Sign in to follow this  
Ulviirala

So, how's password security these days?

Forum password leak, security, and staff handling  

24 members have voted

  1. 1. How do you feel about the matter?

    • I was still being concerned about it, and interested to know more.
      6
    • Now that you mention it, I'm concerned about it and/or want to know what came of it.
      2
    • I was aware of it and changed my password, but don't want to pursue the matter further.
      5
    • I was aware of it but not changed my password, and don't want to pursue the matter further.
      1
    • I was aware of it but I don't care about it / my ingame password is different from my forum password.
      5
    • I was not yet aware, that passwords leaked from the forums.
      0
    • I don't think you should be inquiring about this.
      2
    • Just shut up / I disagree with you.
      1
    • None of these answers fit how I feel about it (please feel free to post about it)
      2


Recommended Posts

Despite choosing to "remember" my login, I keep finding myself being logged out the next day I visit the forums for a while now, and I've changed my password twice since the last "zomg it happened again" notice.

Have you just decided to silently shorten the expiration date on these cookies, or...?

Oddly enough, why only a post on the forums? Why are you not informing all players in any ways possible, to make them aware of the security leak that has apparently been abused at least twice? Official news item, E-mails. Yet, just a post in the GM Hall forum. Some people only knew by word of mouth, which is somewhat inappropriate.

E-mails about the opening of Xanadu have certainly been sent out, why not a note that your password might have or seemingly certainly have leaked out? Or at least encrypted (thus decryptable data), or maybe just hashes that can be used in brute forcing or word lists etc.?

I had not been giving it this much thought at first, because I was under the impression that the matter was handled appropriately, but I'm not so sure anymore.

It's completely understandable to not disclose any details while investigations are still running, but it's closing in on a month now, and nobody talks about it anymore.

So.. what's the status on this? What's the conclusion of the investigation?

  • Like 1

Share this post


Link to post
Share on other sites

Clear your cookies and then sign back in.


Share this post


Link to post
Share on other sites

my password is always 123. I will never forget it.


  • Like 2

Share this post


Link to post
Share on other sites

Don't get why they'd "need" to update if it's been fixed / not been broken back into...?  :huh:


Share this post


Link to post
Share on other sites

Hi Ulvirala,


 


The password security issue was indeed unfortunate and can be a bother happening twice in a close timeframe. The reason we chose to have the message on the forums was due to it being a possible forum breach, not ingame. Advertising ingame, or sending out emails would cause unnecessary panic at the thought of game accounts being hacked.


 


As for cookie expiration I haven't heard anything in regards to changes with that, and have experienced no issues with it myself, but I see no reason as to why this would be something that had to be publicly announced.


 


I'm not entirely sure what is meant by requesting the status of any investigation, we informed players that there may have been a breach and asked that passwords be changed, the possible breach was removed (as of the time of posting the password change request). This does not mean you are safe from having to change your password, as the information may have been collected prior to the detection of this breach.


 


Regards,


Retrograde


Edited by Retrograde
  • Like 1

Share this post


Link to post
Share on other sites

I guess as long as you use a unique password just for the wurm forums the worst they could do would be post bad things and get you banned from the forums. I guess an email explaining what happened and that you were hacked would resolve any of that though. 


Share this post


Link to post
Share on other sites

Give me your password and I will be able to tell you how secure it is...


 


 


 


 


 


 


 


 


...Just Kidding :P ; although, if anyone needed this warning, I also have some nice real estate to sell you.


Share this post


Link to post
Share on other sites

Hi Ulvirala,

 

The password security issue was indeed unfortunate and can be a bother happening twice in a close timeframe. The reason we chose to have the message on the forums was due to it being a possible forum breach, not ingame. Advertising ingame, or sending out emails would cause unnecessary panic at the thought of game accounts being hacked.

 

As for cookie expiration I haven't heard anything in regards to changes with that, and have experienced no issues with it myself, but I see no reason as to why this would be something that had to be publicly announced.

 

I'm not entirely sure what is meant by requesting the status of any investigation, we informed players that there may have been a breach and asked that passwords be changed, the possible breach was removed (as of the time of posting the password change request). This does not mean you are safe from having to change your password, as the information may have been collected prior to the detection of this breach.

 

Regards,

Retrograde

I guess I was just in a terrible mood swing, where I felt that more could have been done, and felt that more should have been done, and uncertain whether or not the matter was solved to everyone's satisfactory.

By investigation I think I meant, that you know how exactly this happened, how and why it happened twice, and what's been done to prevent the same to happen again if possible. But I guess like in most cases, this is information that you don't feel like to disclose publicly, which is understandable.

The original posts don't contain all that much information besides mentioning that it happened, and that everybody should change their forum passwords, and keep it separate from their ingame accounts.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this