Heartbleed [New Update 5:07 PM]

124

Comments

  • Neferhotep - Lost City
    Neferhotep - Lost City Posts: 276 Arc User
    edited July 2014
    My accounts are all finde as well (and im not even activ right now lol)... Would love to change my password if i didnt need the e-mail address. Its not hard to find out, but most of them are deleted for sure by now since i have the accounts for over 4 years now >>

    This step might be important but seriously, they should have at least give away an easier way to restore the accounts for now (via code by mobile phone, so you can change passowrd with that code fo example). There are a hell of people not knowing their email password or with deleted addresses and so those people have to send tickets. The ticket system is already a slow system. So this might take some weeks for the people who are affected to get back their chars ...
    I like potatoes <(O~O)>
  • Pickerel - Heavens Tear
    Pickerel - Heavens Tear Posts: 23 Arc User
    edited July 2014
    So.... is this something we should be seriously worried about? As in, should we be changing the passwords as well on accounts that weren't affected by this idiocy?
  • Zoldi - Morai
    Zoldi - Morai Posts: 1,595 Arc User
    edited July 2014
    not sure if all this derps from the management are accidental or intentional,
    i might believe all the late pwe derps could be seen as a strategy to thin out PWI player base to redirect it to their most recent titles.

    It might sound a little "paranoiac" at first but actually I find that interesting. Can we know if this is related to PWI accounts only or related to Arc ? Since Arc is supposed to be the central thing now, I guess other franchises are impacted as well.
    ~ Sage Mystic 105-105-105 ~
    ~ Sage Sin 103-103-102 ~
    ~ Sage vita Barb 103-102-101 ~
    ~ Sage BM 102-101 ~ Demon Archer 102 ~
    ~ Sage Cleric 102 ~ Demon Wizard 101 ~
    ~ Sage Seeker 101 ~ Sage Psy 101 ~
    ~ Sage Heavy Veno 101 ~ Demon Storm 9X ~ Dusk 6x ~
    Started playing this game in 2007 on Oracle (PW-MY) : Demon MG 101 - Sage EP 99 - WF 89
  • _Bagyra_ - Morai
    _Bagyra_ - Morai Posts: 23 Arc User
    edited July 2014
    It might sound a little "paranoiac" at first but actually I find that interesting. Can we know if this is related to PWI accounts only or related to Arc ? Since Arc is supposed to be the central thing now, I guess other franchises are impacted as well.


    I know one person who plays on neverwinter and his wife on same account plays pwi. none of them can use account anymore. so it is ARC not pwi only. nonetheless they can not get password back anymore as they dont get password reset email for verification.

    Seeing how pro game team become i start think heartbleed was just an excuse for some very stupid mistakes they made (maybe even related to 10* orb promo).


    anyhow anyone have more info about this heartbleed and how can i protect my own pc and data online/in computer from it?
  • DEMHEALSMAN - Dreamweaver
    DEMHEALSMAN - Dreamweaver Posts: 1,396 Arc User
    edited July 2014
    >Get email on main account to change password cause lol reset
    >Go to change password
    >Password was updated successfully!
    >Still can't log in with that account.

    Good. Freaking. Job.

    Update:

    Oh, Oh, really. I have to login with my email address now instead of my username as I used to login with the last 4 and a half freaking years.
    And no information about that whatsoever.

    Might want to update you main post there, sparky.

    Update 2:
    It shows my username with "123" behind it... that's... not good

    Update 3:
    So now my email is associated with an account I never created, my toons aren't there.
    I can't log in to my main account.

    Resetting the password sends me an email (on the same email as this entire story is about) with the correct username in the mail (without 123 behind it) but I still am unable to log in after changing password.

    And now I have to send a ticket, wait over the weekend, hopefully get a respond by next wednesday...
    Good job PWE, well ****ing played.
    Soon™
    Well, maybe later, semi-retired.
  • anaovt1
    anaovt1 Posts: 0 Arc User
    edited July 2014
    So.... is this something we should be seriously worried about? As in, should we be changing the passwords as well on accounts that weren't affected by this idiocy?

    I did just in case. It's a good idea to change your pw every now and then anyway.
    Camlyra-Raging Tides. Since the avatar is broken.

