[b]### Foreword[/b] This is the first post I make in the Bungie.net forums if memory serves me right, at least the very first [b]serious[/b] one. I've carefully read the Community Guidelines and I think CM/mods will agree that I'm not violating any of the rules since this is not an attack to a singular account, but rather a full-scale market operation to leverage RMT (Real Money Trade) in exchange for items/achievements/power/etc. in Destiny 2. If I misread something from the Guidelines and somehow this post has to be deleted, please do so without hesitation, [b][i]but read the entire post before deleting it.[/i][/b] I'm just trying to use my analytical skills in good will to aid the community going forward into the next big iteration of this wonderful game that I've loved for so many years. [b]### Verified RMT mailbomb usernames[/b] - Just to expose a few, there are hundreds, if not thousands of them. [quote] [REDACTED] [/quote] [b]### Profile links (in order from previous quote)[/b] [quote] ``` [REDACTED] ``` [/quote] [b]### More proof:[/b] - Screenshots from my Bungie.net DM list (no PII, no leaks, no worries 😉): [REDACTED] The exact same message from 8 different accounts, and that's what can be seen without scrolling. [REDACTED] The verbatim message in question, kindly offering their [i]"services"[/i] (damn! they even made a typo when hardcoding the message for the botnet to send, the [quote]/witnessa[/quote] endpoint returns 404... 🤦🏻‍♂️) [REDACTED] First in-game activity of a random-chosen bot account. [REDACTED] Last in-game activity from the same random-chosen account. - In this last two screenshots it can be seen the first and last in-game activity, the latter being from [b]Nov 21 2023 at 06:38AM[/b], while the [b]first[/b] in-game activity of the whole account was from [b]Nov 20 2023 at 09:37PM[/b]. So that adds up to a timespan of exactly [b]21 hours, 1 minute and 0 seconds.[/b] Precision worthy of a Vex Mind don't you think? - Just to prove my point, another time lapse from start to end from another bot that spammed me: [REDACTED] First activity: [b]Mar 09 2024 at 09:06AM[/b] [REDACTED] Last activity: [b]Mar 09 2024 at 11:29AM[/b] Total timespan: [b]2 hours, 23 minutes and 0 seconds[/b] [i]Dayuuuuuum[/i] there has to be some atomic clock precision stuff going on! [b]### Beyond proof, into facts[/b] [i][b]Coincidentally[/b][/i], and [i]rather conveniently[/i] the dates in which the messages were sent to me were [i][b]always[/b][/i] when I came back from a long time without actively playing, which leads me to think they're in fact programatically [b]monitoring user activity[/b] through the API to [i]some extent[/i] to take advantage of either FOMO or last-minute seasonal-only attainable items/achievements/etc. The design patterns these m*rons use to program their bots it's rather dumb and always the same, they create a free account through either [b]Steam[/b] or [b]Epic Games Store[/b], then they proceed to create a single character (it's always a Warlock but also always varying in race), into playing a rather precise and short amount of time (just enough to speedrun the New Light experience) and then into the real business: start mailbombing Bungie.net DMs to all the people they can to attract some unaware guardians to their scammy RMT website. The website in question it's [b]always the same[/b]: [b]([i]Please[/i], if you have ludopathy/gambling issues, DON'T visit this webpage, it may be harmful for you, and I don't take any liability for anything, you're on your own, and you have been warned, I'm just posting it here because all messages refer to the same site and Bungie has the right to know what they're doing IMHO)[/b] [REDACTED] Finally, if some Bungie employee finds time to get into this, I've posted a Pastebin with the output of [quote]curl -X GET -L -I [REDACTED][/quote] located here (I know, I know, it's just grabbing the headers from the homepage, more on that on the Addendum section): [REDACTED] and also the DiG DNS Lookup for their hostname (apparently hosted through CloudFlare within the US): [REDACTED] [b]### Addendum[/b] In the low times between this Episode and the next big cycle, Codename: Frontiers, I've put myself a goal to do something good for this amazing community that has given me so many moments of joy, and I'll be developing a tool using the Destiny's Bungie API to effectively track and log details of these kind of accounts and I'm willing to collaborate (out of good will, and for free of course) with any Bungie representative that could be interested in peeking up onto some logs. I have not looked into the Destiny's API in detail yet, but there must be some way of effectively tracking down these guys with precision, and if the components of the API needed to do so are not externally exposed to non-internal developers, well! At least I've make my complaint and gave some details for Bungie to work on the issue! 😄 [b]Of course, if I read into the docs and it's possible to do what I intend, I will [i]always[/i] follow the [url=https://www.bungie.net/7/en/Legal/terms]Terms and Conditions of Use of the Bungie API.[/url] --- If you made it to this point and didn't fell asleep, got bored, or simply got lost in technicalities and [b]you're from the D2 Community Staff[/b], [b][i]please, spread the word to the technical team so they can do something coordinated, it's gonna be much more effective if Bungie does it than me ducktaping a solution to provide more intel for you guys.[/i][/b] Thanks for reading 💟 [spoiler]Moderator edit: This thread has been updated with tags that are more appropriate. Feel free to private message the moderator who moved your post, link to topic, for further clarification about why this topic was moved.[/spoiler]