Never got the Email myself. Played fine on my password this morning. So sometime between 13:00 and 23:00 my account was compromised? I mean the link that tells us about the breach says that only the accounts that were affected would require a password change.
Here is where I get confused because I have change passwords at least four times since 2010.
Seems implicative that your security issue(s) is/are on going.
can we get an answer on the pwe vs cryptic passwords for those who have linked their accounts and are using their pwe login details to connect to STO/CO? I was able to log into the game correctly using my existing pwe details (no reset) but did receive an email saying my details had been reset - I presume these were my cryptic log in details (which I couldnt/didnt use anyway).
Basically is this limited to Cryptic databases or are PWE ones affected also? Just want to know if my account is safe(ish) or not.
oh and i didn't start playing CO until well into 2011 - so after the "incident"
Maybe its just the cryptic passwords that have been reset.
I haven't been able to use that one anyway since I transferred to PWE. That one is fine and has not been reset, despite me getting the email from Cryptic.
However, I do believe that a challenge authentication system would be significantly more useful. RSA, as another poster points out, has an option - and that's not the only one out there. In essence, a password or code that is randomly and dynamically generated in addition to what you have already. Only the combination of the two would allow one access.
Other games have this. Indeed, the majority of them do it either for free or a very minor fee. This allows security and cuts down on possible fraud by a massive amount.
My reference to a systemic failure, could have been clearer, What I mean by that is its yet another area in which one would wonder, WHY it has taken that long to find and what caused it to take so long in the first place.
Given when the Sony incident happened, the local IT head at my Institution put out an email to warn us and ask us all to change PWs then repeated it when another institution had a virus. I asked him about it and he said he watches that stuff, just because it can effect work too, and its good customer service.
. From my view on the outside, it seems that basic standards, are, well lacking. By that I mean Communications, Quality Assurance, Customer Service, Marketing. and now, Security.
They have had major issues with each area, more than once in some cases. Rapid fire incidents of this nature over a wide variety of areas leads me to think they have issues with standards and practices.
oh and a side note, i do find it interesting how easy it is to cause the launcher Java to crash to an error.
Stuill not fricking working for STO. Champions works but I never played that!
log out of the forums
close browser
open browser
go to STO web site, attempt to log in
when it doesn't allow you to log in, use the forgot password link and follow those instructions.
the big key to all this is that first step, without it, it will not work
log out of the forums
close browser
open browser
go to STO web site, attempt to log in
when it doesn't allow you to log in, use the forgot password link and follow those instructions.
the big key to all this is that first step, without it, it will not work
As someone who is still dealing with the repercussions of the Sony hack last year, let me just jump in early and give a big THANK YOU to Cryptic for letting us know about this promptly rather than letting it sit around.
What are you talking about? From the announcement: "The unauthorized access occurred in December 2010"
Got an email from Perfect Worlds today regarding my account info being possibly compromised and pretty sure that is now related to all the junk email requests I've been getting lately...
Since I'm careful not to click email links, I just logged into the STO website and hit the "forgot password" button...logged into the game and all is fine...
Thanks for the heads up Cryptic...far better than what SOE did to us all in SWG...
log out of the forums
close browser
open browser
go to STO web site, attempt to log in
when it doesn't allow you to log in, use the forgot password link and follow those instructions.
the big key to all this is that first step, without it, it will not work
Many thanks, thet helped!
The Password EMail just took some minutes, in that time i couldn't log in to the Forum.
EDIT
I was wrong, you can remove your credit card information and billing information. I may have missed this before as I have wanted to do this in the past and was unsuccessful until just a moment ago.
Thank you for this. I was a recurring subscriber but stopped when F2P came out. They don't need to have my CC info any more.
For those that haven't seen it or tried it yet, there is some comfort in the fact they're using a separate secure site just for billing. That gives me a little more confidence.
I just got it to work. The solution was to log out of the forms, close my browser tab for STO web site. Then the email link finally worked and I was able to reset my password. Now Captain Scarty can go kill some Klingon's!
- return to STO log in [ / ]
- attempt sign in [ / ]
- recover password [ / ]
- access email and follow link [ / ]
- input new password [ / ]
- log into STO forums [ / ]
- confirm by logging into game [ / ]
*if you have any issue after a failure simply delete your history and cache in firefox before you log back in.
on a very related note i would like to point out my frustration and disappointment in cryptic and PWE for this total failure in terms of server security. I would normally be demanding some sort of compensation but we all know better than to even ask when it comes to customer relations and support.
Being a Cryptic account rather than a Perfect World account I found it a complete pain in the posterior resetting.
Your links -do not- direct to the correct pages. Sort this crud out. If I'm accessing Cryptic support about a Cryptic account I don't expect to be redirected to the PW support pages.
Whomever is in charge of your websites should be embarrased for the shocking state of links/forwarding.
so basically you - cryptic - tell us that the players which have been here in December 2010
can be sure, that their NAME, the PASSWORD, and perhaps also CREDIT CARD records
are endangered.. now for 17 months?
now this is nice, cause i've been using the same pw for another sites too (no banking),
and had problems there..
now THANK YOU for telling us, so that i know whom to blame.
now the question is
ARE YOU SURE THERE WERE NO MORE UNAUTHORIZED ACCESSES SINCE?
I reseted my password yesterday, after the "emergency maintenance" was completed and was able to log in just fine. Launching the game today, play a bit with one character, everything fine, but when I wanted to relog I suddenly started receiving "Invalid Password" message. Had to reset everything yet again.
What is more, my mail suddenly started tagging all cryptic mails as spam/threat, although everything was fine before.
Yeah free credit reporting from PW for a year! Really 2010? Force complex passwords and require changes after a certian time. Was law enforcement notified as required?
This is very disappointing. I almost expect big companies like Sony to be complacement when it comes to security, but a small company like Cryptic that specialise in this field and this alone should have security at the top of their priority list.
I was going to be on STO on my day off of work All ways thing f up on here new I stell can't get in sto & I have a fleet I need to run SO WTF Can Crytic fix it or not I Am going to work I would love to get on sto after work and I would be bad if I can't get on sto agen I just got the Omega set mk12
Please could it be fed back to whoever wrote the email sent out at approx 1:30am BST from Cryptic that it may be an idea to re-write the email that gets sent out in the event of a hack? (hopefully a email of this type wont be needed again!)
The wording of the email i received this morning is very close to something a phising email would say for example,
"As a result of routine security checks and upgrades, we have discovered that certain of your account information, including your password, may have been accessed by an unauthorized party. "
I also had this email flagged as a "suspicious email" by hotmail and had to check the mail headers to determine who owned the originating ip address as to whether it was a phising email or it was genuine.
It takes you 16 months to even notice you were TRIBBLE..
And you don't even encrypt passwords (Which has been a standard for online security since before 1997).
Way to fall way below expectations, Cryptic.
Fail at reading. The passwords were encrypted. It was stated multiple times. And they did tell us when they found out - considering it's been so long, they could easily have said nothing at all and no one would have been the wiser.
And would you notice if someone got into your computer a year ago, and stole a file, but did nothing to clue you off that it might have happened? Did you notice when I TRIBBLE you 6 months ago? (I'm joking, of course. Aren't I?)
This is very disappointing. I almost expect big companies like Sony to be complacement when it comes to security, but a small company like Cryptic that specialise in this field and this alone should have security at the top of their priority list.
Other way around. It's the big companies that have more at stake, and have the resources to devote to all the security. Ask any web developer just how easy it is to make things really secure. Especially when there's more than 1 person working on everything. If a hacker is determined, no site is foolproof.
Comments
Here is where I get confused because I have change passwords at least four times since 2010.
Seems implicative that your security issue(s) is/are on going.
can we get an answer on the pwe vs cryptic passwords for those who have linked their accounts and are using their pwe login details to connect to STO/CO? I was able to log into the game correctly using my existing pwe details (no reset) but did receive an email saying my details had been reset - I presume these were my cryptic log in details (which I couldnt/didnt use anyway).
Basically is this limited to Cryptic databases or are PWE ones affected also? Just want to know if my account is safe(ish) or not.
oh and i didn't start playing CO until well into 2011 - so after the "incident"
I haven't been able to use that one anyway since I transferred to PWE. That one is fine and has not been reset, despite me getting the email from Cryptic.
My reference to a systemic failure, could have been clearer, What I mean by that is its yet another area in which one would wonder, WHY it has taken that long to find and what caused it to take so long in the first place.
Given when the Sony incident happened, the local IT head at my Institution put out an email to warn us and ask us all to change PWs then repeated it when another institution had a virus. I asked him about it and he said he watches that stuff, just because it can effect work too, and its good customer service.
. From my view on the outside, it seems that basic standards, are, well lacking. By that I mean Communications, Quality Assurance, Customer Service, Marketing. and now, Security.
They have had major issues with each area, more than once in some cases. Rapid fire incidents of this nature over a wide variety of areas leads me to think they have issues with standards and practices.
oh and a side note, i do find it interesting how easy it is to cause the launcher Java to crash to an error.
log out of the forums
close browser
open browser
go to STO web site, attempt to log in
when it doesn't allow you to log in, use the forgot password link and follow those instructions.
the big key to all this is that first step, without it, it will not work
Thank you! That did it.
16 months is NOT prompt. :mad:
Since I'm careful not to click email links, I just logged into the STO website and hit the "forgot password" button...logged into the game and all is fine...
Thanks for the heads up Cryptic...far better than what SOE did to us all in SWG...
The Password EMail just took some minutes, in that time i couldn't log in to the Forum.
Live long and prosper.
REALLY scarry to see this first thing in the morning!
For those that haven't seen it or tried it yet, there is some comfort in the fact they're using a separate secure site just for billing. That gives me a little more confidence.
...it took THREE attempts
- log off forums [ / ]
- close browser [ / ]
* somethings missing here that caused issues*
- return to STO log in [ / ]
- attempt sign in [ / ]
- recover password [ / ]
- access email and follow link [ / ]
- input new password [ / ]
- log into STO forums [ / ]
- confirm by logging into game [ / ]
*if you have any issue after a failure simply delete your history and cache in firefox before you log back in.
on a very related note i would like to point out my frustration and disappointment in cryptic and PWE for this total failure in terms of server security. I would normally be demanding some sort of compensation but we all know better than to even ask when it comes to customer relations and support.
Your links -do not- direct to the correct pages. Sort this crud out. If I'm accessing Cryptic support about a Cryptic account I don't expect to be redirected to the PW support pages.
Whomever is in charge of your websites should be embarrased for the shocking state of links/forwarding.
can be sure, that their NAME, the PASSWORD, and perhaps also CREDIT CARD records
are endangered.. now for 17 months?
now this is nice, cause i've been using the same pw for another sites too (no banking),
and had problems there..
now THANK YOU for telling us, so that i know whom to blame.
now the question is
ARE YOU SURE THERE WERE NO MORE UNAUTHORIZED ACCESSES SINCE?
I reseted my password yesterday, after the "emergency maintenance" was completed and was able to log in just fine. Launching the game today, play a bit with one character, everything fine, but when I wanted to relog I suddenly started receiving "Invalid Password" message. Had to reset everything yet again.
What is more, my mail suddenly started tagging all cryptic mails as spam/threat, although everything was fine before.
I don't have a PW account.
Take 16 months to spot, fix and notify paying customers of a hack.
The wording of the email i received this morning is very close to something a phising email would say for example,
"As a result of routine security checks and upgrades, we have discovered that certain of your account information, including your password, may have been accessed by an unauthorized party. "
I also had this email flagged as a "suspicious email" by hotmail and had to check the mail headers to determine who owned the originating ip address as to whether it was a phising email or it was genuine.
It takes you 16 months to even notice you were TRIBBLE..
Way to fall way below expectations, Cryptic.
Fail at reading. The passwords were encrypted. It was stated multiple times. And they did tell us when they found out - considering it's been so long, they could easily have said nothing at all and no one would have been the wiser.
And would you notice if someone got into your computer a year ago, and stole a file, but did nothing to clue you off that it might have happened? Did you notice when I TRIBBLE you 6 months ago? (I'm joking, of course. Aren't I?)
Other way around. It's the big companies that have more at stake, and have the resources to devote to all the security. Ask any web developer just how easy it is to make things really secure. Especially when there's more than 1 person working on everything. If a hacker is determined, no site is foolproof.