Monday, August 25, 2014
Trion Accounts Hacked
Words to the wise.
Word to the wise. If you have any credit cards or Paypal info linked into your Glyph account with Trion, probably a safe bet to remove it. That or change your password, I opted for both. Currently accounts with payment information are being used to purchase large quantities of digital goods from the company. From what I have read over the net, (one article tells) multiple companies have had information stolen. Might be a safe bet to keep that info out for awhile, at least until the company acknowledges this situation. I haven't seen Trion make an announcement, I hope to hear something soon, so that customers can be aware.
How do I know for sure?
I've been charged over three hundred dollars thus far on two Arch Age beta accounts. Save yourself some time and remove that info, change the passwords. Trion has no phone support now and you must wait for live chat. Seems the norm for companies now to drop phone support, not exactly what you want to do when things go wrong. Much rather something done while I wait on my cell, or, you know, pace around.
I've yet to see any word from Trion anywhere, the forums are filling with these posts, they are aware of the situation and need to send a mass email and throw warnings into the social media sites as well as the main page, this has been going on for days. Are they hoping some people won't notice? Luckily the Mr. didn't flip out as bad as I did. I'm moving in a few weeks, definitely extra stress I don't need.
Let the waiting begin!
For now I'm still waiting on live chat... I'll keep things posted. Nothing better to do, right? Hope I can save someone the trouble I'm going through, mostly stress. It isn't going to hurt financially really, but some people have reported having far more charged than I have.
I did manage to get a refund, which caused me to sit there at the computer while they processed it and made sure my account was 'secure'. And yes, I was very anal about the whole thing. Poor fellow. But typing out all my account information for a refund really was grinding my nerves. I also asked a couple of questions to support.
Me: Does Trion intend on letting the public know that account information has been compromised? This isn't a single incident, the forums show otherwise. Or forcing an email reset at least? And does Trion plan on compensating players for this?
GM Meikoshi: I'm sorry, I have no information regarding this issue and at this time we will not be compensating any players.
What is upsetting is that nobody seems to care, besides those who have been charged. And while Trion isn't taking a rein on the actual issue, they are rolling out more security measures soon, go figure. Posted by Ocho on the official forums yesterday, you can find the post here. \
On the ArcheAge forums this is the only other response I've seen:
To our Alpha and Beta testers, let us start by saying this very clearly: Trion Worlds' security has not been compromised in any way. There has been absolutely no breach in Trion’s servers.
What happened in the last few hours is sadly nothing new: every day, bots obtain user credentials from various unprotected sites around the Internet, build lists of login and passwords, and try them on Trion's servers (along with many other sites). If players consistently use simple or repeated passwords across different online services, these bots may get access to their accounts. Because of the current momentum around ArcheAge, hundreds of millions of such attempts were made from well over a million different IP addresses in the last few weeks, only a fraction of which ended up being successful today.
The team has already started providing refunds and all players affected by fraudulent charges will be automatically refunded within the next few hours today.
As previously mentioned, this type of issue is recurrent in the online world and Trion has actually been working on a solution to address this particular problem for a while now. Coincidentally, starting Thursday, we are adding a new security feature to Glyph to help keep player accounts safe: when players log in from a new computer or a place that we haven’t seen them log in from before, they’ll be asked to verify that it really is them logging in, by entering a code emailed to their account’s primary email address.
Trion Worlds encourages all players to update their existing passwords and to make sure to use different, secure passwords for across the Internet. Players can go here to update their account information immediately, including their passwords and login information:https://session.trionworlds.com/login. If you believe that this has happened your account and have any questions, please contact Trion Customer Support as soon as possible: https://support.trionworlds.com/
Scrapes a CM posted the statement here.
All I can say is, I'm hugely disappointed. You won't catch me playing any Trion games for a long time, right now it's in the- never ever, until you grow some balls, put on those big boy pants and apologize to the community- zone. Yes, they owe the community an explanation, they owe it to customers to warn them as soon as they are aware that account information has been compromised. It is inexcusable to sit back and pawn it off on customers, to not warn them, to sit back and.... do nothing.
Good luck to those of you who have been affected, make sure to contact support, at least they have live chat, those of you with accounts unable to access live chat, there is still an email option, or you could always contact your bank, Paypal and so on for unauthorized charges. Deleted characters and items I would guess have a big of a turnover, from all the talk I've seen so far. Still worth contacting support if you want it back. With two games in the wings, releasing (Trove ArcheAge) I assume they would rather not admit this and lose face before big releases. Change your passwords and remove your billing info! And... Don't feel bad, it's not just you.