Try calling Cryptic. I had to call Blizzard once for a similar reason and he just changed my email in their records over the phone.
I sometimes call Blizzard just so they can put me on hold and I can listen to the old school Diablo 1 music...ahhh the memories of that game...so fond.
Why did it take almost 2 years before you found this out. I think EVERYONE deserves a answer on this.
Increased security checks and vigilant customer service revealed a pattern of account hacking that suggested an unauthorized access, which upon further investigation and analysis, apparently occurred in December 2010. As soon as this pattern became clear, Cryptic reset passwords on all affected accounts.
So let me get this straight, Cryptic just informed us of a security breach in DECEMBER 2010!! So it takes a year and a half for them to find it out.
Congratulations Cryptic, not only have you told me that my account info was pontenially vulnerable for 1.5 years, but you also cause me to lose all trust in you.
Great job! (Extreme Sarcasm):mad:
Cryptic is vigilant at protecting your account security and privacy. We have no data to suggest that the unauthorized access continued beyond December 2010, and increased security protections had already been instituted after that time. To protect your account information, we encourage you to be especially aware of e-mail and postal mail scams that ask for personal or sensitive information. Cryptic will not contact you in any way, including by e-mail, asking for your credit card number, social security number, or any other personally identifiable information. We recommend that you use very secure passwords at all times, and not share your account information with anyone.
I've been a loyal Cryptic customer since launch, I don't know exactly how much I've spent on this game but I suppose something like 4k euros on it.
Now, Yesterday I tried to login and the message was "wrong password".
Without imagining that you had login server problems, I used the "forgot password" and resetted my password.
Surprisingly, the old password was still valid.
Then I tryed to open a new PerfectWorld account and linking my Cryptic one to it.
Ok, it worked but that turned out to be a very BAD IDEA.
As a result, now with the very same paypal account I've used hundreds of times and for years to purchase C-Points on cryptic site, I'm unable to buy "ZEN" points (what a stupid name) because for PW i'm a "new customer" and their stupid TRIBBLE chinese algorithm is detecting some discrepancy between my location and my credit card location, so they are refunding me every purchase i attempt....
I've discovered that I cannot unlink accounts once they are linked, and I've also discovered that their stupid billing department does not even look at support tickets that are being opened (where is explained that I'm italian with italian paypal account but I live in Mexico).
Then today I receive the email where it says that in 2010 my account was TRIBBLE.
Good to know, but we are in 2012 now! Are you investigating some temporal anomaly?
WTF is going on Cryptic???
This is enough for me, I'll wait a couple more of hours then I *will* quit (disclaimer: not an "I quit" thread yet)
I want to warn people, if you have HAD your password reset, be aware I recived some 'fishing' emails about resetting your password that did not come from Cryptic, just be aware of what your opening.
You are right to be careful, but please stop being paranoid. Those aren't phising emails. They've come from Cryptic; believe me. I just checked it by asking Cryptic to resend the password reset and they came in the same email that gmail supposedly recognized as phishing.
Increased security checks and vigilant customer service revealed a pattern of account hacking that suggested an unauthorized access, which upon further investigation and analysis, apparently occurred in December 2010. As soon as this pattern became clear, Cryptic reset passwords on all affected accounts.
So, you guys screwed up with bad security (more likely Atari's fault not yours) and after WE the community pointed it out to you it was finally noticed. Like all the memory leaks and various other issues we've picked out over the last couple years.
At this point it's starting to feel like we're paying to do your company's jobs. Foundry = Make Content, Posting regarding Account hacks = You guys check your windows and doors, etc.
I'm still having trouble logging into the game or my account on the website. Both times I get an incorrect password message. The link in the op just takes my to the homepage for some reason.
Also not sure if its serious but on my most recent attempt to log into my account on the website I got a security error from Firefox, basically telling me my browser thinks that the log-in page is a fake. Sorry I didnt copy down the specifics of the error.
To reset your password you need to actually log out of the STO website. You can't reset unless you completely logout - and once you logout you can't post to the forum any more until you reset your password to get back into the STO website.
If you logged out and reset and put your new password into the forum, and it let you log back in and post on the forum again, then you are simply typing your password incorrectly in the launcher when trying to get into the game.
Your account was created in Match 2010. It doesn't matter if you were playing in December or not. You account was on file then.
Probably that Cryptic didn't hash the password database or didn't do it with a strong enough algorithm and compromised all our passwords.
Inexcusable.
Or, far more likely: Lots of customers use passwords that are insecure and may be subject to brute force hacking to determine their original passwords. There are a slew of cryptanalysis techniques that don't require a weak encryption algorithm in order to be able to discover weak passwords.
Increased security checks and vigilant customer service revealed a pattern of account hacking that suggested an unauthorized access, which upon further investigation and analysis, apparently occurred in December 2010. As soon as this pattern became clear, Cryptic reset passwords on all affected accounts.
Ok.... so what are affected users going to receive in compensation for your TRIBBLE ups?
