Hackers put an end to experimental story game Moirai


I’d never heard of Moirai [Steam page] until half an hour ago. Which is a crying shame, because now I’ll never get the chance to play it. The free game had a really interesting concept: it was a multiplayer game that pretended it was single player. Basically, the game ended with you typing out responses to questions from another character. Then, the next time someone played it, they’d meet past you and be presented with the answers you came up with, thinking that they were talking to an NPC. That player would then decide, based on your answers, whether you should live or die, and you’d be emailed the outcome later on. And then the next player would decide their fate, and so on.

I’ll explain it in a bit more detail in a mo, but the important bit is this: the game is now no more. The creators decided to shut down the game last week because of hackers targeting their database, putting to bed a game that’s been going strong for four years.

As Waypoint pointed out, the developers announced Moirai’s shutdown last week.

“Since launching on Steam our database has received several attacks. We’ve worked hard (and sometimes with supportive community members) to update our system to a more manageable state and minimise the likelihood of attacks.

“However recently our database was under a repeatable attack that ruined the game experience for a few players and resulted in it going offline. It’s important that you know that no email data was compromised in this attack. However this vulnerability means that we are subject to future attacks. We’re not a large studio and we don’t have the resources to properly prevent against these attacks so we’re going to pull the game from the store.”

There are some sad, sad people in this world.

I promised you a more in-depth summary of the concept, so here goes. You, the player, are searching for a missing person in a creepy town. You’re led to a cave and come across a character covered in blood. You question them, and then decide whether to kill them or walk past. After you’ve found the missing person in the depths of the cave you find yourself smeared with the red stuff, stumbling out towards the exit only to be accosted by another character, who asks you questions. You type your responses, and they decide whether to let you live or die.

As I said, it’s players making all the choices: what to say to you as you enter the cave, and whether to kill you as you leave. It’s a really fun concept and also a decent social experiment. Only 41% of players ended up dead. Predictably, 52.85% typed responses containing bannable words.

It’s still on Steam but you’ll get stuck at the title screen if you launch. Maybe it will be reborn in the future, who knows? But for now, here’s a let’s play I just found:


  1. ColonelFlanders says:

    Well thanks for that you dopey cunts. Be hackers so we can shut down the bad shit, like Denuvo or the NSA, not harmless little games with brilliant concepts.

  2. MrBehemoth says:

    That’s sad. I wish I’d played it. This is why we can’t have nice things.

  3. msd23 says:

    Most of attacks on the web are automated (not targeted), as i think it was in this case.

    • theblazeuk says:

      I hope more people notice this comment amidst the outrage. It’s not an excuse -all it’s saying is that rather than someone intentionally attacking something harmless and cool, instead it was just collateral damage in the eternal background offensive that is cybercrime. But it’s not ‘people having to break anything they can’ just to see it break. It’s try and break everything all the time in search of potential profit, for v.little ongoing risk of any kind.

      • Inkano says:

        Devs even did mention that they keep emails (the only thing you had to share in the game). Sounds like target reasonable enough either for spam-lists or to hack into those email addresses themselves.

    • M0dusPwnens says:

      Pretty unlikely in this case.

      The vast majority of automated attacks work by exploiting known vulnerabilities, not shotgunning random code at random ports hoping to expose the database through an unknown interface with an unknown protocol.

      You’d have to emulate the data format the game is using to send and request database records, and probably also authentication where the server checks to make sure it’s talking to a copy of the game and not some other random program.

      Very easy to do on purpose if you have a copy of the game and can look at the format of the packets you’re sending and receiving, but very, very unlikely with any kind of automated attack routine.

      It was probably on purpose. Noticing that a tiny indie game is taking text and uploading it to a server database, pulling that text back out of the database for other users, and even storing references to emails in the same records makes for a very tempting target. A certain sort of person plays that game, notices what is going on, and thinks “I wonder if they took precautions against…”.

      • automatic says:

        Wrong, dude. A database is a service. A lot of different programs use the same services. That means a hacker does not need to emulate specific code from the service user to break into it, he just needs to use the protocols for that service brand. A thief that hijacks a truck loaded with engineering equipment don’t need to know about engineering, not even if that’s really what the truck is carrying, he just needs to know how to drive a truck.

  4. poliovaccine says:

    Why did these hackers take the trouble to shut it down anyway? Is there any clue as to their motive? This doesnt seem like the typical example of a multiplayer game where someone got killed or insulted so they attack the servers – I mean, the whole thing has to have more to it.. right?

