Lt. Commander
Join Date: Dec 2007
Posts: 120
# 11
04-26-2012, 10:19 AM
Quote:
Originally Posted by Akrilon View Post
Here's my position on this:

In an increasingly tech dependent world, you can expect criminals to adapt to their surroundings. Unless there's indication of gross negligence on Cryptic's part that lead to their database being hacked, I'm not sure that I understand why you feel you're entitled to something from them.

If someone broke into a store and made off with customer information, you'd likely hold the criminal responsible, after all, and not the store, unless they left the front door open.

All security can be circumvented with enough effort. My position is that it's just as much your responsibility to take precautions such as using a different password for each site, and using a pre-loaded credit card if you're going to link one to your STO account, rather than expecting the online database to be completely hack proof.

In this increasingly digital world, I feel that you shouldn't expect hand-outs from the company, when they become a victim of a crime like this. It's easy for people to get angry at the company, when the hacker(s) responsible are intangible entities, in that they can't be held accountable.

If you'd taken steps to protect your own information online, then the impact on you should have been negligible. I know there's likely to be some kickback to this comment, as generally, people don't like to be held accountable for their own action or inaction.

My opinion...
It not the breaking in that the issue. It the breaking that happen a year and half ago that went unnoticed for that long.
Lt. Commander
Join Date: Dec 2007
Posts: 120
# 12
04-26-2012, 10:50 AM
Quote:
Originally Posted by theapparatus View Post
Why do I get the feeling that Cryptic/ Atari/ Whomever had the same clause in their ToS?

Using hort_wort's Aug 2008 join date:

http://web.archive.org/web/200808300...rms_of_service

Hmm, actually I don;t see anything on that page covering that. I;ve got three screaming kids in my area so I may be missing it though.
Hmmm... How about...
Quote:
XI. Indemnification

You agree to indemnify and hold harmless Cryptic Studios and all of their respective officers, directors, owners, agents, employees, information providers, affiliates, licensors and licensees (collectively, "Indemnified Parties") from and against any and all liability and costs including, without limitation, attorneys' fees and costs, incurred by the Indemnified Parties in connection with any claim arising out of any breach by you of the Agreement or the foregoing representations, warranties and covenants or (ii) your use of The Cryptic Studios Sites Communication Features.
Or...
Quote:
VII. Limitation of Liability

