Massively http://massively.joystiq.com Massively http://www.blogsmithmedia.com/http://massively.joystiq.com/media/feedlogo.gif Massively http://massively.joystiq.com en-us Copyright 2012 Weblogs, Inc. The contents of this feed are available for non-commercial use only. Blogsmith http://www.blogsmith.com/<![CDATA[Blizzard talks Diablo III hotfixes, delay of real-money auction house]]>http://massively.joystiq.com/2012/05/24/blizzard-talks-hotfixes-delay-of-real-money-auction-house/http://massively.joystiq.com/2012/05/24/blizzard-talks-hotfixes-delay-of-real-money-auction-house/http://massively.joystiq.com/2012/05/24/blizzard-talks-hotfixes-delay-of-real-money-auction-house/#commentsFiled under: , , , , ,

DIII
In a post on the official Diablo III forums earlier today, Community Manager Nethaera addressed a few of the concerns that have been brought up in the game's momentous first week.

Neth first linked to an up-to-date list of hotfixes that have been implemented thus far. For the spoiler-wary among you, be warned that if you haven't completed the game on Normal difficulty, some of the hotfixes might be spoilerific. Now that you're thoroughly warned that there may be spoilers, head on over to the list of hotfixes if you dare. Neth also advised players that additional server maintenance will be required in time and that there's a game patch inbound for sometime next week.

She also took the time to address the real-money auction house. Although Neth states that the service is "coming soon," it's been delayed due to post-launch difficulties. The team apparently needs "a bit more time to iron out the existing general stability and gameplay issues" before the real-money auction house is ready for launch. Players shouldn't expect the auction house to be ready in May despite initial plans for it to go online on the 22nd, and there wasn't a solid date to look forward to.

Neth went on to assure players that neither D3 nor Battle.net servers have been compromised, despite all the hubbub about security concerns that's been filling the air the last few days.
In all of the individual Diablo III-related compromise cases we've investigated, none have occurred after a physical Battle.net Authenticator or Battle.net Mobile Authenticator app was attached to the player's account, and we have yet to find any situation where a Diablo III player's account was accessed outside of "traditional" compromise methods (i.e. someone logging using an account's login email and password).
She reminded players to exercise constant vigilance by practicing smart password management, scanning for malware and viruses regularly, and generally being savvy.

MassivelyBlizzard talks Diablo III hotfixes, delay of real-money auction house originally appeared on Massively on Thu, 24 May 2012 20:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>action-rpgbattlenetblizzardblizzard-entertainmentcash-shopd3diablodiablo-2diablo-3diablo-hotfixesdiablo-iidiablo-iiifantasygothic-fantasyhotfixesmultiplayernethaeraonline-multiplayerreal-money-auction-houseroguelikerpgsecurityThu, 24 May 2012 20:00:00 EST<![CDATA[The Daily Grind: Do you use mobile authenticators?]]>http://massively.joystiq.com/2012/05/05/the-daily-grind-do-you-use-mobile-authenticators/http://massively.joystiq.com/2012/05/05/the-daily-grind-do-you-use-mobile-authenticators/http://massively.joystiq.com/2012/05/05/the-daily-grind-do-you-use-mobile-authenticators/#commentsFiled under: , , , ,

Pretty sure this dude is trying to steal your loot, and that's why you should get an authenticator.
A recent listener of the Massively Speaking podcast sparked a lively debate about the mobile authenticators that MMO companies are so fond of asking us to use as an extra layer of security for our accounts. He suggested that companies that encourage authenticators are doing so less for our security than for their own financial interests or responsibility -- after all, if I'm using an authenticator, they can save money on support and security staff. Our listener also pointed out that authenticators are annoying to the point that MMO studios sometimes have to bribe us with minipets and other goodies to get us to enroll, which suggests that maybe more people than we'd think avoid that extra tier of security.

What about you -- do you use mobile authenticators when they are available, and if not, how do you and the games you play safeguard your accounts?

Every morning, the Massively bloggers probe the minds of their readers with deep, thought-provoking questions about that most serious of topics: massively online gaming. We crave your opinions, so grab your caffeinated beverage of choice and chime in on today's Daily Grind!

MassivelyThe Daily Grind: Do you use mobile authenticators? originally appeared on Massively on Sat, 05 May 2012 08:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>authenticatorbrianna-royce-tdgdaily-grindmobile-authenticatoropinionsafeguardsecuritytdgthe-daily-grindSat, 05 May 2012 08:00:00 EST<![CDATA[Cryptic Studios issues security warning in response to database breach]]>http://massively.joystiq.com/2012/04/25/cryptic-studios-issues-security-warning-in-response-to-database/http://massively.joystiq.com/2012/04/25/cryptic-studios-issues-security-warning-in-response-to-database/http://massively.joystiq.com/2012/04/25/cryptic-studios-issues-security-warning-in-response-to-database/#commentsFiled under: , , , , , , , ,

Cryptic
Cryptic Studios, purveyor of Champions Online, Star Trek Online, and the upcoming Neverwinter, has just posted an ominous security warning on its official site. Its new security procedures have recently detected that hackers gained unauthorized access to a user database back in December of 2010. According to the studio,
The unauthorized access included user account names, handles, and encrypted passwords for those accounts. Even though the passwords were encrypted, it is apparent that the intruder has been able to crack some portion of the passwords in this database. All accounts that we believe were present in the database have had the passwords reset, and customers registered to these accounts have been notified via e-mail of this incident.
While Cryptic does not believe additional information (like player names and credit card numbers) was taken, it advises vigilance all the same and warns against phishing scams. We'll keep you posted as we learn more.

(Thanks to Geoff for the tip!)

MassivelyCryptic Studios issues security warning in response to database breach originally appeared on Massively on Wed, 25 Apr 2012 19:30:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>championschampions-onlinechampscocrypticcryptic-studiosdatabase-breachdatabase-intrusionemail-scamf2pfree-to-playperfect-worldperfect-world-entertainmentphishingpwescamsci-fisecuritystar-trekstar-trek-mmostar-trek-onlinestosuperherosuperheroesWed, 25 Apr 2012 19:30:00 EST<![CDATA[EVE Online nukes over a thousand botters from orbit]]>http://massively.joystiq.com/2012/03/01/eve-online-nukes-over-a-thousand-botters-from-orbit/http://massively.joystiq.com/2012/03/01/eve-online-nukes-over-a-thousand-botters-from-orbit/http://massively.joystiq.com/2012/03/01/eve-online-nukes-over-a-thousand-botters-from-orbit/#commentsFiled under: , , , ,

Screenshot -- EVE Online
Look upon CCP's works, ye botters, and despair! EVE Online players recently noticed "by virtue of reading various shady forums" that the CCP team has suspended or banned a large number of botters. CCP Sreegs stopped by the official site today to respond to some of the community reactions to the mass bot-nuking. Many fans seem to believe that the bannings are a publicitity stunt to drum up interest in the upcoming Fanfest. CCP Sreegs responds that, of course, this isn't the case. He notes that during CCP's recent periods of turbulence, there was no team responsible for "handling the technology responsible for nuking botters," but now that there's a full team once more, "[CCP has] now thrown the switch again and turned on the catching bad guys machine."

Other players are crying out that the current three-strike system is too soft-hearted. Sreegs respectfully disagrees, citing the fact that, of all players that go on to receive two strikes, only something like 3% go on to earn a third. But what's to stop these problem players from transferring their characters to a new account and carrying on as usual? Sreegs also announced that a new system is being put in place that will indefinitely revoke the character transfer privileges of any suspended players, no matter how many strikes they have against them. For the full story as well as a bit of insight as to how CCP deals with botters and cheaters, just click on through the link below.

