+ Reply to Thread
Page 12 of 29 FirstFirst ... 2 8 9 10 11 12 13 14 15 16 22 ... LastLast
Results 166 to 180 of 429
Like Tree93Likes

  Click here to go to the first Rift Team post in this thread.   Thread: Important notification concerning your Trion Worlds account

  1. #166
    Soulwalker
    Join Date
    Nov 2011
    Posts
    7

    Default Please reconsider trinket--not a good idea

    BTW, thanks Trion for the immediate notification.

    Also, I don't really like the Moneybag being trinket that I have to swap everytime I fight vs loot.
    Ditto on both points. I appreciate the quick notification, and I know that anyone can be hacked.

    I would like to add that I think the trinket is a bad idea since it weakens your stats & won't be used. If your goal is for people to get more gold, then increase the game loot rate overall for a couple weeks. Or send everyone a lump sum.

    But it could be worse--please don't send snowflakes! I'll be happy when the Christmas season is over and I don't get any more snowflake drops. Cute at 1st, but then got tiresome since they were pretty useless after a purchase or two.

  2. #167
    Sword of Telara
    Join Date
    Feb 2011
    Posts
    800

    Default

    I wish they'd put out a FAQ and address some of the serious questions in this thread. I'm reasonably sure there is no credit card info on me since I deleted that info when I cancelled my subscription.

    If Trion maintains that data in other files that doesn't show up when I manage my account, they need to say that.

    If Trion suspects full credit card numbers can be gleaned from the information illegally accessed, they need to state that.

  3. #168
    Shadowlander
    Join Date
    Apr 2011
    Posts
    46

    Default

    Quote Originally Posted by Sargonnas_KoA View Post
    That's one hell of a stereotype to make. My parents are dead and I make good money, and I'm not horribly worried. I know what I need to do in this situation and I'm not going to sit on this forum throwing a temper tantrum like some others. I don't like the situation and if something does come from it I will hold Trion accountable. What else needs to be said?
    I wasn't referring to you then specifically. Being calm, and being blindly complacent are two different things. My comment is towards the "There isn't anything to worry about" crowd when there most certainely is. To downplay this situation to someone who knows better is going to cause stones to be thrown.

  4. #169
    Sword of Telara
    Join Date
    Feb 2011
    Posts
    800

    Default

    Well the story, and the detached tone of the notification, are starting to spread on the internet. Perhaps we'll get more information if a news outlet gets involved. I'm just thinking there must be FTC regulations in place that tells a company what they must do in a situation like this.

  5. #170
    Sword of Telara
    Join Date
    Feb 2011
    Posts
    800

    Default

    I found a link to a FAQ on this mess:

    http://www.trionworlds.com/en/games/...tification-faq

  6. #171
    Plane Walker
    Join Date
    Dec 2010
    Posts
    408

    Default

    Quote Originally Posted by Hellrime View Post
    The people who aren't worried about this are on mommy and daddy's dime, or make minimum wage so aren't concerned about losing their weekly paycheck. I absolutely agree with you as well, day 1 when I put the disc in my PC I read the forums and posted about adding additional authenticator types, to date nothing else has ever been said.
    And all the people screaming bloody murder have 0 clue about how things work and yet try to pretend like they know everything. I'll bet if anything, most people crying bloody murder on trion already have their credit card information and all their personal information on some hacker or groups list.

    If a hacker wants in, trust me, they can get in. Some places are harder to get into then others but they are still all around. The only way a place can be 100% secured (at least in terms of 'digital' security) is if they have their information locked locally, kept from the internet and using a wired connection. When the internet is involved, it makes information that much more at risk and vulnerable despite what you do.

    My advice? Lay off what you don't know. Sure, be paranoid if you like, but just know your information was taken even more in depth way before this happened most likely.

  7. #172
    Ascendant the_real_seebs's Avatar
    Join Date
    Jan 2011
    Posts
    16,859

    Default

    Quote Originally Posted by Hellrime View Post
    What? The item I read only spoke about the last 4, not the first. Second of all that is a HUGE deal. There is actually a truckload you can do with that information. TRION cannot with any certainty say what the attackers got in the attack (if they could they should probably use those same skills to identify the hackers), they might have gotten the CVV number as well. To my knowledge there isn't software that indefinately identifies what is gained in an attack beyond logs, even then they would had to have had a hash of the old logs to verify them by. It is also common practice in any lost card/identity theft situation that the bank cancel the card and issue new ones whenever a breach such as this occurs.
    This is a bit oversimplified. It is quite easy to have a system where partial data is available in a database that isn't the same one that has the full data, for instance. I'd say that they're pretty clear on what got taken. That doesn't guarantee the availability to identify who took it; Trion has access to their own machines, logs, things like that, but that doesn't mean they have access to everyone else's logs -- furthermore, "some IP address in the Ukraine that's itself been compromised for months" or something to that effect is pretty useless.

    I dunno. I'm not hugely worried, just because this is far from the first time that a database including information about me has been obtained, and it won't be the last, and so far, I'm still breathing.
    You can play WoW in any MMO. You don't have to play WoW in RIFT. Oh, and no, RIFT is not a WoW clone. Not having fun any more? Learn to play, noob! I don't speak for Riftui, but I moderate stuff there. Just came back? Welcome back! Here's what's changed. (Updated for 2.5!)

  8. #173
    Rift Chaser Fangthane's Avatar
    Join Date
    Sep 2011
    Posts
    362

    Default

    lolz.... thanks Trion for the free Christmas joke book..... listening to these noobs cry and cry about their mom's CC getting compromised....

    Here's some hints about how to be responsible for yourself next time.
    1) Always assume everything will get hacked eventually.
    2) Don't use junk passwords.
    3) Use PayPal - if they get hacked, at least the banks are going to have to resend out a few million other CC's as yours.
    4) Use reloadable CC's, that you load only as much as you're going to need.

    I think Trion's disclosure and response has been great. Obviously there are legal obligations nowadays, but they have went beyond. The main thing that has surprised me is that passwords were stored encrypted, instead of one-way hashes. Not best practice.

    And for those who worry about their CVV, don't. Trion's not allowed to record it at all.
    Last edited by Fangthane; 12-23-2011 at 02:12 PM.
    Founder, and sometime Cleric

  9. #174
    Ascendant the_real_seebs's Avatar
    Join Date
    Jan 2011
    Posts
    16,859

    Default

    Quote Originally Posted by Raymath View Post
    Well the story, and the detached tone of the notification, are starting to spread on the internet. Perhaps we'll get more information if a news outlet gets involved. I'm just thinking there must be FTC regulations in place that tells a company what they must do in a situation like this.
    So far as I can tell, Trion has done more than is required of them. This does not surprise me.

    What tone would you prefer? I'm liking the calm factual statement, myself; that's how security is supposed to be handled.
    You can play WoW in any MMO. You don't have to play WoW in RIFT. Oh, and no, RIFT is not a WoW clone. Not having fun any more? Learn to play, noob! I don't speak for Riftui, but I moderate stuff there. Just came back? Welcome back! Here's what's changed. (Updated for 2.5!)

  10. #175
    Rift Chaser NerfedWar's Avatar
    Join Date
    Dec 2010
    Posts
    377

    Default

    Quote Originally Posted by the_real_seebs View Post
    So far as I can tell, Trion has done more than is required of them. This does not surprise me.

    What tone would you prefer? I'm liking the calm factual statement, myself; that's how security is supposed to be handled.
    Hi seebs,

    Ignoring the irrelevant in-game freebies, I don't really see how Trions have done anything beyond what they need to do in order to protect themselves.

    Hopefully well see more information from them soon as to the exact information that was retrieved and when exactly this took place.

    Myself, I don't care about my CC info being stolen too much, that is protected by the bank who will refund me, but things like personal secrets are a little more worrying as they provide an attack vector to other accounts.
    ...the internet treats censorship as damage, and routes around it...
    NerfedWar Addons and Tutorials
    * Note: tutorials are currently being ported to the new site.

  11. #176
    Soulwalker
    Join Date
    Dec 2011
    Posts
    4

    Default

    I really think these are the hackers ... Gmail logged these unauthorized access last night:

    Unknown Russia (92.240.208.115) 12:30 am (17 hours ago)
    Unknown Russia (danpro.ru:46.39.10.229) 3:50 am (14 hours ago)

  12. #177
    General of Telara
    Join Date
    Feb 2011
    Posts
    915

    Default

    Quote Originally Posted by Raymath View Post
    I found a link to a FAQ on this mess:

    http://www.trionworlds.com/en/games/...tification-faq
    Thanks for the link. After reading over it, however, I do have one concern.

    Quote Originally Posted by Trion
    Q: Is my account safe?


    A: We’ve taken many precautions to protect our customers’ information and will continue to do so. Credit card information provided to Trion is always fully encrypted with high levels of encryption. We also do not store plain text passwords, and there is no evidence, and we have no reason to believe, that full credit card information was accessed or compromised in any way. Nonetheless, as a precaution, we are requiring users to change their password on our website, and we encourage them to keep an eye on their account.
    At no point in that response do they actually come out and say, "Yes, your account is perfectly safe" or "No, your account is as safe as we can make it, but it can never be completely safe." It's left to the reader to infer an answer, and I'm not particularly thrilled about that.

    While I appreciate Trion's efforts to clean up this mess I don't appreciate what looks like them weaseling out of a blunt, honest answer to a simple question in a Q&A they put up. Maybe I'm just weird that way, but every other question had a more or less honest, straightforward answer with no attempts at weaseling and this attempt on the second if not the most important question in the list bugs me to no end.

    /shrugs. Then again I'm the sort of person that when I ask someone, "Are you hungry" and they respond, "I just ate an hour ago" I'm forced to ask, "Are you hungry" again because they might as well have said, "The sky is blue" for all the information what they said gave me.

  13. #178
    Shadowlander
    Join Date
    Feb 2011
    Posts
    37

    Default Furious

    I can't believe people are all 'thanks for letting us know!' etc -- this is absolutely unacceptable. In this day and age, that they can't keep our personal info secure is unbelievable. And they offer 3-days free? Whoopdee-frickin-dooo.

  14. #179
    Shadowlander
    Join Date
    Apr 2011
    Posts
    46

    Default

    Quote Originally Posted by Purutzil View Post
    And all the people screaming bloody murder have 0 clue about how things work and yet try to pretend like they know everything. I'll bet if anything, most people crying bloody murder on trion already have their credit card information and all their personal information on some hacker or groups list.

    If a hacker wants in, trust me, they can get in. Some places are harder to get into then others but they are still all around. The only way a place can be 100% secured (at least in terms of 'digital' security) is if they have their information locked locally, kept from the internet and using a wired connection. When the internet is involved, it makes information that much more at risk and vulnerable despite what you do.

    My advice? Lay off what you don't know. Sure, be paranoid if you like, but just know your information was taken even more in depth way before this happened most likely.
    You should take your own advice pal, considering I'm in the security industry. Here is what I DO know, the individuals took very specific data which suggests either weak encryption was used, or none at all for them to be able to find it and decrypt it. Secondly the type of attack suggests an injection attack to gain access to the database, which means there is no input validation and they received administrative privledges to the entire database. Thirdly it suggests that customer data was either behind a very, very weak DMZ, or not at all. Fourthly it suggests that a passive IPS/IDS is in use, as opposed to an active Network IPS which detects anomolies and stops them. Fifth and finally, unless they have a hash of the logs they can't really say what was taken, if anything was changed to obfuscate what was taken they would have no idea.

  15. #180
    Prophet of Telara Venditte's Avatar
    Join Date
    Jan 2011
    Posts
    1,047

    Default

    Quote Originally Posted by Morpeth View Post
    I can't believe people are all 'thanks for letting us know!' etc -- this is absolutely unacceptable. In this day and age, that they can't keep our personal info secure is unbelievable. And they offer 3-days free? Whoopdee-frickin-dooo.
    *Deep philosophical quote on how insignificant humanity is to the universe*
    ehhh, so apathetic, man

+ Reply to Thread
Page 12 of 29 FirstFirst ... 2 8 9 10 11 12 13 14 15 16 22 ... LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts