A ghost from the past emerges...
There are, generally speaking, about a quarter-million account breaches per month worldwide that involve the release of personal information. In the case of breaches involving MMO/gaming companies it's usually millions of accounts being compromised at a time.
And, as was mentioned already by multiple people on this thread, there is no such thing as "secure," unless you're talking about a maximally locked-down, non-networked machine with physical access controls in place to restrict who can sit down in front of the keyboard.
This stuff happens. No matter who you are or how much protection you employ, sooner or later someone will get in and get their mitts on data. The entire ITSEC world is all about trying to minimize the probability of this happening but there's no way to prevent it entirely without taking systems offline, and even then there are "meatworld" based attacks: social engineering.
Trion's response is welcome and should be the norm, but isn't the norm among tech companies generally and gaming companies specifically. Companies with large customer data repositories should always report breaches as soon as they can do so safely without risk of additional compromises. Sadly, most of the bigger names in the MMO world, for example, won't report breaches unless they absolutely have to.
There's also an argument to be made for encrypting the entire customer database, but the practicalities of this are sometimes an issue as decrypting the data takes time and people (especially gamers) are impatient. Personally, I have zero problem with a 15-or-so-second wait to log in if it means that my info is being decrypted, checked against multiple credentials (e.g., known IPs, password, authenticator code), and verified in a secured environment each time, but there are many folks out there that scream at microwaves for taking too long and they might not appreciate an extra delay.
Since security is not an absolute, what we all have to work with are compromises - we all trade privacy for functionality just to do things on a daily basis, and Trion (like all MMO operators) has to trade additional layers of security for ease of use (since tighter security is harder to use and takes longer to work with), decreased systems complexity, and better reliability/uptime. I'm sure Trion is more than willing to leave no stone unturned in its quest to keep everything secured, and we've seen in the past (and I probably more than anyone else) that Trion is an unstoppable juggernaut when it comes to getting things fixed when a problem appears, but are we as users willing to jump through an extra hoop or two to make beefier out-of-game security possible, if it comes to that?
Bookmarks