    Cleric 103/103/102
    Seeker 102/102/101
    Wizard 101/101/101
    Psychic 102/99
  • XXHotXx - Morai
    XXHotXx - Morai Posts: 1,246 Arc User
    edited July 2014
    It might sound a little "paranoiac" at first but actually I find that interesting. Can we know if this is related to PWI accounts only or related to Arc ? Since Arc is supposed to be the central thing now, I guess other franchises are impacted as well.

    well other pwe titles are not plagued by such glaring bugs, mismanagement,
    f2p players would be tempted to try other fresher titles that can count i guess on higher tier of QC and high-end support team

    openSSL main breach afflicted basically accounts that made transactions in past,

    so i would guess this afflicted mainly oldest PWE titles, of which PWI is basically "the flag" of them

    P.S.: go reply the ******n tickets pls, mine is almost already 24 hours old
    mypers.pw/1.7/#123510
    mypers.pw/1.7/#123524

    i58.tinypic.com/231jj8.jpg
  • DEMHEALSMAN - Dreamweaver
    DEMHEALSMAN - Dreamweaver Posts: 1,396 Arc User
    edited July 2014
    well other pwe titles are not plagued by such glaring bugs, mismanagement,
    f2p players would be tempted to try other fresher titles that can count i guess on higher tier of QC and high-end support team

    openSSL main breach afflicted basically accounts that made transactions in past,

    so i would guess this afflicted mainly oldest PWE titles, of which PWI is basically "the flag" of them

    P.S.: go reply the ******n tickets pls, mine is almost already 24 hours old

    They have a policy of responding withing 5 office days, hoping for a quick response here too, but i'm really curious how my email says the correct username, but logging in with the emailaddress shows my username with 123 after it.

    How can they mess up something like resetting password in a way like this lol.
    Soon™
    Well, maybe later, semi-retired.
  • anaovt1
    anaovt1 Posts: 0 Arc User
    edited July 2014
    They have a policy of responding withing 5 office days, hoping for a quick response here too, but i'm really curious how my email says the correct username, but logging in with the emailaddress shows my username with 123 after it.

    How can they mess up something like resetting password in a way like this lol.

    Do you have any email accounts that forward to that account? Maybe the log-in you should be using is just forwarding to that account.
    Camlyra-Raging Tides. Since the avatar is broken.

    Cleric 103/103/102
    Seeker 102/102/101
    Wizard 101/101/101
    Psychic 102/99
  • DEMHEALSMAN - Dreamweaver
    DEMHEALSMAN - Dreamweaver Posts: 1,396 Arc User
    edited July 2014
    anaovt1 wrote: »
    Do you have any email accounts that forward to that account? Maybe the log-in you should be using is just forwarding to that account.

    No, I don't, no forwards set up, this email has always and only has been associated with my main account.
    When I go to the password recover page, I can enter either my main username, or my main email.
    Both will send an email to my main email with the correct username.

    So I don't know what they did, how they did it, but I suspect monkeys.
    Soon™
    Well, maybe later, semi-retired.
  • nemisaboo
    nemisaboo Posts: 3 Arc User
    edited July 2014
    Me and others have problems logging on our account now. I am not able to play since yesterday and changed my password the appropriate way 4 times now. I got the confirmation that password was changed.

    Account seems blocked, and I sent 2 tickets already. The first answer that I just received was a general answer on how to change my password. Don't need that, PWI need to look into this problem because i'm not alone.
  • Sevchenko - Dreamweaver
    Sevchenko - Dreamweaver Posts: 661 Arc User
    edited July 2014
    "Banging PWE's backdoors and downloading thousands of passwords..." - Just hackerly things. b:laugh

    To the guy who accomplished that, my respect, really.

    And to PWE's reaction an applause, I guess your hacker didn't expect such maneuver (I also HOPE he didn't b:shocked)
    [S.E.V.C.H.E.N.K.O]
    Synthetic Electronic Variant Calibrated for Hazardous Exploration, Nullification and Kamikaze Observation[SIGPIC][/SIGPIC]
  • Desdi - Sanctuary
    Desdi - Sanctuary Posts: 8,680 Arc User
    edited July 2014
    If you've changed your password and still can't log in on ARC/website, give it some time. I couldn't log in either for an hour after changing my password. Might just take time, I don't know.
    [SIGPIC]http://i.imgur.com/MtwcqjL.png[/SIGPIC]
    ★ Venomancer videos - tinyurl.com/k6ppkw4 ★ Desdi - Demon ♪ Wyvelin - Sage ★
  • nemisaboo
    nemisaboo Posts: 3 Arc User
    edited July 2014
    If you've changed your password and still can't log in on ARC/website, give it some time. I couldn't log in either for an hour after changing my password. Might just take time, I don't know.

