+ Reply to Thread
Page 11 of 29 FirstFirst ... 7 8 9 10 11 12 13 14 15 21 ... LastLast
Results 151 to 165 of 429
Like Tree93Likes

  Click here to go to the first Rift Team post in this thread.   Thread: Important notification concerning your Trion Worlds account

  1. #151
    Soulwalker Marmalade's Avatar
    Join Date
    Nov 2010
    Posts
    19

    Default

    I am not yet certain, but I think the credit card I use to pay for the game might have been compromised. I tried to buy a gift for my nephew with it two hours ago and it was maxed. Won't be able to check with the bank till after Christmass, though Needless to say this is causing a lot of distress, considering the card has an ample limit.
    Last edited by Marmalade; 12-23-2011 at 11:44 AM.
    I used to tell people that I took an arrow in the knee. But then I stepped on a LEGO...

  2. #152
    Rift Chaser SpyderArachnid's Avatar
    Join Date
    Feb 2011
    Location
    Bowling Green, KY
    Posts
    353

    Default

    Quote Originally Posted by the_real_seebs View Post
    Interesting. Never saw that; I'm not on the mailing list. I hadn't formed any opinion of this. I did see threads asking that we get both sets, and I think we should, but I guess it never rose to the level of bothering me.
    I was going to add this to my post, but guess I wasn't fast enough.

    Original advertisement: http://gi138.photobucket.com/groups/...an_Rewards.png

    Notice the image at the top of the page. It shows male and female versions of the armor. Now, if they weren't going to give us those armors that are depicted in the picture above the advertisement, then why show them on the advertisement and tell us we would receive guard armors of our faction?

    New advertisement: http://cdn.riftgame.com/rift/blast/2...etRewards1.jpg

    This is the header image for Veteran Rewards. Notice anything different from this image and the original image that was advertised? That's right. They removed the females from the advertisement. They did this after the threads started appearing about false advertising claims about females not receiving the female outfits that were advertised.

    If you check the veteran rewards page as well, the females have been removed also, just showing the males now. The first image I posted had the images of male and females guards, but after we got the armors and were disappointed that we didn't get what was advertised to us, the advertisement changed to only show male armors in the images.
    Last edited by SpyderArachnid; 12-23-2011 at 11:56 AM.

  3. #153
    General of Telara
    Join Date
    Feb 2011
    Posts
    915

    Default

    Quote Originally Posted by Malazoth View Post
    Three days of play and a trinket hardly compensate for the inconvenience of changing passwords to include those insipid special characters.
    You should probably have been using "those insipid special characters" from the start. I'm at the point where if an MMO won't let me use them in my password it starts getting under my skin. Hell, that was the start of why I ended up saying sod off to Frogster and Runes of Magic even though the game looked to be semi-decent.

    Quote Originally Posted by Malazoth View Post
    I don't want to sound like I'm ungrateful but the security question selections also stink. You should allow users to fabricate their own questions and answers, not questions that rely on assumptions: (I.e. every person knows their mother and father -- what about orphans? Every person had a pet or stuffed toy as a child -- what about people who had life-threatening allergies as a kid? etc.)
    Honestly, I agree that having pre-made security questions is a horrible thing in this day and age, but the rest of your complaint doesn't work too well given that nothing forces you to answer the question directly or even honestly.

    Question: What street did you grow up on?
    Answer: I didn't grow up on a street, I grew up in a house.

    Question: What is your mother's maiden name?
    Answer: My mother was a maiden? I call bull!

    Question: What was your childhood nickname.
    Answer: Something sexually explicit.

    Question: What was your favorite toy?
    Answer: Blue 42! Blue 42! Hut! Hut! HIKE!

    Etc. etc. etc.

    Being able to pick your own questions if you want to provide something that will let you remember honestly provided answers would be a great thing, but it also doesn't prevent you from providing snarky, off-the-cuff, or outright fabricated/nonsensical responses to pre-made questions.

    Quote Originally Posted by unhappybod View Post
    I also wonder if this breach constitues negligence and possibly renders trion liable reference the data protection act here in the UK. I have cancelled my account and will never play rift again.
    Unless it can worm around the "all services provided as-is and you agree not to hold us responsible" clauses in, or at least presumably in, the ToS/EULA for Rift I would doubt it.

