On the original accounts you did not have that option. The @ handle was the same.
I signed up the same year you did, are you saying that the change was made between Jan 09 and Oct 09? I mean if it did, then fine but I know my STO login name isn't the same as my handle
Oh the server can see who is who, which is fine, the comment is made so that the players or potential hackers can not see the @name, which matters little. Much like "John smith" and "John smith" we meet in real life, we know then by several diff ways.
I know what you ment, I was talking about the visible diffrence.
But it raises problems, if they are both in the same fleet and you want to send one of them a tell or a message, you can use the autocomplete currently to send it, then if you get a tell from one with the same name, without seeing them, it's hard to tell which one it is.
There's also the possibility of impersonating someone else.
I can see the advantages sure but there are disadvantages too.
I signed up the same year you did, are you saying that the change was made between Jan 09 and Oct 09? I mean if it did, then fine but I know my STO login name isn't the same as my handle
No, it was there from the beginning, it's just been a long time since then and honestly wasn't very informative about what you were putting the second name down for (that became the @name)
So, did you reset & change your pw, then try to log in with the new pw?
When the login server came back up, I was forced to reset my password. Afterwards, I couldn't login. I reset it three more times, before I noticed that I might also need to reclaim my username. So I did. It gave me a username not my own. I tried to login with it, and I have no characters, no forum history, no C-Store items, etc. Blank slate. I've put in a customer service ticket.
I submitted a ticket with customer service, and thus far, have heard nothing. I imagine they are likely overwhelmed with this latest clusterfrak.
I came into work this morning, and clicked on the website from my browser. Low and behold, I can access the forums again, via my proper account name. I dare not try to go into the details of this account, for fear of losing forum access. From what I'm reading from others, it would seem two accounts are associated with my email address (not sure how), and they automatically associated one user name with my email address, and not the other. So now, this one @Sprint01 is unavailable to me. It also happens to be where 2 years of gaming and a hundred bucks worth of C-Store items is located.
If you are having trouble logging into your account, your accounts password may have been locked during our account server maintenance today. You can recover your password via the forgot password link on the official Star Trek Online or Champion Online websites:
"When you said to Commander Riker online in 2010, the hacker can stay, but the stuff he stole had to go, HAHAHA, During December, we were at ESD bank, you told the joke, that was the punchline! , HAHAHA" : Data
"December? Data that was 2 years ago" : Geordi
"I know we've actually been TRIBBLE, HAHAHAHA, Very Funny!!!! AHAHAHAHAHAAHAAHA!!!!" Data
This is EXTREMELY disturbing... Please give us full details and especially since some of our credit information was possibly accessed. Thank you!!! :eek:
:mad::mad: I find it hard to believe that only now (April 25, 2012) Cryptic finally realized that they had been TRIBBLE. Obviously, they were aware of this incident months ago back in December 2010. With all of the server crashes we (the players) recently been experiencing, it was passed off as a software issue with an update or that the servers could not handle the heavy load of players on at that time. Whether or not that may have been the case, but with the "top-leveled" programmers and engineers on staff there at Cryptic, I do not believe that it was a bad update. Meanwhile, Cryptic finally decided to reset the infected server with most of the accounts on it. We were just notified of this incident as we were logging into the game now (April 25, 2012) to reset our passwords.
With the huge time gap from the hacking incident until now (April 25, 2012), there is someone or some group out there using our identities from the information they acquired (stolen) to make purchases we (the players) can only imagine. So, Cryptic please be more forth-coming if another incident of this type occurs again; even if it's small, please let us know when it happens instead of after the fact.
Wait, what?
Systems do not work the way you are describing them. Let's go through the list:
It is absolutely possible that they did not know about the compromise in December of 2010. Embarrassing, but possible, even likely. I would chalk this up to PWE insisting on a more comprehensive audit that was only completed recently and the logs indicated that an intrusion had taken place. See below.
This was a compromise of the account server, NOT the game server. Server crashes had NOTHING to do with account information being stolen.
"Reset the infected server." You're talking about it as if there was a virus on the account server, which there probably -- in fact almost certainly -- was not. Computers are vulnerable to other attacks besides malware.
Unless you were... unwise enough as to use your Cryptic password for ANY OTHER SERVICE ON THE NET, then the only thing the bad guys got was access to your Cryptic game account. (Obviously, this is not the case if CCNs were stolen.)
"Be more forth-coming." They announced this and reset peoples passwords as soon as it was discovered. Again, it is entirely possible -- if unfortunate and face-palming -- that it took this long to discover the unauthorized access. This is not Hollywood. The screens in Cryptic's NOC don't suddenly flash red and a big klaxon does not go off and a computer generated voice does not shout 'INTRUDER! ALERT! INTRUDER! ALERT!" if someone burps on the database wrong. Again, they are required to disclose as soon as discovered, because if (parts of) CCNs were stolen, then the FBI gets involved and the FBI WILL find out if they did not disclose.
