Not just strong passwords but continually changing them too. Anyone how had canned their password after 2010 they would have been safe too.
I changed my password after the whole hacking incident started recently. I've not been TRIBBLE before or since that, but I still had to change it today. This is probably due to them moving the database. I've watched my CC's... no unusual activity. Just keep an eye on things, for now. Immediately contest all unusual charges that you see on your statement (a really good bank will alert you proactively).
That said, I'm very tempted to take Rush's advice and get LifeLock after all this... >.>
Am I the only one who didn't get any e-mail regarding this? There was nothing in My spam box, or inbox... yet I was playing back in 1010, and My password was reset by Cryptic...
It seems that the Email notifications were a bit sporadic...
Am I the only one who didn't get any e-mail regarding this? There was nothing in My spam box, or inbox... yet I was playing back in 1010, and My password was reset by Cryptic...
Random teasing: I didn't realize PC's and this game were around since 1010! We be ancient!
Does anyone remember when we had the Badge of Temba and stuff because of season 1's problems and that bug that leveled you down? Well, Cryptic should give us something (2 lockbox keys) for this "disaster" cause by their own incompetence.
I changed my password after the whole hacking incident started recently. I've not been TRIBBLE before or since that, but I still had to change it today. This is probably due to them moving the database. I've watched my CC's... no unusual activity. Just keep an eye on things, for now. Immediately contest all unusual charges that you see on your statement (a really good bank will alert you proactively).
That said, I'm very tempted to take Rush's advice and get LifeLock after all this... >.>
<.<
They dumped me outta the game last night AND tonight to do this...
While we have no evidence that any other information was taken by the intruder, it is possible that the intruder was able to access additional account information. If they did so, the first and last name, e-mail address, date of birth (if provided to Cryptic Studios), billing address, and the first six digits and the last four digits of credit cards registered on the site may have been accessed. We have no evidence at this time that any data other than the account name, handle, and encrypted password were accessed for any user.
Can I now be able to remove my credit card information from the billing page PLEASE!! I'll put in a ticket if I have to. This should be a standord feature. I don't know why it isn't. I want my ppersonal data off your server NOW!
EDIT
I was wrong, you can remove your credit card information and billing information. I may have missed this before as I have wanted to do this in the past and was unsuccessful until just a moment ago.
It seems that the Email notifications were a bit sporadic...
Just reset yours to be on the safe side.
True. I've worked at ISPs before. Every mail server out there has as many different rules and implementations as databases do (if not more). If they detected an email blast from Cryptic or their ISP, they may have either flagged the message as spam, throttled the incoming rate to nothing or a trickle, or dropped the messages on the floor silently but told the remote mail server (on Cryptic's side) that it was accepted.
Safety suggests just resetting one's password to be safe. There's no harm in it even if you don't see a threat. Often times, the best way to deal with a threat is to proactively, rather than reactively, handle it.
And yet we can't just pretend nothing will happen, just because probabilities say one thing doesn't mean we ignore any other. As unsettling as this all is, it proves that they do care. Otherwise it would have taken less work to simply hope for the best. But they took the high road and reset the password and gave us notification.
I'm constantly surprised by the vitriol that the forums can sometimes provide. They just found out about a security risk due to the security upgrades they mentioned in the notice, and so they took action *and* gave us all notification. Meanwhile Brandon is stuck with the job of trying to rein in the storm of superfluous threads. What's done is done, what more could we ask for?
Except not a month ago a megathread spawned asking what was up with the sudden huge influx of TRIBBLE accounts. The representatives in the thread insisted that everything was fine on Cryptic's end.
It doesn't take a genius to put two and two together here.
Combine that with the fact that Cryptic refused to replace lost items for fleets that suffered from this (Many people found that after their account was stolen, the hackers emptied out the fleet banks.), and insisted it was an external issue, and maybe you can see where the anger is coming from.
Also, unless Cryptic was shoddy with encrypting/protecting your CC info, it should be fine. If you look at your account page, you should see that the numbers for it aren't visible.
Either way though, i'm not taking any chances. My CC info is not being saved for future use. If I need to use one to buy something from them (at the moment, unless Cryptic does something that really catches my attention again, i'd say that's firmly in the "never going to happen again" end of things), i'll put it in and delete the info right after I make a purchase.
