Heartbleed [New Update 5:07 PM]

Desdi - Sanctuary · July 2014

So... they had the heartbleed issue but they didn't fix the sites. Were they aware of it? If not, how come they didn't find out until today? This is pretty messy, heh.

Hisiala - Morai · July 2014

Sparkie, do you realize that by doing this they caused more damage than they fixed?

Please, ask the monkeys at the EU branch why the heck they resetted almost everyone's password instead of just sending out a warning to let everyone know they should change it.

ESPECIALLY since they said nothing "vital" was compromised.

Salari - Raging Tide · July 2014

Eoria - Harshlands wrote: »

Didn't you guys check this months ago and say Heartbleed didn't affect your sites? lol.

It was one of those will get on it "soon" or, they checked but did not really check b:chuckle. I am sure someone is figuring out how to get 100 10* orbs through this and get a pat on the back for it b:bye

rieihdius · July 2014

Salari - Raging Tide wrote: »

It was one of those will get on it "soon" or, they checked but did not really check b:chuckle. I am sure someone is figuring out how to get 100 10* orbs through this and get a pat on the back for it b:bye

And dont forget the vip tickets and event gold b:avoid

Daegu - Sanctuary · July 2014

I have a feeling this is one of PWE's scams to try and force people to change password. Seeing as the last one must have been about 2 years ago they must have thought it was about time.

Deceptistar - Sanctuary · July 2014

Hm.. my most used account (1) out of the 10 or so i have, had a force password reset (US acct) and actually had a email come to me

DEMHEALSMAN - Dreamweaver · July 2014

Daegu - Sanctuary wrote: »

I have a feeling this is one of PWE's scams to try and force people to change password. Seeing as the last one must have been about 2 years ago they must have thought it was about time.

Man, did you clean your tinfoil hat?
At least they TRY to protect people's stuff by doing this, maybe not the most clever way ever to do so but hey, it's also part of the player's fault for not updating emails they don't use for ages anymore, stupidity on their end if they want to recover something that was lost.

But yeah, PWE is really gaining anything from this, this scam of changing passwords will ensure they get access to your credit cards!

Zoldi - Morai · July 2014

Hisiala - Morai wrote: »

why the heck they resetted almost everyone's password instead of just sending out a warning to let everyone know they should change it.

ESPECIALLY since they said nothing "vital" was compromised.

This... plus the fact that heartbleed is not really recent...

So to summarize, this was "nothing important" but they had to rush a mass reset during the night, and the reason is related to a security issue that has been known for several weeks (with PWE saying at that time that everything was ok). And we're supposed to trust this company? Not easy...

slamstone · July 2014

DEMHEALSMAN - Dreamweaver wrote: »

Man, did you clean your tinfoil hat?
At least they TRY to protect people's stuff by doing this, maybe not the most clever way ever to do so but hey, it's also part of the player's fault for not updating emails they don't use for ages anymore, stupidity on their end if they want to recover something that was lost.

But yeah, PWE is really gaining anything from this, this scam of changing passwords will ensure they get access to your credit cards!

Yes, cuz all players use their main email address to register game accounts.

I'dd be ok with your statement if the player was the one that screwed up (acc sh pishing w/e), but in this case not.

Do you use your main email on every site you need to register these days? do you keep track and archive your data from the beginning of time just in case something happens in the future and u need that random registration u did on that site to order that item?

I personally dont, even though i have them redirecting emails to my main, it is still a hell to remember which account was linked to which email.

I don't need to remember all the accounts i just redirect them, because it should be obvious that ACCOUNT SECURITY should be a 1st priority for a service provider, and FORCE PASSWORD RESET is not an option to any of them, mainly due to the reason stated above...they would lose a good chunk of registered users, and second that it would kill consumer confidence in their security measures and impact their future relations.

what would have happened if this was amazon?:

a. i would have created another account but lost my purchase history and advantages
b. search for a better secured supplier?

If i was the one naive about pishing and got myself ****, ok "it's my fault" i screwed it up, now i suffer the consequences, but this is not the case.

as for the tinfoil hat...that's a good touch

gz...

resume: customer security hiccups are normal, service provider security hiccups are not.

Fryvorg - Sanctuary · July 2014

And I thought, people have changed their e-mail to a more recent one at their last anniversary at the latest...

