鹰角网络《明日方舟：终末地》公测首日爆发重大支付安全事故 PayPal跨账户扣款部分玩家损失超数千美元

Core Insights - The global launch of the highly anticipated game "Arknights: End of the World" by Eagle Horn Network was marred by a significant payment security incident, leading to substantial financial losses for players and raising concerns about the company's overseas operational capabilities [1][7]. Payment Security Incident - The core issue was identified as a failure in the account isolation mechanism of the PayPal payment interface, allowing incorrect deductions from players' accounts [1][8]. - Abnormal deductions exhibited three characteristics: mismatched amounts (e.g., $10 subscription charged $1200), currency confusion (involving multiple currencies), and random deduction targets [1][8]. Technical Analysis - The root cause of the vulnerability may stem from two main factors: non-compliance with PayPal's official API standards and misuse of the password-free payment authorization mechanism [8][9]. - The incident's impact quickly escalated, with a Twitch streamer experiencing real-time deductions during a live broadcast, leading to widespread attention on social media [8]. Company Response - Eagle Horn Network's overseas brand Gryphline responded promptly by disabling the PayPal payment channel and initiating a full refund process within hours of the first report [2][8]. - The company committed to completing all refunds within four hours and recommended players use credit cards as an alternative payment method [2][8]. Player Reactions - Player feedback on the emergency measures was polarized, with some praising the response speed while others criticized the inconsistency in refund processing and lack of clear communication regarding the restoration of payment channels [9]. - The official announcement did not clarify the specific technical causes of the vulnerability, leading to long-term concerns about system security among players [9]. Industry Implications - The incident has been classified as a "T0-level payment security event," highlighting a significant oversight in the association of payment credentials with user IDs, which is a fundamental industry standard [9]. - The severity of this vulnerability is considered greater than recent industry incidents, as it directly involves real monetary transactions, potentially prompting stricter payment interface audit standards across the gaming industry [9][10]. Market Impact - Prior to the incident, analysts had high expectations for "Arknights: End of the World," predicting annual revenue could reach 15 billion yuan. However, the first-day incident has negatively impacted the game's reputation, resulting in numerous one-star reviews on overseas rating platforms [9][10].