So even though I got the email saying my password was reset, it turns out that it wasn't since I have a PWE account. I was able to log in just fine. So it seems that only Cryptic accounts were affected by this. Those of you still on Cryptic accounts might want to consider merging to a PWE one. Better to have a secure PWE account than a potentially compromised Cryptic account. They probably have better security, all things considered.
So from 2010 only now the Cryptic send us an email and talk about this? FROM 2010? Are you serius? Not for insult you,but can i ask if someone of ur staff member are and IDIOT? Why only after 2 years u discover this? Apologize? Apologize is nothing for me,especially after this 2 years with a security breach and no report to the users of the talked database!!!
Dear Staff u need to explain something to us!!! And apologize are nothing for a security and notification problem as this!!!
We have no evidence at this time that any data other than the account name, handle, and encrypted password were accessed for any user.
BUT...
While we have no evidence that any other information was taken by the intruder, it is possible that the intruder was able to access additional account information. If they did so, the first and last name, e-mail address, date of birth (if provided to Cryptic Studios), billing address, and the first six digits and the last four digits of credit cards registered on the site may have been accessed.
Does anyone remember when we had the Badge of Temba and stuff because of season 1's problems and that bug that leveled you down? Well, Cryptic should give us something (2 lockbox keys) for this "disaster" cause by their own incompetence.
Special STF Accessory: The Helm of Unending RAEG MK-XII
And since you wanted to folks to read the link it may help to read it again,
The unauthorized access included user account names, handles, and encrypted passwords for those accounts. Even though the passwords were encrypted, it is apparent that the intruder has been able to crack some portion of the passwords in this database. All accounts that we believe were present in the database have had the passwords reset, and customers registered to these accounts have been notified via e-mail of this incident.
yes they were encrypted, but as the notice you linked indicated, and I've highlighted here for reference,some were cracked.
Or All it takes is time, patience, and a cracking program designed to do it. (You learn this doing system and network administration as I have.)
Indeed, and I don't work in IT.
I am highly troubled by this revelation, because of the length of time from occurrence to detection, it is yet another indicator of a systematic failure.
Random teasing: I didn't realize PC's and this game were around since 1010! We be ancient!
It's Star Trek... LOTS of time travel stuff. He is now being investigated by the Department of Temporal Investigations for revealing this fact to us... Poo, we are being investigated now for reading about it.
Yeah, I'm not shocked this happened, as people are always trying to hack somewhere... What shocks me truly and utterly is that this apparently happened in 2010 and you're only just noticing now, what the hell sort of security are you running with our details that it takes you a year and a half to notice they have been compromised!!!
I am highly troubled by this revelation, because of the length of time from occurrence to detection, it is yet another indicator of a systematic failure.
In theory, at least in every environment of which I am aware, the database is usually separated from the game client's ability to access it. This is usually done through both firewall, ACL (access control list), and network topology (different non-Internet address accessible network in the database layer). Indeed, I strongly suspect this is indeed the case.
It sounds like something bad was done to the client, or a client at the time, that allowed it communicate in a way that would be neither predicted nor expected. Nonetheless, I don't necessarily view this as a failure or a systemic problem. Indeed, you cannot predict all possible scenarios - it is simply humanly impossible.
However, I do believe that a challenge authentication system would be significantly more useful. RSA, as another poster points out, has an option - and that's not the only one out there. In essence, a password or code that is randomly and dynamically generated in addition to what you have already. Only the combination of the two would allow one access.
Other games have this. Indeed, the majority of them do it either for free or a very minor fee. This allows security and cuts down on possible fraud by a massive amount.
Does anyone remember when we had the Badge of Temba and stuff because of season 1's problems and that bug that leveled you down? Well, Cryptic should give us something (2 lockbox keys) for this "disaster" cause by their own incompetence.
"TRIBBLE" Tribble
Eats everything in your inventory and empties out your EC. Then it insults you for not following correct high-security password procedures.
"TRIBBLE" Tribble
Eats everything in your inventory and empties out your EC. Then it insults you for not following correct high-security password procedures.
Comments
Safe from a current hijacking yes, safe from fraud and ID Theft...umm not unless your financial info changed between then and now.
I changed my password after the whole hacking incident started recently. I've not been TRIBBLE before or since that, but I still had to change it today. This is probably due to them moving the database. I've watched my CC's... no unusual activity. Just keep an eye on things, for now. Immediately contest all unusual charges that you see on your statement (a really good bank will alert you proactively).
