It looks like you're new here. If you want to get involved, click one of these buttons!
Lord of the Rings Online currently has a security hole that makes possible for someone to get game usernames and passwords. Lotro forces players to use their game account names and passwords for the official forums. The forums used to use https but now only use http for login, and so now sends your username and password in plain unencrytped text. So anyone on a network or capturing data on a wifi network can catch a player's name and password for the game. At some point the forums at Lotro stopped using https and so now everything is sent unencrypted.
I play Lotro and am pretty concerned about this. A bunch of players have emailed about this to Turbine, but they have been silent on this and done nothing for more than a month. This seems like a pretty big security hole. I can't believe a company running one of the top MMOs would let this happen.
More information is here on the offcial forums. Apparently this would be pretty easy to fix, but Turbine has a tendency to let things go and not to fix game bugs and other forum problems.
I think people assume that games like LOTRO will protect your account and passwords better. Or are other MMOs this bad at security?