First loads of people cant log in yesterday and then this password reset stuff and you guys claim its all about something from last year !! I dont believe it. There must be a connection. It may be closing the barn door after the horse came home but I have removed my card details and its the end of the c-store for me.
Also, in your emails about this issue, can you have it written in proper American English and not in something that resembles Engrish, I thought it was a Fishing Scam initially when I read the poorly worded Email.
Just read about the hacking attempt on Cryptic servers.
Although I've reset my password, the password I used up until today is actually different from what it was back in December 2010, so even they'd managed to crack my password, it'd be useless to them now.
Still, thanks for the heads up Cryptic. (I do agree about the poor English thing though. It can come across as a phishing attempt!)
Cryptic is vigilant at protecting your account security and privacy. We have no data to suggest that the unauthorized access continued beyond December 2010, and increased security protections had already been instituted after that time. To protect your account information, we encourage you to be especially aware of e-mail and postal mail scams that ask for personal or sensitive information. Cryptic will not contact you in any way, including by e-mail, asking for your credit card number, social security number, or any other personally identifiable information. We recommend that you use very secure passwords at all times, and not share your account information with anyone.
How about you guys be vigilant enough to give us an authenticator keyfob and smartphone app?
First loads of people cant log in yesterday and then this password reset stuff and you guys claim its all about something from last year !! I dont believe it. There must be a connection. It may be closing the barn door after the horse came home but I have removed my card details and its the end of the c-store for me.
Same here. Also, my passwords weren't changed.
I was able to login with my old passwords on all accounts. I changed them anyway, but it's sad when they can't even enable security measures on accounts they believe may have been breached.
I have 2 accounts, this account went to the page and changed my password. I cannot change the password on my other account, because my other account's email address is no longer in the cryptic database. I was playing yesterday afternoon on my Eng, on the extinct account, now it is gone!
I sent a ticket in (got an automated email saying they recieved my support ticket, meaning they still had my email! - they sent the auto - email to the non existant email address!), and the return auto email said "expect to hear from us in 3-5 business days".......
Anybody else's email erased from the Cryptic Database?:eek:
First loads of people cant log in yesterday and then this password reset stuff and you guys claim its all about something from last year !! I dont believe it. There must be a connection. It may be closing the barn door after the horse came home but I have removed my card details and its the end of the c-store for me.
Deleted my CC when I heard PW was taking over the game. With all this happening I'm going to go ahead and say it, because I'm know it's already been discussed by Cryptic and PW. When are we going to be forced to make a PW account and link it with our Cryptic account? I'd better not have to ever. I will not do it.
This is another of Cryptics fearsome services... i can't login in the game, i get a an email, telling me that they discovered someone hacking my account in DECEMBER 2010 - are u kidding me? This is something they realize now... omg... we have a bunch of pro's sitting there, i can clearly see this now. Ok, that was just the start, now i want to retrieve my password, that doesn't work, for some reason i get directed to the PW site, they tell me i don'T have a PW account... great customer service here again! After several minutes of searching i eventually find somewhere to recover my new password - gueess what, then they send u an email and point one to the ATARI-Live-support? ATARI????
Please get someone responsible for QA and CS, the guys that now have the job are obviuosly not able to do it, the amount of misinformation i get from cryptic's mail and websites is way to high.... i am still waiting on atari to solve my issues...
Cryptic, get your things cleaned up, it's not bearable anymore
All my stuff is gone. I sent an in-game GM request marked "TRIBBLE", so hopefully it will get worked out. I haven't played in a few weeks, but got back on this morning when I received the e-mail from Cryptic about the password change thing.
They really should have put a notification at the top of the website, forums, and launcher to make it as clear as possible to people that there was a security breach and all affected account passwords have been reset, with clear instructions on how to reset their password. Better still, they should have also killed the cookies/sessions of the affected accounts so they'd be logged out to reduce confusion when clicking on the password reset link in this thread.
While hacking happen all the time, and it's of no surprise after the recent trend lately - the fact it took 16 months to identify the breach and inform consumers is somewhat alarming.
Just got the email this morning like everyone ells. even know it is late at least there letting us know, I havn't seen any problems yet, do you think they will beleave I had 1 billion Dilithium
Yup, you'll have to log out first before you can change your password.
A somewhat unconventional way of doing things
Anyway, I figure I should leave some thoughts since everyone else has, not that it'll make a diffrence, I've looked through this topic, people say things and it goes unread a few pages later, same questions answered over and over.
People are mad, sure, that's understandable.
Hacks do happen and who knows how many companies have been TRIBBLE and not known about it for years? It does seem like a long time and all that but what's do is done.
I do think Cryptic/Perfect World should give something cosmetic in the game for everyone who was registered at the time of the attack, nothing that has stats or monetary value because at the end of the day, it's not their fault they got TRIBBLE, many companies have been.
On the player side, I've seen a lot of overreacting, accounts can be restored and there are laws in place in most countries to deal with credit card fraud if you are unfortunate enough to have had that as a result of this. As for the fleet banks of people affected, I do think those should be restored.