That said, I'm very tempted to take Rush's advice and get LifeLock after all this... >.>
<.<
It seems that the Email notifications were a bit sporadic...
Just reset yours to be on the safe side.
I am betting these Master Keys are big money both in real world and online.
Random teasing: I didn't realize PC's and this game were around since 1010! We be ancient!
That's how I knew things were a foot. :cool:
Can I now be able to remove my credit card information from the billing page PLEASE!! I'll put in a ticket if I have to. This should be a standord feature. I don't know why it isn't. I want my ppersonal data off your server NOW!
EDIT
I was wrong, you can remove your credit card information and billing information. I may have missed this before as I have wanted to do this in the past and was unsuccessful until just a moment ago.
True. I've worked at ISPs before. Every mail server out there has as many different rules and implementations as databases do (if not more). If they detected an email blast from Cryptic or their ISP, they may have either flagged the message as spam, throttled the incoming rate to nothing or a trickle, or dropped the messages on the floor silently but told the remote mail server (on Cryptic's side) that it was accepted.
Safety suggests just resetting one's password to be safe. There's no harm in it even if you don't see a threat. Often times, the best way to deal with a threat is to proactively, rather than reactively, handle it.
I took my card off the site last night...
I just add it back on to get stuff then immediately remove it again.
It's a pain, but I'm not taking any chances.
Except not a month ago a megathread spawned asking what was up with the sudden huge influx of TRIBBLE accounts. The representatives in the thread insisted that everything was fine on Cryptic's end.
It doesn't take a genius to put two and two together here.
Combine that with the fact that Cryptic refused to replace lost items for fleets that suffered from this (Many people found that after their account was stolen, the hackers emptied out the fleet banks.), and insisted it was an external issue, and maybe you can see where the anger is coming from.
Also, unless Cryptic was shoddy with encrypting/protecting your CC info, it should be fine. If you look at your account page, you should see that the numbers for it aren't visible.
Either way though, i'm not taking any chances. My CC info is not being saved for future use. If I need to use one to buy something from them (at the moment, unless Cryptic does something that really catches my attention again, i'd say that's firmly in the "never going to happen again" end of things), i'll put it in and delete the info right after I make a purchase.
Dear Staff u need to explain something to us!!! And apologize are nothing for a security and notification problem as this!!!
From http://www.crypticstudios.com/securitynotice
BUT...
Special STF Accessory: The Helm of Unending RAEG MK-XII
Ya Gotta Sign Out/Log Off Of the Forums...
For it to work.
If you are still posting here with out changing yer password....
Ya didn't do it right.
And since you wanted to folks to read the link it may help to read it again, yes they were encrypted, but as the notice you linked indicated, and I've highlighted here for reference,some were cracked.
Indeed, and I don't work in IT.
I am highly troubled by this revelation, because of the length of time from occurrence to detection, it is yet another indicator of a systematic failure.
Awsome!!!!
It's Star Trek... LOTS of time travel stuff. He is now being investigated by the Department of Temporal Investigations for revealing this fact to us... Poo, we are being investigated now for reading about it.
Agreed, same here. I played Rift for one weekend but I got the authenticator there too.
Thanks for the info!
take 25
Check you spam folder.
In theory, at least in every environment of which I am aware, the database is usually separated from the game client's ability to access it. This is usually done through both firewall, ACL (access control list), and network topology (different non-Internet address accessible network in the database layer). Indeed, I strongly suspect this is indeed the case.
It sounds like something bad was done to the client, or a client at the time, that allowed it communicate in a way that would be neither predicted nor expected. Nonetheless, I don't necessarily view this as a failure or a systemic problem. Indeed, you cannot predict all possible scenarios - it is simply humanly impossible.
However, I do believe that a challenge authentication system would be significantly more useful. RSA, as another poster points out, has an option - and that's not the only one out there. In essence, a password or code that is randomly and dynamically generated in addition to what you have already. Only the combination of the two would allow one access.
Other games have this. Indeed, the majority of them do it either for free or a very minor fee. This allows security and cuts down on possible fraud by a massive amount.
"TRIBBLE" Tribble
Eats everything in your inventory and empties out your EC. Then it insults you for not following correct high-security password procedures.
LOL Now that's one mean tribble.