Over in Korea, players have a lot more to lose when a company leaks their information. Unlike in most other countries, players are often required to register to MMOs with the Korean equivalent of the social security number, and more than once data leaks have resulted in these numbers being readily available for the gaming public. An entire black market has surrounded these games, and at least once per year I am contacted by a group offering entrance into several Korean only betas with accounts registered with stolen identities.
Nexon made big news last month when they announced that the details of thirteen million accounts in Korea were stolen, including the Korean RRN (Resident Registration Number) in an encrypted format. In response, a number of Korean developers have announced plans to stop collecting Korean numbers and instead outsource the collection process to a third party agency. Rather than storing the sensitive data, the agency processes the RRN of the registrant, matches it up to the list, and reports to the developer if the person is an adult, child, nonexistent, or a bot.
Rather than jump on the bandwagon of hate, I think this is a good thing for everyone. Players no longer have to worry (as much) about their identity being stolen, and the developers have a massive load taken off of their backs. Korean MMOs require a player’s identification because the country has strict laws on minors playing certain games and during certain times, and requires companies to enforce such restrictions. As a result, developers have become prime targets for identity theft and security breaches by hackers in search of the delicious gooey center of personal data.
So developers not having access to your RRN can only be a good thing. For those of you in the states, would you trust Turbine or Sony with your social security number? Neither would I.