    For me it has been 14 hours when I changed the password for the 3rd time, and now that I tried to change password again for the 4th time, 4 hours.

    ...

    Edit: its working now, after 24 hours.
  • Xx_BeLLa_xX - Harshlands
    Xx_BeLLa_xX - Harshlands Posts: 7,231 Arc User
    edited July 2014
    nemisaboo wrote: »
    Me and others have problems logging on our account now. I am not able to play since yesterday and changed my password the appropriate way 4 times now. I got the confirmation that password was changed.

    Account seems blocked, and I sent 2 tickets already. The first answer that I just received was a general answer on how to change my password. Don't need that, PWI need to look into this problem because i'm not alone.

    Do not send multiple tickets, cause everytime you do that they put you bad at the end of the queue, just be patient, you're not the only one dealing with this and PWI's staff is pretty limited.
    [SIGPIC][/SIGPIC]

    b:dirty "I **** rainbows and love everyone"-Longknife b:cute
  • nemisaboo
    nemisaboo Posts: 3 Arc User
    edited July 2014
    Do not send multiple tickets, cause everytime you do that they put you bad at the end of the queue, just be patient, you're not the only one dealing with this and PWI's staff is pretty limited.

    You are right, but if you are blocked for so long without reason its hard to be patient. After having asked around in game and found out that more people had this, I send another ticket with urgent marking to get it to their attention.
  • _Bagyra_ - Morai
    _Bagyra_ - Morai Posts: 23 Arc User
    edited July 2014
    this is what kind of information people, who couldnt remember email/log in (and all the other cases), are asked to provide trying to recover accounts from customer support:


    PWE registered Account Name:
    PWE registered Nickname:
    PWE registered Full Name (First, Last):
    PWE registered Account's Current Registered Email Address:
    PWE registered Date of Birth:
    PWE registered Country:
    Current IP address (go to www.whatismyipaddress.com to get this):
    Email address you want it changed to:



    So good luck for every1 who 5 years ago registered accounts and provided fake data like birthday and so on b:surrender

    so far people who failed to answer questions can not get accounts back
  • pupsbacke007
    pupsbacke007 Posts: 0 Arc User
    edited July 2014
    Provided that u can log on to your account, can u actually look up your registered name and/or country? Bec it shows me city option but not country and if city is not registered it dosnt show anything.
  • ankey
    ankey Posts: 8 Arc User
    edited July 2014
    Heartbleed bug is already being dubbed one of the biggest security threats the Internet has ever seen.
    The issue involves network software called OpenSSL, which is an open-source set of libraries for encrypting online services.
    The security flaw was made public on April 7e 2014.
    After path came out customers of several websites had to reset passwords.
    The Heartbleed incident is also a good reminder that you should be changing all of your passwords frequently…!
    Haven't you been updated your network yet to protect against the Heartbleed vulnerability?
    I suppose you guys updated your network in April 2014?
    Its almost August 2014….Why big panic now...???
    b:shutup
  • XXHotXx - Morai
    XXHotXx - Morai Posts: 1,246 Arc User
    edited July 2014
    ankey wrote: »

    I suppose you guys updated your network in April 2014?
    Its almost August 2014….Why big panic now...???
    b:shutup

    ^ same thing i brang out yesterday, it was made public 3 months ago, it was known for past 2 years, it affected 66% of the websites.

    also this openSSL breach was allowing malicious agents to see encrypted data in clear,
    i believe the only encrypted data we have on PWI is about the zhen transactions...

    so how could it possibly affect the login infos, and why force-reset them

    one of my guildmates had same problem of DEMHEALSIN, she tried to do the force reset, she dunno what she did and found herself with a different account with no characters linked to her main PWI email account, and now where did the main account with her chars go? :)

    ggggg
    mypers.pw/1.7/#123510
    mypers.pw/1.7/#123524

    i58.tinypic.com/231jj8.jpg
  • Fissile - Archosaur
    Fissile - Archosaur Posts: 607 Arc User
    edited July 2014
    Although heartbleed is a bug in OpenSSL, the vulnerability makes it possible for someone to retrieve everything in the web server's memory after the point where the heartbeat is stored. This makes it possible for someone to obtain the server's SSL key and potentially eavesdrop on all encrypted web traffic.