Cryptic is vigilant at protecting your account security and privacy. We have no data to suggest that the unauthorized access continued beyond December 2010, and increased security protections had already been instituted after that time. To protect your account information, we encourage you to be especially aware of e-mail and postal mail scams that ask for personal or sensitive information. Cryptic will not contact you in any way, including by e-mail, asking for your credit card number, social security number, or any other personally identifiable information. We recommend that you use very secure passwords at all times, and not share your account information with anyone.
Some good advice, of course.
This being said, will Cryptic be issuing an apology specifically to the people who reported their accounts being TRIBBLE, and had brushed them off as having fallen victim to keyloggers, trojans, phishing scams, and anything except a problem on Cryptic's end?
Increased security checks and vigilant customer service revealed a pattern of account hacking that suggested an unauthorized access, which upon further investigation and analysis, apparently occurred in December 2010. As soon as this pattern became clear, Cryptic reset passwords on all affected accounts.
Does the phrase "shutting the barn door after the horses are gone" mean anything to you? This is by far the absolute worst frak up on Cryptic's part to date. In-game problems are one thing, but this is just downright screwed up.
Why weren't such security checks and "vigilant" CS already in place since you have been trusted with our billing addresses and credit card numbers?
The level of incompetence displayed here is downright disgusting.
What steps have you taken/will be taking to ensure that a TRIBBLE up of this magnitude will not happen in the future? Also, what will you be doing to compensate those who have been affected by your epic lapse in security?
Umm... It's been over 2yrs since the breach. At this point changing passwords would be pointless. Whoever gained access to the passwords and / or account information would have already used that information for whatever purpose they wanted.
Incidentally, coincidence or not, the email address that is tied to my Cryptic account got hit with a bunch of spam and was eventually TRIBBLE. This happened shortly after the dates given and I remember seeing a few forum posts about people having similar problems.. Good thing that email address was used for nothing but the Cryptic Account... :rolleyes:
Why weren't such security checks and "vigilant" CS already in place since you have been trusted with our billing addresses and credit card numbers?
Several possible reasons:
1) They are the result of lessons learned from other data breaches
2) They are the result of action taken in regard to a security bulletin issued by their operating system, database software, or other software provider.
3) They are the result of a new process or software tool that did not exist in 2010.
4) They switched to a new log analyzer, and this one, while no more or less effective than the old one, is different and flagged different kinds of activities as potentially malicious.
I'm sure there are more possible reasons I'm not thinking of off the top of my head.
If this were even remotely true, we'd have access to the authenticators we've been begging for.
u do know that the authenticators are nothing more than a glorified cd key that has a master list of all the combo's. while it provides a peace of mind to teh end user its just as breakable as anything else. really its only one extra step on the hackstar:eek:
Some additional advice for those who have reset their password but still can't get in:
Cryptic sent this message out to ALL emails associated with the involved accounts. I changed my email at some point in the last two years, and I received the email on both accounts. Be certain that you are resetting the password for the account associated with the appropriate email address.
This being said, will Cryptic be issuing an apology specifically to the people who reported their accounts being TRIBBLE, and had brushed them off as having fallen victim to keyloggers, trojans, phishing scams, and anything except a problem on Cryptic's end?
They might also start by issuing an apology to anyone insinuated as being at fault.
u do know that the authenticators are nothing more than a glorified cd key that has a master list of all the combo's. while it provides a peace of mind to teh end user its just as breakable as anything else. really its only one extra step on the hackstar:eek:
Plus, authenticators only protect this account from being logged into by a malicious user. In this case, where the user obtained direct access to the database, the authenticator would only protect your STO account. It would not protect any other accounts that use the same username and password as STO does.
While we have no evidence that any other information was taken by the intruder, it is possible that the intruder was able to access additional account information. If they did so, the first and last name, e-mail address, date of birth (if provided to Cryptic Studios), billing address, and the first six digits and the last four digits of credit cards registered on the site may have been accessed.
The first six digits and the last four digits of CC...that's 10 digits. CC is only 12 digits long.
How hard is it going to be to brute force the remaining two and the security number?
Comments
I sometimes call Blizzard just so they can put me on hold and I can listen to the old school Diablo 1 music...ahhh the memories of that game...so fond.
Increased security checks and vigilant customer service revealed a pattern of account hacking that suggested an unauthorized access, which upon further investigation and analysis, apparently occurred in December 2010. As soon as this pattern became clear, Cryptic reset passwords on all affected accounts.
Cryptic is vigilant at protecting your account security and privacy. We have no data to suggest that the unauthorized access continued beyond December 2010, and increased security protections had already been instituted after that time. To protect your account information, we encourage you to be especially aware of e-mail and postal mail scams that ask for personal or sensitive information. Cryptic will not contact you in any way, including by e-mail, asking for your credit card number, social security number, or any other personally identifiable information. We recommend that you use very secure passwords at all times, and not share your account information with anyone.
lucky I am not doing STF event but doing duty chain missions
I best be able to get back on by tomorrow :mad:
Now, Yesterday I tried to login and the message was "wrong password".
Without imagining that you had login server problems, I used the "forgot password" and resetted my password.
Surprisingly, the old password was still valid.
Then I tryed to open a new PerfectWorld account and linking my Cryptic one to it.
Ok, it worked but that turned out to be a very BAD IDEA.
As a result, now with the very same paypal account I've used hundreds of times and for years to purchase C-Points on cryptic site, I'm unable to buy "ZEN" points (what a stupid name) because for PW i'm a "new customer" and their stupid TRIBBLE chinese algorithm is detecting some discrepancy between my location and my credit card location, so they are refunding me every purchase i attempt....
I've discovered that I cannot unlink accounts once they are linked, and I've also discovered that their stupid billing department does not even look at support tickets that are being opened (where is explained that I'm italian with italian paypal account but I live in Mexico).
Then today I receive the email where it says that in 2010 my account was TRIBBLE.
Good to know, but we are in 2012 now! Are you investigating some temporal anomaly?
WTF is going on Cryptic???
This is enough for me, I'll wait a couple more of hours then I *will* quit (disclaimer: not an "I quit" thread yet)
You are right to be careful, but please stop being paranoid. Those aren't phising emails. They've come from Cryptic; believe me. I just checked it by asking Cryptic to resend the password reset and they came in the same email that gmail supposedly recognized as phishing.
So, you guys screwed up with bad security (more likely Atari's fault not yours) and after WE the community pointed it out to you it was finally noticed. Like all the memory leaks and various other issues we've picked out over the last couple years.
At this point it's starting to feel like we're paying to do your company's jobs. Foundry = Make Content, Posting regarding Account hacks = You guys check your windows and doors, etc.
Probably that Cryptic didn't hash the password database or didn't do it with a strong enough algorithm and compromised all our passwords.
Inexcusable.
Also not sure if its serious but on my most recent attempt to log into my account on the website I got a security error from Firefox, basically telling me my browser thinks that the log-in page is a fake. Sorry I didnt copy down the specifics of the error.
I think I said that... <chuckle>
What he said above...
Do you have a PWE account??
If so... then perhaps the situation may not apply to you.
Thank you for taking the time to reply
Or, far more likely: Lots of customers use passwords that are insecure and may be subject to brute force hacking to determine their original passwords. There are a slew of cryptanalysis techniques that don't require a weak encryption algorithm in order to be able to discover weak passwords.
Ok.... so what are affected users going to receive in compensation for your TRIBBLE ups?
If you are getting redirected to the frontpage, please log out of your account and then use the provided links:
www.startrekonline.com/user/password
www.champions-online.com/user/password
Cheers,
Brandon =/\=
Some good advice, of course.
This being said, will Cryptic be issuing an apology specifically to the people who reported their accounts being TRIBBLE, and had brushed them off as having fallen victim to keyloggers, trojans, phishing scams, and anything except a problem on Cryptic's end?
Does the phrase "shutting the barn door after the horses are gone" mean anything to you? This is by far the absolute worst frak up on Cryptic's part to date. In-game problems are one thing, but this is just downright screwed up.
Why weren't such security checks and "vigilant" CS already in place since you have been trusted with our billing addresses and credit card numbers?
The level of incompetence displayed here is downright disgusting.
What steps have you taken/will be taking to ensure that a TRIBBLE up of this magnitude will not happen in the future? Also, what will you be doing to compensate those who have been affected by your epic lapse in security?
To be fair, you never know how secure any sort of security is until it's cracked.
This being said, see my last post.
Incidentally, coincidence or not, the email address that is tied to my Cryptic account got hit with a bunch of spam and was eventually TRIBBLE. This happened shortly after the dates given and I remember seeing a few forum posts about people having similar problems.. Good thing that email address was used for nothing but the Cryptic Account... :rolleyes:
If this were even remotely true, we'd have access to the authenticators we've been begging for.
Several possible reasons:
1) They are the result of lessons learned from other data breaches
2) They are the result of action taken in regard to a security bulletin issued by their operating system, database software, or other software provider.
3) They are the result of a new process or software tool that did not exist in 2010.
4) They switched to a new log analyzer, and this one, while no more or less effective than the old one, is different and flagged different kinds of activities as potentially malicious.
I'm sure there are more possible reasons I'm not thinking of off the top of my head.
They noticed a potential breach, they notified customers and complied with all applicable decencies and laws. Seems pretty competent to me.
Continue to use the security checks and vigilance previously mentioned?
u do know that the authenticators are nothing more than a glorified cd key that has a master list of all the combo's. while it provides a peace of mind to teh end user its just as breakable as anything else. really its only one extra step on the hackstar:eek:
Cryptic sent this message out to ALL emails associated with the involved accounts. I changed my email at some point in the last two years, and I received the email on both accounts. Be certain that you are resetting the password for the account associated with the appropriate email address.
They might also start by issuing an apology to anyone insinuated as being at fault.
Here you seem to be looking into some issues
Here you again make it sound like STOwiki may be to blame
At what point in the last month did you guys realize it was your fault and not theirs?
Plus, authenticators only protect this account from being logged into by a malicious user. In this case, where the user obtained direct access to the database, the authenticator would only protect your STO account. It would not protect any other accounts that use the same username and password as STO does.
The first six digits and the last four digits of CC...that's 10 digits. CC is only 12 digits long.
How hard is it going to be to brute force the remaining two and the security number?
-_-
*mighty ****ed*