MassivelyEVE Online nukes over a thousand botters from orbit originally appeared on Massively on Thu, 01 Mar 2012 17:30:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>anti-botsanti-bottinganti-hackanti-hackingbanbanningbansbotsbottersbottingccpccp-gamesccp-sreegseveeve-onlinefeaturedinternet-spaceshipssandboxsci-fisecurityspreadsheets-onlinesuspensionsuspensionsThu, 01 Mar 2012 17:30:00 EST<![CDATA[F2P publisher gamigo's account services offline after hack [Updated]]]>http://massively.joystiq.com/2012/03/01/f2p-publisher-gamigos-account-services-offline-after-hack/http://massively.joystiq.com/2012/03/01/f2p-publisher-gamigos-account-services-offline-after-hack/http://massively.joystiq.com/2012/03/01/f2p-publisher-gamigos-account-services-offline-after-hack/#commentsFiled under: , , ,

gamigo logo
If you're a fan of gamigo's free-to-play MMO library, you may have run into some trouble accessing your account info as of yesterday. The company "detected an illegal intrusion into [its] gamigo account system," according to an official post on the Jagged Alliance forums.

The hack resulted in a temporary cessation of registration, account management, and payment services. The company says that while the game servers are still up and running, "the gAS services might be down for a while." gamigo also says that it encrypts passwords and that "no access to account names and other data is confirmed."

[Thanks for the tip, Tim!]

[Update: gamigo has now posted a letter to its website discussing the intrusion and recommending steps players should take to reset passwords and secure their accounts.]

MassivelyF2P publisher gamigo's account services offline after hack [Updated] originally appeared on Massively on Thu, 01 Mar 2012 10:30:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>account-securityf2pfree-to-playgamigogamigo-account-servicesgamigo-hackhackjagged-alliancesecuritysecurity-breachThu, 01 Mar 2012 10:30:00 EST<![CDATA[Mortal Online hacked, Star Vault encourages users to verify accounts]]>http://massively.joystiq.com/2012/02/20/mortal-online-hacked-star-vault-encourages-users-to-verify-acco/http://massively.joystiq.com/2012/02/20/mortal-online-hacked-star-vault-encourages-users-to-verify-acco/http://massively.joystiq.com/2012/02/20/mortal-online-hacked-star-vault-encourages-users-to-verify-acco/#commentsFiled under: , , , ,

Mortal Online - female half-orc concept art
If you've got an active Mortal Onlne account, you may want to think seriously about changing your password. A new post on the sandbox title's forum describes a security breach that led to the destruction of in-game assets and account status changes. The intrusion has since been contained, according to a Star Vault GM, and "additional security is in place."

The company says that customer payment information was not affected, but users are encouraged to verify their account status and passwords anyway.

As to the breach itself, details are understandably scarce, but Star Vault does say that a member of the GM staff had his account compromised and his details used to carry out the aforementioned mischief.

[Thanks to slapshot1188 for the tip!]

MassivelyMortal Online hacked, Star Vault encourages users to verify accounts originally appeared on Massively on Mon, 20 Feb 2012 13:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>account-hackingfantasyhackingmortalmortal-gm-hackmortal-onlinenavesandboxsecuritysecurity-breachstar-vaultstarvaultMon, 20 Feb 2012 13:00:00 EST<![CDATA[Nexon bringing Mabinogi back online, compensating affected players]]>http://massively.joystiq.com/2012/01/03/nexon-bringing-mabinogi-back-online-compensating-affected-playe/http://massively.joystiq.com/2012/01/03/nexon-bringing-mabinogi-back-online-compensating-affected-playe/http://massively.joystiq.com/2012/01/03/nexon-bringing-mabinogi-back-online-compensating-affected-playe/#commentsFiled under: , , , , , ,

Mabinogi - character selection screen
Nexon has brought Mabinogi back online, and the company tells Massively that "the issues that led us to temporarily disable service have been addressed."

The free-to-play sandbox was offline for nearly 40 hours last weekend, and Nexon will be compensating players with 5,000 NX (the company's cash shop currency), a two-day extension of VIP/Premium/Inventory Plus service, and a forthcoming double XP event. Nexon also tells us that players who were directly affected by the recent malicious activity will receive an additional 5,000 NX (10,000 total) and will have their lost items restored.

If you think you've been affected by the recent attacks, contact Nexon Support directly, and be sure to provide the following info when submitting your ticket:
  • account name
  • character name
  • character server
  • date of malicious activity
  • items missing/removed
  • name of malicious character (if available)
Finally, affected players should include the keyword MUGWORTS in their support ticket summary field to assist in filtering and processing.

[Source: Nexon press release]

MassivelyNexon bringing Mabinogi back online, compensating affected players originally appeared on Massively on Tue, 03 Jan 2012 15:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>account-securityf2pfantasyfree-to-playmabinogimabinogi-hackingmabinogi-offlinemalicious-activitynexonnexon-hackingsandboxsecurityTue, 03 Jan 2012 15:00:00 EST<![CDATA[Nexon takes Mabinogi offline indefinitely due to 'malicious activity']]>http://massively.joystiq.com/2012/01/01/nexon-takes-mabinogi-offline-indefinitely-due-to-malicious-acti/http://massively.joystiq.com/2012/01/01/nexon-takes-mabinogi-offline-indefinitely-due-to-malicious-acti/http://massively.joystiq.com/2012/01/01/nexon-takes-mabinogi-offline-indefinitely-due-to-malicious-acti/#commentsFiled under: , , , , , ,

Mabinogi - down for the count
If you were looking to play a little Mabinogi to kick off the new year, you might want to make alternate arrangements. Nexon has taken the free-to-play sandbox offline in order to deal with the recent spate of "malicious activity" going on in-game.

Mabinogi went dark yesterday, and Nexon says that it does "not have a specific time for the service to re-open." This is the second time in the past three months that Nexon has disabled the game, as the company dealt with a rash of unauthorized RMT issues and botting as recently as October of 2011. As per usual when MMO security issues crop up, the company has not released any details, saying only that "we feel that we have no choice but to take the game down in order to prevent any further malicious action."

[Thanks to David for the tip!]

MassivelyNexon takes Mabinogi offline indefinitely due to 'malicious activity' originally appeared on Massively on Sun, 01 Jan 2012 12:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>bottingf2pfantasyfree-to-playhackingmabinogimabinogi-malicious-activitymabinogi-offlinemalicious-activitynexonrmtsandboxsecuritySun, 01 Jan 2012 12:00:00 EST<![CDATA[Trion Worlds customer database hacked, 'no evidence' credit card info stolen]]>http://massively.joystiq.com/2011/12/22/trion-worlds-customer-database-hacked-no-evidence-credit-card/http://massively.joystiq.com/2011/12/22/trion-worlds-customer-database-hacked-no-evidence-credit-card/http://massively.joystiq.com/2011/12/22/trion-worlds-customer-database-hacked-no-evidence-credit-card/#commentsFiled under: , , , ,

Trion Worlds
Trion Worlds has become the latest in a long string of MMO studio security breaches this year, as the company reported an intrusion into its customer database. At risk of compromise were customers' user names, passwords, birthdates, email and billing addresses, and partial credit card info. However, the company states that "there is no evidence" that full credit card numbers were stolen at this time.

In a message posted on the Trion Worlds website, the company promises that it is both researching the intrusion and taking steps to increase security. As part of this, all RIFT players will be asked to change passwords and security questions, and their mobile authenticators will need to be reconnected.

The company urges customers to watch their bank statements for questionable activity, and provides customers with resources to get a free credit report and putting a freeze on credit reports.

To compensate customers for the issue, Trion is providing all RIFT players with three extra days of gaming time and a Moneybags' Purse that increases all money looted by 10% in-game.

[Thanks to everyone who sent this in!]

MassivelyTrion Worlds customer database hacked, 'no evidence' credit card info stolen originally appeared on Massively on Thu, 22 Dec 2011 22:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>authenticatorbreakingcompensationcredit-card-infocredit-cardscustomer-databasedatabasehackhackedhackersintrusionmobile-authenticatormoneybags-pursepasswordsriftsecuritysecurity-breachtriontrion-worldsThu, 22 Dec 2011 22:00:00 EST<![CDATA[Star Wars: The Old Republic launches Android authenticator and upcoming test server]]>http://massively.joystiq.com/2011/12/21/star-wars-the-old-republic-launches-android-authenticator-and-u/http://massively.joystiq.com/2011/12/21/star-wars-the-old-republic-launches-android-authenticator-and-u/http://massively.joystiq.com/2011/12/21/star-wars-the-old-republic-launches-android-authenticator-and-u/#commentsFiled under: , , , ,

Pictured: not security.
If analyst predictions hold true, Star Wars: The Old Republic is going to be big. And that means that it's going to be heir to the natural problem of account hackings, the sort of thing that goes hand in hand with every major MMO. Luckily, the game has launched with security authenticators already available, with a physical version and an Apple app available right out of the gate. The mobile authenticator for Android devices is also now available, meaning that you have a multitude of ways to ensure that the only threats to your characters are those of the blaster-wielding variety.