    Other things the web server may have in memory include credentials to access a login server or database. If exploited the vulnerability allows the attacker to do pretty much anything the web server can do.
    [SIGPIC][/SIGPIC]
  • DEMHEALSMAN - Dreamweaver
    DEMHEALSMAN - Dreamweaver Posts: 1,396 Arc User
    edited July 2014
    ^ same thing i brang out yesterday, it was made public 3 months ago, it was known for past 2 years, it affected 66% of the websites.

    also this openSSL breach was allowing malicious agents to see encrypted data in clear,
    i believe the only encrypted data we have on PWI is about the zhen transactions...

    so how could it possibly affect the login infos, and why force-reset them

    one of my guildmates had same problem of DEMHEALSIN, she tried to do the force reset, she dunno what she did and found herself with a different account with no characters linked to her main PWI email account, and now where did the main account with her chars go? :)

    ggggg

    Response I got is that a while ago somehow my email address also got registered to another account, which I never created nor confirmed (i save all my emails when it comes to registering).

    So really, I have no idea what they did, but they dun goofed hard.
    Soon™
    Well, maybe later, semi-retired.
  • Redmenace - Heavens Tear
    Redmenace - Heavens Tear Posts: 908 Arc User
    edited July 2014

    I don't disagree with the rest of your post, security is really important and PWE messed up here but.. what's so hard about keeping notes of your accounts, passwords, e-mails and/or keeping the active ones up to date? It takes 5 minutes to note stuff down while you're registering an account somewhere.

    Some people have more than one account. Some people have several accounts, and bank toons for a faction (or two). I have 4 accounts of my own, 2 bank toon accounts (one from a defunct faction) and three more toons belonging to people who quit long ago and were given to me.

    I have the emails for mine. But I've had to renew several of them, because they were created just to make these accounts, and then not used again. Google and Yahoo like to turn off those accounts if you don't use them for a year or more.

    Why would I use them again? I only created them because PWI forced me to. I have *one* email address I use to communicate. I'm not gonna visit 5 other email accounts once a week because it makes life more convenient for PWI. They'll get over it.

    So far I haven't been affected by this, but then I haven't checked all my accounts yet.

    Now I'm not trying to be rude to you or anyone else, but it just looks like some people are too lazy to bother managing their own accounts properly and then complain when problems occur.


    Stop and think before you handwave a thread full of people and their problems. Try to actually put yourself in their position. Consider the possibility of other people having situations that you are unfamiliar with.

    Yep, it was rude all right.


    /
    A human being should be able to change a diaper, plan an invasion, butcher a hog, conn a ship, design a building, write a sonnet, balance accounts, build a wall, set a bone, comfort the dying, take orders, give orders, cooperate, act alone, solve equations, analyze a new problem, pitch manure, program a computer, cook a tasty meal, fight efficiently, die gallantly. Specialization is for insects.
    Robert A. Heinlein
  • ankey
    ankey Posts: 8 Arc User
    edited July 2014
    Depends on what fails....!
    GOD created the world & the rest was made in China...!
    b:chuckle
  • lazuracx
    lazuracx Posts: 4 Arc User
    edited July 2014
    Some people have more than one account. Some people have several accounts, and bank toons for a faction (or two). I have 4 accounts of my own, 2 bank toon accounts (one from a defunct faction) and three more toons belonging to people who quit long ago and were given to me.

    I have the emails for mine. But I've had to renew several of them, because they were created just to make these accounts, and then not used again. Google and Yahoo like to turn off those accounts if you don't use them for a year or more.

    Why would I use them again? I only created them because PWI forced me to. I have *one* email address I use to communicate. I'm not gonna visit 5 other email accounts once a week because it makes life more convenient for PWI. They'll get over it.

    So far I haven't been affected by this, but then I haven't checked all my accounts yet.



    Stop and think before you handwave a thread full of people and their problems. Try to actually put yourself in their position. Consider the possibility of other people having situations that you are unfamiliar with.

    Yep, it was rude all right.


    /

    please banned this person, he just admit that he has more than 2 accounts. it's againt's TOS. please be fair PWI banned him ASAP this is EMERGENCY!!!
  • Xx_BeLLa_xX - Harshlands
    Xx_BeLLa_xX - Harshlands Posts: 7,231 Arc User
    edited July 2014
    lazuracx wrote: »
    please banned this person, he just admit that he has more than 2 accounts. it's againt's TOS. please be fair PWI banned him ASAP this is EMERGENCY!!!

