Its quite obvious that a large number of Companies that hold customer data are NOT acting and behaving responsibly with this information and I persoanlly would like assurances and information from ANet on this one. Its important.
Deal with it now, inform the customers and make sure this one is attended to BEFORE the horse bolts from the stable..... lock the door now!
IF it becomes apparent that ANet have lax security and we get turned over, they will never see another penny of my cash. There has been more than ample warnings AND time to deal with this. So as you can imagine my expectations of ANet are high. Failure to safeguard my info will lead not only to a legal case but I'm pretty sure a massive loss of cash and Trust....
You, ANet, have the opportunity to inform us and to advise us of YOUR status in this ever darkening scenario. Be the guys that dont get royally screwed (like Sony, Sega, Codemasters etc etc) and keep your users happy.
Do you store ANY of our details in plain text? (I dont strictly want an answer to that in a public forum but I want you, ANet, to realise its a question that needs answering at BOARD level), Do you store our Credit Card Details in a secure enough manner, Are the Users details encrypted in ANY way? Are the above details stored together? And the questions go on.... Theres enough info on the hacks already done to know what you should be locking up.
The fallout of mishanding customers info could be devasting.... I'd hate to see GW2 fail thru a lack of User trust and Corporate ignorance.|||The actual data it self is the responsibility of NSoft not Anet as they are just the developer the publisher is the owner and holds the rights.You might want to e-mail them about this.|||I think we are fine.
Zilken, based upon your join date, surely you remember all the hacks that took place like a year or two ago? I think it's safe to say that Anet was one of the FIRST to take a hit. Granted, this was a case of accounts getting hacked, and not Anet themselves getting hacked (hopefully).
However, some confirmation that our info is safe would be nice. In the end though, I don't think it's Anet we need to worry about as much. We should be more worried about NCSoft's security. I would like to think that the chances of NCSoft getting hacked is much more likely than Anet. NCSoft has credit card info (especially if you play anything by them EXCEPT GW), whereas I don't know if Anet does. Does the in game store give you the option to save a credit card? I'm pretty sure I've entered it every time I wanted something, but I cannot remember if there is a checkbox or not.|||Quote:
I think we are fine.
Zilken, based upon your join date, surely you remember all the hacks that took place like a year or two ago? I think it's safe to say that Anet was one of the FIRST to take a hit. Granted, this was a case of accounts getting hacked, and not Anet themselves getting hacked (hopefully).
Except that was NCSoft through the NCSoft Master Account. ANet themselves can't really be hacked, as the data is all stored on NCSoft's servers, which are probably secure enough. The problem comes from alternative means of accessing the account info, such as the Master Account or what we were worried about for the Support Forums, as both used info of your account or allowed your account info to be changed without notifying you.
This doesn't rule out individual hacks through spyware, keyloggers, etc...|||I think he's referring to the recent Sony, Sega, IMF etc type hacking.|||OK , yes, a little clarity....I mean whoever actually holds the personal data... NCsoft/Anet...either or and yes I am referring to the recent events at Sony, Codemasters, etc.
Now, to be told by one of you guys... "their security is probably enough" is quite frankly weak and bordering on naive. I'm sure theres many Sony customers who thought exactly that and are now rueing the day they trusted Sony. I'm one of them.....
So, NCsoft/ANet ... either way, I want to know that my data is safe and will continue to be safe. That its not stored in a manner that is insecure and is not going to be a risk to my own security.
This could be used as a good PR exercise. In nearly every organisation, the first weakness identified is Communication, whether that be internally or externally. I see absolutely no reason why ANet/NCsoft should be different, and in fact if pushed, they have already failed that hurdle a few times already, so whil ehtey may have learned a few things from previous events, as with any big organisation, theres ALWAYS room for improvement.... those techies among you that know ITIL will understand precisely where I'm coming from. Nobody is perfect, BUT you can always improve what you do. Communication is one of the keystones to that improvement.
Additional: And today we see Sega has had its turn at being hacked.... so ...I believe my point is made valid by every passing day and every Comapny that falls.....so, ANet/NCsoft..... whats your OFFICIAL line on this one?|||Quote:
Now, to be told by one of you guys... "their security is probably enough" is quite frankly weak and bordering on naive. I'm sure theres many Sony customers who thought exactly that and are now rueing the day they trusted Sony. I'm one of them.....
Sorry if I wasn't clear enough, but game and account data stored on the designated game and account servers is probably safe enough. The problem lies outside those areas. The hack from NCSoft was because the MA login was the same as the game account logins and stored separately, allowing them to get the logins from the "weaker" side. AFAIK, no credit card details or anything else was stolen, so it's unlikely they store it.
Codemasters, SEGA and even this site got their info stolen, but all they have is the personal info most of which is available through the profiles and non-plaintext passwords (though GWO used Salted MD5 and they have the salts as well, so best to change it within the next 6 or so months). There's not much they can do with that info apart from filling your spam filter to the brim with mails of how your account has been stolen and they want your info "to give it back to you". So far, they've stolen my CoH, WoW, Lineage, Runescape and about half a dozen other game accounts. Except I don't own any of those games and my GW account is perfectly safe.
So far, Sony was the only company to actually store credit card details in plaintext on their servers. Which is simply retarded. Simple confirmation NCSoft isn't that dumb should be enough to ensure people their account is "safe".|||Don't worry folks, that info is completely safe. The text file it's stored in is titled "DO NOT READ-THIS MEANS YOU".
On the slim chance someone does read it, it's encrypted in ROT13.
And the sad part of this is while I'm obviously joking, it could very well be the truth. Let's all hope not.|||The key differences between many of the previous hacks and the more recent ones are that the CORE systems of user admin are being taken out/down. Thats why I believe its important to extract some form of reassurances from ANet/NCsoft on the particular issues of the way the data is stored and managed.
I work for the NHS and as some may have recently seen lulzsec have "politely advised" the NHS that they are "at risk". I've been there for 3 years in the I.T. dept. and was asking within my first week if we did any network penetration testing... the answer I got was..."We havent and we wont".
Fortunately for my Hospital, we have a new head of I.T. that has first hand experience with major I.T. compromise events and has now started a vigorous program of testing and analysis... better late than never eh? But it again proves that many organisations are complacent.
It only takes one misguided individual in the position of "authority" to make that bold statement but the fall out affects potentially millions. I would hope that NCsoft/Anet are not that naive, but, ya never know ...|||Looks like Bioware got it too.
http://www.inquisitr.com/113909/1800...n-latest-hack/
Quote:
Hackers gained access to a decade-old community server used by the Neverwinter Nights forums. BioWare assures fans that no financial data was taken in the hack, but, as was the case with all of the other recent hacks, usernames, passwords and email addresses may have been compromised.
Edit: And Citibank got 360,000 accounts compromised recently. Looking for numbers on the hacks is turning up all sorts of interesting things.
没有评论:
发表评论