Monday, August 25, 2014

Trion Accounts Hacked



Words to the wise.
Word to the wise. If you have any credit cards or Paypal info linked into your Glyph account with Trion, probably a safe bet to remove it. That or change your password, I opted for both. Currently accounts with payment information are being used to purchase large quantities of digital goods from the company. From what I have read over the net, (one article tells) multiple companies have had information stolen. Might be a safe bet to keep that info out for awhile, at least until the company acknowledges this situation. I haven't seen Trion make an announcement, I hope to hear something soon, so that customers can be aware.


How do I know for sure?
I've been charged over three hundred dollars thus far on two Arch Age beta accounts. Save yourself some time and remove that info, change the passwords. Trion has no phone support now and you must wait for live chat. Seems the norm for companies now to drop phone support, not exactly what you want to do when things go wrong. Much rather something done while I wait on my cell, or, you know, pace around.

I've yet to see any word from Trion anywhere, the forums are filling with these posts, they are aware of the situation and need to send a mass email and throw warnings into the social media sites as well as the main page, this has been going on for days. Are they hoping some people won't notice? Luckily the Mr. didn't flip out as bad as I did. I'm moving in a few weeks, definitely extra stress I don't need.

Let the waiting begin!
For now I'm still waiting on live chat... I'll keep things posted. Nothing better to do, right? Hope I can save someone the trouble I'm going through, mostly stress. It isn't going to hurt financially really, but some people have reported having far more charged than I have.

Update~
I did manage to get a refund, which caused me to sit there at the computer while they processed it and made sure my account was 'secure'. And yes, I was very anal about the whole thing. Poor fellow. But typing out all my account information for a refund really was grinding my nerves. I also asked a couple of questions to support.

Me: Does Trion intend on letting the public know that account information has been compromised? This isn't a single incident, the forums show otherwise. Or forcing an email reset at least? And does Trion plan on compensating players for this?
 GM Meikoshi: I'm sorry, I have no information regarding this issue and at this time we will not be compensating any players.

8/26/14 ----------------------------------------
What is upsetting is that nobody seems to care, besides those who have been charged. And while Trion isn't taking a rein on the actual issue, they are rolling out more security measures soon, go figure. Posted by Ocho on the official forums yesterday, you can find the post here. \

Also:
On the ArcheAge forums this is the only other response I've seen:

To our Alpha and Beta testers, let us start by saying this very clearly: Trion Worlds' security has not been compromised in any way. There has been absolutely no breach in Trion’s servers. 

What happened in the last few hours is sadly nothing new: every day, bots obtain user credentials from various unprotected sites around the Internet, build lists of login and passwords, and try them on Trion's servers (along with many other sites). If players consistently use simple or repeated passwords across different online services, these bots may get access to their accounts. Because of the current momentum around ArcheAge, hundreds of millions of such attempts were made from well over a million different IP addresses in the last few weeks, only a fraction of which ended up being successful today.

The team has already started providing refunds and all players affected by fraudulent charges will be automatically refunded within the next few hours today. 

As previously mentioned, this type of issue is recurrent in the online world and Trion has actually been working on a solution to address this particular problem for a while now. Coincidentally, starting Thursday, we are adding a new security feature to Glyph to help keep player accounts safe: when players log in from a new computer or a place that we haven’t seen them log in from before, they’ll be asked to verify that it really is them logging in, by entering a code emailed to their account’s primary email address.

Trion Worlds encourages all players to update their existing passwords and to make sure to use different, secure passwords for across the Internet. Players can go here to update their account information immediately, including their passwords and login information:https://session.trionworlds.com/login. If you believe that this has happened your account and have any questions, please contact Trion Customer Support as soon as possible: https://support.trionworlds.com/

Scrapes a CM posted the statement here.

All I can say is, I'm hugely disappointed. You won't catch me playing any Trion games for a long time, right now it's in the- never ever, until you grow some balls, put on those big boy pants and apologize to the community- zone. Yes, they owe the community an explanation, they owe it to customers to warn them as soon as they are aware that account information has been compromised. It is inexcusable to sit back and pawn it off on customers, to not warn them, to sit back and.... do nothing.

Good luck to those of you who have been affected, make sure to contact support, at least they have live chat, those of you with accounts unable to access live chat, there is still an email option, or you could always contact your bank, Paypal and so on for unauthorized charges. Deleted characters and items I would guess have a big of a turnover, from all the talk I've seen so far. Still worth contacting support if you want it back. With two games in the wings, releasing (Trove ArcheAge) I assume they would rather not admit this and lose face before big releases. Change your passwords and remove your billing info! And... Don't feel bad, it's not just you.








15 comments:

  1. Same happened to me. No response from Trion so far.

    ReplyDelete
    Replies
    1. Sorry to hear that :( It took me quite awhile for live chat, I can imagine emailing support could take over a week, I'd imagine. I read email is the only option for some free accounts, really bites if that is the case. I hope you hear back from them soon!

      Delete
    2. I really need my money back! They charged me TWICE!

      Delete
    3. I really need my money back! They charged me TWICE!

      Delete
    4. I really need my money back! They charged me TWICE!

      Delete
    5. I really need my money back! They charged me TWICE!

      Delete
  2. Im with you on this.. I got hacked, woke up to a naked character and all my gems are gone along with gold etc.

    ReplyDelete
    Replies
    1. Same here ... no pants ... mainly because all that was left was the non-crafted armor. Guess they don't give a shit about Ezna armor.

      Delete
    2. Did you guys get a hold of support? Hopefully they get things restored for you!

      Delete
  3. I just got hacked too. They failed to gift a founders pack thankfully, guess having a different paypal account password paid off. I'm VERY angry that I have had to scour through my digital footprints and waste 4 hours of my workday on this. I've submitted a ticket but haven't heard back.

    12 hours after they attempted to gift a founders pack I see they logged in finally (while I was sleeping) and changed my password and deleted all my gear and gold ... they left me a few flowers and my mounts and some chest armor ... but took my crafted armor ... bastards!

    ReplyDelete
    Replies
    1. Wow, that is harsh. I haven't even logged in to see if my items were gone. I received an email confirming two purchases. I also had to waste a lot of time with it, what made the angry was not any apology over the whole deal, acting as if it were some random incident.

      Delete
  4. I think they should roll back characters 24 hours and refund all founder pack purchases during this time ... but people need to know so they can take the appropriate measures to protect themselves from further identity theft!!!!

    ReplyDelete
    Replies
    1. They need to do something, sadly I don't think Trion wants to own up to it. I sent an email off to Massively to tip them off, though I am sure they want confirmation from Trion before they say anything about the whole thing. People need to know, which is why I published this post as soon as I could, in hopes some might see it. I really think this is being swept under the rug so they [Trion] don't get bad publicity, it will be a looooong time before I trust Trion again.

      Delete
  5. This comment has been removed by a blog administrator.

    ReplyDelete
    Replies
    1. Any crude language and or lashing out directed at other comments will be deleted. Disagreements are welcome, as long as it's kept civil.

      Delete