YOU ACKNOWLEDGE AND AGREE THAT THE CRYPTIC STUDIOS PARTIES ARE NOT LIABLE FOR ANY ACT OR FAILURE TO ACT BY THEM OR ANY OTHER PERSON REGARDING CONDUCT, COMMUNICATION OR CONTENT ON THE SERVICES OR USE OF THE CRYPTIC STUDIOS SITES, SERVICES OR SOFTWARE. YOU ACKNOWLEDGE AND AGREE THAT YOUR SOLE AND EXCLUSIVE REMEDY FOR ANY DISPUTE WITH CRYPTIC STUDIOS IS TO STOP USING THE SERVICE, AND TO CANCEL YOUR ACCOUNT(S). IN NO CASE SHALL THE LIABILITY OF THE CRYPTIC STUDIOS PARTIES TO YOU EXCEED THE AMOUNT THAT YOU PAID TO CRYPTIC STUDIOS OR ITS DESIGNEES DURING THE PRIOR ONE (1) MONTH PERIOD FOR THE APPLICABLE SERVICES GIVING RISE TO ANY SUCH LIABILITY. IN NO CASE SHALL THE CRYPTIC STUDIOS PARTIES BE LIABLE FOR ANY SPECIAL, INCIDENTAL, INDIRECT, PUNITIVE OR CONSEQUENTIAL DAMAGES ARISING FROM YOUR USE OF THE CRYPTIC STUDIOS SITES, SERVICES AND SOFTWARE, THE INTERNET OR FOR ANY OTHER CLAIM RELATED IN ANY WAY TO YOUR USE OF THE SERVICES OR INTERACTIONS WITH CRYPTIC STUDIOS. BECAUSE SOME STATES OR JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR THE LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES, IN SUCH STATES OR JURISDICTIONS, THE LIABILITY OF CRYPTIC STUDIOS AND THE CRYPTIC STUDIOS PARTIES SHALL BE LIMITED TO THE FULLEST EXTENT PERMITTED BY LAW. CRYPTIC STUDIOS DOES NOT ENDORSE, WARRANT OR GUARANTEE ANY THIRD-PARTY PRODUCT OR SERVICE OFFERED THROUGH THE CRYPTIC STUDIOS SITES AND WILL NOT BE A PARTY TO OR IN ANY WAY BE RESPONSIBLE FOR MONITORING ANY TRANSACTION BETWEEN YOU AND THIRD-PARTY PROVIDERS OF PRODUCTS OR SERVICES.
Quote:
Originally Posted by hort_wort View Post
I never clicked an "agree" button after PWE took over. I bought a lifetime subscription to a game owned by a different company with different terms.
Another industry 'standard' clause covers this claim...
Quote:
Cryptic Studios reserves the right, at its sole discretion, to change, modify, add or remove portions of these Terms of Use, at any time. It is your responsibility to check these Terms of Use periodically for changes. Your continued use of the Site following the posting of changes will mean that you accept and agree to the changes. As long as you comply with these Terms of Use, Cryptic Studios grants you a personal, non-exclusive, non-transferable, limited privilege to enter and use the Site.
Lt. Commander
Join Date: Dec 2007
Posts: 120
# 13
04-26-2012, 12:44 PM
Quote:
Originally Posted by Grouchy.Otaku
Quote:
Originally Posted by hort_wort View Post
I never clicked an "agree" button after PWE took over. I bought a lifetime subscription to a game owned by a different company with different terms.
Another industry 'standard' clause covers this claim...
Quote:
Cryptic Studios reserves the right, at its sole discretion, to change, modify, add or remove portions of these Terms of Use, at any time. It is your responsibility to check these Terms of Use periodically for changes. Your continued use of the Site following the posting of changes will mean that you accept and agree to the changes. As long as you comply with these Terms of Use, Cryptic Studios grants you a personal, non-exclusive, non-transferable, limited privilege to enter and use the Site.
Furthermore, for example, if your current wireless phone provider was purchased or merged with another company, that doesn't indemnify you from the new terms of service. By every right, you have the option to find a another service provider, but if you stay with your new provider, you would have to abide by their terms of service. Simply sticking one's head in the sand and ignoring that the terms have changed is hardly a valid excuse.
Lt. Commander
Join Date: Dec 2007
Posts: 120
# 14
04-26-2012, 12:53 PM
Maybe I misread all the emails and staff forum posts, but I understood ONE of the account databases was accessed in a manner not consistent with standard cryptic procedures almost a year and a half ago (NOT over the last year and a half) and it is safe to assume that this was done to collect user details for nefarious purposes - so change your cryptic password just in case (if you were indeed a player of cryptic games at that time)

between the lines I can read that cryptic have within the past month or soupdated their internal procedures or software, which brought to light this intrusion and they have taken the steps to fix this now and are alerting users who have potentially been or will be in a position where there account is not secure. There is no information where this access was internal (e.g via a temp/contract/former staffer) or external (via various sql injection techniques or brute hacking).

Myself I am pretty impressed that they owned up. they could have just swept it under the rug in the form of a "there has been some database corruption - if you wish to continue playing please reset your password" type message.
Lt. Commander
Join Date: Dec 2007
Posts: 120
# 15
04-26-2012, 01:41 PM
Quote:
Originally Posted by Liath
Maybe I
Myself I am pretty impressed that they owned up. they could have just swept it under the rug in the form of a "there has been some database corruption - if you wish to continue playing please reset your password" type message.
Actually, compliance with Federal privacy laws requires them to make this kind of disclosure in the event of a possible compromise of confidential information...

(And also one of the reasons that PWE is a independent US company, owned by the PW company in China... One of the purposes of the US child firm is to isolate the Parent company from US law...)
Lt. Commander
Join Date: Dec 2007
Posts: 120
# 16
04-26-2012, 05:50 PM
Quote:
Originally Posted by Grouchy.Otaku
Another industry 'standard' clause covers this claim...
Aha! Gotcha now!
-points to his signature-

Quote:
Hort's EULA:
By replying to my posts, you are agreeing that I am right in all things. And you owe me money.
You quoted me and replied!
I WIN!!

The moral of the story is EULA's are just silliness and rarely hold up in court. Otherwise you'd be able to win this argument. And you can't. Because if you did, you would lose. So ppffffttttt!!! :p
Lt. Commander
Join Date: Dec 2007
Posts: 120
# 17
04-26-2012, 08:10 PM
The problem with all of these arguments are two fold.

#1 the T&C as I'm reading is refering to indavidual player responsabilites. I have no issue with those. I agree if the user is hacked, then yes Cryptic is not liable. However In this situation, an attack was beyond our (the player) control. With this attack, the assailent gained access to account names, passwords, and even majority of credit card info. This is directly the result of Cryptic not being properly prepared. As such Cryptic is fully responsable.

