Official forums down

[Rosiebelle]

If this was planned it was not mentioned in advance. No reason why is stated apart from "maintainance".

They also have no ETA for them coming up again.

I just hope this isn't security related and we don't all have to change our passwords or something again!

[Trinsec]

Again? They been breached before then?

[Agra]

I just hope this isn't security related and we don't all have to change our passwords or something again!

Yesterday, we had some posts here, which shows some DB-Extracts. I'm sure it's a big security hole.

[Mabusian]

I just hope this isn't security related and we don't all have to change our passwords or something again!

You should change your passwords monthly anyway (though I'm in about a three month turn).

[Rosiebelle]

My password is changed quite often - I just don't like the idea that their security is so lax generally. I'm no raider, I don't have much loot to lose in the great scheme of things, I couldn't pay 40g for a symbol if I wanted to but it is still the sum of several years gaming work and they seem to treat people so badly when things do go wrong and blame the customer always first rather than the criminal - when it seems an awful lot is not as it should be at their end.

[Blister]

Yesterday, we had some posts here, which shows some DB-Extracts. I'm sure it's a big security hole.

Whats a DB extract?

[Agra]

Whats a DB extract?

In german we call it "Datenbankauszug".

[Rosiebelle]

Database? That's what we use DB as shorthand for round the office. We also call it some rather rude words

[MueR]

In layman's terms, Turbine left the back door open and someone could walk into Sap's office to nose in player info.

[Rosiebelle]

Which begs the naughty question what would you do if you found the back door open and sneaked into his office? I'm thinking tabasco in the coffee for a real early morning wake up drink or something.

[MueR]

Superglue on his keyboard.

[Vardiel]

I hope this isn't related to my problems: Earlier today I could log in just fine and select the server, but depending on again crashed at loading screen. I got the 'cannot connect to server, press quit' message. On Laurelin I did manage to get to the character screen but when I selected a character, loading screen didn't progress and I got the connect problem message again.

Most likely my ISP hickups, rebooted it after I got the game to start properly. It's okay now, but the timing made me wonder.

[LordVorontur]

Laxatives!

[Vardiel]

How about.. superglue AND laxatives for the coffee? And a tic on the chair perhaps.

Maybe that would be too evil...

[Calendae]

nothing's too evil for the self-titled "harbinger of soon" ...

[Rosiebelle]

Well the last tweet about the forums being down was 9 hours ago - pretty lousy standard of keeping customers informed. Not that telling us they are down was any real information we could not already figure out.

[Vardiel]

Either their a bunch of behemoth drool or the site going down is the cause of some hacking or password leaking, or other sudden and critical updating.

I vote for the latter, amazingly.

[Rosiebelle]

If the timing of the tweet was about the same time as the forums did go down then that would be another nail in the "routine maintainence" coffin. They would not do anything routine overnight US time when they would have to pay someone more to do it. I expect we will get more info when the US wakes up and people start tweeting at them and asking them what the dickens is going on. If it is security issues they can't keep that info to themselves forever.

Edit: If it is a security issue and they have waiting more than nine hours to let affected customers know about it then that is nothing but negligent on their behalf. Some people (not the smart people but some people) may have used the same passwords in other places and giving customers the information to let them change passwords quickly is a basic obligation of theirs. They have a responsibility to keep our data safe. If they can't do that they have a responsibility to let us know quickly. Nine hours is not quickly.

[Agra]

DDO Forum and AC Forum are down too. This is not a "routine maintainence". All the forums went down, 30 minutes after Sap got a hint via Twitter-direct-message.

[Vardiel]

Sounds like an emergency then.

Let's hope it isn't a Sony sized emergency.

[Calendae]

i don't think so, if only because turbine isn't anywhere near sony with regards to size and turnover.

[Rosiebelle]

You mean the Playstation breach or the exploding TVs?

http://www.bbc.co.uk/news/technology-15272573

[Calendae]

hey ... it's not a trick ... it's a sony ...

[Agra]

Sounds like an emergency then.

Let's hope it isn't a Sony sized emergency.

http://lotrocommunity.com/forum/topic/927-wichtig-lotrocom-sicherheitslucke/page__view__findpost__p__16664

[Rosiebelle]

Google translate ses:

Summary by me:

turbine was from me by Sunday night ticket information.

no response on Monday, so I wrote a thread in the forum of the turbine has been deleted. no reaction.

I then wrote an email to webmaster@turbine.com

until yesterday, no response.

I had even told the exact url turbine.

as more and more people have been hacked, which I know to some, I have given the warning I get out of here.

I'm here with three names and email passwordhashs (without salt) to the published evidence.

(one probably was not right of me)

then probably valandir told by twitter and immediately draufhin sapience what was checked and the forum is closed since * facepalm *

what was missing since the migration from CodeMaster of turbine (because it was only possible)

each and everyone could actually access the data.

date on which banks can access exactly knows I had not, because I have not analyzed everything.

The fact is. they had access to over 1 millio the data related to the Forum. there were addresses, according to columns, payment, email, passwords etc stored.