. When coffee is your only source of calories, you’ve got to get an early start or you’ll go to bed hungry. This morning he discovered that during his brief sleep, tens of thousands of Steam keys were stolen, even though the Blackwell promotion had supposedly ended. Far from being over, the problem was orders of magnitude worse.

Somehow in the midst of the fallout, he was able to respond to a few questions.

Phil Scuderi: Can you give us a timeline of events, starting with yesterday’s initial Blackwell Deception giveaway?

Dave Gilbert: Oh where do I begin? :) The press release went out around 11pm on Wednesday, and right away a problem was discovered. The code keys Steam generated for Blackwell Deception – the ONLY thing I had neglected to test – contained our entire back catalog! After a teeth-nashing hour where I tried desperately to reach Steam, I finally discovered an option on the Steamworks site that allowed me to retroactively remove games from a group of Steam keys. I removed every game but Blackwell Deception, hit submit, and prayed. I soon got confirmation from Twitter and various forums that the extra games got sucked out of everyone’s Steam library, so it was like it never happened!

A few hours later, I learned that the offer was so popular that it shut down BMT’s servers. BMT being the sales provider I use to handle the sales and distribution of our games. I looked into it and discovered why. People were ordering multiple copies of the game – hundreds at a time. And collecting Steam keys for reselling later. This is something I didn’t anticipate happening, so I removed the Steam keys from the giveaway and placed the game on a few other websites to use as mirrors. BMT made the game live again, and I hoped that was the end of it. Sadly, no. It almost instantly led to a large number of angry emails and tweets – people like playing on Steam! – so in the end I decided to see if I could do something about it. I asked BMT if we could create some kind of “1 code per IP” system, to prevent exploiting. They said it was possible, and created a Steam key generator page that could detect your IP.

This didn’t deter the resellers, however. They easily masked their IPs and began chewing through the Steamcodes again. At that point I threw up my hands and decided to cancel the free giveaway altogether. I had been monitoring the giveaway and dealing with the Steam issues and download problems for 36 straight hours and I was exhausted. There was only so much work I was willing to do for a free giveaway, and I had reached my limit. I told BMT to cancel everything and put the regular sales page back up. I finally collapsed to get some much needed sleep!

The next morning I woke up to discover something terrifying. BMT did remove the link to the Steam key generator, but they hadn’t removed the generator itself. It was still being exploited. The link to the generator had propagated its way onto the internet, and the resellers had been hard at work. 30,000 keys were nabbed overnight while I was sleeping.

As things stand right now, I am attempting to get those 30,000 codes disabled.

Phil: How did people manage to steal 30,000 keys overnight? Did they rig up a bot to refresh the page?

Dave: I am not sure! As I said, they managed to mask their IP somehow. They must have used a bot to do the rest.

Phil: You’re not the only one to have problems recently with people stockpiling Steam keys to resell. It seems for all the advantages of Steam’s key system, a big disadvantage is that Steam keys are almost impossible to give away fairly. Is there anything Steam should be doing differently?

Dave: It’s not Steam’s fault, really. The problem is that everyone prefers to play their games on Steam. When I announced that I was going to remove the Steam keys from the giveaway, the backlash was immediate. Even though it was a free game, it’s almost as if it didn’t count because it wasn’t going in their Steam library. I don’t quite “get” it, but I know that’s the way things are these days. I tried to accommodate them, but you saw how that turned out.

Phil: How have Wadjet Eye’s fans reacted? Are they angry? Sympathetic? I would hope lots of the latter, given that through this whole mess the game was always available from BMT.

Dave: The fans have been VERY sympathetic. The outpouring of support on twitter, facebook, and email has been nothing short of heart warming. So it’s very appreciated. :)It’s easy to blame BMT, but their service was never intended for anything like this. They worked really hard to accommodate me – which was above and beyond, when you consider it was for a free giveaway – but they couldn’t handle the perfect storm of high demand and the ingenuity of the resellers.

Phil: What’s the plan now?

Dave: It’s me and my wife’s fourth anniversary today, so I plan to enjoy that!

Phil: Stay sane, Dave.

Dave: Doing my best. :)

Tags: , , ,