Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Security Games IT

Trion Worlds' Rift Account Database Compromised 88

Posted by Soulskill from the level-up-your-firewall-skill dept.
New submitter Etrahkad writes "Trion Worlds, publisher of MMORPG Rift, has announced that somebody broke into one of their databases and gained access to user information. First Sony and now Rift... my identity has probably been stolen several times over, now. From the e-mail: 'We recently discovered that unauthorized intruders gained access to a Trion Worlds account database. The database in question contained information including user names, encrypted passwords, dates of birth, email addresses, billing addresses, and the first and last four digits and expiration dates of customer credit cards. ... there is no evidence, and we have no reason to believe, that full credit card information was accessed or compromised in any way." Are game companies not concerned with preventing these attacks?"
This discussion has been archived. No new comments can be posted.

Trion Worlds' Rift Account Database Compromised More

Trion Worlds' Rift Account Database Compromised

Comments Filter:

  • Yay (Score:5, Insightful)

    by dlb ( 17444 ) on Friday December 23, 2011 @02:11PM (#38473528)

    To the cloud...

  • Prevention (Score:5, Insightful)

    by grommit ( 97148 ) on Friday December 23, 2011 @02:13PM (#38473546)
    Granted, it could be a simple ROT13 but the mere fact that the passwords were "encrypted" and that the data didn't contain the entire credit card number indicates that the company or somebody inside the company at least put a little bit of effort into securing the data. Unfortunately, securing data is hard and it only takes one oversight to make it vulnerable. The true test will be what the company does now that the breach has occurred.

  • Re:Prevention (Score:3, Insightful)

    by Derekloffin ( 741455 ) on Friday December 23, 2011 @02:21PM (#38473676)
    Passwords should actually be hashed and preferably hashed and salted, not encrypted, but points for at least trying.

  • Re:Prevention (Score:2, Insightful)

    by Anonymous Coward on Friday December 23, 2011 @03:21PM (#38474470)

    My guess is that the passwords were probably hashed, but the general public has no clue whatsoever what a hash is, while they have at least *heard* of encryption before. The email is meant to reassure customers that their password is "safe," rather than being some kind of engineering document on computer security.

Slashdot Top Deals

He has not acquired a fortune; the fortune has acquired him. -- Bion

Close