Rift hacked, user information stolen

If you've played Rift, be aware that an account database of developer Trion Worlds has been hacked. The naughty hackers have made off with personal information including addresses and dates of birth, but Trion insists credit card details are safe.

Alice O'Connor

December 23, 2011 6:15 AM

If you've played Rift, or even its open beta, be aware that an account database of developer Trion Worlds has been hacked. While the naughty hackers have made off with personal information including addresses and dates of birth, Trion insists that, "There is no evidence, and we have no reason to believe, that full credit card information was accessed or compromised in any way."

Trion explains, "The database in question contained information including user names, encrypted passwords, dates of birth, email addresses, billing addresses, and the first and last four digits and expiration dates of customer credit cards."

If you use that password anywhere else online, you may want to change it. As seen when Battlefield Heroes was hacked, encrypted passwords and not necessarily secure.

"We have already taken further action to strengthen our systems, even as we, with external security experts, continue to research the extent of the unauthorized access," Trion says.

Account holders will need to change their password and security questions when they next log into Trion's website. By way of apology, Trion will then give your account an item to boost in-game gold game and, if you own Rift, three days of free game time.

Alice O'Connor

Filed Under

From The Chatty

Refresh Go To Thread

Shacknews

 reply
December 23, 2011 6:15 AM

Alice O'Connor posted a new article, Rift hacked, user information stolen.

If you've played Rift, be aware that an account database of developer Trion Worlds has been hacked. The naughty hackers have made off with personal information including addresses and dates of birth, but Trion insists credit card details are safe.
- Lakipo
  
   reply
  December 23, 2011 6:30 AM
  
  I played Rift.
- [deleted] 779361882
  
   reply
  December 23, 2011 6:33 AM
  
  [deleted]
  - [deleted] 362342491
    
     reply
    December 23, 2011 6:38 AM
    
    [deleted]
    - Alexrose
      
       reply
      December 23, 2011 6:50 AM
      
      Can't tell if trolling or just stupid.
      - [deleted] 362342491
        
         reply
        December 23, 2011 6:55 AM
        
        [deleted]
      - aethyr
        
         reply
        December 23, 2011 8:12 AM
        
        What is stupid about not being frequently woken up during sleep?
        
        Alexrose
        
         reply
        December 29, 2011 12:30 PM
        
        Silent mode?
    - [deleted] 779361882
      
       reply
      December 23, 2011 7:17 AM
      
      [deleted]
      - [deleted] 779361882
        
         reply
        December 23, 2011 7:19 AM
        
        [deleted]
        
        [deleted] 362342491
        
         reply
        December 23, 2011 7:24 AM
        
        [deleted]
        
        [deleted] 779361882
        
         reply
        December 23, 2011 7:45 AM
        
        [deleted]
      - aethyr
        
         reply
        December 23, 2011 8:13 AM
        
        My phone can be on silent but has a separate volume for the alarm.
    - maulla
      
       reply
      December 23, 2011 8:04 AM
      
      I think if you took a poll you would find out just how out of touch you are
- TheMongbat
  
   reply
  December 23, 2011 6:33 AM
  
  When did it happen, Alice? I actually had $1k of fraudulent charges placed on my "gaming" credit card on Monday. I'm a pretty efficient shredder/saver of receipts and such, so I was wondering where the security leak was.
- melkore
  
   reply
  December 23, 2011 6:35 AM
  
  I only played it in the beta so no credit card info was on my account. whew.
- SlingBlaze
  
   reply
  December 23, 2011 6:51 AM
  
  I got this email too, the crazy thing about it? I don't even have a rift account.
  - jasoncrowley
    
     reply
    December 23, 2011 7:28 AM
    
    Sign up for the beta or a newsletter? I never opened an account, but I did sign up for news pre-release.
    - SlingBlaze
      
       reply
      December 23, 2011 7:58 AM
      
      I'm really not sure.......I tried to login to their site with my email and it said "this account has never been confirmed"
- dantastic
  
   reply
  December 23, 2011 6:59 AM
  
  what the shit
- boarder2
  
   reply
  December 23, 2011 7:27 AM
  
  changed my password to something insanely long, added a mobile authenticator, considering it safe and I'll just let it lie dormant like I have for the last... how ever long it's been since the Rift beta ended.
  - kwperley
    
     reply
    December 23, 2011 10:15 AM
    
    Adding an authenticator stops YOU from getting hacked, but it doesn't stop THEM from getting hacked.
    
    I haven't played Rift in ages, but I had a mobile authenticator on my account, doesn't stop intruders from getting access from the other end.
- limpossible
  
   reply
  December 23, 2011 7:48 AM
  
  Well, that was a pain in the ass. Doesn't look like any of my cards or anything got stolen. Even though I havent played Rift in a long, long time I still have an active sub till April 6th. Cancelled that.
- mallfouf
  
   reply
  December 23, 2011 8:08 AM
  
  Why don't developers encrypt user information the same way they do with CC data?
  - oneandone11
    
     reply
    December 23, 2011 9:53 AM
    
    The bad thing is, the way that it was stated, I can't even tell what was encrypted other than the passwords. I would have hoped they encrypted all of that information - that is just SOP for any database with credit card information.
- [deleted] 439710436
  
   reply
  December 23, 2011 9:07 AM
  
  [deleted]
  - Clay
    
     reply
    December 23, 2011 9:42 AM
    
    You can take something seriously yet still be incompetent.
    - yosemiteclimber
      
       reply
      December 23, 2011 9:54 AM
      
      See: Sony
    - [deleted] 439710436
      
       reply
      December 23, 2011 9:56 AM
      
      [deleted]
      - Clay
        
         reply
        December 23, 2011 10:15 AM
        
        Do I need to bring my special skills?
- Zero Hoki
  
   reply
  December 25, 2011 8:17 AM
  
  Why do videogame developers suck so much at database security?
  - synic0
    
     reply
    December 25, 2011 11:00 PM
    
    They don't prioritize or take the matter as seriously as making and shipping the game on time. Even developers who do web sites have an appalling lack of understanding of minimizing surface area for attack vectors and ignore even simple best practices because they are minor inconveniences during prototyping and design phases. There are a staggering amount of security warnings in most C++ game code bases that are simply ignored, and this culture of dismissing or deprioritizing seeps into all aspects of work-- hiring, training, testing/QA, dev, IT/Ops, etc.
    - hyperwired
      
       reply
      December 26, 2011 6:34 PM
      
      Sad but true.
      
      Unfortunately even as a developer if you are aware, willing and capable of preventing these problems, and can see obvious flaws and lack of best practices, quite often your company/boss/employer doesn't share your view.
      
      Security is the most overlooked aspect of software development; I just imagined a wild possibility that some of these attacks are by security professionals trying to increase demand for security professionals.
- Dark Drakonis
  
   reply
  December 27, 2011 8:10 AM
  
  usually this allways happens through a backdoor in the forums for the company.... no company has yet to protect their forums therefore more and more companies get hacked