Ninuska - Lost City · July 2014

Jesus ******* Christ
You guys scared me so freaking bad .___.
I might not actively play anymore, but my archer came to mean a lot to me over the 5 years...
I was SO scared when I couldn't log on it and thought it was stolen :C
The psychological trauma b:cry

So, this was just a precaution measure, right...? Or do I need to wait until servers are up to see if my items weren't stolen? b:cry

StellaNova - Raging Tide · July 2014

Got no such mail, sitting on a EU IP with chars on RT and Morai - Could it be that because i started chars on RT before i did on Morai, my accounts isn't affected?

Anyways a bit late to find out of this PWE, as heartbleed isn't something there was found a week ago, it's kinda old news

Desdi - Sanctuary · July 2014

slamstone wrote: »

Do you keep track and archive your data from the beginning of time just in case something happens in the future and u need that random registration u did on that site to order that item?

I personally dont, even though i have them redirecting emails to my main, it is still a hell to remember which account was linked to which email.

Um, yes?

I don't disagree with the rest of your post, security is really important and PWE messed up here but.. what's so hard about keeping notes of your accounts, passwords, e-mails and/or keeping the active ones up to date? It takes 5 minutes to note stuff down while you're registering an account somewhere.

I know there are people who have genuinely lost accounts because of various reasons and that really sucks...

Now I'm not trying to be rude to you or anyone else, but it just looks like some people are too lazy to bother managing their own accounts properly and then complain when problems occur.

Xx_BeLLa_xX - Harshlands · July 2014

Maybe some people didn't though they would be playing for years that game and maybe didn't wrote down everything, but people that claim they spent a lot of real money in their account should have make sure to keep their email updated, I wouldn't put thousand of dollars in a game that I don't have/remember the email.

XXHotXx - Morai · July 2014

you know whats funny?

heartbleed breach is 3 months old and PWE comes with a solution just now and messing everything up as usual, i had emails about the same issue from other game companies for other game accounts i own months ago

even if players would've been affected by the breach, coming with this solution 3 months late would've given enough chances to malicious agents to commit malicious actions

but seems that nothing heartbleed-related happened in past 3 months, so why this and why now

foley3k · July 2014

holy **** PWE. Seriously, this stuff happened MONTHS ago. Are you that out of touch with everything?
I am not in europe, I have no chars on an EU server, but I got the email and had to reset my stuff.

FYI you sparkie. Your ****ty recovery system doesnt force people to make a NEW password. You can in fact use the old one. Another WIN for PWI. Another example of them not testing their stuff. If you are telling forcing/telling people the need a new password, you should (again) test it to see if it will reject the old password.

Vedovis - Lost City · July 2014

Had this happened months ago, I would have been more likely to assume it was Heartbleed related when my account's password was changed. Instead I assumed I was somehow **** and panicked

My poor heart.

Templar - Sanctuary · July 2014

Can we get 1 ocean orb for all this mess?

/Vaz - Dreamweaver · July 2014

My in-game wife's account is so messed up that even her username is invalid. Someone needs to be fired over this.

DeffyNature - Archosaur · July 2014

Well I'm from Europe and all of my accounts are fine, no password reset and no e-mails on either of them.
I did change passwords, just to be sure, but is this normal?

Xx_BeLLa_xX - Harshlands · July 2014

Templar - Sanctuary wrote: »

Can we get 1 ocean orb for all this mess?

I vote for 3.

yoyohoneysingh · July 2014

I cant log my account as it says invalid username/password. I sent a ticket but no reply yet. I dont believe this, just because i did forgot my original email, i cant log into MY OWN ACCOUNT on which i spend hundred of dollars.

Verenor - Morai · July 2014

yoyohoneysingh wrote: »

I cant log my account as it says invalid username/password. I sent a ticket but no reply yet. I dont believe this, just because i did forgot my original email, i cant log into MY OWN ACCOUNT on which i spend hundred of dollars.

Replies on tickets already take a few days in normal circumstances. Now with Heartbleed occuring that will/might be even longer, so not getting a reply within 12hrs of the start of a problem is nothing but to be expected.
Nomatter howmuch you spent, nothing grants absolute rights so just sit and wait like everyone else who forgot (how do you forget if you spent "so much" money on it) their emails.

Kijinka - Dreamweaver · July 2014

Heartbleed has been known about for a long time now, and everyone has updated their OpenSSL. Why did it take PWE so long to notice that this exploit existed and update OpenSSL?