    Quote Originally Posted by SpyderArachnid View Post
    Yet when we received these armors, they were not at all what was advertised to us. We received armor that was not the armor in the advertisement.
    Edit: In light of the links in your later post I have to say I'm not sure I see the difference except for the lack of female armors. Was this the issue?

    Quote Originally Posted by SpyderArachnid View Post
    -Spindrel Mount: This was the other case of false advertising. In the trailer for 1.5 (I believe it was), they advertised the Spindrel mount in the trailer, showing it off as new content in the new patch that was coming. When you advertise a new patch, you don't go showing off items that are unobtainable do you? No. So players were led to believe that this new mount was obtainable in the new patch cause it was advertised in the new trailer for that patch.
    I was under the impression that that particular mount was in fact made available in 1.5 as part of the "special edition" package that was sold. I'm not aware of any implicit or explicit claims that it was going to be part of the basic services/additions for the patch.

    I'm not unsympathetic to the idea that pre-release content views could have been construed as proof or evidence that something would be available for everyone when the content went live, but I don't take it as a guarantee either. Blizzard, for example, has done the same thing with many of their claims about their Cataclysm expansion, claims ranging from opening up talent trees for more customization/freedom in builds and changing raid mechanics to make raids "bring the player, not the class" to the whole Path of the Titans debacle. For those who aren't aware character builds are now even more static and unvaried than before, the massive amount of homogenization to the classes has done nothing to the "bring the buff" mentallity except make it "bring two paladins or one paladin and a druid" instead of "bring two paladins, one druid," and Path was scrapped in favor of just revamping glyphs.

    Again though, this isn't something I pay much attention to as fluff items generally don't matter to me. Hell, I don't have a single character who has a 90% mount much less the 110% mounts. Everyone's using the CE turtle.

    Quote Originally Posted by Malazoth View Post
    the_real_seebs added to ignore list for being a suck-up fanboy.
    That is a very rational, mature response. I applaud you for having the fortitude to make such a stand for good old-fashioned American values.
    Last edited by Marikhen; 12-23-2011 at 12:07 PM.

  4. #154
    Ascendant the_real_seebs's Avatar
    Join Date
    Jan 2011
    Posts
    16,859

    Default

    Quote Originally Posted by Malazoth View Post
    What you say to us is suspect. You are not a neutral, disinterested third party.
    No one is.

    Those of us who play the game are PISSED!
    Except the ones who aren't.

    Stop demanding that we stop demanding answers.
    I'm making no demands. I'm just pointing out that a lot of the complaints about security here make no sense.

    Seriously, a personal email address for personal responses? That's nonsensical. Questions that need to be answered should not be answered once per customer; they should be answered once in public so we can all benefit from the answers.

    There's a lot of questions here which I'm sure many of us, me included, would like to see answers to.
    You can play WoW in any MMO. You don't have to play WoW in RIFT. Oh, and no, RIFT is not a WoW clone. Not having fun any more? Learn to play, noob! I don't speak for Riftui, but I moderate stuff there. Just came back? Welcome back! Here's what's changed. (Updated for 2.5!)

  5. #155
    Ascendant the_real_seebs's Avatar
    Join Date
    Jan 2011
    Posts
    16,859

    Default

    Quote Originally Posted by SpyderArachnid View Post
    I was going to add this to my post, but guess I wasn't fast enough.

    Original advertisement: http://gi138.photobucket.com/groups/...an_Rewards.png

    Notice the image at the top of the page. It shows male and female versions of the armor. Now, if they weren't going to give us those armors that are depicted in the picture above the advertisement, then why show them on the advertisement and tell us we would receive guard armors of our faction?
    Sounds to me like a normal communications screwup. "We're putting in guard armors." Someone goes and makes a picture of "guard armors".

    The text of the advertisement does not say "two sets of armor per faction", it just says guard armors. We got guard armors. I'd be happier if we got both sets, and I'd agree that the original ad gave a misleading impression, but it does not rise to the level of "false advertising". They didn't make an actual statement which was untrue.

    You can't blame people for inferences you draw.
    You can play WoW in any MMO. You don't have to play WoW in RIFT. Oh, and no, RIFT is not a WoW clone. Not having fun any more? Learn to play, noob! I don't speak for Riftui, but I moderate stuff there. Just came back? Welcome back! Here's what's changed. (Updated for 2.5!)

  6. #156
    Ascendant Hodor's Avatar
    Join Date
    Mar 2011
    Posts
    3,830

    Default

    I also do not feel comfortable with my e-mail being my log on. It is very unsecure.

    Consider some people use instant messaging. A large source of hacks results from people's email being gleaned from instant messaging, the "hacker" then has their login, and may be able to get in if a poor password is chosen. Not to mention they can then scour the internet in a search and try to begin digging for info which would lead to hacking the email account, compromising your facebook, bank, school, and all other services.

    For this reason I use an email address which is seperate from anything else. However, to use email as a login, is terrible security. It would be much better to use an unrelated user name so that a 3rd party could not get an email address, thereby preventing them from having half the work done for them by poor security.

    Now if Trion's DB was stolen, sure they would have access to the email anyway, but it does not offer an excuse for this poor design.

    I have not read through this thread so I do not knwo if it has been covered, but please allow us to choose and use a username, instead of email address, if we prefer.

    I can also see why people leaving on trips or already on trips would be extremely ticked off at the inconvenience of having their only travel credit card needing to be cancelled just to be sure.

    Really, companies (SONY) have been in the news getting hacked for a while now. Why haven't you done due diligence and called in security experts to prevent this?
    Last edited by Hodor; 12-23-2011 at 12:49 PM.

  7. #157
    Shadowlander Rarefy's Avatar
    Join Date
    Nov 2011
    Posts
    43

    Default

    Quote Originally Posted by Spiritslayer View Post
    No security system is 100% hacker proof. However, companies that have good security policies get out in front of the problem and inform their customers in a timely manner. Trion has done just that.

    Think about it. SWTOR launched this week and is one of the most hyped and anticipated MMOs - directly competing with RIFT. It also happened as they were just kicking off a free trial period to attract new and former players. They could have waited to confirm what data was stolen and sat on the information for at least a month or so. Instead, they got the information out via email and social networking sights and took a HUGE PR hit just before the holidays to warn their customers and help prevent fraud to their financial accounts.

    Sony, TJX, BJ's, and other large companies sat on their breaches as long as they could - and in most cases the databases that were compromised contained full credit card numbers with no encryption. If you think EA wouldn't have done the same if the situations were reversed your kidding yourself.

    I'm not happy Trion got hacked - especially compromising my DOB. That being said by notifying their customers of the breach as soon as possible rather than trying to protect potential profits shows they have the community's back at heart and are trying to do the right thing as fast as possible. The new password policy is the strictest I've seen (and I'm in banking) and expanding passwords to allow that many characters should give even the best keyloggers writing cramps.

    Thank you Trion for how you responded to this situation.
    Actually Trion had NO other recourse but to inform us of the security breach. Their corporate offices are located within California and the State of California has a law on the books that require companies to notify you if your information has been compromised. Your 'applause' is invalid and it doesn't wash with me. As of this point that announcement is nothing more then Trion complying with regulations enacted because of things like this. In fact California was the first state to pass a law of this kind in 2003.

    Take a look at this http://www.privacy.ca.gov/res/docs/p...tices_6-09.pdf document and look for the section 'Security Breach Notification'. Excerpt listed below.

    I had renewed for a full year, but deleted my subscription information after it had renewed. Call me paranoid or whatever else you want. But with the number of people loosing their identity in today's age, and with their past track record regarding security it only made sense.

    I just want to know that when I delete my payment authorization information if it really removes it from their databases? Or is that information still stored with a flag so it just isn't displayed to me on a web page!

    Trion needs to give full disclosure as of this point as to how that information is kept in their systems.


    Excerpt
    One of the most significant privacy laws in
    recent years is the California law intended to give
    individuals early warning when their personal information
    has fallen into the hands of an unauthorized
    person, so that they can take steps to
    protect themselves against identity theft or to
    mitigate the crime’s impact. While the law originally
    focused on breaches involving the kind of
    information used in financial identity theft, growing
    concern about medical identity theft led to
    the addition of medical and health insurance information
    as “notice-triggering” in 2008.

    Since the California law took effect in 2003,
    news reports of breaches have brought the issue
    of information security to public attention. Notifying
    affected individuals in such cases has become
    a standard practice, and at least 43 states
    have enacted notification laws based on
    California’s.
    Don't shame yourself by being trivial.

  8. #158
    Champion of Telara Sargonnas_KoA's Avatar
    Join Date
    Dec 2010
    Posts
    1,297

    Default

    Quote Originally Posted by SpyderArachnid View Post
    I was going to add this to my post, but guess I wasn't fast enough.

    Original advertisement: http://gi138.photobucket.com/groups/...an_Rewards.png

    Notice the image at the top of the page. It shows male and female versions of the armor. Now, if they weren't going to give us those armors that are depicted in the picture above the advertisement, then why show them on the advertisement and tell us we would receive guard armors of our faction?

    New advertisement: http://cdn.riftgame.com/rift/blast/2...etRewards1.jpg

    This is the header image for Veteran Rewards. Notice anything different from this image and the original image that was advertised? That's right. They removed the females from the advertisement. They did this after the threads started appearing about false advertising claims about females not receiving the female outfits that were advertised.

    If you check the veteran rewards page as well, the females have been removed also, just showing the males now. The first image I posted had the images of male and females guards, but after we got the armors and were disappointed that we didn't get what was advertised to us, the advertisement changed to only show male armors in the images.

    Really? That and the mount are false advertising to you? You inferred what you wanted to from pictures. That's your fault. Really can some of you nitpick any more?.

  9. #159
    Soulwalker Adoreth's Avatar
    Join Date
    Jan 2011
    Location
    Canada
    Posts
    13

    Default New security measures need to be addressed.

    The database in question contained information including user names, encrypted passwords, dates of birth, email addresses, billing addresses, and the first and last four digits and expiration dates of customer credit cards.
    For all you people who pay with time cards you are actually the smart ones. We who pay with credit cards are SOL. I must delete my email account, and I'm going to inform my credit card company to send me a new credit card.

    Again... I will NOT thank Trion for their lack of security to keep my information safe. After my 1 year membership expires I will not be returning. You may keep your paltry excuse of a "gift" as an apology and to pacify your clients. You can not pull the wool over my eyes. What happened is serious. You people who are so forgiving need to realize just how serious the breach of security is to your personal life.

    First of all there is one thing Trion does that I am not in favor of, and that is that they have you login into their forums with the same information that you use log into your financial information. That in itself is a big security hole. Tiron is not the only game that has their clients use the same information for Forums that they do for their accounts. The gaming industry needs to be more responsible with their security measures.

    Also, the security key that you can have sent to your cell phone is ok ONLY if you have a cell phone. There are people in this world who do NOT own a cell phone. There needs to be another way to address this situation.

    I'm not one of the people who will be going to Star Wars but they have something that I really liked. It was a USB key that did not require a cell phone to activate a secure password. TIRON, if you want to make this problem go away, try looking at alternative methods to generate random secure keys for your clients.

    Thank you, have a Merry Christmas. I've spent the entire afternoon trying to get my email address secured. My ISP is also inept.

    I may complain, but at least I have a suggestion to an alternative solution.

  10. #160
    Sword of Telara
    Join Date
    Feb 2011
    Posts
    800

    Default

    Quote Originally Posted by Marikhen View Post
    You should probably have been using "those insipid special characters" from the start. I'm at the point where if an MMO won't let me use them in my password it starts getting under my skin. Hell, that was the start of why I ended up saying sod off to Frogster and Runes of Magic even though the game looked to be semi-decent.
    This wasn't a password problem. It sort of like Toyota addressing their break problems by requiring louder seat belt alarms.
    Last edited by Raymath; 12-23-2011 at 12:58 PM.

  11. #161
    Shadowlander
    Join Date
    Apr 2011
    Posts
    46

    Default

    Quote Originally Posted by the_real_seebs View Post
    That sounds really upsetting, and I don't blame you for being concerned. However, how did you get to "had to cancel"? I wasn't planning to cancel a card based on what they told me so far; people having the first and last four digits is not a particularly big risk. They don't have the CVV number, for one thing.

    That said... This is one of the reasons I have more than one card, so if something happens to one I've got the others.

    Still, I don't blame you for being upset, the timing really is spectacularly bad.
    What? The item I read only spoke about the last 4, not the first. Second of all that is a HUGE deal. There is actually a truckload you can do with that information. TRION cannot with any certainty say what the attackers got in the attack (if they could they should probably use those same skills to identify the hackers), they might have gotten the CVV number as well. To my knowledge there isn't software that indefinately identifies what is gained in an attack beyond logs, even then they would had to have had a hash of the old logs to verify them by. It is also common practice in any lost card/identity theft situation that the bank cancel the card and issue new ones whenever a breach such as this occurs.