Once you've gotten through the authenticator stage, however, perhaps you'd like to see what's coming next for the game? Ask a Jedi reports that it looks like BioWare is in the process of setting up a public test server, giving every subscriber a chance to enjoy the upcoming patches and updates before they go live. While players will not be able to copy characters from the live servers to the test environment at this time, the team behind Star Wars: The Old Republic seems to be polishing up the game on a daily basis even though it's just launched, so that likely won't remain the case for long.

MassivelyStar Wars: The Old Republic launches Android authenticator and upcoming test server originally appeared on Massively on Wed, 21 Dec 2011 19:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>account-securityauthenticatorbiowarebioware-mmobioware-mmorpgbioware-star-warsbioware-swtoreaelectronic-artslauncheslucas-artslucas-arts-mmolucas-arts-mmorpgmobile-authenticatornewspublic-test-serversecuritysecurity-keystar-wars-gamestar-wars-mmostar-wars-mmorpgstar-wars-the-old-republicstar-wars-torstarwarsstarwars-the-old-republicsw-torswtortest-serverthe-old-republicWed, 21 Dec 2011 19:00:00 EST<![CDATA[Square-Enix says no user info stolen during security breach]]>http://massively.joystiq.com/2011/12/21/square-enix-says-no-user-info-stolen-during-security-breach/http://massively.joystiq.com/2011/12/21/square-enix-says-no-user-info-stolen-during-security-breach/http://massively.joystiq.com/2011/12/21/square-enix-says-no-user-info-stolen-during-security-breach/#commentsFiled under: , , , ,

Square-Enix Members
A week ago we reported that Square-Enix's Members site, a loyalty program for fans of the studio's games, suffered an unwarranted intrusion and was subsequently taken offline as the company conducted an investigation. It turns out that the best possible outcome of this investigation has occurred, as no personal information was stolen. Subsequently, the company plans to bring its Japanese and North American websites back online by the end of the month.

Square-Enix posted the following notice as an update:
As a result of our continuing investigation, we have now confirmed that the database in which we store personal information was NOT accessed during the recent server intrusion. Therefore, your personal information was NOT compromised by an unknown third party.

Square-Enix is planning to restart the Square Enix Members service by the end of December. Details of the schedule will be announced at a later date.

We deeply regret any inconvenience this may have caused our customers and fans, and appreciate your patience.

MassivelySquare-Enix says no user info stolen during security breach originally appeared on Massively on Wed, 21 Dec 2011 09:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>final-fantasy-xifinal-fantasy-xivhackhackershackinginformation-theftintrusionpersonal-infopersonal-informationsecuritysecurity-breachsecurity-intrusionsquare-enixsquare-enix-membersunauthorized-accessWed, 21 Dec 2011 09:00:00 EST<![CDATA[Korean gaming giants adjusting data collection policies]]>http://massively.joystiq.com/2011/12/19/korean-gaming-giants-adjusting-data-collection-policies/http://massively.joystiq.com/2011/12/19/korean-gaming-giants-adjusting-data-collection-policies/http://massively.joystiq.com/2011/12/19/korean-gaming-giants-adjusting-data-collection-policies/#commentsFiled under: , , , ,

NCsoft logo
Changes are afoot in the Korean gaming industry in the wake of last month's massive Nexon hack that cost over 13 million MapleStory users their personal information. NCsoft has decided to stop collecting its players' Resident Registration Number (which is a Korean analog to the American Social Security number) due to concerns over privacy issues.

Korean gamers will still need to fork over the number to play NCsoft games, though, according to a report at ThisIsGame.com. Players need only an email and password to register for the PlayNC portal, but the RRN may still be required to verify that new registrants aren't bots, and NCsoft has handed off the collection responsibilities to a third-party agency. "We have acknowledged the importance of personal information for a long time. So we have collected minimum personal information and have asked another agency to do the sensitive information work including the RRN on behalf of us," said an NCsoft official.

ThisIsGame also reports that NHN Hangame has decided to stop collecting personal information, while Nexon and Neowiz are formulating new collection policies.

MassivelyKorean gaming giants adjusting data collection policies originally appeared on Massively on Mon, 19 Dec 2011 12:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>data-collectionhackshangamemaplestorymaplestory-hackmmo-industryncsoftneowiznexonnexon-hacknhn-hangamepersonal-informationresident-registration-numberrrnsecurityMon, 19 Dec 2011 12:00:00 EST<![CDATA[Gabe Newell confirms Steam security compromise]]>http://massively.joystiq.com/2011/11/10/gabe-newell-confirms-steam-security-compromise/http://massively.joystiq.com/2011/11/10/gabe-newell-confirms-steam-security-compromise/http://massively.joystiq.com/2011/11/10/gabe-newell-confirms-steam-security-compromise/#commentsFiled under: ,

Valve logo
A few days ago we reported that Valve's Steam forum security had been compromised. A letter from Valve head-honcho Gabe Newell today confirms this fact and reveals that the intruders also gained access to a Steam database that contained a ton of personal information, such as usernames, encrypted passwords, email addresses, and encrypted credit card information. Newell adds that there is currently no evidence that any of that information was actually taken by the intruders or that credit card numbers or passwords were cracked.

Steam users will be required to change their forum passwords when the forums are opened back up. While the company claims that no Steam accounts have been compromised, if your forum password was the same as your account password, a change would likely be a good idea.

MassivelyGabe Newell confirms Steam security compromise originally appeared on Massively on Thu, 10 Nov 2011 18:15:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>compromisecompromisedgabe-newellhackhackedsecuritysecutiy-compromisedsteamsteam-forumsvalveThu, 10 Nov 2011 18:15:00 EST<![CDATA[BioWare steps up The Old Republic account security]]>http://massively.joystiq.com/2011/11/07/bioware-steps-up-the-old-republic-account-security/http://massively.joystiq.com/2011/11/07/bioware-steps-up-the-old-republic-account-security/http://massively.joystiq.com/2011/11/07/bioware-steps-up-the-old-republic-account-security/#commentsFiled under: , ,

Screenshot -- Star Wars: The Old Republic
As Star Wars: The Old Republic's launch date draws ever nearer, BioWare has announced that it is stepping up account security for the game. Any players whose accounts were created prior to October 21st will be required to change their passwords in order to conform to the new standards. Those standards, for the curious, dictate that the password must be between eight and 15 characters and must contain at least one uppercase letter, one lowercase letter, and one number. For the full details, head on over to The Old Republic's official site.

MassivelyBioWare steps up The Old Republic account security originally appeared on Massively on Mon, 07 Nov 2011 20:30:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>account-securitybiowareeaelectronic-artspasswordsecuritystar-wars-the-old-republicswtorthe-old-republictorMon, 07 Nov 2011 20:30:00 EST<![CDATA[Valve's Steam forum security compromised]]>http://massively.joystiq.com/2011/11/07/valves-steam-forum-security-compromised/http://massively.joystiq.com/2011/11/07/valves-steam-forum-security-compromised/http://massively.joystiq.com/2011/11/07/valves-steam-forum-security-compromised/#commentsFiled under: , ,

Steam logo
Valve is the latest gaming company to suffer a security breach during the hackathon that is the year 2011. What's that got to do with MMOs, you say? Well, the company's Steam digital download service offers access to a ton of our favorite virtual worlds, and it has thus far seemed relatively secure.

