Slashdot Mirror

← Back to Stories (view on slashdot.org)

Trion Worlds' Rift Account Database Compromised

Posted by Soulskill on from the level-up-your-firewall-skill dept.

New submitter Etrahkad writes "Trion Worlds, publisher of MMORPG Rift, has announced that somebody broke into one of their databases and gained access to user information. First Sony and now Rift... my identity has probably been stolen several times over, now. From the e-mail: 'We recently discovered that unauthorized intruders gained access to a Trion Worlds account database. The database in question contained information including user names, encrypted passwords, dates of birth, email addresses, billing addresses, and the first and last four digits and expiration dates of customer credit cards. ... there is no evidence, and we have no reason to believe, that full credit card information was accessed or compromised in any way." Are game companies not concerned with preventing these attacks?"

5 of 88 comments (clear)

  1. Yay by dlb · · Score: 4, Insightful

    To the cloud...

  2. Prevention by grommit · · Score: 5, Insightful

    Granted, it could be a simple ROT13 but the mere fact that the passwords were "encrypted" and that the data didn't contain the entire credit card number indicates that the company or somebody inside the company at least put a little bit of effort into securing the data. Unfortunately, securing data is hard and it only takes one oversight to make it vulnerable. The true test will be what the company does now that the breach has occurred.

    1. Re:Prevention by tguyton · · Score: 5, Informative
      The entire email from Trion:

      We recently discovered that unauthorized intruders gained access to a Trion Worlds account database. The database in question contained information including user names, encrypted passwords, dates of birth, email addresses, billing addresses, and the first and last four digits and expiration dates of customer credit cards.

      There is no evidence, and we have no reason to believe, that full credit card information was accessed or compromised in any way. We have already taken further action to strengthen our systems, even as we, with external security experts, continue to research the extent of the unauthorized access.

      You will notice on your next log in to our website that you will be required to change your password, and existing Mobile Authenticator users will also need to reconnect their Authenticator. When you log in, you will be prompted to provide a new password, security questions and answers, and be given the option to connect your account to our Mobile Authenticator to enhance your account’s security.

      If you have used your username and password for other accounts, especially financial accounts or accounts with personal information, we suggest you change your passwords on those accounts as well. We recommend that you carefully review your statements, account activity, and credit reports to help protect the security of those accounts. If you need information on how to obtain your credit report or believe any such accounts have been breached, please visit www.trionworlds.com/AccountNotification for more information.

      You should have continued, uninterrupted access to RIFT, and we do not anticipate any disruptions to your playing time.

      Nevertheless, if you own the RIFT game, you will be granted three (3) days of complimentary RIFT game time once you update your password and security questions.

      Additionally, once you update your account and set a new password, your account will be granted a Moneybags’ Purse, which increases your looted coin by 10%, even if you have not yet purchased RIFT.

      Please log in to https://rift.trionworlds.com/ (and we recommend that you copy and paste this link into your browser to access the site) to update your password, security questions and Authenticator.

      We apologize for any inconvenience this may have caused you. If you have further questions, please visit our website, www.trionworlds.com/AccountNotificationFAQ.

      – The Trion Worlds Team

      Trion's been pretty good about security from what I've seen, and I definitely appreciate them being upfront about the breach. Giving people a few days of game play and shinies will probably generate some good will as well.

  3. Jokes on them! by Kenja · · Score: 5, Funny

    That credit card was already stolen and canceled thanks to Sony!

    --

    "Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
  4. Steam by thesinfulgamer · · Score: 4, Informative

    Steam got hacked as well. http://www.forbes.com/sites/danielnyegriffiths/2011/11/10/steam-hacked-newell-watch-your-credit-card/