Assuming that the CCNs have been stolen and compromised, which is much more difficult than one thinks, you can be *positive* of what purchases have been made in your name and on your credit card. It's called a credit card statement. Most are sent out monthly; I can look at mine at any time.
This being said, if you don't routinely check them, go now and check your credit card statements starting from December 2010 for anomalous purchases. Change your passwords if any of them are the same as your Cryptic one -- in fact, if any of your passwords are reused across multiple sites, change them. If you're really concerned, contact your CC vendor and ask for a new card and CCN.
This is not to excuse Cryptic. I have PLENTY of beef with Cryptic over the past two years. And they should have done better. An audit should have caught this, and the database should have been more secure. This is going to be at the very least embarrassing and there could be lawsuits on the horizon. As well there should be. I feel at the very least an apology needs to be made to certain people who have complained about their accounts being TRIBBLE. So, yes, Cryptic has much to answer for about this. But hate on Cryptic for the RIGHT reasons.
Dang I cant even get to my account to cancel my subscription. Been a gold member since launch. So I'm paying for not being able to play a game I'm paying for? WTF?
If you have to have us reset our passwords that's cool. But to reset our passwords then not allow us to retrieve or reset our passwords is ....well it's baaaaad. Really really bad.
An update on where we stand regarding this issue would be appreciated.
"When you said to Commander Riker online in 2010, the hacker can stay, but the stuff he stole had to go, HAHAHA, During December, we were at ESD bank, you told the joke, that was the punchline! , HAHAHA" : Data
"December? Data that was 2 years ago" : Geordi
"I know we've actually been TRIBBLE, HAHAHAHA, Very Funny!!!! AHAHAHAHAHAAHAAHA!!!!" Data
Dang I cant even get to my account to cancel my subscription. Been a gold member since launch. So I'm paying for not being able to play a game I'm paying for? WTF?
If you have to have us reset our passwords that's cool. But to reset our passwords then not allow us to retrieve or reset our passwords is ....well it's baaaaad. Really really bad.
An update on where we stand regarding this issue would be appreciated.
Sigh!
People should really start reading back at least a few pages in a thread their posting in. You'll soon discover why you can't reset.
Anyway, I'm going to assume you're logged in to the website/forum... it's a safe bet, seeing as you're posting here. Now, your original password has been reset so you will not be able to change your password while logged in (because you need the current password to to confirm the change, but that's been changed)... this is why they advised us to use the forgotten password link.
However, to use that reset link you can't be logged in to the website/forum. Why would the system ask you had you forgotten your password while you're logged in??
2.) How about giving us 4,000 C-Store credit voucher or something for this TRIBBLE up. December 2010? Wow.
Agreed, make it for all subscribers like me because they had a open door for two years to steal information, some of that could be MINE and quite frankly you owe us for the bad service, Server crashes and downtime that may or may not be linked to this, just our luck it is, and BUGS!!!! Man if you were working for me Cryptic id fire all of you, just saying and im in IT.
Agreed, make it for all subscribers like me because they had a open door for two years to steal information, some of that could be MINE and quite frankly you owe us for the bad service, Server crashes and downtime that may or may not be linked to this, just our luck it is, and BUGS!!!! Man if you were working for me Cryptic id fire all of you, just saying and im in IT.
But you weren't even registered in Dec 2010... the information stored and taken didn't include yours. lol
Just a bit of information for those who live in the sate of California, you can file an AG complaint against them about this. As of the time I checked the site for data breaches, Cryptic, had not, filed a report.
I'm not a happy camper, not in the least, and I'm not happy with how little information we have on this. Why is this NOT on the front page? why is the title of this thread so misleading?
Just a bit of information for those who live in the sate of California, you can file an AG complaint against them about this. As of the time I checked the site for data breaches, Cryptic, had not, filed a report.
I'm not a happy camper, not in the least, and I'm not happy with how little information we have on this. Why is this NOT on the front page? why is the title of this thread so misleading?
Answers I'd like to see.
I thought Cryptic was owned by a China-based maker of crappy games and Internet spam now? The California AG can go after them?
I'm actually pretty ****ed I didn't get an email about this to reset my password. I wonder how many others just can't get into their accounts anymore and won't really know what to do about it.
Cryptic is vigilant at protecting your account security and privacy. We have no data to suggest that the unauthorized access continued beyond December 2010, and increased security protections had already been instituted after that time. To protect your account information, we encourage you to be especially aware of e-mail and postal mail scams that ask for personal or sensitive information. Cryptic will not contact you in any way, including by e-mail, asking for your credit card number, social security number, or any other personally identifiable information. We recommend that you use very secure passwords at all times, and not share your account information with anyone.
Bran,
While we appreciate that Cryptic acted the second it discovered this hacking, I think the question many of us have is how it took a year and a half to find that the hacking had happened (and ceased). I.T. security, these days, is paramount. This action suggests that there was inadequate I.T. security protocols for at least a year and a half before it was detected and dealt with. Up to a month is believable, but a year and a half? Thats a real big problem in the I.T. security systems reliability and data access integrity. Users could have had the most airtight password and from what it sounds the hackers would have had access to it.
What is Cryptic going to do to increase its data systems integrity and speed up its ability to detect and deal with a failure that comprimises its I.T. security?
I'm actually pretty ****ed I didn't get an email about this to reset my password. I wonder how many others just can't get into their accounts anymore and won't really know what to do about it.
In the email, it says stored on that section AT THE TIME of December 2010.
However, I too would like to know why it's taken over a year for them to find it - unless the hacker left a drone behind.
I thought Cryptic was owned by a China-based maker of crappy games and Internet spam now? The California AG can go after them?
Even as a subsidiary, Cryptic is still an organization incorporated under the laws of California and they do business in California under California's laws. They would be required to submit such a report.
The notice was sent out yesterday at 4PM Pacific TIme or so. It is currently 9:30AM in California; business hours are typically 9 to 5. Cryptic probably already submitted the report. Give it until the end of this business day before arming the photon torches and setting pitchforkers to "shake'n'bake" for that particular offense.
Even as a subsidiary, Cryptic is still an organization incorporated under the laws of California and they do business in California under California's laws. They would be required to submit such a report.
The notice was sent out yesterday at 4PM Pacific TIme or so. It is currently 9:30AM in California; business hours are typically 9 to 5. Cryptic probably already submitted the report. Give it until the end of this business day before arming the photon torches and setting pitchforkers to "shake'n'bake" for that particular offense.
This just serves as further proof that people should not give out their CCard, personal info, etc. with these companies since they cannot be trusted to protect your information.
You might as well create a web page with your name, address, social security number, etc. and ask people to rob you.
People should really start reading back at least a few pages in a thread their posting in. You'll soon discover why you can't reset.
Anyway, I'm going to assume you're logged in to the website/forum... it's a safe bet, seeing as you're posting here. Now, your original password has been reset so you will not be able to change your password while logged in (because you need the current password to to confirm the change, but that's been changed)... this is why they advised us to use the forgotten password link.
However, to use that reset link you can't be logged in to the website/forum. Why would the system ask you had you forgotten your password while you're logged in??
Grav, I have NOT attempted to rest my password while logged into the website. I have however tried using the link that was provided in the email I recieved. It takes me TO the website.
Comments
I signed up the same year you did, are you saying that the change was made between Jan 09 and Oct 09? I mean if it did, then fine but I know my STO login name isn't the same as my handle
I know what you ment, I was talking about the visible diffrence.
But it raises problems, if they are both in the same fleet and you want to send one of them a tell or a message, you can use the autocomplete currently to send it, then if you get a tell from one with the same name, without seeing them, it's hard to tell which one it is.
There's also the possibility of impersonating someone else.
I can see the advantages sure but there are disadvantages too.
So, did you reset & change your pw, then try to log in with the new pw?
You cannot tell me it took you 1.5 years to find this out, if you are actually saying this, then you truly are incompetent as a company!
They used to do this if you contacted support. I have no idea if they still do.
My account is original and has never been the same @handle as login, there were two separate boxes to choose login and display name when signing up.
No, it was there from the beginning, it's just been a long time since then and honestly wasn't very informative about what you were putting the second name down for (that became the @name)
When the login server came back up, I was forced to reset my password. Afterwards, I couldn't login. I reset it three more times, before I noticed that I might also need to reclaim my username. So I did. It gave me a username not my own. I tried to login with it, and I have no characters, no forum history, no C-Store items, etc. Blank slate. I've put in a customer service ticket.
I submitted a ticket with customer service, and thus far, have heard nothing. I imagine they are likely overwhelmed with this latest clusterfrak.
I came into work this morning, and clicked on the website from my browser. Low and behold, I can access the forums again, via my proper account name. I dare not try to go into the details of this account, for fear of losing forum access. From what I'm reading from others, it would seem two accounts are associated with my email address (not sure how), and they automatically associated one user name with my email address, and not the other. So now, this one @Sprint01 is unavailable to me. It also happens to be where 2 years of gaming and a hundred bucks worth of C-Store items is located.
