We still don't know what information was taken. Are our CC at risk, did they get E-mail address. We need more information than "Your account may have been accessed by an unauthroized party"
As a result of routine security checks and upgrades, we have discovered that certain of your account information, including your password, may have been accessed by an unauthorized party.
I thought the email was spam due to the mistakes in it.
As someone who is still dealing with the repercussions of the Sony hack last year, let me just jump in early and give a big THANK YOU to Cryptic for letting us know about this promptly rather than letting it sit around.
From http://www.crypticstudios.com/securitynotice:
. The unauthorized access occurred in December 2010, and evidence of this has just been uncovered due to increased security analysis.
As someone who is still dealing with the repercussions of the Sony hack last year, let me just jump in early and give a big THANK YOU to Cryptic for letting us know about this promptly rather than letting it sit around.
You consider a year and quarter after it happened "promptly?" Or is that sarcasm?
wasnt december when PW moved in with you guys at cryptic....never trust your new best friends unwashed, longhaired "musician" friend...he'll steal your ashtrays and the beer out of the fridge!
You've got your YEARS wrong. Starting rumors in such a situation is hardly constructive.
This happened in December of 2010 and we're just being told about it in April, almost May of 2012?
Seriously guys...it took you that long to figure it out? Damnit people...get it together! You're giving me reasons every passing day to NOT play this game thanks to what's happening in-game. Now you're just piling on real world reasons.
Get your house in order already! :mad:
This does not make me feel at ALL confident about carrying out C-Store transactions...
Does this only affect Cryptic accounts? I linked my Cryptic account to my PWE account which has a different password and log in name. Since this happened in 2010 and the PWE change over was well after that, I should be fine, no?
You need to log out. If you're still logged in, there's no reasonfor the system to think you've forgotten your password.
And changing your password while logged in requires you confirm the original password... which you no longer have.
So, ya, short answer... just log out and use the forgotten password link.
This works for me...
Note: after changing your password at the website with the URL emailed to you, it will take a minute or 2 for the password change to migrate tot he authentication server...
I remember all the accounts being compromised a month or so back. And everyone swearing up and down it was all STOwiki's fault.
Except for the fact that there were plenty of people affected who didn't use STOwiki.
But no, I got shouted down, and everyone swore there was no problem at all with Cryptic's security.
Except, appearently, that they'd been wide-open for a year and a half, and never noticed.
So glad I have lifetime access to having my info stolen, but not, y'know, game content. That all costs extra.
I remember this. Its scary to think it wasn't just some matter of a random keylogger but instead it was as you put it Cryptic being wide open for over a year and nobody catching it.
this appeard in my spam box because quite frankly it looks like spam.
"As a result of routine security checks and upgrades, we have discovered that certain of your account information, including your password, may have been accessed by an unauthorized party.
For your security, we've reset the password on your account. You can recover your password via the "forgot password" link on the official Star Trek Online or Champions Online web sites: "
very poor grammar in the first part. "certain of your account" certain what? bad bad...... i swear...
Better late than never. Unfortunately, as a result of this security breach one of my fleet member's accounts was illegally accessed and our fleet bank was wiped clean. Thankfully his account was restored, but Cryptic was unwilling to restore our fleet bank. We're a small fleet, so it hit us all pretty hard. Almost two years of effort in building up our fleet bank and it was all gone in less than 30 minutes through no fault of our own.
LastPass is the key here. I've recently gone through and made all my passwords unique 14 character gibberish.
You might be shocked just how many accounts you have just based off of various gaming and discussion forums. How many of those do you use the same series of ~5 passwords for? One dinky forum could get compromised and their net ops "team" (if they have one) might never be the wiser.
Use secure and unique passwords for all online accounts. At least this will stop anyone from getting into your other accounts.
Now if only we could get an Authenticator! Please Cryptic!
Can we please get an authenticator for this game now?
3-factor authentication please... and a special pet in game to prove we have it turned on too. Maybe a Vulcan that stands stoically behind you.
Authenticators are only provided by gaming companies that genuinely care more about their customers than just the bottom line on their profit and loss reports. As such, Crytpic has stated sever times that making our accounts more secure simply costs too much. Apparently their accounting team needs to speak to their customer relations team.
Comments
That link doesn't work
log out, go to the login in screen and hit 'I forgot my password"
I thought the email was spam due to the mistakes in it.
Fail ribbon, nah. Maybe Trekker Fail ribbon
+1
/5chars
right i'll do that cheers
From http://www.crypticstudios.com/securitynotice:
. The unauthorized access occurred in December 2010, and evidence of this has just been uncovered due to increased security analysis.
So yeah, THANKS A BUNCH :mad:
Except for the fact that there were plenty of people affected who didn't use STOwiki.
But no, I got shouted down, and everyone swore there was no problem at all with Cryptic's security.
Except, appearently, that they'd been wide-open for a year and a half, and never noticed.
So glad I have lifetime access to having my info stolen, but not, y'know, game content. That all costs extra.
+1 from me
You consider a year and quarter after it happened "promptly?" Or is that sarcasm?
You've got your YEARS wrong. Starting rumors in such a situation is hardly constructive.
+1
/5 chars
You need to log out. If you're still logged in, there's no reasonfor the system to think you've forgotten your password.
And changing your password while logged in requires you confirm the original password... which you no longer have.
So, ya, short answer... just log out and use the forgotten password link.
and why our credit cards wherent encrypted is a strange thing.
This does not make me feel at ALL confident about carrying out C-Store transactions...
You have to log out of the site.. then log back in and use the "forgot password" link.
3-factor authentication please... and a special pet in game to prove we have it turned on too. Maybe a Vulcan that stands stoically behind you.
Note: after changing your password at the website with the URL emailed to you, it will take a minute or 2 for the password change to migrate tot he authentication server...
lovely :mad:
please do so, like, I don't know, maybe NOW!
hip63
I remember this. Its scary to think it wasn't just some matter of a random keylogger but instead it was as you put it Cryptic being wide open for over a year and nobody catching it.
I am never giving them my credit card information ever again for this very reason.
This would be nice... even battle.net and SWTOR offer free authenticator apps on both the Apple App Store and Google Android store.
"As a result of routine security checks and upgrades, we have discovered that certain of your account information, including your password, may have been accessed by an unauthorized party.
For your security, we've reset the password on your account. You can recover your password via the "forgot password" link on the official Star Trek Online or Champions Online web sites: "
very poor grammar in the first part. "certain of your account" certain what? bad bad...... i swear...
You might be shocked just how many accounts you have just based off of various gaming and discussion forums. How many of those do you use the same series of ~5 passwords for? One dinky forum could get compromised and their net ops "team" (if they have one) might never be the wiser.
Use secure and unique passwords for all online accounts. At least this will stop anyone from getting into your other accounts.
Now if only we could get an Authenticator! Please Cryptic!
They did encrypt the password, read the 'more info' link.
Authenticators are only provided by gaming companies that genuinely care more about their customers than just the bottom line on their profit and loss reports. As such, Crytpic has stated sever times that making our accounts more secure simply costs too much. Apparently their accounting team needs to speak to their customer relations team.
Oh well, when in doubt, just blame it on STOwiki.