All affected accounts have been password reset. Only the legitimate owner of the email account used to register a Cryptic account will be able to reset the password. Emails to all affected users are being sent out over the coming hours, and if you do not receive one within 48 hours, your account was not affected. Cryptic treats your privacy and account security seriously, and is taking proactive steps to ensure that all accounts are secure.
Wrong. By default, you NEVER encrypt user passwords to your database. You ALWAYS hash. There is no excuse for not doing so. That way, even if your database is compromised, important information is not lost.
That's not true at all. Important information is lost, it's just harder to make use of it. You can still brute force the hashes to get the original password which was hashed.
In a discussion about a database being broken into and sensitive information stolen from it, you link a comic about kids DDOS'ing websites like the two are one and the same.
In a discussion about a database being broken into and sensitive information stolen from it, you link a comic about kids DDOS'ing websites like the two are one and the same.
You missed the point. It was pointing out the quoted post being ludicrous because of the understanding of the poster's knowledge.
Guys, the easiest way to see if the email address you get is true or not is to identify the email-adress you got it from. The official password reset email comes from "donotreply@crypticstudios.com". One of my friends received an email from "noreply@crypticstudios.com" which probably is a fake one.
Might this now motivate you folks to changing over the Game login server from "http://" server to a SECURE "https://" server addy?
That has and continues to bother me a GREAT deal....:mad:
X-Kudos on the quick action to notify us on the "backend", after the fact-X, but wouldn't some good "frontend" preventive security be better for the future...hmmm?
"Better security, to provide a better tomorrow" (tm)
Edited to remove my kudo, after finding out that this occurred 16 MONTHS ago, and that you are JUST NOW taking action....Shame on you folks! :mad:
Sorry folks, all this trouble is apparently attributed to me. Cryptic missed my presence on these forums and in this game, so they cooked up a scheme to lure me away from Massively.com and scare me into re-checking things.
Sending waves of good fortune and quatrotriticale (or however you spell that tribble foodstuffs!) to all who rememmber me from Beta Days and early launch. Still a Lifer and all that. Sorta still check into game from time to time but not nearly enough!
That's not true at all. Important information is lost, it's just harder to make use of it. You can still brute force the hashes to get the original password which was hashed.
Could you fix the attribution in your post, please? It wasn't me who was saying that.
Cryptic i am deeply disappointed by you guys, not that you don't care to make a good Star Trek game, you obviously didn't do anything you could to keep security on a high standart.
How do you expect us to trust you ever again and spend our money to this game if you are unable to provide enough security to make this game and transactions safe?
To be honest, nice words alone from you won't help to convince me anymore...
Increased security checks and vigilant customer service revealed a pattern of account hacking that suggested an unauthorized access, which upon further investigation and analysis, apparently occurred in December 2010. As soon as this pattern became clear, Cryptic reset passwords on all affected accounts.
'increased security checks'? if thats what you call increased, what exactly were you doing before?
Cryptic is vigilant at protecting your account security and privacy. We have no data to suggest that the unauthorized access continued beyond December 2010
are you really stupid enough to think that we're stupid enough to believe that? really? as several people have pointed out already, there was the hacking incidents that you blamed on STOWiki and a non-existant trojan that nobody ever found evidence of. gee, I wonder what really happened there.
you screwed the pooch on that little incident, and then blamed people that had nothing to do with it
We have no evidence at this time that any data other than the account name, handle, and encrypted password were accessed for any user. *It is possible that the intruder was able to access additional account information, but we have no evidence of this. *If they did so, the first and last name, e-mail address, date of birth (if provided to Cryptic Studios), billing address, and the first six digits and the last four digits of credit cards registered on the site may have been accessed.
so.... you contradicted yourself in the same statement then? which is it exactly?
Yeah, i was a little upset by this. I never received any emails or anything so when i went to play and found out that both my STO and CO passwords weren't working i went into a bit of a panic. I'm a little bothered that this was from 2010 and just now being noticed, but i'm slightly relieved that all my stuff was still there after reading some of the recent "i got TRIBBLE" posts on the forums.
A Shame we're not getting any dilithium or such for the inconvenience, especially those of us that didn't get the Email.....
Just log out (upper right of your screen as you reading this)
go back to the official page
use the register/login button on the same place (upper right of your browser)
use the password forgotten option
type in your e-mail adress, and a new password will be send to you
follow the reset link in that mail and choose a new one
log back in with the new password
All affected accounts have been password reset. Only the legitimate owner of the email account used to register a Cryptic account will be able to reset the password. Emails to all affected users are being sent out over the coming hours, and if you do not receive one within 48 hours, your account was not affected. Cryptic treats your privacy and account security seriously, and is taking proactive steps to ensure that all accounts are secure.
Proactive? What a laugh. The account hacks occurred, by your own admission, in December 2010 and yet only now in April 2012 did you bother to either notice it or do something about. So what you do you do? Locked everyone affected out of their accounts and then claim to have e-mails out informing people, but hey don't worry the e-mails will get to you eventually... Maybe.
I'm affected yet have received no e-mail... Click on 'Forgotten password' (Newsflash I HAVEN'T forgotten, you muppets can't keep your accounts secure) link, enter my e-mail address and still await reset link to come through....
*goes to check STO, CO and Cryptic homepages* ooh absolutely nothing to inform players there may be an issue.
*checks twitter* nothing...
*checks e-mail account* Still nothing
Seriously, I have better things to do with my time than do business with a company that sits around doing nothing for close to 18 months on TRIBBLE accounts and can't be bothered to communicate an issue of this importance in any reasonable manner or timeframe...
I may be naive, but shouldn't routine security checks be more... routine?
First sentence in the email is "As a result of routine security checks and upgrades..." and in your news section it says today that your routine security checks and updates revealed "...unauthorized access occurred in December 2010...". Guys, we have April 2012! Hopefully your systems are up to date now...
Be sure to check your SPAM / JUNK box for the reset link if you aren't getting the reset link after entering you email address, Thats where my was sent. Was a little worried after entering it a few more times and still nothing.
Glad to see it was Gmail being overly protective against the evil Cryptic email spam :P
Comments
How am I supposed to reset my password when all the reset password link does is takes me to the homepage?
I said this on the page prior
----
It's because you are signed in
Cheers,
Brandon =/\=
I had the same problem on STO reset but the Champs one worked for me
D'Oh, senior moment. Thanks Brandon
That's not true at all. Important information is lost, it's just harder to make use of it. You can still brute force the hashes to get the original password which was hashed.
In a discussion about a database being broken into and sensitive information stolen from it, you link a comic about kids DDOS'ing websites like the two are one and the same.
You missed the point. It was pointing out the quoted post being ludicrous because of the understanding of the poster's knowledge.
noreply@crypticstudios.com is not fake.
Cheers,
Brandon =/\=
But instead of refuting any of the points raised, you post a cute little comic. That's... ludicrous.
Might this now motivate you folks to changing over the Game login server from "http://" server to a SECURE "https://" server addy?
That has and continues to bother me a GREAT deal....:mad:
X-Kudos on the quick action to notify us on the "backend", after the fact-X, but wouldn't some good "frontend" preventive security be better for the future...hmmm?
"Better security, to provide a better tomorrow" (tm)
Edited to remove my kudo, after finding out that this occurred 16 MONTHS ago, and that you are JUST NOW taking action....Shame on you folks! :mad:
VERY VERY CARELESS!!
You aren't the intended audience of my post.
Sorry folks, all this trouble is apparently attributed to me. Cryptic missed my presence on these forums and in this game, so they cooked up a scheme to lure me away from Massively.com and scare me into re-checking things.
Sending waves of good fortune and quatrotriticale (or however you spell that tribble foodstuffs!) to all who rememmber me from Beta Days and early launch. Still a Lifer and all that. Sorta still check into game from time to time but not nearly enough!
Fair Journeys!
And you weren't the intended audience of mine. Yet you've challenged it, and I've challenged you.
I'm okay with this.
Could you fix the attribution in your post, please? It wasn't me who was saying that.
Not a happy camper at the moment
Can't log in. Trying to reset my password but i just end on this site: http://www.startrekonline.com/frontpage.
Cryptic i am deeply disappointed by you guys, not that you don't care to make a good Star Trek game, you obviously didn't do anything you could to keep security on a high standart.
How do you expect us to trust you ever again and spend our money to this game if you are unable to provide enough security to make this game and transactions safe?
To be honest, nice words alone from you won't help to convince me anymore...
Live long and prosper.
'increased security checks'? if thats what you call increased, what exactly were you doing before?
are you really stupid enough to think that we're stupid enough to believe that? really? as several people have pointed out already, there was the hacking incidents that you blamed on STOWiki and a non-existant trojan that nobody ever found evidence of. gee, I wonder what really happened there.
you screwed the pooch on that little incident, and then blamed people that had nothing to do with it
so.... you contradicted yourself in the same statement then? which is it exactly?
A Shame we're not getting any dilithium or such for the inconvenience, especially those of us that didn't get the Email.....
yeah link in the first post is bugged:
the proper way to do this is:
Just log out (upper right of your screen as you reading this)
go back to the official page
use the register/login button on the same place (upper right of your browser)
use the password forgotten option
type in your e-mail adress, and a new password will be send to you
follow the reset link in that mail and choose a new one
log back in with the new password
play the game
No worries at all, thank you! ^_^
Proactive? What a laugh. The account hacks occurred, by your own admission, in December 2010 and yet only now in April 2012 did you bother to either notice it or do something about. So what you do you do? Locked everyone affected out of their accounts and then claim to have e-mails out informing people, but hey don't worry the e-mails will get to you eventually... Maybe.
I'm affected yet have received no e-mail... Click on 'Forgotten password' (Newsflash I HAVEN'T forgotten, you muppets can't keep your accounts secure) link, enter my e-mail address and still await reset link to come through....
*goes to check STO, CO and Cryptic homepages* ooh absolutely nothing to inform players there may be an issue.
*checks twitter* nothing...
*checks e-mail account* Still nothing
Seriously, I have better things to do with my time than do business with a company that sits around doing nothing for close to 18 months on TRIBBLE accounts and can't be bothered to communicate an issue of this importance in any reasonable manner or timeframe...
First sentence in the email is "As a result of routine security checks and upgrades..." and in your news section it says today that your routine security checks and updates revealed "...unauthorized access occurred in December 2010...". Guys, we have April 2012! Hopefully your systems are up to date now...
Glad to see it was Gmail being overly protective against the evil Cryptic email spam :P
So I tried to log on to the game as normal and everything is fine.