"I get it, HAHAHA, I get it!" : Data
"You get what?" Geordi
"When you said to Commander Riker online in 2010, the hacker can stay, but the stuff he stole had to go, HAHAHA, During December, we were at ESD bank, you told the joke, that was the punchline! , HAHAHA" : Data
"December? Data that was 2 years ago" : Geordi
"I know we've actually been TRIBBLE, HAHAHAHA, Very Funny!!!! AHAHAHAHAHAAHAAHA!!!!" Data
DC universe gave us free game time and special items plus their equivalent of proto type salvage?
And why only now has this been uncovered a mean a month after fair enough but a year? that's pretty pathetic .
Wait, what?
Systems do not work the way you are describing them. Let's go through the list:
This being said, if you don't routinely check them, go now and check your credit card statements starting from December 2010 for anomalous purchases. Change your passwords if any of them are the same as your Cryptic one -- in fact, if any of your passwords are reused across multiple sites, change them. If you're really concerned, contact your CC vendor and ask for a new card and CCN.
This is not to excuse Cryptic. I have PLENTY of beef with Cryptic over the past two years. And they should have done better. An audit should have caught this, and the database should have been more secure. This is going to be at the very least embarrassing and there could be lawsuits on the horizon. As well there should be. I feel at the very least an apology needs to be made to certain people who have complained about their accounts being TRIBBLE. So, yes, Cryptic has much to answer for about this. But hate on Cryptic for the RIGHT reasons.
If you have to have us reset our passwords that's cool. But to reset our passwords then not allow us to retrieve or reset our passwords is ....well it's baaaaad. Really really bad.
An update on where we stand regarding this issue would be appreciated.
2.) How about giving us 4,000 C-Store credit voucher or something for this TRIBBLE up. December 2010? Wow.
LMAO
Sigh!
People should really start reading back at least a few pages in a thread their posting in. You'll soon discover why you can't reset.
Anyway, I'm going to assume you're logged in to the website/forum... it's a safe bet, seeing as you're posting here. Now, your original password has been reset so you will not be able to change your password while logged in (because you need the current password to to confirm the change, but that's been changed)... this is why they advised us to use the forgotten password link.
However, to use that reset link you can't be logged in to the website/forum. Why would the system ask you had you forgotten your password while you're logged in??
Agreed, make it for all subscribers like me because they had a open door for two years to steal information, some of that could be MINE and quite frankly you owe us for the bad service, Server crashes and downtime that may or may not be linked to this, just our luck it is, and BUGS!!!! Man if you were working for me Cryptic id fire all of you, just saying and im in IT.
But you weren't even registered in Dec 2010... the information stored and taken didn't include yours. lol
I'm not a happy camper, not in the least, and I'm not happy with how little information we have on this. Why is this NOT on the front page? why is the title of this thread so misleading?
Answers I'd like to see.
I thought Cryptic was owned by a China-based maker of crappy games and Internet spam now? The California AG can go after them?
Bran,
While we appreciate that Cryptic acted the second it discovered this hacking, I think the question many of us have is how it took a year and a half to find that the hacking had happened (and ceased). I.T. security, these days, is paramount. This action suggests that there was inadequate I.T. security protocols for at least a year and a half before it was detected and dealt with. Up to a month is believable, but a year and a half? Thats a real big problem in the I.T. security systems reliability and data access integrity. Users could have had the most airtight password and from what it sounds the hackers would have had access to it.
What is Cryptic going to do to increase its data systems integrity and speed up its ability to detect and deal with a failure that comprimises its I.T. security?
However, I too would like to know why it's taken over a year for them to find it - unless the hacker left a drone behind.
A year is a long time.
Even as a subsidiary, Cryptic is still an organization incorporated under the laws of California and they do business in California under California's laws. They would be required to submit such a report.
The notice was sent out yesterday at 4PM Pacific TIme or so. It is currently 9:30AM in California; business hours are typically 9 to 5. Cryptic probably already submitted the report. Give it until the end of this business day before arming the photon torches and setting pitchforkers to "shake'n'bake" for that particular offense.
What I was getting at was that I never got an email.
After the Borg start Hacking in December 2010:
"Cryptic accounts being TRIBBLE ..........90%............80" Worf
"Being Completely oblivious to the problem and failing to secure servers, Damn!" Geordi
"Cryptic was TRIBBLE" : Worf
"Cancel all Subscriptions" Picard
Very interesting. Are those reports made public?
You might as well create a web page with your name, address, social security number, etc. and ask people to rob you.
According to Kyuui's post which you quoted... maybe.
Grav, I have NOT attempted to rest my password while logged into the website. I have however tried using the link that was provided in the email I recieved. It takes me TO the website.
If you know something I dont please share.