Lt. Commander
Join Date: Dec 2007
Posts: 120
# 21
04-27-2012, 01:49 AM
You guys are worrying about things that you do not have control over. Here are my questions and comments.

Hey Cryptic...

For about 2 years you guys have had your system hacked and not been aware of it or at least have only now told the public about it. As a paying customer for your game, what are you going to do to convince me that adequate steps have been taken to secure your business relationship with me and the rest of the paying public. What steps have been taken to make sure that financial data of your paying customers has not been compromised and will not be compromised in the future?
My trust in the security of your business at all levels has been damaged by these circumstances. While I understand that as a business, Cryptic is a victim of this crime, in fact they are the primary victim of this crime moreso than the patrons who play this game. My questions and comments cannot be answered by a EULA. If the only answer is "we're working on it" then I am sorry, I like to play this game and will continue to do so as long as it remains fun, but I will not ever risk any financial information on any of your domains again, not Cryptic nor Perfect World.

I look forward to your response.
Lt. Commander
Join Date: Dec 2007
Posts: 120
# 22
04-27-2012, 03:05 AM
The fact is simple that Two years ago Cryptic was a attacked, and i know it wasnt known unitl now because of using the latest up to date technologies, i also note and know in my gut that compensation is a fools dream, but as Gronk said in the last post the questions are in need of answers.

1. What information about me and my credt card details are compromised. (required by Australian law)

2. What steps are you doing to notify the credit card companies that the information that might have been compromised. as legally required by both American and Australian law.

3 what steps are you going to do to make sure than any and all transactions i might do with your company will be secure from further attempts.

These questions Have to be answered before i even think about placing any transactions with Cryptic and Perfect world.
Lt. Commander
Join Date: Dec 2007
Posts: 120
# 23
04-27-2012, 05:06 AM
Quote:
Originally Posted by ShadowDarter
words
I generally find myself in agreement. Anyone who hasn't been living under a rock should know that Cryptic is a relatively small development studio as compared to some of the bigger corporate game companies. The resources they have in regards to security is going to be limited.

That said, there's no excuse for being completely oblivious to this kind of security issue since December 2010. It does fall partly on those affected, particularly if they don't change their passwords regularly and take other preventative measures to ensure sensitive information remains inaccurate by the time someone gets around to discovering it...

I know Cryptic is a victim of a crime here. They should not be responsible for a cyber crime committed against them by a third party. That said, just like a jogger wearing flashy jewelry running through the middle of a dark alley in the middle of the night... they should not be surprised when something like this happens to them. Simply by existing as a business, they are asking for these things to happen to them. Cyber crime comes with the territory of running an MMO game company, this is a risk they should have known about and took seriously as soon as they decided to establish themselves.

To let this kind of leak go un-noticed for as long as it did is just plain sloppy. When this has happened to other companies (and yes, I will gladly admit Cryptic is not the only company this has happened to and should not be singled out), they have taken measures to not only increase and fortify their security, but they have recognized that they have inadvertantly harmed their customers by not being vigilant enough and have taken steps to remedy the situation, even if it means playing damage control.

Cryptic has inadvertantly harmed their customers. We have chosen to entrust confidential financial information with them, and we demand satisfaction for making that choice.

A canned response is not good enough. When Rift was breached, Trion Worlds compensated their players. When the Sony Network was breached, Sony compensated their players. If Cryptic wants to follow the business trends of other companies who have fallen victim to cyber crime, then they should be working on some form of compensation as well, if they haven't already.

No, it isn't Cryptic's fault a crime was commited against them. But they share some of the responsibility and I would even go as far as to say they have an obligation to promise us it will not happen again, or set up some manner of procedure if it does happen again.
Lt. Commander
Join Date: Dec 2007
Posts: 120
# 24
04-27-2012, 06:23 AM
Quote:
Originally Posted by Kali-fal
I generally find myself in agreement. Anyone who hasn't been living under a rock should know that Cryptic is a relatively small development studio as compared to some of the bigger corporate game companies. The resources they have in regards to security is going to be limited.

That said, there's no excuse for being completely oblivious to this kind of security issue since December 2010. It does fall partly on those affected, particularly if they don't change their passwords regularly and take other preventative measures to ensure sensitive information remains inaccurate by the time someone gets around to discovering it...

I know Cryptic is a victim of a crime here. They should not be responsible for a cyber crime committed against them by a third party. That said, just like a jogger wearing flashy jewelry running through the middle of a dark alley in the middle of the night... they should not be surprised when something like this happens to them. Simply by existing as a business, they are asking for these things to happen to them. Cyber crime comes with the territory of running an MMO game company, this is a risk they should have known about and took seriously as soon as they decided to establish themselves.

