Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Fuzzy Avatars Solved! Please re-upload your avatar if it was fuzzy!

Rift: Trion Compromised

13»

Comments

  • OkhamsRazorOkhamsRazor londonPosts: 1,047Member

    I recently saw a friend of mine return to Rift . Kept saying hello to them and got no answer which I thought was odd . They had left to return to WoW for a month or two . So I contacted them because I was concerned their account had been hacked . Sure enough it had .  It seems by what others have said in this thread that this isn't isolated . For any mmo account security is a must . Sadly this has put me right of playing Rift which is a game I rate quite highly in terms of quality . I've cancelled my card because of this which is a bit of  a pain over christmas . The thing is I am playing ToR and really enjoying it and up untill this happened I'd been debating alternating between the two games . I think now I'm more likly than not going to stay with ToR and perhaps see what the other mmos released in 2012 have to offer . If I do return to Rift it will only be when I can get cheap time cards . You cant expect to hang onto customers if you cant protect thier details .

  • ravtecravtec HolmestrandPosts: 214Member

    Trions security has indeed always sucked.

    when we logd into rift forum at release they didt have a secure login and you used ur game info to log into the forum, this was changed a few weeks after the release thank god. This was after it was brought up in their forum.

  • MurlockDanceMurlockDance ParisPosts: 1,223Member

    Does anyone know if peoples' cc info is erased from Trion's servers once they have stopped their sub? I looked around on my account yesterday and I saw no information about it at all. I hope this means that Trion do not retain cc info once a person has cancelled their sub. I also wish that some legislation somewhere would be passed forcing internet companies to reveal what information is stored on databases after a person stops using their services and for how long and most importantly if we can get them to remove it...

    Playing MUDs and MMOs since 1994.

    image
  • djnexusdjnexus Detroit, MIPosts: 677Member

    Originally posted by Complication

    im so sick of reading about all these gaming companies getting attacked and pillaged by hackers. hackers are so damn annoying!!  we need to elect g.w.bush again so he can declare war on hackers lol


     

    You must have no clue about what really goes on in the world.... I wont say anymore than that. Why dont you look up the nice things g.w bush pushed through while in office starting with the Patriot Act. The rabbit hole goes deep and I dont think you have any clue on that.

  • ManestreamManestream PrestonPosts: 631Member Uncommon

    Aye, got an e-mail from trion too about this.

     

    Murlockdance

    No your credit card info is not deleted once you stopped playing and had to be there to be able to play. I see now however that there is now an option to delete that info from being held (which i have done).

  • AshrealAshreal Puyallup, WAPosts: 42Member

    It's not just TRION that keeps your account information.  Almost every company out there that forces you to create an account to pay for something does so as well.

    You can make it so that it doesn't keep the information like Manestream said.

    Ashreal D'Synn - Shadowlover & Death's handmaiden

  • PukeBucketPukeBucket Beaverton, ORPosts: 867Member


    Originally posted by Ashreal
    It's not just TRION that keeps your account information.  Almost every company out there that forces you to create an account to pay for something does so as well.You can make it so that it doesn't keep the information like Manestream said.

    Yeah that's mostly true.

    Some companies do "info dumps" after a certain time period because it's actually a security risk to "just delete data" right off the server. Data mining looks for those events and many times people can reconstruct it into usable information.

    Kind of scary huh?

    So common practice is; billing data gets placed into a secure store with other information. It's held until that data is considered outdated information, and then dumped. Because more than likely most people move / get new cards / change numbers and other information every 5 years or so.

    Your information being kept in a lot of cases IS the safest and responsible action a company can take normally.

    Hackers hack tho'. That's what they do. So it's really a damned if you do, damned if you don't situation.

    They could just say "oh we wipe all of that information so if it's recovered and used against you, we've done our part" while that's a completely legal way companies can skirt the responsibility; most take care and try to handle it as safely as possible.

    I used to play MMOs like you, but then I took an arrow to the knee.

  • MurlockDanceMurlockDance ParisPosts: 1,223Member

    Originally posted by Manestream

    Aye, got an e-mail from trion too about this.

     

    Murlockdance

    No your credit card info is not deleted once you stopped playing and had to be there to be able to play. I see now however that there is now an option to delete that info from being held (which i have done).




     

    Hmmm, I looked and saw nothing about this in my account. My payment details are simply not there anymore and no option to erase them if they are still stored...

    Playing MUDs and MMOs since 1994.

    image
  • tkoreapertkoreaper Castroville, TXPosts: 401Member Common

    Honestly, if anyone get's hacked in this game it's your own damn fault. People on the internet are inheretly dumb... those of you that got hacked and blame it on Trion proves it. People just don't understand that most hacking is done form forums or keyloggers. If you use the same password/login information everywhere then you're just asking to get hacked... You're just as guilty if you don't use any kind of antivirus software. And you REALLY deserve to be hacked if you were gullible enough to fall for phishing emails.

