Massively

Blizzard denies Diablo III authenticator hacking claims

Justin Olivetti — Tue, 22 May 2012 17:00:00 EST

Filed under: Fantasy, Launches, Legal, Diablo III

We've been following the mass reports of hackers bypassing passwords and authenticators to rob Diablo III accounts blind, and now we have a new twist on the story. While Blizzard confirmed "an increase in reports of individual account compromises," the studio says it has no hard evidence that hackers have found a way to skirt around the authentication system.

Community Manager Bashiok said that the company is taking the claims "extremely seriously" and is investigating the rash of account compromises. "Despite the claims and theories being made, we have yet to find any situations in which a person's account was not compromised through traditional means of someone else logging into their account through the use of their password," he said. "While the authenticator isn't a 100% guarantee of account security, we have yet to investigate a compromise report in which an authenticator was attached beforehand."

Blizzard is assisting compromised customers by restoring stolen items and rolling back their accounts. The studio has a post up on its forums to help players protect their accounts and get assistance if theft occurs.

Blizzard denies Diablo III authenticator hacking claims originally appeared on Massively on Tue, 22 May 2012 17:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

The Daily Grind: Do you use mobile authenticators?

Brianna Royce — Sat, 05 May 2012 08:00:00 EST

Filed under: MMO industry, Opinion, The Daily Grind, Promotions, Miscellaneous

A recent listener of the Massively Speaking podcast sparked a lively debate about the mobile authenticators that MMO companies are so fond of asking us to use as an extra layer of security for our accounts. He suggested that companies that encourage authenticators are doing so less for our security than for their own financial interests or responsibility -- after all, if I'm using an authenticator, they can save money on support and security staff. Our listener also pointed out that authenticators are annoying to the point that MMO studios sometimes have to bribe us with minipets and other goodies to get us to enroll, which suggests that maybe more people than we'd think avoid that extra tier of security.

What about you -- do you use mobile authenticators when they are available, and if not, how do you and the games you play safeguard your accounts?

Every morning, the Massively bloggers probe the minds of their readers with deep, thought-provoking questions about that most serious of topics: massively online gaming. We crave your opinions, so grab your caffeinated beverage of choice and chime in on today's Daily Grind!

The Daily Grind: Do you use mobile authenticators? originally appeared on Massively on Sat, 05 May 2012 08:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Trion Worlds customer database hacked, 'no evidence' credit card info stolen

Justin Olivetti — Thu, 22 Dec 2011 22:00:00 EST

Filed under: Fantasy, MMO industry, Legal, RIFT, Miscellaneous

Trion Worlds has become the latest in a long string of MMO studio security breaches this year, as the company reported an intrusion into its customer database. At risk of compromise were customers' user names, passwords, birthdates, email and billing addresses, and partial credit card info. However, the company states that "there is no evidence" that full credit card numbers were stolen at this time.

In a message posted on the Trion Worlds website, the company promises that it is both researching the intrusion and taking steps to increase security. As part of this, all RIFT players will be asked to change passwords and security questions, and their mobile authenticators will need to be reconnected.

The company urges customers to watch their bank statements for questionable activity, and provides customers with resources to get a free credit report and putting a freeze on credit reports.

To compensate customers for the issue, Trion is providing all RIFT players with three extra days of gaming time and a Moneybags' Purse that increases all money looted by 10% in-game.

[Thanks to everyone who sent this in!]

Trion Worlds customer database hacked, 'no evidence' credit card info stolen originally appeared on Massively on Thu, 22 Dec 2011 22:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Star Wars: The Old Republic launches Android authenticator and upcoming test server

Eliot Lefebvre — Wed, 21 Dec 2011 19:00:00 EST

Filed under: Sci-fi, Culture, Patches, News items, Star Wars: The Old Republic

If analyst predictions hold true, Star Wars: The Old Republic is going to be big. And that means that it's going to be heir to the natural problem of account hackings, the sort of thing that goes hand in hand with every major MMO. Luckily, the game has launched with security authenticators already available, with a physical version and an Apple app available right out of the gate. The mobile authenticator for Android devices is also now available, meaning that you have a multitude of ways to ensure that the only threats to your characters are those of the blaster-wielding variety.

Once you've gotten through the authenticator stage, however, perhaps you'd like to see what's coming next for the game? Ask a Jedi reports that it looks like BioWare is in the process of setting up a public test server, giving every subscriber a chance to enjoy the upcoming patches and updates before they go live. While players will not be able to copy characters from the live servers to the test environment at this time, the team behind Star Wars: The Old Republic seems to be polishing up the game on a daily basis even though it's just launched, so that likely won't remain the case for long.