#2 For those of us who are lifers, yes we stop playing, however ATARI already have our money. This stop paying argument is defunk. Many of us purchsed this game and commitment with the understanding that CRYPTIC/ATARI was keeping this information secure. This was not the case. CRYPTIC\ATARI violated this trust

Now if people wish to fully read the T&C then this argument would not be happening.

Quote:
. BECAUSE SOME STATES OR JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR THE LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES, IN SUCH STATES OR JURISDICTIONS, THE LIABILITY OF CRYPTIC STUDIOS AND THE CRYPTIC STUDIOS PARTIES SHALL BE LIMITED TO THE FULLEST EXTENT PERMITTED BY LAW


And so the question still stands Cryptic. What are you going to do for this breach of trust?
Lt. Commander
Join Date: Dec 2007
Posts: 120
# 18
04-26-2012, 09:32 PM
Quote:
Originally Posted by hort_wort View Post
Aha! Gotcha now!
-points to his signature-



You quoted me and replied!
I WIN!!

The moral of the story is EULA's are just silliness and rarely hold up in court. Otherwise you'd be able to win this argument. And you can't. Because if you did, you would lose. So ppffffttttt!!! :p
Well, If were going to nit-pick here... Your EULA is already invalidated by US 'fair-use' law concerning trade-marked and copyright protected material.... (You do have a Trade-mark on this, don't you....)

The legal basics to 'virtual' property rights and on-line gaming were hashed out in the courts about 5 years ago... This is the reason why you see the 'Terms of Service' documents worded they way they are, as they now have legal precedent behind them...

Quote:
Originally Posted by Akito3379 View Post
The problem with all of these arguments are two fold.

#1 the T&C as I'm reading is refering to indavidual player responsabilites. I have no issue with those. I agree if the user is hacked, then yes Cryptic is not liable. However In this situation, an attack was beyond our (the player) control. With this attack, the assailent gained access to account names, passwords, and even majority of credit card info. This is directly the result of Cryptic not being properly prepared. As such Cryptic is fully responsable.

#2 For those of us who are lifers, yes we stop playing, however ATARI already have our money. This stop paying argument is defunk. Many of us purchsed this game and commitment with the understanding that CRYPTIC/ATARI was keeping this information secure. This was not the case. CRYPTIC\ATARI violated this trust

Now if people wish to fully read the T&C then this argument would not be happening.



And so the question still stands Cryptic. What are you going to do for this breach of trust?
Now this is a more interesting argument...

For #1, You may claim Cryptic is responsible, But as far as the legal 'Terms of Service' are concerned, just by playing the game, you have agreed to take on all risks & responsibilities associated with playing the game (include the aspects of having an account...)

As for #2, any computer security expect in the field can tell you that its simply impossible to make a computer system 100% Secure.... The question now becomes, was Cryptic 'negligent' in keeping their confidential data secure. Since complete Credit Card information was not exposed, and only hashed (which unlike encryption, cannot be reversed) password information was exposed, it will be 'highly unlikely' that Cryptic can be shown to be 'negligent' in a court of law...

So the statement that Cryptic did not get the data absolutely secure is true... But since keeping a commercial system absolutely secure is impossible, this statement is nothing but a farce...
Lt. Commander
Join Date: Dec 2007
Posts: 120
# 19
04-26-2012, 10:14 PM
Quote:
Originally Posted by Akito3379 View Post
Since Cryptic was hacked for the last year and a half, what is cryptic going to do to compensate us for this?
nothing cause this has not only happen to cryptic but has happen to about every other game company out there example: Steam, EA, PS3, online, Bioware ect. and no compensation came from them either because its all the same type of thing we take the risk of these things happening when we play . Yes they try there best for it not to happen but hackers find a way in and the companies go and get better security and then it all happens again later on that's the part the risk when you agree to play.

get over it and move on
Lt. Commander
Join Date: Dec 2007
Posts: 120
# 20
04-27-2012, 12:17 AM
Quote:
Originally Posted by Obsidius View Post
Furthermore, for example, if your current wireless phone provider was purchased or merged with another company, that doesn't indemnify you from the new terms of service. By every right, you have the option to find a another service provider, but if you stay with your new provider, you would have to abide by their terms of service. Simply sticking one's head in the sand and ignoring that the terms have changed is hardly a valid excuse.
You are not required by law to be aware of the changes in the business world around you .
Companies gets brought and sold all day long .
You are not required to know who owns the majority of the shares of your service provider .

They may be required to inform you -- but it's not your sworn duty to be informed .
It's not sticking one's head in the sand , it's ppl have better things to do .
(and also , service providers often send you promotional spam that many ppl don't read)

Just saying that that is a valid argument .
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


All times are GMT -7. The time now is 07:20 PM.