Kotaku reports that the Steam forums were hacked last night, with the paper trail leading to a cracker website known as Fknowned.com. The gentlemen in question are of course denying all responsibility for the mischief, and thus far Valve has offered no comment on the situation. It's worth noting that the Steam forum account info is separate from the actual Steam service account info, but it's also likely that some users employ identical sets of credentials. We'll keep you posted as we learn more.

MassivelyValve's Steam forum security compromised originally appeared on Massively on Mon, 07 Nov 2011 17:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>digital-downloadsdownloadshackedhacksMiscellaneousmmo-industrysecuritysecurity-breachsteamvalveMon, 07 Nov 2011 17:00:00 EST<![CDATA[Order & Chaos security compromised, accounts hacked]]>http://massively.joystiq.com/2011/10/19/order-and-chaos-security-compromised-accounts-hacked/http://massively.joystiq.com/2011/10/19/order-and-chaos-security-compromised-accounts-hacked/http://massively.joystiq.com/2011/10/19/order-and-chaos-security-compromised-accounts-hacked/#commentsFiled under: , , , ,

Order & Chaos Online banner
Bad news for Order & Chaos Online players today. It would appear that the popular mobile MMO from Gameloft is suffering from some security issues resulting in a number of players' accounts being compromised.

The issue seems to be stemming from two major holes in the game's security. There is reportedly an exploit with Gameloft's website which allows players to change another player's password, and usernames and passwords are sent between the client and server in plain text, which makes it a breeze for anyone with the smarts to run interception. Hopefully these issues will be fixed soon, but until then, stay tuned in the event that more develops.

[Thanks to Andrew for the tip!]

MassivelyOrder & Chaos security compromised, accounts hacked originally appeared on Massively on Wed, 19 Oct 2011 15:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>f2pfree-to-playgamelofthackhackedmobileorder-and-chaosorder-and-chaos-onlinesecuritysecurity-compromisesecurity-issuesWed, 19 Oct 2011 15:00:00 EST<![CDATA[Turbine explains recent LotRO forum security issue]]>http://massively.joystiq.com/2011/10/19/turbine-explains-recent-lotro-forum-security-issue/http://massively.joystiq.com/2011/10/19/turbine-explains-recent-lotro-forum-security-issue/http://massively.joystiq.com/2011/10/19/turbine-explains-recent-lotro-forum-security-issue/#commentsFiled under: , , ,

LOTRO
While Lord of the Rings Online's forums have returned following Turbine's decision to take them down due to a security issue, many players were left in the dark about what had happened. To clear the air with this, the studio posted a brief security FAQ that addresses the specifics of what went down this past week.

According to the FAQ, Turbine became aware of a compromise in the forum database that would allow unauthorized access from outsiders. The company took the forums offline, brought in security experts, and fixed the bug that caused this issue. Turbine also claims it has strengthened its web security and that no payment details, including credit card information, were in danger of being stolen.

As part of an effort to make sure all players were secure, Turbine sent out notices to a few customers with particularly vulnerable passwords. In the email, the players were informed that their passwords were reset for their own safety.

The FAQ ends with a few Dos and Don'ts about password creation which all MMO players would be wise to adopt.

MassivelyTurbine explains recent LotRO forum security issue originally appeared on Massively on Wed, 19 Oct 2011 09:30:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>bugbugsfaqforumhacklord-of-the-rings-onlinelotropasswordpasswordssecuritysecurity-compromisesecurity-faqturbineTurbine-EntertainmentWed, 19 Oct 2011 09:30:00 EST<![CDATA[Turbine addresses LotRO forum security concerns]]>http://massively.joystiq.com/2011/10/17/turbine-addresses-lotro-forum-security-concerns/http://massively.joystiq.com/2011/10/17/turbine-addresses-lotro-forum-security-concerns/http://massively.joystiq.com/2011/10/17/turbine-addresses-lotro-forum-security-concerns/#commentsFiled under: , , , ,

Lord of the Rings Online - horse at sunrise
While it's not quite a conspiracy unmasked, Turbine has officially acknowledged a bit of a security issue with its Lord of the Rings Online-related web applications. Last week we reported on the temporary closure of the game's official forums, and today Turbine has issued a press release that touches on the situation.

As you would expect, it's all very hush-hush in terms of details, and the release recommends password changes for all LotRO players. While the game itself remains open for business, there is no time table for the restoration of forum services. "We are continuing to investigate and the forums will not reopen until this work is complete," Turbine says.

MassivelyTurbine addresses LotRO forum security concerns originally appeared on Massively on Mon, 17 Oct 2011 13:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>a-conspiracy-unmaskedaccount-securityf2pfantasyforum-securityforums-closedfree-to-playlord-of-the-rings-onlinelotropress-releasesecurityturbineTurbine-EntertainmentMon, 17 Oct 2011 13:00:00 EST<![CDATA[SOE's John Smedley weighs in on the recent hacks]]>http://massively.joystiq.com/2011/10/14/soes-john-smedley-weighs-in-on-the-recent-hacks/http://massively.joystiq.com/2011/10/14/soes-john-smedley-weighs-in-on-the-recent-hacks/http://massively.joystiq.com/2011/10/14/soes-john-smedley-weighs-in-on-the-recent-hacks/#commentsFiled under: , , , ,

SOE logo
You'd think putting the words Sony and hack together in the same sentence would give John Smedley a minor heart attack. Not so, according to a GameSpot writer who spoke with Sony Online Entertainment's CEO at the recent GDC Austin event.

Unlike the lengthy service outage that cost the company some credibility (and millions of dollars) earlier this year, the latest attempted security breach was neither widespread nor particularly effective, according to Smedley. It's also likely that the problem didn't stem from compromised Sony network data. "We've said publicly when we were compromised before that the information is out there and could have been used. That was obviously the first thing we looked at. Then we did the mathematical analysis and said 'obviously that's not what happened.' I'm not going to say it's impossible [{that}the info came from Sony]. We just think that's not the most likely case," Smedley explained.

MassivelySOE's John Smedley weighs in on the recent hacks originally appeared on Massively on Fri, 14 Oct 2011 18:30:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>gdc-2011GDC-Online-2011hacking-attemptinterviewsMiscellaneousmmo-industrysecuritysecurity-breachsoesoe-hacksony-hackFri, 14 Oct 2011 18:30:00 EST<![CDATA[Turbine forums down, security breach rumors rampant]]>http://massively.joystiq.com/2011/10/12/turbine-forums-down-security-breach-rumors-rampant/http://massively.joystiq.com/2011/10/12/turbine-forums-down-security-breach-rumors-rampant/http://massively.joystiq.com/2011/10/12/turbine-forums-down-security-breach-rumors-rampant/#commentsFiled under: , , , ,

Screenshot -- Lord of the Rings Online
A Casual Stroll to Mordor reports that Turbine has brought down the Lord of the Rings Online official forums due to a "potential issue in the forum system." But of course, in the MMO world, you can't just bring forums down without starting a few conspiracy theories.

Rumors abound that the forum outage may be linked to some sort of security breach. Of course, we repeat, and please do listen when we say, this is only a rumor and in no way has it been verified. If and when it is verified or dismissed, we promise to let you know. Until then, please remain calm and carry on. That is all.

MassivelyTurbine forums down, security breach rumors rampant originally appeared on Massively on Wed, 12 Oct 2011 16:30:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>a-casual-stroll-to-mordoracstmforum-outageforumslord-of-the-rings-onlinelotrorumorrumorssecuritysecurity-breachturbineturbine-entertainmentWed, 12 Oct 2011 16:30:00 EST<![CDATA[Wings Over Atreia: The anti-rant]]>http://massively.joystiq.com/2011/10/10/wings-over-atreia-the-anti-rant/http://massively.joystiq.com/2011/10/10/wings-over-atreia-the-anti-rant/http://massively.joystiq.com/2011/10/10/wings-over-atreia-the-anti-rant/#commentsFiled under: , , ,

Wings Over Atreia header
Admit it: Whether it is born of a desire to vindicate yourself using the opinions of another or because you just sharpened your claws and are eager to rip said opinions to shreds, sometimes you just love to read a juicy rant. Love them or leave them, we all have opinions and tend toward sharing them, from superstitions to sports to Aion. What make rants so delectably special are the passion and power behind them.