Xainou - Sanctuary · July 2014

Lol at the people not keeping their information safe. GG, joke's on you.

_Bagyra_ - Morai · July 2014

Kijinka - Dreamweaver wrote: »

Heartbleed has been known about for a long time now, and everyone has updated their OpenSSL. Why did it take PWE so long to notice that this exploit existed and update OpenSSL?

They have been playing with Arc instead it seems so.
First time i heard about Heartbleed just yesterday when all this idiocity with password reset started. Thnx to understanding security issues i changed my email recently and was happy to reset password very fast.

However few questions rises which our dear Perfect world staff dont even try to talk about and answer yet:
1. Was password reset only effective way of protecting accounts?
2. Actually is it really effective way? or still our accounts and all billing information are unsafe which concerns me the most now.

to my own surprise i completely agree with xXHotXx if issue of Heartbleed was known pretty long time ago, what happened for such an immediate actions to be taken and why nothing has been done yet so far?

Zoldi - Morai · July 2014

_Bagyra_ - Morai wrote: »

to my own surprise i completely agree with xXHotXx if issue of Heartbleed was known pretty long time ago, what happened for such an immediate actions to be taken and why nothing has been done yet so far?

Exactly ! As I said above, it's gonna be disturbing as long as they won't clarify the conflicting information... You can't send an email at 10:30 PM saying it's not a big deal and everything is OK just after having rushed this mass forced passwords reset during the night... this is a complete nonsense according to me. And they have to detail the "high risk" caracteristic for all those accounts...

ursualexy · July 2014

Verenor - Morai wrote: »

Replies on tickets already take a few days in normal circumstances. Now with Heartbleed occuring that will/might be even longer, so not getting a reply within 12hrs of the start of a problem is nothing but to be expected.
Nomatter howmuch you spent, nothing grants absolute rights so just sit and wait like everyone else who forgot (how do you forget if you spent "so much" money on it) their emails.

Personally, i cant even log with my mail, i changed pass for 4 times already, submited ticked and nothing, that's what u get from them

_Bagyra_ - Morai · July 2014

Zoldi - Morai wrote: »

Exactly ! As I said above, it's gonna be disturbing as long as they won't clarify the conflicting information... You can't send an email at 10:30 PM saying it's not a big deal and everything is OK just after having rushed this mass forced passwords reset during the night... this is a complete nonsense according to me. And they have to detail the "high risk" caracteristic for all those accounts...

I am more concerned with 1st two questions - does password reset will protect my accounts and all information related to them (what is dependent on me not by company that is providing). If yes - idm, because i could easily reset my passwords. And it is annoying when it takes ages for some explanations to be given, especially when it is related to such sensitive and private information. But we all know that will never happen. Somehow these actions made me think that charging is not safe. So dont think i will ever do that again

XXHotXx - Morai · July 2014

_Bagyra_ - Morai wrote: »

I am more concerned with 1st two questions - does password reset will protect my accounts and all information related to them (what is dependent on me not by company that is providing). If yes - idm, because i could easily reset my passwords. And it is annoying when it takes ages for some explanations to be given, especially when it is related to such sensitive and private information. But we all know that will never happen. Somehow these actions made me think that charging is not safe. So dont think i will ever do that again

charging on the internet is never safe, thats why i use a virtual credit card system brought by my bank, that i believe its the safest way to make deals on the net

btw the forced account lock and password reset is pointless,

also this breach is old and if heartbleed compromised something PWE-related,
that something would've happened already since couple of months at least,
why rush such critical measures by night,
they could've just warned players sending them emails and inviting them to change their passwords like other, bigger, upright, different game companies did for their titles.

i honestly forgot infos of some of my alt accounts, i've no idea to which email they are linked and i have honestly no idea on how to retrieve them now,
also my brother owns an account, that is inactive from more than a year now, i am pretty sure when he will decide to come back he will never remember the email linked to his game account, leading him to lose it and never give him the chance to return to play.

i believe a fvckton of players are in this same trouble, but with their main accounts

not sure if all this derps from the management are accidental or intentional,
i might believe all the late pwe derps could be seen as a strategy to thin out PWI player base to redirect it to their most recent titles.

anyways

once again

good game pwe

Heartbleed [New Update 5:07 PM]

Comments

Categories