Jump to content
LOTROCommunity

Looks like Turbine's deception works on someone - massively.com


Darmokk
 Share

Recommended Posts

http://massively.joystiq.com/2011/10/19/turbine-explains-recent-lotro-forum-security-issue/

Turbine also claims it has strengthened its web security and that no payment details, including credit card information, were in danger of being stolen.

That's not true, Turbine makes no such claim.

What happened?

Recently, we became aware of a compromise of the LOTRO forum database.

Were my payment details or credit card number exposed?

No payment information was contained within the forum DB.

Massively didn't spot the twist here which is that they don't deny that other databases were exposed. From the screenshots at the time of breakin we know that more tables than the one labeled "forum" were exposed all the same way as the "forum" labeled one. It just so happens that the white hat hacker didn't post samples of those other tables.

They do not say "no credit card information was stolen" or "in danger of being stolen".

Link to comment
Share on other sites

Think you have the wrong person there...it's Celestrata, not Sapience.

Yes, you are absolutely correct. And I did know that. Brain slip, apologies.

I must have had Sap on the brain. :P

Sapience is Rick Heaton.

http://twitter.com/#!/rickheaton

Coffee time for me!

Though I must confess, that before I knew who it was, I thought that 'Sapience' was a girl for a long, long time due to the name sounding, well, girlish. :P

Likewise, from the name, I thought Celestrata was a guy.

It was only after reading their writing styles that I started to realize that I had it reversed. Funny that.

Link to comment
Share on other sites

I have posted this in the community site forum section. I would ask folks not to respond to it with anything which could provide grounds for the Moderators to close the thread.

I wish you the best of luck with this but you should know that I started a similar thread last night and it didn't take long for it to get deleted along with me receiving an infraction for trying to reopen a locked thread. It is possible though that mine wasn't quite as polite as yours >:)

Link to comment
Share on other sites

I have posted this in the community site forum section. I would ask folks not to respond to it with anything which could provide grounds for the Moderators to close the thread.

Thanks.

BTW what is the bug causing clicking on links here to the official forum bounce back to this forum? It looks like it isn't caused by this forum, it seems to be that the timeout-based login mechanism over at the official forums redirects the page request to the referer as given in the http header.

Link to comment
Share on other sites

Until they force a separate keypass for game accounts and forum accounts, they aren't really making the place anymore secure than it was prior to the forum merger, which still had it's fair share of hacks before that.

As for the inability to have comments posted on massively, I'm sure it's because they were told to do that, so as not to allow facts to interfere with the message they want spread. If enough people posted comments tearing apart the 'official' line with facts instead of carefully scripted PR, that would only create more questions as to why T wouldn't be upfront, and then go to the trouble of having some reviewer post PR for them.

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share

×
×
  • Create New...