Star Wars: The Old Republic launches Android authenticator and upcoming test server originally appeared on Massively on Wed, 21 Dec 2011 19:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

SOE releases account authenticators

Jef Reahard — Thu, 11 Aug 2011 19:30:00 EST

Filed under: MMO industry, News items, Miscellaneous

Sony Online Entertainment has joined the growing list of gaming companies that offer physical authenticators for protection against account hacking and associated fraud. EQ2Wire brings us the details on the new device, which at $9.95, is slightly more expensive than Blizzard's comparable Battle.net fob.

SOE's authenticator may be used on multiple Station accounts, and for now at least, is shipping out sans handling charges (even for overseas orders). EQ2Wire also has a handy and detailed guide to the new authenticators from last month's Fan Faire, and the website notes that free iOS and Android security apps will be forthcoming at an as-yet unannounced date.

SOE releases account authenticators originally appeared on Massively on Thu, 11 Aug 2011 19:30:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Trion's dynamic duo talks dynamic content on the RIFT podcast

Justin Olivetti — Mon, 25 Apr 2011 13:30:00 EST

Filed under: Fantasy, Interviews, RIFT

The river of RIFT news and discussion seems to be swelling to flood stage these days, especially surrounding the recent world event and the upcoming 1.2 update. If your appetite for all things RIFT wasn't satiated by our recent talk with Scott Hartsman, then you'll definitely want to tune in to the latest RIFT Podcast.

During the podcast, the hosts talk with Trion World's Will Cook and Cindy Bowens about dynamic content, the world event, authenticators, the wardrobe, and -- of course -- RIFT's Update 1.2. They even touch upon the controversial continued lack of guild banks and the fact that daily quests are no longer stackable.

Head on over to The RIFT to glean nuggets of pure interviewee gold out of this chat!

Trion's dynamic duo talks dynamic content on the RIFT podcast originally appeared on Massively on Mon, 25 Apr 2011 13:30:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Security 'RIFT' has closed for iOS

Larry Everett — Mon, 11 Apr 2011 16:30:00 EST

Filed under: Fantasy, Game mechanics, RIFT

The developers at Trion Worlds have given the players an active way to close the RIFT in security for the iPhone. As reported a couple of weeks ago, RIFT is following in World of Warcraft's footsteps with a mobile authenticator. Most of the time, being called a clone of WoW is a negative mark on the game, but in this case, it's a matter of personal security.

RIFT launched its authenticator on the Android platform first, giving those customers more peace of mind in the wake of reports of holes in the game's security. Today, Community Manager Erick "Zann" Adams posted that the authenticator is now available for the iPhone and other iOS products as well.

Because of the growing popularity of MMOs and other online games, these extra security measures are more than welcomed by the gaming community. If you are a RIFT player, then you can rush to the iTunes store or the Android market to pick up the authenticator or jump to the RIFT game site to find out more information.

Security 'RIFT' has closed for iOS originally appeared on Massively on Mon, 11 Apr 2011 16:30:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

RIFT bringing out a new authentication service today - but not yet

Eliot Lefebvre — Tue, 29 Mar 2011 19:00:00 EST

Filed under: Fantasy, News items, RIFT

Authenticators are one of the most popular forms of account security around, giving players an extra layer of defense against hackers and keyloggers. RIFT has been dealing steadily with account security issues since launch, so the upcoming authenticator service is no surprise to players. Using a digital authenticator service, players will very soon be able to use their Android mobile devices for authentication services -- but carefully note the "soon," as the service isn't yet ready for prime time.

Currently, using the authenticator will prevent players from logging in, as the code for using said authentication isn't yet in place. A new launcher will be put into place for the game later today, allowing players with Android devices use of the authentication service. While the current release is only for the Android platform, code for the iOS is being finalized, meaning that iPhone and iPad users won't be left out in the cold. So if you're playing RIFT and want to have a little more random number to go with your login, you'll soon be able to do just that. (But not quite yet.)

[Thanks to Puremallace for the tip!]

RIFT bringing out a new authentication service today - but not yet originally appeared on Massively on Tue, 29 Mar 2011 19:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

"Solid one-two punch": Trion responds to account hacks

Justin Olivetti — Sat, 19 Mar 2011 23:00:00 EST

Filed under: Fantasy, Bugs, Game mechanics, Interviews, RIFT

The saga of RIFT's account security woes continues, as Trion World's Scott Hartsman responded to the hacker attempts, reassuring fans curious about what steps were being taken to secure their accounts.

Citing "constant attacks" since the launch of RIFT that have impacted 1% of accounts, Hartsman said that the team is blocking hackers and botnets as quickly as they are identified, but that this will also be an ongoing process.

"Both the login fix and the Coin Lock addition have been doing their part in signficantly reducing overall incidents over the last 18 hours," Hartsman wrote. "Neither one is a silver bullet, but so far it is looking to be a solid one-two punch for the weekend."

According to his post, Trion will be hiring additional staff to tackle the problem, and is working on a "two-factor authentication" process for the future.

Hartsman also praised the efforts of the player who brought a serious log-in vulnerability to the team's attention. ZAM tracked down the player for an interview, who himself had his account hacked in early March. The player is an "ethical hacker" who owns a security software company and realized that these hacks were not the fault of the player, but an exploit that had been discovered.

"Solid one-two punch": Trion responds to account hacks originally appeared on Massively on Sat, 19 Mar 2011 23:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

The Road to Mordor: Hacked!

Justin Olivetti — Fri, 21 Jan 2011 19:30:00 EST

Filed under: Fantasy, Lord of the Rings Online, Game mechanics, MMO industry, Free-to-play, The Road to Mordor

"My kinship had just finished an instance run about a week-and-a-half ago and was in the process of reloading back into the world when I got the message that I was being disconnected because I had just logged into the Brandywine server. Huh? Suspecting the worst, I immediately hit up the Turbine Account page and changed my password then re-logged back into the game, which would boot the hacker offline just like I had been booted minutes earlier.

"I was lucky and did that before the hacker had time to switch servers to where my active characters are. Other kinmates have not been so lucky."

So goes the frightening tale of Pumping Irony's Scott, who shares this in the hopes that others may avoid a similar scare. Unfortunately, it seems as though stories such as these are becoming more and more common in Lord of the Rings Online, where the worst threat to your quest may not be the eye of Sauron but the malicious intent of hackers gutting your account while you're offline.

Today we're going to step off the path for a temporary side trail into the gloomy undergrowth of account security and an MMO under siege.

Continue reading The Road to Mordor: Hacked!

The Road to Mordor: Hacked! originally appeared on Massively on Fri, 21 Jan 2011 19:30:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

MMO Family: 17 internet safety tactics for gaming families

Lisa Poisso — Fri, 09 Oct 2009 12:00:00 EST

Filed under: Kids, MMO Family, Family, Miscellaneous

MMO Family is your resource for leveling a gaming-specced family. From tips on balancing gaming with family life to finding age-appropriate niches for every family member, MMO Family offers you advice on MMO gaming of the family, by the family and for the family.

"Be careful, there's nasty stuff out there on the internet."

It's frustrating to hear this warning clarioned over and over again. We're gamers ourselves, after all. We know easily children can get in over their heads on the internet. "Be careful," intone the experts. "Watch carefully, and be very, very careful ..." But how? What must we be careful to do? To not do? What does "being careful" mean in actual practice? Specific online safety tactics - and putting them into practice without driving anyone crazy in the process - become an epic quest reward that always manages to stay two turn-ins out of reach.

As we mentioned last week, your main objective as the parent of a young MMO player is to remain figuratively logged in to their activity. When children are online, parents cannot afford to be figuratively AFK. We're not suggesting you pull up a chair and some popcorn to faithfully oversee kids' every move online. No child needs direct supervision to kill 10 rats (or pick 20 flowers or befriend 30 fairies or frag 50 enemies ...). But young gamers do need your boundaries and your guidance (as well as your feedback, your enthusiasm and your support). Just how strong the boundaries should be will depend on the age of your child and the game that they're playing. Apply common sense, based on your own MMO experience, along with these 17 tactics for safe online gaming.

Continue reading MMO Family: 17 internet safety tactics for gaming families

MMO Family: 17 internet safety tactics for gaming families originally appeared on Massively on Fri, 09 Oct 2009 12:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Anti-Aliased: Hax0red

Seraphina Brennan — Wed, 16 Sep 2009 18:00:00 EST

Filed under: World of Warcraft, Fantasy, Culture, Opinion, Anti-Aliased

Today was a beautiful morning. It was a morning filled with sunshine, chirping birds, and a good night's rest. I was up writing late last night, so it was nice to sleep in a little before getting a start on the day. Yet, all cozy naps must come to an end, as I had to get up to man my computer, check my e-mail, and get a start on today's work.

As I booted up Mozilla Thunderbird and looked over the e-mails that were floating in my inbox (yesterday's MAG comments, Star Wars Galaxies comments, and some new screenshots for D&D Online) I saw one that kinda stuck out. It was from Blizzard Entertainment Support, and it was a password change notification from Battle.net. At first I chuckled, thinking it was some type of spammer who was trying to get me to give up my password, but on looking through the letter, I noticed it was authentic Blizzard material.

That's when my phone rang. It was one of my guildmate's numbers flashing on the screen. Those birds stopped chirping after that booming string of profanities escaped my mouth.

Continue reading Anti-Aliased: Hax0red

Anti-Aliased: Hax0red originally appeared on Massively on Wed, 16 Sep 2009 18:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Square-Enix not discontinuing authentication tokens, authenticators now back in stock

Seraphina Brennan — Tue, 28 Jul 2009 18:00:00 EST

Filed under: Fantasy, Final Fantasy XI, Business models, Culture, MMO industry, News items, Consoles

Looks like we can put a rumor to rest for y'all. As we reported on earlier, some people were wondering if Square-Enix was discontinuing their authentication token program as it never looked like the tokens were being re-added to the stock.

We've spoken to Square-Enix regarding this matter, and they've laid the rumor to rest for us. The authentication tokens are not being discontinued (as they are pretty popular) and have now been re-stocked back into the store. We here at Massively highly recommend tossing the 10 bucks towards the token, if you can afford it, as it gives you access to the amazingly useful Mog Satchel -- a second inventory for your character. Better act fast, however, as these tokens fly out of the store very shortly after being restocked.

To purchase an authenticator, log into PlayOnline, go to the Final Fantasy XI top page, select optional services, and then click security token sales.

Square-Enix not discontinuing authentication tokens, authenticators now back in stock originally appeared on Massively on Tue, 28 Jul 2009 18:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Rumor: No more authentication tokens for Final Fantasy XI?

Seraphina Brennan — Sun, 26 Jul 2009 10:00:00 EST

Filed under: Fantasy, Final Fantasy XI, Business models, News items, Consoles, Rumors

It's been two months since the Square-Enix authentication tokens sold out, and still there has been no word on when the item will be returning to the online store.

The Square-Enix authentication tokens were SE's answer to the Blizzard authenticator -- an item that generates a constantly changing numerical code that needs to be entered along with your password to gain access to your game. The tokens added an extra layer of security to your Final Fantasy XI account, further protecting it from hackers who would seek to steal your luxurious items and gil.

The tokens came with the highly loved Mog Satchel -- an in-game item that would essentially double your inventory space, no matter how big it was. The satchel will also become larger when your inventory is expanded by the completion of a "Gobbie Bag" quest. However, the satchel is only available through the purchase of a security token. With no tokens being sold, no Mog Satchels are being handed out either.

Have the authenticator sales come to an end, or is it simply taking this long to make more and restock the device? We'll do some digging for you to find out.

[Via PlayNoEvil]

Rumor: No more authentication tokens for Final Fantasy XI? originally appeared on Massively on Sun, 26 Jul 2009 10:00:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments

WoW Insider interviews Blizzard on security

Adrian Bott — Fri, 19 Sep 2008 14:30:00 EST

Filed under: World of Warcraft, Fantasy, MMO industry

Big concerns require authoritative answers, and to get those, you often have to go to the top. That's what our friends at WoW Insider have recently been able to do, getting answers straight from Blizzard, the masters of World of Warcraft.

As issues go, it's pretty damn big: not concerns about class balance or content, but about the basic security of your account, the protection currently being provided against hacking, and what the Authenticator key actually does.

Blizzard, who actively sought an interview with WoW Insider following a (since contested) report of a customer allegedly having his account hacked while using one of the new Authenticators, explain the specific steps the technology takes to ensure security. They also address player concerns about how reliable the Authenticator is. The bottom line: '... we have no verified occurrences of an account being compromised that has a Blizzard Authenticator attached to it.' The full interview can be read at WoW Insider.

For those that don't know, the Authenticator is an optional item (now available through the Blizzard store) that adds an extra layer of security to one or more World of Warcraft accounts. 'It supplies a random digital code that must be entered at login, providing an additional layer of security to help prevent unauthorized account access. Each code is valid for a limited time and can only be used once, so the Blizzard Authenticator must be in the possession of the account holder to log in to the account.'

Continue reading WoW Insider interviews Blizzard on security

WoW Insider interviews Blizzard on security originally appeared on Massively on Fri, 19 Sep 2008 14:30:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments