Jump to content
LOTROCommunity
Spiteful

FunCom Data Breach

Recommended Posts

Data Breach on Funcom Forums

Published on (2016-08-24)

To all Funcom Forum Members,

On August 24th, 2016, we discovered that user data associated with forum accounts onTheSecretWorld.com, AgeofConan.com, Anarchy-Online.com and LongestJourney.com have been compromised by a third party.

We regret to inform you that the data breach includes e-mail addresses, user names, and encrypted passwords associated with forum accounts on these forums. Even though passwords were encrypted, these can be cracked and should be considered compromised. It is important to note that forum accounts and game accounts are separate and are stored on different servers using different security systems. Game accounts have not been compromised.

The breach was possible due to a security fault in the vBulletin forum system. This security fault was corrected on our forums on August 19th, 2016, but we are unable to determine exactly when the data breach occurred prior to the fix.

As a temporary security measure, we have reset all passwords for every forum account onTheSecretWorld.com, AgeofConan.com, Anarchy-Online.com and LongestJourney.com. The next time you try to log in you will be told your password is incorrect and you will have to reset your password to continue. If you have used your old forum account password on your Funcom game account or any non-Funcom accounts, you should also change your password on those immediately. 

We take this incident very seriously and will be taking measures to ensure it does not happen again. The bug that made this data breach possible has been corrected, but as a precaution we have taken our forums offline so we can conduct further investigations and ensure there are no more security issues before we bring them online again. 

We sincerely apologize for the inconvenience caused. If you wish to talk to us, please get in touch with our customer service representatives via http://help.funcom.com and we will get back to you as soon as we can.

Thank you for your attention.

Best regards,
Funcom

Share this post


Link to post
Share on other sites

They fixed the problem 5 days before they supposedly discovered there was ever a problem, but don't mention when the problem actually started?

Share this post


Link to post
Share on other sites

The bug in vBulletin has probably been there since the v4 release. I see other forums reporting the same loss recently.

Running vBulletin is borderline suicidal these days.

Share this post


Link to post
Share on other sites

Unless I'm mistaken, based on what I've seen in the forum structure there, LOTRO's forums are vBulletin-based.  Perhaps Mr. Snook ought to have his superiors made aware of certain realities.

 

Turbine should hope that it doesn't experience another breach, as they still have maintained the very foolish decision to unify username/password combos for both the forum accounts and game accounts.

 

Invision just has so many and better tools ...

Share this post


Link to post
Share on other sites
18 hours ago, Doro said:

They fixed the problem 5 days before they supposedly discovered there was ever a problem, but don't mention when the problem actually started?

No.

vB released a patch to fix the problem, FunCom deployed the patch, then a few days later they found that they had been compromised before the fix was installed (They said this directly in the post, though they did say corrected rather than patch ). They specifically said they didn't know the exact date the breach occurred. They also told us what data was where, 2 different servers for forums and game.

They found out and reported all the info to us the same day,on the forums, social media and by direct email, no need to read it all skewed like it's Turbine.. 

10 hours ago, Darmokk said:

The bug in vBulletin has probably been there since the v4 release. I see other forums reporting the same loss recently.

Running vBulletin is borderline suicidal these days.

Yea it seems I continually hear about vB security issues. Since I don't ever deal with that kind of stuff why do so many companies run vB and not something with less problems?

Share this post


Link to post
Share on other sites
On 24/08/2016 at 10:35 PM, Spiteful said:

...

forum accounts and game accounts are separate and are stored on different servers using different security systems.

...

What a good idea...

Share this post


Link to post
Share on other sites
21 hours ago, Spiteful said:

... no need to read it all skewed like it's Turbine.. 

I'm reading it like they're a company. I don't trust companies full stop, so when something like this hops along, I don't see it in any positive light. I also notice they've not sent out emails about this. Instead, I got through an email today from them asking me to buy a "Retro Bag" .

Share this post


Link to post
Share on other sites
On 8/26/2016 at 6:23 PM, Doro said:

I'm reading it like they're a company. I don't trust companies full stop, so when something like this hops along, I don't see it in any positive light. I also notice they've not sent out emails about this. Instead, I got through an email today from them asking me to buy a "Retro Bag" .

