Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Fuzzy Avatars Solved! Please re-upload your avatar if it was fuzzy!

Trion account database breached.

tachgbtachgb SheffieldPosts: 790Member

Originally posted by Trion Worlds

We recently discovered that unauthorized intruders gained access to a Trion Worlds account database. The database in question contained information including user names, encrypted passwords, dates of birth, email addresses, billing addresses, and the first and last four digits and expiration dates of customer credit cards.



There is no evidence, and we have no reason to believe, that full credit card information was accessed or compromised in any way. We have already taken further action to strengthen our systems, even as we, with external security experts, continue to research the extent of the unauthorized access.

 

Anyone get the email? It's about time these MMO's should stop storing our personal details.

«1

Comments

  • nakumanakuma New York City, NYPosts: 1,310Member

    yeah i got the email too.

    3.4ghz Phenom II X4 965, 8GB PC12800 DDR3 GSKILL, EVGA 560GTX 2GB OC, 640GB HD SATA II, BFG 1000WATT PSU. MSI NF980-G65 TRI-SLI MOBO.

  • PhoebesPhoebes New Orleans, LAPosts: 87Member

    I wonder if that database had information from inactive accounts.

  • centkincentkin Asbury, NJPosts: 943Member Uncommon

    Amazing -- I did NOT get such an email.  Maybe they actually purge their database in a timely manner of people who are no longer subscribed...  If so then kudos to trion for actually doing something right that a lot of places do not do.

    Either that or they get the data but simply do not notify people who are not currently subscribed -- that would be less good of course.

    Oh, and not having the whole credit card number in one place is a very good thing. 

  • IcewhiteIcewhite Elmhurst, ILPosts: 6,403Member

    oopsie.

    Self-pity imprisons us in the walls of our own self-absorption. The whole world shrinks down to the size of our problem, and the more we dwell on it, the smaller we are and the larger the problem seems to grow.

  • IkedaIkeda Largo, FLPosts: 2,204Member Uncommon

    Yea,  no such email for me either.  I was there for launch and not much after.

    I like how they lost your name, address, DOB, email, AND passwords... no worries, we didn't lose credit cards... we don't think.

    Nah you just lost everything but my social and more than enough to steal my identity.

    SWTOR: F2P or Premium? Want Galactic Strongholds early? http://www.swtor.com/r/LbMdN7 Use the referral for 7 days of subscriber access. Unlock your GS today!

  • AlyvianAlyvian NoesPosts: 342Member

    quite honestly they did the best thing they couldve done when they found out, they made it public unlike soe who waited what? 2+ weeks?

     

    Also we do not know how strong said encryption is/was but if it is any decent encryption the info wont get out whitout the key to deencrypt it.

  • jpnolejpnole Tampa, FLPosts: 1,656Member Uncommon

    the email also includes this:

     

    "Nevertheless, if you own the RIFT game, you will be granted three (3) days of complimentary RIFT game time once you update your password and security questions. 



    Additionally, once you update your account and set a new password, your account will be granted a Moneybags’ Purse, which increases your looted coin by 10%, even if you have not yet purchased RIFT. "

     

    Still not enough to get me to give up my lightsaber!

  • PuremallacePuremallace Phoenix, AZPosts: 1,856Member

    Originally posted by Ikeda

    Yea,  no such email for me either.  I was there for launch and not much after.

    I like how they lost your name, address, DOB, email, AND passwords... no worries, we didn't lose credit cards... we don't think.

    Nah you just lost everything but my social and more than enough to steal my identity.

    Risk you take honestly...Blizzard and Bioware are the only ones not hit so far. maybe ccp?

  • FalcomithFalcomith Hastings, FLPosts: 800Member
    I didn't get the email yet. When did the breach occur? Glad i took the cc info down a few days ago.
  • centkincentkin Asbury, NJPosts: 943Member Uncommon

    Blech -- so much for giving them kudos -- I just got the message.

    Now the reverse of what I said earlier -- I quit the game several months ago.  WHY is my CC data and all that other data still accessable to hackers and not archived somewhere?

    I mean the main problem is NOT passwords to other similar accounts with regard to email address, but people using your date of birth, name, and email to try to grab your data via password recoveries.

    The secondary security is usually far worse than the password itself.

     

  • VolgoreVolgore Posts: 2,206Member Uncommon

    This is hitting them at a bad time. Many will overreact and say "damn Trion, i knew i should have gone swtor!"

    The 3 days compensation is also a joke for everyone with an active sub. If someone is an active player, his account is up anyway. If he quit the game, he probably has no interest in another 3 days or any use for them.

     

     

    image
  • tollboothtollbooth grants pass, ORPosts: 298Member

    i got email and i haven't been subscribed for about 8 months.

  • DarkPonyDarkPony RotterdamPosts: 5,566Member

    Ouch.

    Sad news this.

  • xKingdomxxKingdomx SydneyPosts: 1,541Member

    So.......they gave me 30 days of game time free due to the ascend a friend playing the game for more than 30 days

     

    then this?