Just to be crystal clear, and leave no room for misunderstandings:
Cryptic servers have not been compromised.
PWE servers have not been compromised.
If they were, we would have notified you.
Even if your account was accessed by a villain who had your username and password, your credit card information is safe. No one not you, not Customer Support, not anyone can view the full credit card number after its been submitted into the system.
If your account has been accessed by a villain who stole all your items and energy credits, follow these instructions.
Customer Support cannot roll back fleet banks. We would if we could, but we cant (not wont literally cant.)
And to reiterate all the good security advice out there, because it bears repeating:
Use a unique login name for each game and website.
Create passwords that are strong and unique, and keep them secure.
Use an antivirus.
Install an ad-blocker and a pop-up blocker.
Dont click a link if you dont know where it goes.
Read our "Account Security and You" forum announcement here: http://forums.startrekonline.com/announcement.php?a=12
Anyway, I figure I should leave some thoughts since everyone else has, not that it'll make a diffrence, I've looked through this topic, people say things and it goes unread a few pages later, same questions answered over and over.
People are mad, sure, that's understandable.
Hacks do happen and who knows how many companies have been TRIBBLE and not known about it for years? It does seem like a long time and all that but what's do is done.
I do think Cryptic/Perfect World should give something cosmetic in the game for everyone who was registered at the time of the attack, nothing that has stats or monetary value because at the end of the day, it's not their fault they got TRIBBLE, many companies have been.
On the player side, I've seen a lot of overreacting, accounts can be restored and there are laws in place in most countries to deal with credit card fraud if you are unfortunate enough to have had that as a result of this. As for the fleet banks of people affected, I do think those should be restored.
Eitherway, life goes on.
The one that made me facepalm was the person who said that they used their STO password for another site. It's Rule Zero that you do not use passwords for more than one thing on the internet.
I am ambivalent about what restitution Cryptic should give players. At this time I'm more interested in Cryptic apologizing to the people who were, as has been said, tarred and feathered when they were reporting hacks, and whom Cryptic brushed off saying that they had been infected by a trojan from STOwiki/Curse/whatever. Since the notice says that the passwords may have been compromised and possibly were, then all those people who were smacked down deserve to be apologized to by someone from Cryptic, and NOT Brandon; Brandon's just the messenger (and he's done a good job of keeping on top of this thread since y'day) and isn't the one who's supposed to be eating crow here.
And I agree that Cryptic's policy should be relaxed for a window of time, and fleet banks should be restored whenever possible.
"Just to be crystal clear, and leave no room for misunderstandings:
Cryptic servers have not been compromised.
PWE servers have not been compromised. If they were, we would have notified you."
I am ambivalent about what restitution Cryptic should give players. At this time I'm more interested in Cryptic apologizing to the people who were, as has been said, tarred and feathered when they were reporting hacks, and whom Cryptic brushed off saying that they had been infected by a trojan from STOwiki/Curse/whatever.
That should go without saying, I would hope they would so so as well.
My real first and last name.
My birthdate.
My full credit card number.
My login name.
My password.
The quote you posted yourself from the CS manager explains that there's no way they could get your credit card details. They're most likely stored on a separate database or server anyway.
And your password was encrypted... so if they'd broken the encryption on your password, I'd say you'd know by now. Either way, it's been reset so you would have to change it, so probably best you don't reset it to the password you had prior.
"Just to be crystal clear, and leave no room for misunderstandings:
Cryptic servers have not been compromised.
PWE servers have not been compromised. If they were, we would have notified you."
And that's what they did when they noticed...
That should go without saying, I would hope they would so so as well.
That is why in the first line of my post, I thank them for the notification.
The quote you posted yourself from the CS manager explains that there's no way they could get your credit card details. They're most likely stored on a separate database or server anyway.
And your password was encrypted... so if they'd broken the encryption on your password, I'd say you'd know by now. Either way, it's been reset so you would have to change it, so probably best you don't reset it to the password you had prior.
FTA: While we have no evidence that any other information was taken by the intruder, it is possible that the intruder was able to access additional account information. If they did so, the first and last name, e-mail address, date of birth (if provided to Cryptic Studios), billing address, and the first six digits and the last four digits of credit cards registered on the site may have been accessed. We have no evidence at this time that any data other than the account name, handle, and encrypted password were accessed for any user.
Comments
Although I've reset my password, the password I used up until today is actually different from what it was back in December 2010, so even they'd managed to crack my password, it'd be useless to them now.
Still, thanks for the heads up Cryptic. (I do agree about the poor English thing though. It can come across as a phishing attempt!)
How about you guys be vigilant enough to give us an authenticator keyfob and smartphone app?
Link went to cryptic for me, my prob was the reset email was going to the spam box
Same here. Also, my passwords weren't changed.
I was able to login with my old passwords on all accounts. I changed them anyway, but it's sad when they can't even enable security measures on accounts they believe may have been breached.