The difference is that FunCom has a history of being fairly honest and open with the playerbase. No double speak or it's what they didn't say that matters. They're very consistent on yes, no, not sure, let me get back to you. IMO, and others, they have earned and deserve the benefit of the doubt. When and if they break that trust, my opinion will change. Obviously they can't tell us everything or every detail but even then the Game Director has come out and said "I can't talk about that because of marketing." or whatever dept is holding up info. 
 

Not sure why you didn't get an email, I did, and everyone I play with did. It was sent on the 24th, the same day they found it. It's kind of strange that you got the Retrobag ad on the 26th since it was sent on the 25th.
 

Share this post


Link to post
Share on other sites
8 hours ago, Spiteful said:

Not sure why you didn't get an email, I did, and everyone I play with did. It was sent on the 24th, the same day they found it. It's kind of strange that you got the Retrobag ad on the 26th since it was sent on the 25th.

Says Fri 00:23 on my emails, so probably a time zone thing. But nope, nothing else from them until the 27th July, which was another advert about their store.

Share this post


Link to post
Share on other sites

Yea that's strange. It's not like we have different servers, etc for different regions so the email shouldn't have been US only.

I don't mind the Store adverts since we don't have them in game. The only Store mentions in game I can think of is there is one early deed that gives you Points for the Store, and if you find missions that aren't part of the base game the tool tip also tells you what Issue you need to open it. Other than those you have to go to the menu to get to the Store or you can hot-key it.

Here's a copy of the email, pretty much an exact copy of the other notifications.

 

Important notice regarding Funcom forum data breach

 
 
Inbox
x
 
 
 
profile_mask2.png

Funcom <newsletters@newsletter.funcom.com>

Aug 24 (4 days ago)
cleardot.gif
 
cleardot.gif
cleardot.gif
to me
cleardot.gif
 
 
 
 
 
fclogo.png
Data Breach on Funcom Forums
Having trouble viewing this email?
 

Data Breach on Funcom Forums

On August 24th, 2016, we discovered that user data associated with forum accounts on TheSecretWorld.com,AgeofConan.com, Anarchy-Online.com andLongestJourney.com have been compromised by a third party.

We regret to inform you that the data breach includes e-mail addresses, user names, and encrypted passwords associated with forum accounts on these forums. Even though passwords were encrypted, these can be cracked and should be considered compromised. It is important to note that forum accounts and game accounts are separate and are stored on different servers using different security systems. Game accounts have not been compromised.

The breach was possible due to a security fault in the vBulletin forum system. This security fault was corrected on our forums on August 19th, 2016, but we are unable to determine exactly when the data breach occurred prior to the fix.

As a temporary security measure, we have reset all passwords for every forum account on TheSecretWorld.com, AgeofConan.com, Anarchy-Online.com and LongestJourney.com. The next time you try to log in you will be told your password is incorrect and you will have to reset your password to continue. If you have used your old forum account password on your Funcom game account or any non-Funcom accounts, you should also change your password on those immediately.

We take this incident very seriously and will be taking measures to ensure it does not happen again. The bug that made this data breach possible has been corrected, but as a precaution we have taken our forums offline so we can conduct further investigations and ensure there are no more security issues before we bring them online again.

We sincerely apologize for the inconvenience caused. If you wish to talk to us, please get in touch with our customer service representatives via http://help.funcom.com and we will get back to you as soon as we can.

Thank you for your attention.

Best regards,

Funcom

Share this post


Link to post
Share on other sites

Reasonable disclosure notices usually only go to U.S. customers since that country is much more likely to have you sued over it.

Share this post


Link to post
Share on other sites
15 hours ago, Darmokk said:

Reasonable disclosure notices usually only go to U.S. customers since that country is much more likely to have you sued over it.

You mean we're more likely to sue you for breathing incorrectly?

Share this post


Link to post
Share on other sites
10 hours ago, Almagnus1 said:

You mean we're more likely to sue you for breathing incorrectly?

Only a matter of time until Nestle manages to make air not free.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×