    It's not against the TOS to own more than 2 accounts. Get your facts right Sir.

    People that had more than 2 accounts before the rule was able to keep them, but even if they have more than 2 accounts they can only have 2 online at the same time.
    [SIGPIC][/SIGPIC]

    b:dirty "I **** rainbows and love everyone"-Longknife b:cute
  • Desdi - Sanctuary
    Desdi - Sanctuary Posts: 8,680 Arc User
    edited July 2014
    [snip]

    I have multiple accounts too, not counting just PWI, but everything, since nowadays we have to register almost everywhere to use services/websites. That's even more of a reason to note your accounts down, even the "fake" ones in my opinion.

    As for accounts inherited from friends, I'll refrain from responding because I'm not sure if the TOS has something to say about that >.>

    Stop and think before you handwave a thread full of people and their problems. Try to actually put yourself in their position. Consider the possibility of other people having situations that you are unfamiliar with.

    I've lost accounts in the past. Some were my fault, so I started noting things down. Others were out of my control. A couple of important accounts were lost.

    As mentioned in an older post I know there are people who genuinely lost accounts because of things they couldn't control. I don't support PWE's decision either. I lost an account with this reset but I didn't mention it because...well refer to what I said above about friends.

    But I didn't handwave people's problems, I pointed something out, but instead of fluffing my post I was straight forward about it. I'm not even the only person who mentioned it.



    [SIGPIC]http://i.imgur.com/MtwcqjL.png[/SIGPIC]
    ★ Venomancer videos - tinyurl.com/k6ppkw4 ★ Desdi - Demon ♪ Wyvelin - Sage ★
  • RoyalTS - Heavens Tear
    RoyalTS - Heavens Tear Posts: 4 Arc User
    edited July 2014
    How long does it usually take for them to fix this?

    Its been 3 days already since i started sending them a ticket and almost 48 h since i got the last reply. In their last reply i got told "Please be patient as they will update this ticket once their investigation is complete.".

    Well im sorry for being impatient, but its my main ive been playing for almost 6 years (6 years at anniversary) with so im really nervous about this to be left in unknown IF i will get my acc back or not.. (i wasnt able to confirm all the information they wanted to know, like only 75 %, but will that be enough?)
  • holybanker02
    holybanker02 Posts: 1 Arc User
    edited July 2014
    So i have been writing back and forth with customer support and i have recived many security questions. Most of them have been about information i havent been able to access for atleast since Arc update and some from five years back when i made the account. I added screenshots from over 3 years, added the 5 last login locations and i was told that: "Unfortunately the information that you provided don't match our records, due to security reasons your request cannot be granted. We do apologize for any inconvenience this may have caused you."

    So to secure this account, where can i access the information asked as security questions like:
    PWE registered Full Name (First, Last):
    PWE registered Security Answer for: Who is your favorite super hero?
    PWE registered Nickname:
    PWE registered Country: (if it dosnt show a city)
  • foley3k
    foley3k Posts: 446 Arc User
    edited July 2014
    So i have been writing back and forth with customer support and i have recived many security questions. Most of them have been about information i havent been able to access for atleast since Arc update and some from five years back when i made the account. I added screenshots from over 3 years, added the 5 last login locations and i was told that: "Unfortunately the information that you provided don't match our records, due to security reasons your request cannot be granted. We do apologize for any inconvenience this may have caused you."

    So to secure this account, where can i access the information asked as security questions like:
    PWE registered Full Name (First, Last):
    PWE registered Security Answer for: Who is your favorite super hero?
    PWE registered Nickname:
    PWE registered Date of Birth:
    PWE registered Country: (if it dosnt show a city)


    I am unsure you can access that info, unless it was in the original email when you first signed up. Can't remember it has been so long.

    When I had a problem with my account (safe password, which I never put on, magically appeared after an update) I didnt know what i had for my registered full name, security answer or any of the other stuff. I never put real info on those questions, makes it to easy for someone to steal an account.

    When I told them that I didnt know and said I never use real info, I gave them my account login info, and how much coins I currently had in my stash, and how many of certain items I had. With that, they took off the safetly lock on my bank (which like I said, I never put on, it magically appeared after an update)
    NGTUy53.png