    Also, did you deliberately select the most painful Let’s Play to watch if you’re actually trying to see the game’s main mechanism in action? As in, one with a player who reaches the cave, then thinks they have to continue by doing *anything else* besides *going into the cave*…? I mean I’m sure this game doesnt have a zillion LP’s up there either, but… I could believe either reason.

    • syndrome says:

      Have you heard of e-mail addresses being very valuable in bulk?
      Did you know that it is much (energetically therefore economically) cheaper to steal the exact e-mail addresses in volumes than to guess them randomly?

      Have you heard of the term ‘data mining’? TBF stealing e-mails from a database is not data mining, but it is VERY closely related. You can infer much. You can proliferate much. You can spam. It’s worth goddamn money. And it’s for free.

      • syndrome says:

        Or…. And here’s a more plausible theory, someone (there is a video below) has spammed a database via remote procedure calls in order to promote his shitty youtube channel. The hosting company would shut down the database from time to time (due to max capacity being reached), and this would render the game inplayable. To sort this out, developers should’ve invested more of their time, and make anti-cheating and anti-spamming measures (actually something they should’ve already done, frankly it’s their fault), and should’ve paid more money to let the server receive queries without hindrances (though this isn’t their fault, the game was free, so that’s why multiplayer games are never free).

        There you go, lol, case closed.

        All of this, thanks to some shitty american kid that wanted some attention.

  5. Premium User Badge

    subdog says:

    This sucks. Moirai was a pretty great concept and I’m glad I had the opportunity.

    For whatever it’s worth, I let my predecessor live, but my successor killed me.

  6. inmotion says:

    This is a show of why we really can’t have nice things (as said before here). Some people just has to break everything they can. Even if it’s a niche like this, that wouldn’t hurt anybody/thing by being there.
    It’s like a disease, but I guess in the grand scale humanity will never get rid of it. I bet there’s some good in that feature (like in the evolution -level scale lol)

    • poliovaccine says:

      I mean, I had a psych prof tell me that antisocial people are basically wired in reverse to us as far as how they derive gratification – they have typically been so abused and so hated at such a young age that they assimilate punishment into their personality because their only available ego to center around is to take a perverse sort of pleasure in incurring the wrath – and therefore vexation – of their punishers. And children extract their worldview foremost from their earliest examples – so they learn they are hated, they assume, they feel, that all the world must feel this way against them. Well! they decide, They’ll show us..! So, the more they’re told they’re bad, the more they’re jeered at and perceived to be “wrong,” the more their dopaminergic sense of gratification, at thwarting, at meddling with, at purely fucking up their number one enemy: everybody. Laid all out like that it made sense to me.

      But the main thing I derive from it is that it *is* curable – if we can get people to just not raise children in horrific, hateful, sick and violent environments. Basically it’s like they feel a perpetual sense of getting revenge.

      I dont know how curable hideous parenting is, but it’s at least a cutoff point to focus on.

      • inmotion says:

        Hey, thanks for indulging me!

        I think that’s a good point (although this discussion in this context is perhaps a bit too grand:). Parenting is such a complex matter that removing “mistakes” or even subtle misshaps sounds like an utopia to me. Also as I still believe there’s a tyrant in everyone of us, “curing” said human tendencies sounds quite utopian as well.

        But I think you’re right in some ways. I really can’t figure out any other motivations to break this kind of toy. It wasn’t in anyone’s way or harming anyone at all, but still some people just had to see it go down. I’m sure, if the game would be put back again, the same people would do so yet again, even though the results and process would be completely known. (That’s my cynicism, though)

  7. Dorga says:

    That is so strange and sad; Glad I played it, hopefully it’ll come back somehow.

    • mujie says:

      Maybe if they have an open code, someone who can make it more secure might recreate it?

      • MajorLag says:

        There’s nothing about this game that would really require source to recreate. It’s value was in the experimental concept, not any kind of special technology or technique.

        • frightlever says:

          I played the game after seeing it recommended on RPS some time ago.

          The game required an email address in order to inform you what happened when the following player encountered your avatar in their playthrough. I imagine that it would be possible to get around this entirely by using Steamworks, or opting for secure cloud-based database hosting, but it was a free game that wasn’t monetized though they might have been able to get free storage in exchange for an ad on the splash screen.

  8. jeremyalexander says:

    Hackers need to be dealt with under the same rules as terrorists and I’m not exaggerating. From millions of computers being held hostage to the works of indie dev’s being wrecked, they serve no purpose other than to destroy what others work so hard at building. They are scum and trash. They break because they can’t build and if I ever even meet a casual one, I’m going to do things I won’t post here out of decency. And no I’m not that mad about this, just ticked off in general about the lot of em.

    • VisibleMachine says:

      Don’t even get me started on the crackers

      • poliovaccine says:

        You mean people who crack games…?

        …or you talking about Whitey?

    • Inkano says:

      I’m pretty sure every single government has their own army of hackers so that ain’t gonna happen.

      • Landiss says:

        In the similar matter, every government have thousands of “terrorists” under their pay. But if it’s for government, it’s called soldiers and police, not terrorist, so it’s fine. Could be similar with hackers. As much as governments strive for having monopoly on use of physical force, they should strive for similar in virtual environment.

        • Inkano says:

          And they kinda already do though. But with that in mind, that post does look a bit like copy-paste from some anarcho-hippie blog, that’s my point.

          • syndrome says:

            ye some ppl are funny like that. too shallow to process the world for what it truly is in its complexity.

    • MajorLag says:

      Cyber criminals ruin people’s lives and/or extort them for money, but that’s hardly on the same level as people who commit mass murder. Have some perspective FFS.

      • frightlever says:

        Yeah he’s going down the wrong road.

        Virtual crime is relatively easy to commit but difficult to prosecute, particularly given the global reach and nature of it. The instinctual feeling is to weigh this with egregious penalties for those that get caught. In certain situations, like Swatting, I think this is entirely justified, but in general the correct approach is to make it much more difficult for virtual crime to happen, but that is going to take a top down re-design of how the Internet works.

        In theory, with the right backbone in place, DDOS and spoofing could be eliminated, but it’s not going to happen any time soon because of the massive existing infrastructure already in place.

    • goodpoints says:

      these cyber terrorists man

      they got the terror but no virtue, without which terror is merely terrible


  9. caff says:

    Very cool game. Wish others could have played it too. The mechanics shouldn’t be lost though – would like to see it reincarnated in another title.

  10. thekelvingreen says:

    Silver lining: the original game was more a proof-of-concept than anything so even though it’s gone, perhaps the developers can, er, develop the concept further in the future.

  11. oldfart says:

    Interesting concept. I’d suggest the authors to forget about storing e-mails in the database (which probably made the game a desirable target for hackers) and think in other way to give feedback to the players, like maybe a dynamically generated unique URL, so you could check the story outcome without actually storing any sensitive information.

    • April March says:

      But then how would you let the player know that there was an ending ready for them?

  12. April March says:

    How sad. I played this game thanks to an RPS recommendation. Should’ve tried to play again to get a “good” ending. Should also have spread word of it around. I honestly thought it was dead…

  13. goodpoints says:

    Moirai tois thanatos. Moirokrantos.


  14. geldonyetich says:

    Not to defend the hackers, but this is seriously something you need to design for in ANY multiplayer game.

    If you leave an inch anywhere in your online presence, someone on the Internet WILL tread on it.

    It’s not that people in general are terrible. It’s that it only takes 1/10000 people not giving a care to ruin it for everyone else.

  15. MOOncalF says:

    When I played this game I thought that the questions were a sort of memorization puzzle, so I tried to recreate the answers I’d heard verbatim, they were really lame answers. XD

  16. vlonk says:

    And another Indie project has to close its doors because of destructive behaviour.

    Ever since Ironfell, which I played and enjoyed for a good time, had to shut down because of a troll I knew this might happen again. Beautiful dreams destroyed by idiots. A sad day.

    To the Devs of Moirai: I had no chance to play your experimental game Moirai. Seems I missed out on something going by the praise. Hope I get the chance to enjoy your creative works in the future!

    link to datasmugglers.com

  17. Babymech says:

    Am I the only one who can show gratitude that the seemingly endless cycle of death and darkness, confusion and murder, betraying and being betrayed, and so much ********, has finally been broken? We could have been stuck in an eternal hell of going down into that dark bloody cave again and again, but are instead free…

    • April March says:

      Hey, there was only a 41% chance of being stuck in an endless chycle of death, confusion and murder.