     

    In the current state of the game it's almost impossible to get hacked unless you're guilty of one of the mistakes above. Not only do they need your account info, but they also need your email information in order to get past coin lock. With the information that was "suspected" to be stolen tey won't have enough to hack you, unless of course you're an idiot. You can get all super paraniod and get the FREE authenticator and get a gmail account and enable it's 2 step authentication.

  • MurlockDanceMurlockDance ParisPosts: 1,223Member

    Originally posted by Ashreal

    It's not just TRION that keeps your account information.  Almost every company out there that forces you to create an account to pay for something does so as well.

    You can make it so that it doesn't keep the information like Manestream said.



    It is not an issue with them keeping my account information... that is ok. It is an issue for things like addresses, billing info, telephone numbers, etc.

    With online retail companies like amazon, you have the option to erase your payment details. However, this still doesn't tell me if everyone involved in payment processes still keep your data in their databases anyway or even who all is involved in these processes. I wish the payment process online were more transparant for the customers.

    For example, over a year ago, I was playing DAoC and was one of those who got multiple charges for one month's worth of subscription (thank goodness in my case it was only 7 times, some people were charged over 30 times). The error was not on Mythic's part, but on the part of  the company who handled the actual billing and payment, and whose name I forget at the moment. I didn't even realize that there was a different company involved that did all of the billing until the screw-up happened. There was no information on the Mythic website about it anywhere.

    Two companies have your cc information here: Mythic and the company who handles the billing.

    If I delete my cc info on Mythic's website, do they in fact actually keep it anyway? Does the billing company erase my cc info from its database? Once I have stopped playing and cancelled my subscription, shouldn't my cc info be automatically erased from both companies' websites to protect me?

     

    My answer to my own rhetorical questions is that we, the consumer, should have more control over where our vital cc info goes and online companies should be better at protecting our information.

    At the moment we have no control over it. Who knows if our information isn't given over anyway to interested third parties by these companies? Though most terms and conditions say that our privacy is protected, this is done on a trust-based level. If they did something with our info, we probably wouldn't know about it, even if it were, say, to be given to some company linked to them for advertizement purposes. That may seem unimportant and not quite that much of a big deal. It is also still the principle of it and amounts to an invasion of privacy imo.

    As someone who has tried out a large number of games and subbed to quite a few of them, I feel very vulnerable right now. The thing is, even if you tried out something in 2005 or whatever, your info is still there, ripe for the picking it seems. Companies online should be like companies offline with the data protection act and get rid of addresses, old billing info, etc. after a certain (short) period of time. What is good for paper is even better for the internet...

    Playing MUDs and MMOs since 1994.

    image
  • JayBirdzJayBirdz Clarksville, TNPosts: 1,017Member

    Originally posted by tkoreaper

    Honestly, if anyone get's hacked in this game it's your own damn fault. People on the internet are inheretly dumb... those of you that got hacked and blame it on Trion proves it. People just don't understand that most hacking is done form forums or keyloggers. If you use the same password/login information everywhere then you're just asking to get hacked... You're just as guilty if you don't use any kind of antivirus software. And you REALLY deserve to be hacked if you were gullible enough to fall for phishing emails.

     

    In the current state of the game it's almost impossible to get hacked unless you're guilty of one of the mistakes above. Not only do they need your account info, but they also need your email information in order to get past coin lock. With the information that was "suspected" to be stolen tey won't have enough to hack you, unless of course you're an idiot. You can get all super paraniod and get the FREE authenticator and get a gmail account and enable it's 2 step authentication.

      Read the op next time before breaking out into a rant. 

  • MurlockDanceMurlockDance ParisPosts: 1,223Member

    Originally posted by PukeBucket





    Yeah that's mostly true.

    Some companies do "info dumps" after a certain time period because it's actually a security risk to "just delete data" right off the server. Data mining looks for those events and many times people can reconstruct it into usable information.

    Kind of scary huh?

    So common practice is; billing data gets placed into a secure store with other information. It's held until that data is considered outdated information, and then dumped. Because more than likely most people move / get new cards / change numbers and other information every 5 years or so.

    Your information being kept in a lot of cases IS the safest and responsible action a company can take normally.

    Hackers hack tho'. That's what they do. So it's really a damned if you do, damned if you don't situation.

    They could just say "oh we wipe all of that information so if it's recovered and used against you, we've done our part" while that's a completely legal way companies can skirt the responsibility; most take care and try to handle it as safely as possible.