Unfortunately, this is not a rant.

In fact, this week's Wings Over Atreia is going to be an anti-rant. No, that does not mean I will rant against rants because I am opposed to them (that would still be a rant, not to mention they can be cathartic at times); rather, this will be the opposite of a rant. Yes folks, I am going to do something radical! Trolls, cover your eyes: I am going to give a compliment. And not just any compliment -- I am going to give praise to NCsoft's customer service! *gasp*

What confluence of events in Aion brought me to this? Take a peek past the cut to see for yourself.

Continue reading Wings Over Atreia: The anti-rant

MassivelyWings Over Atreia: The anti-rant originally appeared on Massively on Mon, 10 Oct 2011 16:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>aionaion-gamecomplimentcomplimentscustomer-serviceCustomerServicedeleted-itemfeaturedlost-itemsnc-softnc-soft-aionncsoftncsoft-aionrestorationrestored-itemssecuritythanksWings-Over-AtreiaMon, 10 Oct 2011 16:00:00 EST<![CDATA[EVE Online's new forum is back online]]>http://massively.joystiq.com/2011/09/06/eve-onlines-new-forum-is-back-online/http://massively.joystiq.com/2011/09/06/eve-onlines-new-forum-is-back-online/http://massively.joystiq.com/2011/09/06/eve-onlines-new-forum-is-back-online/#commentsFiled under: , , ,

EVE title image
Back in April, EVE Online received a brand-new forum with a revamped search tool, the ability to "like" posts, and other useful features. Unfortunately, players quickly found several serious security problems in the new forum software, including the ability to inject arbitrary HTML (but not script) into any thread via a modified forum signature.

It also became known that the forum was a modified version of open source software Yet Another Forum, with the authentication system tied to CCP's own login service. A cookie exploit was discovered in this login system shortly after the forums went online, allowing users to post as anyone they wanted -- even as developers. The new forum was temporarily disabled pending a security review and the old one reactivated.

After a complete security revamp and a period of rigorous testing, the new forum returned to service today. This forum is tied into CCP's web platform EVE Gate, which provides quick access to your character's evemails while not in the game and has integrated social networking features. The old forum will be officially decommissioned on Friday, September 9th and left as a permanent archive.

[UPDATE: We've been informed that the previous injection exploit involved only HTML and not script. The post has been modified accordingly.]

MassivelyEVE Online's new forum is back online originally appeared on Massively on Tue, 06 Sep 2011 14:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>ccpccp-eveccp-gameseveeve-ccpeve-gateeve-mmorpgeve-onlineforumforumsnew-forumssecurityTue, 06 Sep 2011 14:00:00 EST<![CDATA[SOE releases account authenticators]]>http://massively.joystiq.com/2011/08/11/soe-releases-account-authenticators/http://massively.joystiq.com/2011/08/11/soe-releases-account-authenticators/http://massively.joystiq.com/2011/08/11/soe-releases-account-authenticators/#commentsFiled under: , ,

SOE autheticator
Sony Online Entertainment has joined the growing list of gaming companies that offer physical authenticators for protection against account hacking and associated fraud. EQ2Wire brings us the details on the new device, which at $9.95, is slightly more expensive than Blizzard's comparable Battle.net fob.

SOE's authenticator may be used on multiple Station accounts, and for now at least, is shipping out sans handling charges (even for overseas orders). EQ2Wire also has a handy and detailed guide to the new authenticators from last month's Fan Faire, and the website notes that free iOS and Android security apps will be forthcoming at an as-yet unannounced date.

MassivelySOE releases account authenticators originally appeared on Massively on Thu, 11 Aug 2011 19:30:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>account-hackingaccount-securityauthenticatorfobhackingmmo-industrysecuritysoesoe-authenticatorsoe-fobSony-Online-Entertainmentvascovasco-security-fobThu, 11 Aug 2011 19:30:00 EST<![CDATA[Ask Massively: Stay inside edition]]>http://massively.joystiq.com/2011/08/11/ask-massively-stay-inside-edition/http://massively.joystiq.com/2011/08/11/ask-massively-stay-inside-edition/http://massively.joystiq.com/2011/08/11/ask-massively-stay-inside-edition/#commentsFiled under: , , , , , ,

The inspiration for the Dervish dance, we know.
In sharp contrast to last week's advice, this time around, I'm advising everyone to stay inside. There's all sorts of cool stuff wherever you are right now, and it's kind of hot out today. Besides, look at how much fun Christopher Walken is having inside. Don't you want to be like Christopher Walken? Don't you want the ability to fly when your indoor cavorting requires it?

In other news, please enjoy the earbug that's infected the entirety of the Massively staff on the day this was written.

In other other news, it's time for this week's installment of Ask Massively, addressing significantly less weighty issues than last week's gold selling question. No, this week we're talking about old livestream videos, the reason for the non-ubiquity of authenticators, and of course, the great outdoors. If you've got a question you'd like to see answered in a future edition of the column, leave it in the comments or send it along to ask@massively.com.

Continue reading Ask Massively: Stay inside edition

MassivelyAsk Massively: Stay inside edition originally appeared on Massively on Thu, 11 Aug 2011 18:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>account-securityask-massivelyauthenticatorsculturefeaturedhumormanagementmassively-metaopinionoutdoorssecuritysecurity-concernsThu, 11 Aug 2011 18:00:00 EST<![CDATA[Suspected LulzSec member arrested]]>http://massively.joystiq.com/2011/06/21/suspected-lulzsec-member-arrested/http://massively.joystiq.com/2011/06/21/suspected-lulzsec-member-arrested/http://massively.joystiq.com/2011/06/21/suspected-lulzsec-member-arrested/#commentsFiled under: , , ,

Shhh. You hear that? It sounds like laughter. Lulzing, in fact. Could it be Ryan Cleary's future cellmate? Who's Ryan Cleary, you say? According to a news blurb at PC Gamer, he's the 19-year old chap recently taken into custody by the FBI and Scotland Yard and accused of spear-heading the LulzSec-sponsored DDoS attacks against EVE Online, Nintendo, the United States Senate, and the Central Intelligence Agency, to name a few.

Cleary is rumored to be a former member of Anonymous, and a Scotland Yard spokesperson says that the arrest was the result of an extensive and ongoing probe into the rash of cyber-crimes perpetuated over the last several months. "The arrest follows an investigation into network intrusions and distributed denial of service attacks against a number of international business and intelligence agencies by what is believed to be the same hacking group," PC Gamer reports.

Remaining LulzSec luminaries are seemingly unconcerned, if a message posted to the group's Twitter account earlier today is any indication. "Seems the glorious leader of LulzSec got arrested, it's all over now... wait... we're all still here," the message said.

MassivelySuspected LulzSec member arrested originally appeared on Massively on Tue, 21 Jun 2011 18:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>ccpccp-gamesddosdenial-of-service-attackeveeve-onlinehackinglulzlulzsecmmo-industrynetwork-securityryan-clearyscript-kiddiessecurityTue, 21 Jun 2011 18:00:00 EST<![CDATA[EVE Online services restored]]>http://massively.joystiq.com/2011/06/14/eve-online-services-restored/http://massively.joystiq.com/2011/06/14/eve-online-services-restored/http://massively.joystiq.com/2011/06/14/eve-online-services-restored/#commentsFiled under: , , , ,

We reported earlier today about a DDOS attack launched against the EVE Online servers, but we have good news for the game's players. After a prolonged outage, the servers are back online, with an official update from CCP's COO. According to the update, the team is continuing to monitor the situation closely, but at this time it does not appear that there was any breach of the company's infrastructure nor any risk of personal data being leaked.

As noted in the letter, the shutdown was an immediate reaction to the threat of any security breach, taken in the hopes of staving off any serious threats to the game or its players. The company apologizes to players affected by the downtime as well as the lack of any subsequent notification, but most EVE Online players will just be happy that the game is back online and should remain so barring any unforeseen complications.