To let this kind of leak go un-noticed for as long as it did is just plain sloppy. When this has happened to other companies (and yes, I will gladly admit Cryptic is not the only company this has happened to and should not be singled out), they have taken measures to not only increase and fortify their security, but they have recognized that they have inadvertantly harmed their customers by not being vigilant enough and have taken steps to remedy the situation, even if it means playing damage control.

Cryptic has inadvertantly harmed their customers. We have chosen to entrust confidential financial information with them, and we demand satisfaction for making that choice.

A canned response is not good enough. When Rift was breached, Trion Worlds compensated their players. When the Sony Network was breached, Sony compensated their players. If Cryptic wants to follow the business trends of other companies who have fallen victim to cyber crime, then they should be working on some form of compensation as well, if they haven't already.

No, it isn't Cryptic's fault a crime was commited against them. But they share some of the responsibility and I would even go as far as to say they have an obligation to promise us it will not happen again, or set up some manner of procedure if it does happen again.

In my opinion cryptic stop begin the victim when they tried blaming the hacking on stowiki.
Lt. Commander
Join Date: Dec 2007
Posts: 120
# 25
04-27-2012, 06:45 AM
Quote:
Originally Posted by RCO
In my opinion cryptic stop begin the victim when they tried blaming the hacking on stowiki.
Appearently the database thingie was way before the STOWiki thing...

However, what I don't understand is what the OP wants compensation for... EULA and all that other s*it away...

What did you loose? Did anyone steal from you during this? Buy C-Points? USE C-Points? Anything?

Cryptic dosen't even hold your CC info... This was something StormShade confirmed almost 2 years ago... They simply don't have the economics to create a infrastructure secure enough, so they use an external service.

Unless you've really lost anything because of this, I see no legal ground to demand compensation.
Lt. Commander
Join Date: Dec 2007
Posts: 120
Quote:
Originally Posted by anazonda View Post
Appearently the database thingie was way before the STOWiki thing...

However, what I don't understand is what the OP wants compensation for... EULA and all that other s*it away...

What did you loose? Did anyone steal from you during this? Buy C-Points? USE C-Points? Anything?

Cryptic dosen't even hold your CC info... This was something StormShade confirmed almost 2 years ago... They simply don't have the economics to create a infrastructure secure enough, so they use an external service.

Unless you've really lost anything because of this, I see no legal ground to demand compensation.
Speak for yourself there guy

Im coming forward because my Identity social and information was used approximately three weeks ago by third parties. Long story short I got denied unemployment benefits because someone used my information to get a job and claim wages under my social security number... Now it brings me to the following question..Shall I wait until I am completetly fleeced before I sue cryptic or after... I already filed a police report with the Sheriffs office and a report with the Federal Trade Comission...

So thanks for letting us know two years after the fact.. I dont care at this point what the naysayers say, I now have to turn my life upside down, shutter my accounts and go through the painful process of recovering from this. Thanks for taking a massive dump on your customer base Cryptic. And yes I will be pursuing this matter with an attorney, least these idiots can do is give us credit monitoring for free for the individuals that were effected by this, but thats to much to ask seeing as how long they waited....

And yes I already contacted Cryptic but I thouth its fair for the rest of the gaming masses to be aware that I may be one the first victims in this regard.
Lt. Commander
Join Date: Dec 2007
Posts: 120
# 27
04-27-2012, 07:00 AM
Quote:
Originally Posted by levaria View Post
Speak for yourself there guy

Im coming forward because my Identity social and information was used approximately three weeks ago by third parties. Long story short I got denied unemployment benefits because someone used my information to get a job and claim wages under my social security number... Now it brings me to the following question..Shall I wait until I am completetly fleeced before I sue cryptic or after... I already filed a police report with the Sheriffs office and a report with the Federal Trade Comission...

So thanks for letting us know two years after the fact.. I dont care at this point what the naysayers say, I now have to turn my life upside down, shutter my accounts and go through the painful process of recovering from this. Thanks for taking a massive dump on your customer base Cryptic. And yes I will be pursuing this matter with an attorney, least these idiots can do is give us credit monitoring for free for the individuals that were effected by this, but thats to much to ask seeing as how long they waited....

And yes I already contacted Cryptic but I thouth its fair for the rest of the gaming masses to be aware that I may be one the first victims in this regard.
i wil admit being Australian, i hosestly do not not know american laws, but in our laws there's is a seriously large level of user beware, how secure where you on giving details out, Australian laws equaly distribute the sellers AKA crytic and the international laws.
Lt. Commander
Join Date: Dec 2007
Posts: 120
# 28
04-27-2012, 07:15 AM
Quote:
Originally Posted by Grouchy.Otaku
Well, If were going to nit-pick here... Your EULA is already invalidated by US 'fair-use' law concerning trade-marked and copyright protected material.... (You do have a Trade-mark on this, don't you....)
I have no idea what you're talking about. I'm misusing a sentence I just typed myself? I think you're missing the point I was trying to make that this issue is a game and not worth arguing about. I took this whole thread to be, at most, a suggestion that the devs might give us some in-game slice of cake to make us feel better about the whole thing.

Quote:
Originally Posted by levaria View Post
Speak for yourself there guy

Im coming forward because my Identity social and information was used approximately three weeks ago by third parties. Long story short I got denied unemployment benefits because someone used my information to get a job and claim wages under my social security number... Now it brings me to the following question..Shall I wait until I am completetly fleeced before I sue cryptic or after... I already filed a police report with the Sheriffs office and a report with the Federal Trade Comission...

So thanks for letting us know two years after the fact.. I dont care at this point what the naysayers say, I now have to turn my life upside down, shutter my accounts and go through the painful process of recovering from this. Thanks for taking a massive dump on your customer base Cryptic. And yes I will be pursuing this matter with an attorney, least these idiots can do is give us credit monitoring for free for the individuals that were effected by this, but thats to much to ask seeing as how long they waited....

And yes I already contacted Cryptic but I thouth its fair for the rest of the gaming masses to be aware that I may be one the first victims in this regard.
AHHHHHH!!!! Best of luck with that, what a pain. My only thought is that it's probably very important to be entirely honest in all your legal dealings on this matter. Don't exaggerate at any level, like most of us tend to do when on the defensive.
Lt. Commander
Join Date: Dec 2007
Posts: 120
# 29
04-27-2012, 07:16 AM
Quote:
Originally Posted by anazonda View Post
Appearently the database thingie was way before the STOWiki thing...

The stowiki thing was something they made up to place the blame. It was there hacked database all along that was the cause of hack.
Lt. Commander
Join Date: Dec 2007
Posts: 120
# 30
04-27-2012, 08:25 AM
Quote:
Originally Posted by levaria View Post
Speak for yourself there guy

Im coming forward because my Identity social and information was used approximately three weeks ago by third parties. Long story short I got denied unemployment benefits because someone used my information to get a job and claim wages under my social security number... Now it brings me to the following question..Shall I wait until I am completetly fleeced before I sue cryptic or after... I already filed a police report with the Sheriffs office and a report with the Federal Trade Comission...

So thanks for letting us know two years after the fact.. I dont care at this point what the naysayers say, I now have to turn my life upside down, shutter my accounts and go through the painful process of recovering from this. Thanks for taking a massive dump on your customer base Cryptic. And yes I will be pursuing this matter with an attorney, least these idiots can do is give us credit monitoring for free for the individuals that were effected by this, but thats to much to ask seeing as how long they waited....

And yes I already contacted Cryptic but I thouth its fair for the rest of the gaming masses to be aware that I may be one the first victims in this regard.
However, this was not a 'a massive dump on your customer base'. As far as 'security incidents' are concerned, this would rank as a relatively minor incident...

The only thing significant about this 'incident' is that the information that 'may' have been compromised, (as its impossible to prove/disprove that it was actually copied and acted upon...) would provide enough information (as in account names and password hashes) to attempt to brute force the password...

Now the general theory behind one-way password hash algorithms (e.g. MD5, SHA1) is that its ALWAYS POSSIBLE to brute force a password hash by simply trying all possible combinations until you find one that generates a match... Its just that they way the hash algorithms are designed, it will take an awful amount of computer time to do this... (average of decades to centuries for a single computer system to accomplish). so if someone wanted to break an account, they would choose a simpler and easier method, such as getting a key-logger on to your system (such as the STOWiki incident...)

However, there are 2 exceptions to this rule... People are poor generators of good random password. You can construct a table of commonly used password, (something on the order of 10s of thousands would be a doable task) and do a quick database search, and often come up with a lucky hit...

The other possible issue is the wide-spread existence of 'Zombie Networks' composed of remote controlled virus/trojan infected computers numbering from the 10s of thousands to millions of units in size. If such a network was put to use to brute force a one-way hash, a problem that would previously taken decades to centuries to solve is now reduced to a problem that could take only months to years to complete. So far, this threat has not become an issue, as 'Zombie' network operators find that they can make more money sending Spam Email, or shaking down gambling sites with DOA attacks... However, this still remains an issue that Security Engineers worry about, and has led to a new public hashing algorithm competition funded by the US Government (who's results are still years away...)

In any case, Cryptics response is the correct one... Since the information revealed could result in additional attacks to crack the account passwords, the preventative action to take is to CHANGE YOUR PASSWORD...

(As a Security Engineer with a specialty in authentication, this is really a simple and obvious issue. And all the complaints about Cryptic violating the trust of its players is much a do about nothing... However, without my experience and background, few people will have a understanding of the issues here...)
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


All times are GMT -7. The time now is 09:48 AM.