     

    Did they just reactive my account right before the hacking D;

    How much WoW could a WoWhater hate, if a WoWhater could hate WoW?
    As much WoW as a WoWhater would, if a WoWhater could hate WoW.

  • teakboisteakbois Parlin, NJPosts: 2,154Member

    Originally posted by Ikeda

    Yea,  no such email for me either.  I was there for launch and not much after.

    I like how they lost your name, address, DOB, email, AND passwords... no worries, we didn't lose credit cards... we don't think.

    Nah you just lost everything but my social and more than enough to steal my identity.

    Information thats probably extremely easy to obtain, other than the password which should be unique to Rift anyway.  

  • Vato26Vato26 BFE, MOPosts: 3,930Member

    This is one of the many reasons I do not play Rift anymore.  Their security system was beyond constrictive and asinine before.  Yet, they still can't keep people from hacking their site.  On top of it, when I went through their suggested process to reset my password, it didn't work at all.  It just looped me back to their message of security issues and that I needed to reset my password.

    So, I'm in the process of getting my account totally closed due to this completely failed security system.

     

    EDIT:  Nevermind... it worked for me the second time.  I'm still going to get my account totally closed though.

  • PuremallacePuremallace Phoenix, AZPosts: 1,856Member

    So some people noticed that their google e-mail was attempted to be logged into. This is sad because it is pointing that the breach happened from Russia which very recently introduced Rift servers.

     


    WHOIS - 92.240.208.115


    Location: Russian Federation (high) [City: ]

    ARIN says that this IP belongs to RIPE; I'm looking it up there.








    % This is the RIPE Database query service.
    % The objects are in RPSL format.
    %
    % The RIPE Database is subject to Terms and Conditions.
    % See http://www.ripe.net/db/support/db-terms-conditions.pdf

    % Information related to '92.240.192.0 - 92.240.223.255'

    inetnum: 92.240.192.0 - 92.240.223.255
    netname: RU-TELECC-20071126
    descr: "Telecom Management" Company Limited
    country: RU
    org: ORG-TCSL2-RIPE
    admin-c: VK1203-RIPE
    tech-c: VK1203-RIPE
    status: ALLOCATED PA
    notify: ************@telecom-m.com
    mnt-by: RIPE-NCC-HM-MNT
    mnt-lower: MNT-TMPERM
    mnt-routes: MNT-TMPERM
    changed: **********@ripe.net 20071126
    source: RIPE

    organisation: ORG-TCSL2-RIPE
    org-name: "Telecom Management" Company Limited
    org-type: LIR
    address: Telecom Management Company Limited
    address: Olga Rybakina
    address: Malkova, 12
    address: 614087 PERM
    address: RUSSIAN FEDERATION
    phone: +73422000260
    fax-no: +73422000261
    mnt-ref: RIPE-NCC-HM-MNT
    mnt-ref: MNT-TMPERM
    mnt-by: RIPE-NCC-HM-MNT
    changed: *******@ripe.net 20060222
    changed: *********@ripe.net 20060222
    changed: *********@ripe.net 20060222
    changed: *********@ripe.net 20060228
    changed: *********@ripe.net 20060228
    changed: *********@ripe.net 20060228
    changed: *********@ripe.net 20060302
    changed: *********@ripe.net 20060303
    changed: *********@ripe.net 20060303
    changed: *********@ripe.net 20060303
    changed: *********@ripe.net 20060406
    changed: *********@ripe.net 20060407
    changed: *********@ripe.net 20060414
    changed: *********@ripe.net 20060505
    changed: *********@ripe.net 20060505
    changed: *********@ripe.net 20060506
    changed: *********@ripe.net 20060720
    changed: *********@ripe.net 20060801
    changed: *********@ripe.net 20070813
    changed: *********@ripe.net 20080220
    changed: *********@ripe.net 20080220
    changed: *********@ripe.net 20091228
    changed: *********@ripe.net 20091228
    changed: *********@ripe.net 20111208
    admin-c: AEA-RIPE
    e-mail: ********@telecom-m.com
    source: RIPE

    person: Vyacheslav Kudryashov
    address: Malkova, 12
    address: 614000
    address: PERM
    address: Russian Federation
    phone: +73422505190
    mnt-by: MNT-TMPERM
    nic-hdl: VK1203-RIPE
    changed: ************@telecom-m.com 20060731
    source: RIPE

    % Information related to '92.240.208.0/23AS39735'

    route: 92.240.208.0/23
    descr: JSC "National multiservice networks", Tumen
    origin: AS39735
    mnt-by: MNT-TMPERM
    changed: *********@nm-s.ru 20110114
    source: RIPE

    % Information related to '92.240.208.0/24AS39735'

    route: 92.240.208.0/24
    descr: JSC "National multiservice networks", Tumen
    origin: AS39735
    mnt-by: MNT-TMPERM
    changed: *********@nm-s.ru 20110114
    source: RIPE

     

  • VolgoreVolgore Posts: 2,206Member Uncommon

    They have been mass-locking threads now, with the hint to keep the discussion in a single topic. From a moderation standpoint, that's most of the time an understandable reason. In this case though, it is but practically impossible to discuss a major topic raising so many different questions, concerns and opinions in a single thread.

    Rather looks like they want to cut their losses in this case and not have the forum giving a negative impression in this already very critical time.

     

    image
  • PuremallacePuremallace Phoenix, AZPosts: 1,856Member

    Originally posted by VoIgore

    They have been mass-locking threads now, with the hint to keep the discussion in a single topic. From a moderation standpoint, that's most of the time an understandable reason. In this case though, it is but practically impossible to discuss a major topic raising so many different questions, concerns and opinions in a single thread.

    Rather looks like they want to cut their losses in this case and not have the forum giving a negative impression in this already very critical time.

    Love the people asking if TOR is fun in that thread. I am willing to be money Bioware is up next. They are so caught up int he launch frenzy it would be a perfect time to go after them.

     

    It does seem like the SOE thing has made people almost casual about this stuff now.

  • KaocanKaocan Atlanta, GAPosts: 1,270Member

    I got the email too, funny though since I only played for a month and a half and that was that. I disregarded it as the email read more like a come back to us and give us more money and we wll give you all these neat things....oh yeah and just in case that doesn't get your attention, you may have been hacked so its really important you come back and give us more money...REALLY! Just the way I took it anyway.

    (DISCLAIMER - The use of the word YOU in the above post is not directed at any one person in particular, but towards those who fall into the category itself - there is no personal attack here, neither intentional nor implied.)

  • erictlewiserictlewis Cottondale, ALPosts: 3,026Member Uncommon

    My wife got the email and she only played the 15 day trial way back when.

    So I have to go wtf.  LoL  as I did not get the email, yet.

     

  • nyxiumnyxium ManchesterPosts: 1,221Member Uncommon

    I read about this on MMO-Champ(ion), not great news. It is in fact prompting me to remove financial details from most MMO company's I'm registered with just to be on the safe side.

    image
  • RazeronRazeron Goodsprings, NVPosts: 180Member
    Originally posted by erictlewis

    My wife got the email and she only played the 15 day trial way back when.
    So I have to go wtf.  LoL  as I did not get the email, yet.
     

     

    I got one as well for an account tied to an email that no longer exists, I attempted to update it awhile back and resubscribe but the patcher kept crashing, and I couldn't follow thru on the email change without calling/sucking up to some tech on Trion's side so I abandoned the idea...

  • popinjaypopinjay Northeast, PAPosts: 6,539Member


    We recently discovered that unauthorized intruders gained access to a Trion Worlds account database. The database in question contained information including user names, encrypted passwords, dates of birth, email addresses, billing addresses, and the first and last four digits and expiration dates of customer credit cards.

    There is no evidence, and we have no reason to believe, that full credit card information was accessed or compromised in any way. We have already taken further action to strengthen our systems, even as we, with external security experts, continue to research the extent of the unauthorized access.

    You will notice on your next log in to our website that you will be required to change your password, and existing Mobile Authenticator users will also need to reconnect their Authenticator. When you log in, you will be prompted to provide a new password, security questions and answers, and be given the option to connect your account to our Mobile Authenticator to enhance your account’s security.

    If you have used your username and password for other accounts, especially financial accounts or accounts with personal information, we suggest you change your passwords on those accounts as well. We recommend that you carefully review your statements, account activity, and credit reports to help protect the security of those accounts. If you need information on how to obtain your credit report or believe any such accounts have been breached, please visit www.trionworlds.com/AccountNotification for more information.

    You should have continued, uninterrupted access to RIFT, and we do not anticipate any disruptions to your playing time.

    Nevertheless, if you own the RIFT game, you will be granted three (3) days of complimentary RIFT game time once you update your password and security questions.

    Additionally, once you update your account and set a new password, your account will be granted a Moneybags’ Purse, which increases your looted coin by 10%, even if you have not yet purchased RIFT.

    Please log in to https://rift.trionworlds.com (and we recommend that you copy and paste this link into your browser to access the site) to update your password, security questions and Authenticator.

    We apologize for any inconvenience this may have caused you. If you have further questions, please visit our website, www.trionworlds.com/AccountNotificationFAQ.

    – The Trion Worlds Team


    First month: Mass accounts stolen from customers under Trion's nose. Trion invents "Coin Lock" and declares "all clear". Strike One.

    Ten months later, Trion's database is hacked under Trion's nose and customers have credit card info stolen. Trion claims "You should have continued, uninterrupted access to RIFT, and we do not anticipate any disruptions to your playing time" as the pro. Lulz. Strike Two.


    Funny thing because when I quit, I thought I put Trion Worlds on the "no contact" list but meh.

    Trion for the future... when someone is having to cancel their credit card a few days before the biggest shopping day of the year, giving them three days to play a game and a "Moneybags" pixel item is hardly a make-up for your lax in security since Day 1.

«1
Sign In or Register to comment.