MassivelyEVE Online services restored originally appeared on Massively on Tue, 14 Jun 2011 19:45:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>ccpccp-gamesddosddos-attackeveeve-onlineonline-securitysecurityservice-interruptionshutdownupdatesTue, 14 Jun 2011 19:45:00 EST<![CDATA[Codemasters website, store, and database hacked]]>http://massively.joystiq.com/2011/06/10/codemasters-website-store-and-database-hacked/http://massively.joystiq.com/2011/06/10/codemasters-website-store-and-database-hacked/http://massively.joystiq.com/2011/06/10/codemasters-website-store-and-database-hacked/#commentsFiled under: , , ,

Another day, another game publisher in a hacker's crosshairs. This time around it's Codemasters, and Eurogamer has the details on a security violation that compromised the company's website, EStore, CodeM database, and Dirt3 VIP code redemption webpage. The intrusion occurred on June 3rd, and Codemasters has sent out a letter to affected customers advising of the potential threat to their identity-related information.

The article reports that no payment details or credit card info was pilfered, but encrypted passwords as well as Xbox Live gamer tags and personal data (including addresses and user names) were taken. Thus far no groups or individuals have claimed responsibility for the attack. You can read the full Codemasters letter at Eurogamer.

MassivelyCodemasters website, store, and database hacked originally appeared on Massively on Fri, 10 Jun 2011 12:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>codemasterscodemasters-hackdirt3hackhackershackingidentity-theftmmo-industrypersonal-informationpublisherssecuritysecurity-breachFri, 10 Jun 2011 12:00:00 EST<![CDATA[Suspected Sony hackers arrested in Spain]]>http://massively.joystiq.com/2011/06/10/suspected-sony-hackers-arrested-in-spain/http://massively.joystiq.com/2011/06/10/suspected-sony-hackers-arrested-in-spain/http://massively.joystiq.com/2011/06/10/suspected-sony-hackers-arrested-in-spain/#commentsFiled under: , , ,

If you've been wondering when (or whether) authorities would be bringing some of the Sony PlayStation hackers to justice, the New York Times has a brief report that you'll want to check out. Three hackers were recently arrested by Spanish police in the cities of Almeria, Barcelona, and Valencia, all of them with suspected connections to the attacks that took the PlayStation Network offline last April as well as cyber assaults on Spanish banks and government websites.

The Spanish National Police claim to have "dismantled the local leadership of the shadowy international network of computer hackers known as Anonymous," though the Times article casts doubt on whether or not the three individuals arrested were solely responsible for the Sony brouhaha.

The cyber shenanigans will end up costing Sony somewhere in the neighborhood of $173 million due to damages, IT spending, legal fees, lost sales, and expenses related to customer win-back programs.

MassivelySuspected Sony hackers arrested in Spain originally appeared on Massively on Fri, 10 Jun 2011 11:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>anonymousculturehacker-arrestshackershackingMiscellaneousmmo-industryny-timesPlayStationPlaystation3ps3securitysoesonySony-Computer-Entertainmentsony-hackSony-Online-EntertainmentFri, 10 Jun 2011 11:00:00 EST<![CDATA[SOE begins restoring game services]]>http://massively.joystiq.com/2011/05/14/soe-begins-restoring-game-services/http://massively.joystiq.com/2011/05/14/soe-begins-restoring-game-services/http://massively.joystiq.com/2011/05/14/soe-begins-restoring-game-services/#commentsFiled under: , ,

Sony Online Entertainment has good news for fans of its dormant MMORPGs. Service restoration has officially begun for all of the company's online games, forums, and related websites as of May 14th. Earlier today, the company issued a press release with the details as well as a statement from Sony executive Kazuo Hirai.

"Our main priority is the safety and security of our customers' personal information. We are making consumer data protection a full-time, company-wide commitment, and have applied enhanced security technologies so that our customers can feel protected and confident about playing our games," Hirai said.

SOE provided details on its Welcome Back promotion earlier this week, and today's release provides links to a handy chart covering promotions for all of the company's games as well as a summary of the initial customer service notice and contact information. The promotions include free play time for former (not just active) subscribers to SOE's MMOs, making it a great time to return to an old favorite.

MassivelySOE begins restoring game services originally appeared on Massively on Sat, 14 May 2011 20:10:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>breakingdowntimekazuo-hiraimmo-industrypress-releasepsn-hacksecuritysecurity-breachsoesoe-downtimesoe-hacksoe-services-restoredsonysony-hackSony-Online-EntertainmentSat, 14 May 2011 20:10:00 EST<![CDATA[Sony aiming for May 31st PSN service restoration [Updated]]]>http://massively.joystiq.com/2011/05/09/sony-aiming-for-may-31st-psn-service-restoration/http://massively.joystiq.com/2011/05/09/sony-aiming-for-may-31st-psn-service-restoration/http://massively.joystiq.com/2011/05/09/sony-aiming-for-may-31st-psn-service-restoration/#commentsFiled under: , , , , , , , , ,

Sony's network security woes continued over the weekend, and the light at the end of the tunnel still seems like a distant pin prick for the embattled gaming giant and its displaced customers. Bloomberg reports that Sony spokesman Shigenori Yoshida indicated the company plans to restart Playstation Network services by May 31st, which would bring the total downtime to a whopping 41 days.

Nick Caplin, head of communications for Sony Computer Entertainment Europe, posted an update to the European PlayStation blog hinting at the reasons for a longer delay. "We expected to have the services online within a week. We were unaware of the extent of the attack on Sony Online Entertainment servers, and we are taking this opportunity to conduct further testing of the incredibly complex system," he wrote.

While the PS3 versions of both Free Realms and DC Universe Online fall under the PSN umbrella, no word has been forthcoming as to a restart date for the rest of SOE's MMO stable, which includes the PC versions of the aforementioned titles as well as EverQuest and EverQuest II.

[Update: CNET is reporting that Sony is considering a reward for information leading to the capture of the hackers. Meanwhile, Sony is apparently contesting reports about the May 31st date, suggesting no such hard deadline for PSN resumption exists.]

MassivelySony aiming for May 31st PSN service restoration [Updated] originally appeared on Massively on Mon, 09 May 2011 10:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>dc-universe-onlinedcuodowntimeeqeq2everquesteverquest-2everquest-iifree-realmsmmo-industrynick-caplinplaystation-networkpsnpsn-hacksecuritysecurity-breachshigenori-yoshidasoesonysony-attackSony-Computer-Entertainment-Europesony-corpsony-hackSony-Online-EntertainmentMon, 09 May 2011 10:00:00 EST<![CDATA[SOE games down until Friday at the earliest, class action suit launched, Anonymous denies involvement [Updated]]]>http://massively.joystiq.com/2011/05/04/soe-games-reportedly-down-until-friday-at-the-earliest-class-ac/http://massively.joystiq.com/2011/05/04/soe-games-reportedly-down-until-friday-at-the-earliest-class-ac/http://massively.joystiq.com/2011/05/04/soe-games-reportedly-down-until-friday-at-the-earliest-class-ac/#commentsFiled under: , , ,

The latest news in the Sony Online Entertainment debacle finds the besieged MMORPG maker turning to outside sources for help. According to MSNBC, SOE has hired security experts from Data Forte, Guidance Software, and Robert Half International to assist in plugging the holes in its IT infrastructure.

Legal issues are waiting in the wings as well, and Tuesday brought the first hint of a proposed class-action suit. McPhadden Samac Tuovi LLP is preparing a $1.05 billion suit on behalf of a 21-year old PlayStation customer from Mississauga, Ontario.

In other related news, SOE's Taina Rodriguez told the San Diego Union-Tribune that the company's game services will remain offline through Friday and possibly longer.

[Update: In its most recent update, SOE commented further on the delay between the attacks and SOE's becoming aware of them, noting that "Essentially the perpetrators used sophisticated means not only to access the data, but also to cover their tracks. We committed to continue the investigation and in doing so, uncovered further information that we did not have when we initially believed the data was not stolen."

Meanwhile, our sister publication Joystiq is among news agencies reporting that SOE has suggested to Congress that Anonymous is responsible for the attacks. Anonymous has denied involvement.]

MassivelySOE games down until Friday at the earliest, class action suit launched, Anonymous denies involvement [Updated] originally appeared on Massively on Wed, 04 May 2011 10:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>class-action-lawsuitclass-action-suitdata-breachdata-forteguidance-softwarehackhackinglawsuitmcphadden-samacrobert-half-internationalsecurityservers-downsoesoe-hackSony-Online-Entertainmenttaina-rodriguezWed, 04 May 2011 10:00:00 EST<![CDATA[SOE releases further breach details, 24.6 million accounts compromised]]>http://massively.joystiq.com/2011/05/03/soe-releases-further-breach-details-24-6-million-accounts-compr/http://massively.joystiq.com/2011/05/03/soe-releases-further-breach-details-24-6-million-accounts-compr/http://massively.joystiq.com/2011/05/03/soe-releases-further-breach-details-24-6-million-accounts-compr/#commentsFiled under: , , ,

There's an old adage that things are always darkest just before the dawn, and right now the folks at Sony Online Entertainment -- as well as millions of customers -- are enduring another round of grim news. The San Diego-based MMORPG publisher has just announced that approximately 24.6 million accounts may have been stolen, in addition to the 12,700 credit or debit card thefts reported yesterday.

A new SOE press release reports that personal information including names, addresses, email addresses, login names, and hashed passwords has been illegally obtained by hackers. Another 10,700 direct debit records were pilfered from accounts in Austria, Germany, Netherlands, and Spain, including bank account numbers and the information mentioned above.

SOE plans to compensate consumers with 30 days of free subscription time as well as an additional day for each day its systems are down. The company will also provide "a complimentary offering to assist users in enrolling in identity theft protection services and/or similar programs."

MassivelySOE releases further breach details, 24.6 million accounts compromised originally appeared on Massively on Tue, 03 May 2011 09:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>24.6million-accountsaccounts-compromisedbreakingcompensationhackersidentity-theftmmo-industrynetwork-intrusionnetwork-securitynewspress-releasesecuritysoesoe-hackedSony-Online-EntertainmentTue, 03 May 2011 09:00:00 EST<![CDATA[A second breach of Sony's internet security? [Updated]]]>http://massively.joystiq.com/2011/05/02/a-second-breach-of-sonys-internet-security/http://massively.joystiq.com/2011/05/02/a-second-breach-of-sonys-internet-security/http://massively.joystiq.com/2011/05/02/a-second-breach-of-sonys-internet-security/#commentsFiled under: , ,

We have all heard that Sony's PlayStation Network was compromised nearly two weeks ago. The online services for the PlayStation 3 have yet to recover or come back online since the incident. This morning, Sony's PR director Patrick Seybold claimed that there was no truth to the rumor that credit card information was stolen by hackers. However, SOE cautioned gamers to be vigilant nonetheless.

It has now come to light via Nikkei.com that there was a reported second security infraction in Sony's gaming network. Nikkei claims that nearly 12,700 credit card numbers were stolen from Sony Online Entertainment this past Sunday in a second attack. As we reported this morning, all SOE sites have been brought offline because of "an issue that warrants enough concern for [SOE] to take the service down effective immediately," according the the site.

Michele Sturdivant, a spokeswoman for Sony, countered this allegation in The Wall Street Journal. "We temporarily took down SOE's services as part of our continued investigation into the external intrusion that occurred in April," Sturdivant affirmed. "This is not a second attack."

[Update: SOE has posted a security update to The Station.com. "We are today advising you that the personal information you provided us in connection with your SOE account may have been stolen in a cyber-attack. Stolen information includes, to the extent you provided it to us, the following: name, address (city, state, zip, country), email address, gender, birthdate, phone number, login name and hashed password." The notice further suggests that "information from an outdated database from 2007 containing approximately 12,700 non-US customer credit or debit card numbers and expiration dates (but not credit card security codes) and about 10,700 direct debit records listing bank account numbers of certain customers in Germany, Austria, Netherlands and Spain may have also been obtained" but that the "main credit card database" was not compromised in the attack. It appears this is part of the larger PSN attacks and not a separate security breach.]

MassivelyA second breach of Sony's internet security? [Updated] originally appeared on Massively on Mon, 02 May 2011 18:20:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>credit-cardhackersMichele-Sturdivantpatrick-seyboldPlayStation-NetworksecuritySOESonySony-Online-EntertainmentMon, 02 May 2011 18:20:00 EST<![CDATA[Sony executive to address media regarding PlayStation Network debacle]]>http://massively.joystiq.com/2011/04/30/sony-executive-to-address-media-regarding-playstation-network-de/http://massively.joystiq.com/2011/04/30/sony-executive-to-address-media-regarding-playstation-network-de/http://massively.joystiq.com/2011/04/30/sony-executive-to-address-media-regarding-playstation-network-de/#commentsFiled under: , , ,

If you're curious what Sony higher-ups have to say about the recent PlayStation Network security debacle, you'll want to check out Kazuo Hirai's remarks to the media at 2:00 p.m. Sunday in Tokyo (1:00 a.m. EDT). Hirai, Sony Corp's executive deputy president, is expected to field questions from journalists as well as use his considerable PR skills to put a positive spin on the situation and its aftermath.

Much is at stake for the global entertainment giant, including possible legal actions resulting from the compromise of 77 million user accounts (and the company's delayed response and acknowledgment of the problem well after the fact). It's a big moment for Hirai as well; the executive is considered the front-runner in the race to supplant current Sony president Howard Stringer -- who has "been vague about his plans from the next financial year that starts in April 2012" according to Reuters.

MassivelySony executive to address media regarding PlayStation Network debacle originally appeared on Massively on Sat, 30 Apr 2011 18:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>data-breachhoward-stringerkazuo-hiraimmo-industryplaystationplaystation-networkpress-releasepsnsecuritysecurity-breachsonysony-corpspinuser-accounts-compromisedSat, 30 Apr 2011 18:00:00 EST<![CDATA[EVE Online Fanfest 2011: Final video roundup]]>http://massively.joystiq.com/2011/04/29/eve-online-fanfest-2011-final-video-roundup/http://massively.joystiq.com/2011/04/29/eve-online-fanfest-2011-final-video-roundup/http://massively.joystiq.com/2011/04/29/eve-online-fanfest-2011-final-video-roundup/#commentsFiled under: , , , , , ,

Just over a month ago, the EVE Online Fanfest was in full swing and some exciting new information on EVE's future was being released. Massively was there to bring you all the big news as it came out, but most EVE players were unable to attend the event. Thankfully, most of the Fanfest panels and events were filmed and the main ones were even streamed live to viewers at home. For those who missed all the Fanfest excitement, CCP Games has spent the last few weeks preparing those videos for launch and uploading them to YouTube. The team has also sent us 150 professional photos from the event to include in our Fanfest gallery.

In this final Fanfest roundup article, we've put together a handy list of every video from the Fanfest along with a handy summary of each. Not included in the list are the very technical Dev Tracker workshops designed to inform third-party app developers. Many of these videos contain swearing and some are definitely not safe for work. Talks definitely worth watching include the CCP panel, the EVE keynote, the content panel, incursions, words words words and live events. Things you absolutely don't want to miss are the hilarious but not work-safe alliance panel, the PvP tournament finals, the war on lag talk, guest lecture "Who Needs a CEO?" by Battleclinic founder Chris Condon, CCP Sreegs' talk on security, and of course, the EVE: A Future Vision trailer.

Skip past the cut for a full roundup of all the videos from this year's EVE Fanfest.

Continue reading EVE Online Fanfest 2011: Final video roundup

MassivelyEVE Online Fanfest 2011: Final video roundup originally appeared on Massively on Fri, 29 Apr 2011 12:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>alliancebattleclinicccpccp-eveccp-gamesccp-sreegseveeve-ccpeve-fanfesteve-fanfest-2011eve-mmorpgeve-onlineeventsfanfestfanfest-2011featuredgalleryincursionskeynotepresentationspvp-tournamentround-uproundupsecuritytalksvideowar-on-lagFri, 29 Apr 2011 12:00:00 EST<![CDATA[Security 'RIFT' has closed for iOS]]>http://massively.joystiq.com/2011/04/11/security-rift-has-closed-for-ios/http://massively.joystiq.com/2011/04/11/security-rift-has-closed-for-ios/http://massively.joystiq.com/2011/04/11/security-rift-has-closed-for-ios/#commentsFiled under: , ,

The developers at Trion Worlds have given the players an active way to close the RIFT in security for the iPhone. As reported a couple of weeks ago, RIFT is following in World of Warcraft's footsteps with a mobile authenticator. Most of the time, being called a clone of WoW is a negative mark on the game, but in this case, it's a matter of personal security.

RIFT launched its authenticator on the Android platform first, giving those customers more peace of mind in the wake of reports of holes in the game's security. Today, Community Manager Erick "Zann" Adams posted that the authenticator is now available for the iPhone and other iOS products as well.

Because of the growing popularity of MMOs and other online games, these extra security measures are more than welcomed by the gaming community. If you are a RIFT player, then you can rush to the iTunes store or the Android market to pick up the authenticator or jump to the RIFT game site to find out more information.

MassivelySecurity 'RIFT' has closed for iOS originally appeared on Massively on Mon, 11 Apr 2011 16:30:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>androidandroid-marketauthenticatorerick-adamshackerhackingiosiphoneiTunes-storeRIFTrift-planes-of-telarasecuritysmartphoneTriontrion-worldszannMon, 11 Apr 2011 16:30:00 EST<![CDATA[MMObility: Battle of the browsers]]>http://massively.joystiq.com/2011/03/29/mmobility-battle-of-the-browsers/http://massively.joystiq.com/2011/03/29/mmobility-battle-of-the-browsers/http://massively.joystiq.com/2011/03/29/mmobility-battle-of-the-browsers/#commentsFiled under: , , , ,

Before I get too far in this new column, I need to take stock of my weaponry. I now have almost everything I need: an iPhone, an iPad, a new HTC Inspire Android phone, one basic laptop of choice, and a pretty decent gaming rig (if a little old). I have everything I need to test out games across different browsers and devices. I am prepared to slug these pieces of hardware wherever I need to; I am ready to walk with them in hand.

It's a tough job, but someone has to do it.

I could use some advice, though. I have my preferences, but I wonder what my readers think. Which browser do you prefer? Why? For example, I am in love with Chrome for various reasons, but some games have issues with it. Do I weigh the good against the bad and claim it as my default anyway? Lately, I have all the major browsers bookmarked on my desktop, waiting to go. What about security? I'll be honest: I'm not an expert.

Click past the cut and let's discuss. Maybe you can help me.

Continue reading MMObility: Battle of the browsers

MassivelyMMObility: Battle of the browsers originally appeared on Massively on Tue, 29 Mar 2011 20:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>beau-hindmanbrowserbrowser-gamesbrowser-gamingbrowser-securitybrowser-warschromef2pfeaturedfirefoxfree-to-playftpgoogleinternet-explorermicrosoftministry-of-warmozillaoperasafarisecurityTue, 29 Mar 2011 20:00:00 EST<![CDATA[RIFT bringing out a new authentication service today - but not yet]]>http://massively.joystiq.com/2011/03/29/rift-bringing-out-a-new-authentication-service-today-but-not-y/http://massively.joystiq.com/2011/03/29/rift-bringing-out-a-new-authentication-service-today-but-not-y/http://massively.joystiq.com/2011/03/29/rift-bringing-out-a-new-authentication-service-today-but-not-y/#commentsFiled under: , ,

Authenticators are one of the most popular forms of account security around, giving players an extra layer of defense against hackers and keyloggers. RIFT has been dealing steadily with account security issues since launch, so the upcoming authenticator service is no surprise to players. Using a digital authenticator service, players will very soon be able to use their Android mobile devices for authentication services -- but carefully note the "soon," as the service isn't yet ready for prime time.

Currently, using the authenticator will prevent players from logging in, as the code for using said authentication isn't yet in place. A new launcher will be put into place for the game later today, allowing players with Android devices use of the authentication service. While the current release is only for the Android platform, code for the iOS is being finalized, meaning that iPhone and iPad users won't be left out in the cold. So if you're playing RIFT and want to have a little more random number to go with your login, you'll soon be able to do just that. (But not quite yet.)

[Thanks to Puremallace for the tip!]

MassivelyRIFT bringing out a new authentication service today - but not yet originally appeared on Massively on Tue, 29 Mar 2011 19:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>account-hackingaccount-protectionaccount-securityandroidandroid-osauthenticationauthenticatordroidhack-protectionmobile-authenticatormobile-devicenewsriftrift-planes-of-telarasecuritytriontrion-wroldsTue, 29 Mar 2011 19:00:00 EST<![CDATA["Solid one-two punch": Trion responds to account hacks]]>http://massively.joystiq.com/2011/03/19/solid-one-two-punch-trion-responds-to-account-hacks/http://massively.joystiq.com/2011/03/19/solid-one-two-punch-trion-responds-to-account-hacks/http://massively.joystiq.com/2011/03/19/solid-one-two-punch-trion-responds-to-account-hacks/#commentsFiled under: , , , ,

The saga of RIFT's account security woes continues, as Trion World's Scott Hartsman responded to the hacker attempts, reassuring fans curious about what steps were being taken to secure their accounts.

Citing "constant attacks" since the launch of RIFT that have impacted 1% of accounts, Hartsman said that the team is blocking hackers and botnets as quickly as they are identified, but that this will also be an ongoing process.

"Both the login fix and the Coin Lock addition have been doing their part in signficantly reducing overall incidents over the last 18 hours," Hartsman wrote. "Neither one is a silver bullet, but so far it is looking to be a solid one-two punch for the weekend."

According to his post, Trion will be hiring additional staff to tackle the problem, and is working on a "two-factor authentication" process for the future.

Hartsman also praised the efforts of the player who brought a serious log-in vulnerability to the team's attention. ZAM tracked down the player for an interview, who himself had his account hacked in early March. The player is an "ethical hacker" who owns a security software company and realized that these hacks were not the fault of the player, but an exploit that had been discovered.

Massively"Solid one-two punch": Trion responds to account hacks originally appeared on Massively on Sat, 19 Mar 2011 23:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>account-securityauthenticatorbotnetscoin-lockcompromised-accountsethical-hackerhackerhackingmanwitdaplanriftrift-planes-of-telarascott-hartsmansecuritytriontrion-worldstwo-factor-authenticationzamSat, 19 Mar 2011 23:00:00 EST<![CDATA[RIFT adds Coin Lock to improve security... probably]]>http://massively.joystiq.com/2011/03/18/rift-adds-coin-lock-to-improve-security-probably/http://massively.joystiq.com/2011/03/18/rift-adds-coin-lock-to-improve-security-probably/http://massively.joystiq.com/2011/03/18/rift-adds-coin-lock-to-improve-security-probably/#commentsFiled under: , , , ,

Getting your account stolen in an MMO is generally accepted to be about as much fun as having your car's engine fuse into a solid block of melted parts or getting bamboo slivers shoved under your fingernails. RIFT's newest patch, 1.02, includes a new feature designed to fight precisely that dreaded eventuality, with the new "Coin Lock" system restricting use of a character if the parent account logs in from a different location. While locked, the characters cannot access the auction or trade functions until the player verifies his or her identity.

While the system is a great idea in theory, several players are reporting that the coin lock system is not working as intended, with supposedly "locked" characters remaining accessible and capable of using all features freely. There are also several threads devoted to claims that account hacks are still taking place, although as with any account security issue, culpability is difficult to determine. While RIFT's Coin Lock is an excellent idea, it remains to be seen whether it's actually accomplishing the stated goals.

[Thanks to Simon for the tip!]

MassivelyRIFT adds Coin Lock to improve security... probably originally appeared on Massively on Fri, 18 Mar 2011 16:30:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments]]>accountaccount-hackingaccount-securitycoin-lockforumshackingpatchpatchesriftrift-planes-of-telarasecuritysecurity-measurestriontrion-worldsupdatesFri, 18 Mar 2011 16:30:00 EST