Heartbleed [New Update 5:07 PM]
Comments
-
So... they had the heartbleed issue but they didn't fix the sites. Were they aware of it? If not, how come they didn't find out until today? This is pretty messy, heh.
[SIGPIC]http://i.imgur.com/MtwcqjL.png[/SIGPIC]
★ Venomancer videos - tinyurl.com/k6ppkw4 ★ Desdi - Demon ♪ Wyvelin - Sage ★0 -
Sparkie, do you realize that by doing this they caused more damage than they fixed?
Please, ask the monkeys at the EU branch why the heck they resetted almost everyone's password instead of just sending out a warning to let everyone know they should change it.
ESPECIALLY since they said nothing "vital" was compromised.0 -
Eoria - Harshlands wrote: »Didn't you guys check this months ago and say Heartbleed didn't affect your sites? lol.
It was one of those will get on it "soon" or, they checked but did not really check b:chuckle. I am sure someone is figuring out how to get 100 10* orbs through this and get a pat on the back for it b:byeMarine - Marshall - Raging Tides - Retired
[SIGPIC][/SIGPIC]
DEMHEALSMAN - Dreamweaver
Yes, because people really need 900+ dex or 1000+ magic just for the lulz0 -
Salari - Raging Tide wrote: »It was one of those will get on it "soon" or, they checked but did not really check b:chuckle. I am sure someone is figuring out how to get 100 10* orbs through this and get a pat on the back for it b:bye
And dont forget the vip tickets and event gold b:avoid0 -
I have a feeling this is one of PWE's scams to try and force people to change password. Seeing as the last one must have been about 2 years ago they must have thought it was about time.0
-
Hm.. my most used account (1) out of the 10 or so i have, had a force password reset (US acct) and actually had a email come to me[SIGPIC][/SIGPIC]lagunal8.deviantart.com
★"New weekly quests! "Discover the bug in the patch""-Nihillae★"My father would beat me if he found out I was QQing over a virtual pony."-Neurosis★"You're amongst the biggest blobs of fail I've ever seen in my life."-Ninnuam★"A statistic said 3% people of the world get enjoyment primarily from making people upset, and you are trying to discriminate them"-ilystah★["How To Tank Rebirth Order Delta (86+)"-Stickygreen Barb (1)restat. you want full magic, Arcane armour build (2)when mobs come /faceroll on your keyboard and you will one shot all the mobs (3)rinse and repeat]★"I've been spammed with 3 poops for 2 hours."-ColdSteele★"If someone fights learning, I don't bother with them outside of amusement factor."-Telarith★"This thread is a joke right? Please say yes."-eatwithspoons★ "This is why you don't post your opinions on the internet, most of the replies you get will be from people who missed a hug or two sometime in their youth."-Alacol★"Sexy! A post with a Binomial Distribution."-Asterelle★"It's about time PW starts to separate out the noob Sins from the rest."-salvati0n★"Shoo troll >:O"-TheDan0 -
Daegu - Sanctuary wrote: »I have a feeling this is one of PWE's scams to try and force people to change password. Seeing as the last one must have been about 2 years ago they must have thought it was about time.
Man, did you clean your tinfoil hat?
At least they TRY to protect people's stuff by doing this, maybe not the most clever way ever to do so but hey, it's also part of the player's fault for not updating emails they don't use for ages anymore, stupidity on their end if they want to recover something that was lost.
But yeah, PWE is really gaining anything from this, this scam of changing passwords will ensure they get access to your credit cards!Soon™
Well, maybe later, semi-retired.0 -
Hisiala - Morai wrote: »why the heck they resetted almost everyone's password instead of just sending out a warning to let everyone know they should change it.
ESPECIALLY since they said nothing "vital" was compromised.
This... plus the fact that heartbleed is not really recent...
So to summarize, this was "nothing important" but they had to rush a mass reset during the night, and the reason is related to a security issue that has been known for several weeks (with PWE saying at that time that everything was ok). And we're supposed to trust this company? Not easy...~ Sage Mystic 105-105-105 ~
~ Sage Sin 103-103-102 ~
~ Sage vita Barb 103-102-101 ~
~ Sage BM 102-101 ~ Demon Archer 102 ~
~ Sage Cleric 102 ~ Demon Wizard 101 ~
~ Sage Seeker 101 ~ Sage Psy 101 ~
~ Sage Heavy Veno 101 ~ Demon Storm 9X ~ Dusk 6x ~
Started playing this game in 2007 on Oracle (PW-MY) : Demon MG 101 - Sage EP 99 - WF 890 -
DEMHEALSMAN - Dreamweaver wrote: »Man, did you clean your tinfoil hat?
At least they TRY to protect people's stuff by doing this, maybe not the most clever way ever to do so but hey, it's also part of the player's fault for not updating emails they don't use for ages anymore, stupidity on their end if they want to recover something that was lost.
But yeah, PWE is really gaining anything from this, this scam of changing passwords will ensure they get access to your credit cards!
Yes, cuz all players use their main email address to register game accounts.
I'dd be ok with your statement if the player was the one that screwed up (acc sh pishing w/e), but in this case not.
Do you use your main email on every site you need to register these days? do you keep track and archive your data from the beginning of time just in case something happens in the future and u need that random registration u did on that site to order that item?
I personally dont, even though i have them redirecting emails to my main, it is still a hell to remember which account was linked to which email.
I don't need to remember all the accounts i just redirect them, because it should be obvious that ACCOUNT SECURITY should be a 1st priority for a service provider, and FORCE PASSWORD RESET is not an option to any of them, mainly due to the reason stated above...they would lose a good chunk of registered users, and second that it would kill consumer confidence in their security measures and impact their future relations.
what would have happened if this was amazon?:
a. i would have created another account but lost my purchase history and advantages
b. search for a better secured supplier?
If i was the one naive about pishing and got myself ****, ok "it's my fault" i screwed it up, now i suffer the consequences, but this is not the case.
as for the tinfoil hat...that's a good touch gz...
resume: customer security hiccups are normal, service provider security hiccups are not.
0 -
And I thought, people have changed their e-mail to a more recent one at their last anniversary at the latest...World is full of illusions.
________________________
What if I played a Cleric?
________________________
All Joy In Keeping Us Medically Energetic.0 -
Jesus ******* Christ
You guys scared me so freaking bad .___.
I might not actively play anymore, but my archer came to mean a lot to me over the 5 years...
I was SO scared when I couldn't log on it and thought it was stolen :C
The psychological trauma b:cry
So, this was just a precaution measure, right...? Or do I need to wait until servers are up to see if my items weren't stolen? b:cry0 -
Got no such mail, sitting on a EU IP with chars on RT and Morai - Could it be that because i started chars on RT before i did on Morai, my accounts isn't affected?
Anyways a bit late to find out of this PWE, as heartbleed isn't something there was found a week ago, it's kinda old newsMiss my Avatar b:sad
Starfall Marshall b:victory0 -
Do you keep track and archive your data from the beginning of time just in case something happens in the future and u need that random registration u did on that site to order that item?
I personally dont, even though i have them redirecting emails to my main, it is still a hell to remember which account was linked to which email.
Um, yes?
I don't disagree with the rest of your post, security is really important and PWE messed up here but.. what's so hard about keeping notes of your accounts, passwords, e-mails and/or keeping the active ones up to date? It takes 5 minutes to note stuff down while you're registering an account somewhere.
I know there are people who have genuinely lost accounts because of various reasons and that really sucks...
Now I'm not trying to be rude to you or anyone else, but it just looks like some people are too lazy to bother managing their own accounts properly and then complain when problems occur.
[SIGPIC]http://i.imgur.com/MtwcqjL.png[/SIGPIC]
★ Venomancer videos - tinyurl.com/k6ppkw4 ★ Desdi - Demon ♪ Wyvelin - Sage ★0 -
Maybe some people didn't though they would be playing for years that game and maybe didn't wrote down everything, but people that claim they spent a lot of real money in their account should have make sure to keep their email updated, I wouldn't put thousand of dollars in a game that I don't have/remember the email.[SIGPIC][/SIGPIC]
b:dirty "I **** rainbows and love everyone"-Longknife b:cute0 -
you know whats funny?
heartbleed breach is 3 months old and PWE comes with a solution just now and messing everything up as usual, i had emails about the same issue from other game companies for other game accounts i own months ago
even if players would've been affected by the breach, coming with this solution 3 months late would've given enough chances to malicious agents to commit malicious actions
but seems that nothing heartbleed-related happened in past 3 months, so why this and why nowmypers.pw/1.7/#123510
mypers.pw/1.7/#123524
i58.tinypic.com/231jj8.jpg0 -
holy **** PWE. Seriously, this stuff happened MONTHS ago. Are you that out of touch with everything?
I am not in europe, I have no chars on an EU server, but I got the email and had to reset my stuff.
FYI you sparkie. Your ****ty recovery system doesnt force people to make a NEW password. You can in fact use the old one. Another WIN for PWI. Another example of them not testing their stuff. If you are telling forcing/telling people the need a new password, you should (again) test it to see if it will reject the old password.0 -
Had this happened months ago, I would have been more likely to assume it was Heartbleed related when my account's password was changed. Instead I assumed I was somehow **** and panicked My poor heart.[SIGPIC][/SIGPIC]
| Signature made by Fishy!~ | Semiretired |0 -
Can we get 1 ocean orb for all this mess?0
-
My in-game wife's account is so messed up that even her username is invalid. Someone needs to be fired over this.0
-
Well I'm from Europe and all of my accounts are fine, no password reset and no e-mails on either of them.
I did change passwords, just to be sure, but is this normal?[SIGPIC][/SIGPIC]0 -
[SIGPIC][/SIGPIC]
b:dirty "I **** rainbows and love everyone"-Longknife b:cute0 -
I cant log my account as it says invalid username/password. I sent a ticket but no reply yet. I dont believe this, just because i did forgot my original email, i cant log into MY OWN ACCOUNT on which i spend hundred of dollars.0
-
yoyohoneysingh wrote: »I cant log my account as it says invalid username/password. I sent a ticket but no reply yet. I dont believe this, just because i did forgot my original email, i cant log into MY OWN ACCOUNT on which i spend hundred of dollars.
Replies on tickets already take a few days in normal circumstances. Now with Heartbleed occuring that will/might be even longer, so not getting a reply within 12hrs of the start of a problem is nothing but to be expected.
Nomatter howmuch you spent, nothing grants absolute rights so just sit and wait like everyone else who forgot (how do you forget if you spent "so much" money on it) their emails.0 -
Heartbleed has been known about for a long time now, and everyone has updated their OpenSSL. Why did it take PWE so long to notice that this exploit existed and update OpenSSL?0
-
Lol at the people not keeping their information safe. GG, joke's on you.[SIGPIC][/SIGPIC]
Licensed tail brusher of ƙɑƙʊɱɑʊ ~ only the fluffiest
Outrunning centaurs since 2012~0 -
Kijinka - Dreamweaver wrote: »Heartbleed has been known about for a long time now, and everyone has updated their OpenSSL. Why did it take PWE so long to notice that this exploit existed and update OpenSSL?
They have been playing with Arc instead it seems so.
First time i heard about Heartbleed just yesterday when all this idiocity with password reset started. Thnx to understanding security issues i changed my email recently and was happy to reset password very fast.
However few questions rises which our dear Perfect world staff dont even try to talk about and answer yet:
1. Was password reset only effective way of protecting accounts?
2. Actually is it really effective way? or still our accounts and all billing information are unsafe which concerns me the most now.
to my own surprise i completely agree with xXHotXx if issue of Heartbleed was known pretty long time ago, what happened for such an immediate actions to be taken and why nothing has been done yet so far?0 -
_Bagyra_ - Morai wrote: »to my own surprise i completely agree with xXHotXx if issue of Heartbleed was known pretty long time ago, what happened for such an immediate actions to be taken and why nothing has been done yet so far?
Exactly ! As I said above, it's gonna be disturbing as long as they won't clarify the conflicting information... You can't send an email at 10:30 PM saying it's not a big deal and everything is OK just after having rushed this mass forced passwords reset during the night... this is a complete nonsense according to me. And they have to detail the "high risk" caracteristic for all those accounts...~ Sage Mystic 105-105-105 ~
~ Sage Sin 103-103-102 ~
~ Sage vita Barb 103-102-101 ~
~ Sage BM 102-101 ~ Demon Archer 102 ~
~ Sage Cleric 102 ~ Demon Wizard 101 ~
~ Sage Seeker 101 ~ Sage Psy 101 ~
~ Sage Heavy Veno 101 ~ Demon Storm 9X ~ Dusk 6x ~
Started playing this game in 2007 on Oracle (PW-MY) : Demon MG 101 - Sage EP 99 - WF 890 -
Verenor - Morai wrote: »Replies on tickets already take a few days in normal circumstances. Now with Heartbleed occuring that will/might be even longer, so not getting a reply within 12hrs of the start of a problem is nothing but to be expected.
Nomatter howmuch you spent, nothing grants absolute rights so just sit and wait like everyone else who forgot (how do you forget if you spent "so much" money on it) their emails.
Personally, i cant even log with my mail, i changed pass for 4 times already, submited ticked and nothing, that's what u get from them0 -
Zoldi - Morai wrote: »Exactly ! As I said above, it's gonna be disturbing as long as they won't clarify the conflicting information... You can't send an email at 10:30 PM saying it's not a big deal and everything is OK just after having rushed this mass forced passwords reset during the night... this is a complete nonsense according to me. And they have to detail the "high risk" caracteristic for all those accounts...
I am more concerned with 1st two questions - does password reset will protect my accounts and all information related to them (what is dependent on me not by company that is providing). If yes - idm, because i could easily reset my passwords. And it is annoying when it takes ages for some explanations to be given, especially when it is related to such sensitive and private information. But we all know that will never happen. Somehow these actions made me think that charging is not safe. So dont think i will ever do that again0 -
_Bagyra_ - Morai wrote: »I am more concerned with 1st two questions - does password reset will protect my accounts and all information related to them (what is dependent on me not by company that is providing). If yes - idm, because i could easily reset my passwords. And it is annoying when it takes ages for some explanations to be given, especially when it is related to such sensitive and private information. But we all know that will never happen. Somehow these actions made me think that charging is not safe. So dont think i will ever do that again
charging on the internet is never safe, thats why i use a virtual credit card system brought by my bank, that i believe its the safest way to make deals on the net
btw the forced account lock and password reset is pointless,
also this breach is old and if heartbleed compromised something PWE-related,
that something would've happened already since couple of months at least,
why rush such critical measures by night,
they could've just warned players sending them emails and inviting them to change their passwords like other, bigger, upright, different game companies did for their titles.
i honestly forgot infos of some of my alt accounts, i've no idea to which email they are linked and i have honestly no idea on how to retrieve them now,
also my brother owns an account, that is inactive from more than a year now, i am pretty sure when he will decide to come back he will never remember the email linked to his game account, leading him to lose it and never give him the chance to return to play.
i believe a fvckton of players are in this same trouble, but with their main accounts
not sure if all this derps from the management are accidental or intentional,
i might believe all the late pwe derps could be seen as a strategy to thin out PWI player base to redirect it to their most recent titles.
anyways
once again
good game pwemypers.pw/1.7/#123510
mypers.pw/1.7/#123524
i58.tinypic.com/231jj8.jpg0
Categories
- All Categories
- 181.9K PWI
- 699 Official Announcements
- 2 Rules of Conduct
- 264 Cabbage Patch Notes
- 61K General Discussion
- 1.5K Quality Corner
- 11.1K Suggestion Box
- 77.4K Archosaur City
- 3.5K Cash Shop Huddle
- 14.3K Server Symposium
- 18.1K Dungeons & Tactics
- 2K The Crafting Nook
- 4.9K Guild Banter
- 6.6K The Trading Post
- 28K Class Discussion
- 1.9K Arigora Colosseum
- 78 TW & Cross Server Battles
- 337 Nation Wars
- 8.2K Off-Topic Discussion
- 3.7K The Fanatics Forum
- 207 Screenshots and Videos
- 22.8K Support Desk