     

    Ugh, I posted my long-winded reply while you posted this. Is there anyway to take old databases offline and do an info dump in a quaranteened environment? I am not a computer IT person, so don't know if it is possible, but do these things always have to be done online?

    Playing MUDs and MMOs since 1994.

    image
  • GorillaGorilla Posts: 2,202Member Uncommon

    Originally posted by tkoreaper

    Honestly, if anyone get's hacked in this game it's your own damn fault.

    How is it my fault that some one has ripped off Trion's user database? Some people are truly mind boggling. I wont say mind boggling what as I don't want to get an infraction.

  • armanth13armanth13 Coos Bay, ORPosts: 34Member

    No, hackers are unstoppable, it's the build a better mousetrap.  Hackers, at least "real" ones do what they can to break through and leave a note or something to say "YO!  We got in here are some of the holes, FIX and we'll be back again to break through another unprotected area".  It's not a matter of how secure or how good your personal web-security people are, if a hacker wants in and they are good enough they will get in.  The ONLY way anything is secure on a computer is one that has NO connection to a outside line/another computer/internet/wifi/remote access of any kind.  Then it's a breaking and entering thing in order to get physical access to the computer.  It's gonna happen, I'm sure blizzard has had it happen whether or not it was leaked to media or even alerted to their subscriber base is unknown(I just don't know/remember if anything ever hit the media).  What your looking at is another in a long string of problems that will plague the internet gaming community.

  • armanth13armanth13 Coos Bay, ORPosts: 34Member

    Really?  Then EXPLAIN TO ME why someone who is a IT Security Specialist who has a special set of programs that tell him when ANYTHING from a cookie to a packet of information to a installation of a program hits his harddrive(whether it be a keylogger or winamp).  This guy uses completely random numbers and letters for passwords and every site he uses a different username and password which he only keeps on a paper pad he stores in his locked desk.  Now he got his WoW account hacked not just once but twice.  So to say it was HIS fault is like saying that our current president is responsible for every action that every president that came before him did or any legislation that was put into place.

  • faxnadufaxnadu HelsinkiPosts: 940Member Uncommon

    Originally posted by Complication

    im so sick of reading about all these gaming companies getting attacked and pillaged by hackers. hackers are so damn annoying!!  we need to elect g.w.bush again so he can declare war on hackers lol

    deathsentence but then again hackers are mostly hired by other companies in same business to do harm ;)

  • tkoreapertkoreaper Castroville, TXPosts: 401Member Common

    Originally posted by JayBirdz

    Originally posted by tkoreaper

    Honestly, if anyone get's hacked in this game it's your own damn fault. People on the internet are inheretly dumb... those of you that got hacked and blame it on Trion proves it. People just don't understand that most hacking is done form forums or keyloggers. If you use the same password/login information everywhere then you're just asking to get hacked... You're just as guilty if you don't use any kind of antivirus software. And you REALLY deserve to be hacked if you were gullible enough to fall for phishing emails.

     

    In the current state of the game it's almost impossible to get hacked unless you're guilty of one of the mistakes above. Not only do they need your account info, but they also need your email information in order to get past coin lock. With the information that was "suspected" to be stolen tey won't have enough to hack you, unless of course you're an idiot. You can get all super paraniod and get the FREE authenticator and get a gmail account and enable it's 2 step authentication.

      Read the op next time before breaking out into a rant. 

    It was a repsonse to the people claiming the game has poor security and have been hacked before.

  • tkoreapertkoreaper Castroville, TXPosts: 401Member Common

    Originally posted by Gorilla

    Originally posted by tkoreaper

    Honestly, if anyone get's hacked in this game it's your own damn fault.

    How is it my fault that some one has ripped off Trion's user database? Some people are truly mind boggling. I wont say mind boggling what as I don't want to get an infraction.

    First off, they didn't get enough information to do anything with right away... maybe with time they could have but you're well aware of the situation now... right?

    So yes, if you get hacked after this... it is your fault.

    What I said was directed more towards those that said they were hacked in the past.

  • PhaserlightPhaserlight Boca Raton, FLPosts: 867Member Uncommon

    I just got finished updating my password, reconfirming, etc., after getting the email, even though I haven't touched Rift since beta.  This is going to make me think twice before signing up for even another beta test.

    "To be what you are not, experience what you are not." -Saint John of the Cross
    Authored 110 missions in Vendetta Online
    Check it out on Steam

  • JoeyMMOJoeyMMO SomewherePosts: 1,326Member

    It's a hassle, especially if you used that password elsewhere too. Even when encrypted, they could have known passwords already set up to be able to decrypt fast. In short password compromised, personal information out there. Whew, not good. I hope I got instances of that password...

    I'm glad they reported the break-in though, so good points there.

    imageimage
13»
Sign In or Register to comment.