So yeah, no more credit card.
I sent a ticket in (got an automated email saying they recieved my support ticket, meaning they still had my email! - they sent the auto - email to the non existant email address!), and the return auto email said "expect to hear from us in 3-5 business days".......
Anybody else's email erased from the Cryptic Database?:eek:
Deleted my CC when I heard PW was taking over the game. With all this happening I'm going to go ahead and say it, because I'm know it's already been discussed by Cryptic and PW. When are we going to be forced to make a PW account and link it with our Cryptic account? I'd better not have to ever. I will not do it.
Thank you for pointing that out!
I've been requesting a reset since last night and getting nothing til I checked the spam box, thanks
Also, good to know the servers were breached almost one and a half years ago and we're just now finding out. Credit card deleted. :cool:
Some CP, a special set of items (cosmetic or otherwise) to try to make people feel better.
Good business practice. :eek:
Please get someone responsible for QA and CS, the guys that now have the job are obviuosly not able to do it, the amount of misinformation i get from cryptic's mail and websites is way to high.... i am still waiting on atari to solve my issues...
Cryptic, get your things cleaned up, it's not bearable anymore
All my stuff is gone. I sent an in-game GM request marked "TRIBBLE", so hopefully it will get worked out. I haven't played in a few weeks, but got back on this morning when I received the e-mail from Cryptic about the password change thing.
Very disappointing.
While hacking happen all the time, and it's of no surprise after the recent trend lately - the fact it took 16 months to identify the breach and inform consumers is somewhat alarming.
Seriously though, the e-mail looked a LOT like the scam and phishing e-mails I receive all the time.
Yup, you'll have to log out first before you can change your password.
A somewhat unconventional way of doing things
Anyway, I figure I should leave some thoughts since everyone else has, not that it'll make a diffrence, I've looked through this topic, people say things and it goes unread a few pages later, same questions answered over and over.
People are mad, sure, that's understandable.
Hacks do happen and who knows how many companies have been TRIBBLE and not known about it for years? It does seem like a long time and all that but what's do is done.
I do think Cryptic/Perfect World should give something cosmetic in the game for everyone who was registered at the time of the attack, nothing that has stats or monetary value because at the end of the day, it's not their fault they got TRIBBLE, many companies have been.
On the player side, I've seen a lot of overreacting, accounts can be restored and there are laws in place in most countries to deal with credit card fraud if you are unfortunate enough to have had that as a result of this. As for the fleet banks of people affected, I do think those should be restored.
Eitherway, life goes on.
Now, so I understand this....
Since December 2010 some thief may have gotten:
My real first and last name.
My birthdate.
My full credit card number.
My login name.
My password.
And you (Cryptic) are just finding out about this now?
What the fark!?!
Also, what happened to this from 4/2/12:
I am extremely disappointed in Cryptic. :mad:
The one that made me facepalm was the person who said that they used their STO password for another site. It's Rule Zero that you do not use passwords for more than one thing on the internet.
I am ambivalent about what restitution Cryptic should give players. At this time I'm more interested in Cryptic apologizing to the people who were, as has been said, tarred and feathered when they were reporting hacks, and whom Cryptic brushed off saying that they had been infected by a trojan from STOwiki/Curse/whatever. Since the notice says that the passwords may have been compromised and possibly were, then all those people who were smacked down deserve to be apologized to by someone from Cryptic, and NOT Brandon; Brandon's just the messenger (and he's done a good job of keeping on top of this thread since y'day) and isn't the one who's supposed to be eating crow here.
And I agree that Cryptic's policy should be relaxed for a window of time, and fleet banks should be restored whenever possible.
"Just to be crystal clear, and leave no room for misunderstandings:
Cryptic servers have not been compromised.
PWE servers have not been compromised.
If they were, we would have notified you."
And that's what they did when they noticed...
That should go without saying, I would hope they would so so as well.
The quote you posted yourself from the CS manager explains that there's no way they could get your credit card details. They're most likely stored on a separate database or server anyway.
And your password was encrypted... so if they'd broken the encryption on your password, I'd say you'd know by now. Either way, it's been reset so you would have to change it, so probably best you don't reset it to the password you had prior.
That is why in the first line of my post, I thank them for the notification.
I read the security notice: http://www.crypticstudios.com/securitynotice
FTA:
While we have no evidence that any other information was taken by the intruder, it is possible that the intruder was able to access additional account information. If they did so, the first and last name, e-mail address, date of birth (if provided to Cryptic Studios), billing address, and the first six digits and the last four digits of credit cards registered on the site may have been accessed. We have no evidence at this time that any data other than the account name, handle, and encrypted password were accessed for any user.
It is possible. <sigh> Damn unfortunate.
Any ideas?
I'll take the silence as a NO. :cool:
Perhaps it is because your account was not created at the time of the breach in December 2010?
Join Date: Jun 2011
Hard to steal that which does not exist.