  12. #162
    Shadowlander
    Join Date
    Apr 2011
    Posts
    46

    Default

    Quote Originally Posted by Adoreth View Post
    For all you people who pay with time cards you are actually the smart ones. We who pay with credit cards are SOL. I must delete my email account, and I'm going to inform my credit card company to send me a new credit card.

    Again... I will NOT thank Trion for their lack of security to keep my information safe. After my 1 year membership expires I will not be returning. You may keep your paltry excuse of a "gift" as an apology and to pacify your clients. You can not pull the wool over my eyes. What happened is serious. You people who are so forgiving need to realize just how serious the breach of security is to your personal life.

    First of all there is one thing Trion does that I am not in favor of, and that is that they have you login into their forums with the same information that you use log into your financial information. That in itself is a big security hole. Tiron is not the only game that has their clients use the same information for Forums that they do for their accounts. The gaming industry needs to be more responsible with their security measures.

    Also, the security key that you can have sent to your cell phone is ok ONLY if you have a cell phone. There are people in this world who do NOT own a cell phone. There needs to be another way to address this situation.

    I'm not one of the people who will be going to Star Wars but they have something that I really liked. It was a USB key that did not require a cell phone to activate a secure password. TIRON, if you want to make this problem go away, try looking at alternative methods to generate random secure keys for your clients.

    Thank you, have a Merry Christmas. I've spent the entire afternoon trying to get my email address secured. My ISP is also inept.

    I may complain, but at least I have a suggestion to an alternative solution.
    The people who aren't worried about this are on mommy and daddy's dime, or make minimum wage so aren't concerned about losing their weekly paycheck. I absolutely agree with you as well, day 1 when I put the disc in my PC I read the forums and posted about adding additional authenticator types, to date nothing else has ever been said.

  13. #163
    Soulwalker
    Join Date
    Dec 2011
    Posts
    4

    Default

    The most important information we need from Trion is regarding encryption.

    The wording on the statement refers to encryption only being used on Trion passwords.

    The database in question contained information including user names, encrypted passwords, dates of birth, email addresses, billing addresses...
    Can we have immediate confirmation whether or not the rest of the information was encrypted. Precise statements are required.



    I assume, a big corporation like Trion would use 128 bit keys (ie, a very, very, very long key to a lock). Here's a quote from MyCrypto.net:

    "As key lengths increase, the number of combinations that must be tried for a brute force attack increase exponentially. For example a 128-bit key would have 2^128 (3.402823669209e+38) total possible combinations. For example, to theoretically crack the 128-bit IDEA key using brute force one would have to:
    • develop a CPU that can test 1 billion IDEA keys per second
    • build a parallel machine that consists of one million of these processors
    • mass produce them to an extent that everyone can own one hundred of these machines
    • network them all together and start working through the 128 bit key space"


    After all of that, it would take 20,000 (or more) YEARS to break the code.

    However, I will say there are other methods of breaking encryption.

    Make of that information what you will. However, I want a YES or a NO if my personal and credit details were encrypted.
    Last edited by Vodd; 12-23-2011 at 01:17 PM.

  14. #164
    Soulwalker
    Join Date
    Dec 2011
    Posts
    4

    Default

    Quote Originally Posted by Hellrime View Post
    The people who aren't worried about this... make minimum wage so aren't concerned about losing their weekly paycheck.

    Wow. Just, wow.

  15. #165
    Champion of Telara Sargonnas_KoA's Avatar
    Join Date
    Dec 2010
    Posts
    1,297

    Default

    Quote Originally Posted by Hellrime View Post
    The people who aren't worried about this are on mommy and daddy's dime, or make minimum wage so aren't concerned about losing their weekly paycheck. I absolutely agree with you as well, day 1 when I put the disc in my PC I read the forums and posted about adding additional authenticator types, to date nothing else has ever been said.
    That's one hell of a stereotype to make. My parents are dead and I make good money, and I'm not horribly worried. I know what I need to do in this situation and I'm not going to sit on this forum throwing a temper tantrum like some others. I don't like the situation and if something does come from it I will hold Trion accountable. What else needs to be said?

+ Reply to Thread
Page 11 of 29 FirstFirst ... 7 8 9 10 11 12 13 14 15 21 ... LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts