Jump to content
LOTROCommunity
Rosiebelle

Official forums down

Recommended Posts

Any time I see someone blindly following someone or some group or company it always brings to mind two things. Those who followed David Koresh and those who followed Jim Jones. Look where it got them.

Well, I would agree with that, but seriously, not when it comes to this.

Seriously, you cannot put following Turbine in the same bracket as following 2 lunatic cult-leaders. Let's not place Sapience in that category quite yet ;)

Share this post


Link to post
Share on other sites

I still think concentrating on just one AG is more effective.

It may also swamp them. That might do one of two things; get one of their office gophers to file everything repetitive in the round file while making notations about it to preserver the 'number', or make calls themselves to each district and get those AG in that state to begin their own digging. I much prefer to have 50 odd AG making calls and digging for data. That's a lot of phone time for Turbine and their many reps. Work could grind to a halt. Someone should be parked outside to see if they've hired one of those shredder companies to come do some work for them. Plus, crossing state lines makes it a federal case, and that's where you want it to go if you can.

Pity, Arbalister appears to be ignoring my posts. I liked pointing out the flaws in his argumentation.

I'd like to launch him outta one of the contraptions for which he is named. The shock to the noggin might jog the rational part of his brain back into focus.

I think I would have better luck herding 20 cats into a small room than I would getting info from Turbine.

So what do you all suggest is the next step in terms of letter writing? I'd rather not waste time writing a letter to WB. If they are run like Time Warner then it will likely take months to get a response, if one is received at all. From my experience they operate very very slowly.

If I write to the MA AG will they ask if I have written a letter to Turbine asking for the information? Is asking in the forum the equivalent of sending a letter as far as the AG is concerned?

I have better things to do with my time than pursue this but since Turbine isn't answering the freakin questions...

argh.

The forums are labelled as official. That infers a certain amount of official-ness. Since they have answered questions regarding company policy, and they have a thread that has those questions in it currently for the forum hack, and they have released a FAQ, that can be taken as all the official response we will ever get.

Share this post


Link to post
Share on other sites

Well, I would agree with that, but seriously, not when it comes to this.

Seriously, you cannot put following Turbine in the same bracket as following 2 lunatic cult-leaders. Let's not place Sapience in that category quite yet ;)

I don't put Turbine in that category nor do I put Sapience in that category. But blind faith is still dangerous.

Share this post


Link to post
Share on other sites

The phrasing of your post on the official forums did seem coercive; i.e., "Turbine must not take action X or I will take action Y." However, after thinking about it some more, I'm not sure that requesting an investigation from your state's attorney general is the kind of action that would cause Turbine to suspend doing business with you. If you do end up doing that, it's not an issue between you personally and Turbine, it's an issue between your state and Turbine. But again, I'm not a lawyer, and I don't know what Turbine's exact policies are for this sort of thing.

That's my interpretation, too. I am not threatening legal action as such.

All I ask is that if Turbine, after closing all communication channels but one, leave that one communication channel open while there is a security issue in float. Or I will open a new one, specifically I will ask the AG to open one.

I'd like to reiterate that I do not recommend initiating any legal action; however, it seems silly to me that you would make that decision based on whether Turbine locks a thread or deletes a post. I think it would be wiser to make that decision based on your trust of the company in regards to your own state's data protection laws. And yes, your state does have some of the most comprehensive and prescriptive regulations out there.

I think my demand is a demand that if not met by Turbine would look extremely bad for them.

The best way to get the AG interested is shutting off communications.

In my state, a company has up to 45 days (or longer, if a law enforcement investigation is in progress) to notify me as a resident if any unencrypted personal data have been improperly disclosed. The law also defines personal data in such a strict way that it's unlikely to include any information that would have been stored in a forum database. In light of that, I think it would be a waste of resources both for my state and for Turbine if I requested an investigation from my state.

Passwords should qualify pretty much anywhere, no?

In any case, it seems fairly obvious from the outside that Turbine does not know one way or another what information was snarfed from the database(s). This is my reading of their WB lawyer approved communications, and it is my estimation based on being a computer engineer and knowing how unlikely it is that they had sufficient logging enabled in this particular situation.

Let's not forget that they have simply exposed the whole SQL database installation to all of the Internet with no password required. Specifically it seems to have been done to ease their pain when migration the European customers to US servers.

My interpretation of past AG actions is that they are likely to fine Turbine to ensure that they take better care next time.

My level of confidence in Turbine is lower today than it was last month. As a result, I've asked the company to remove the saved payment information (already canceled, for other reasons) from my account, and Turbine accommodated that request the next business day. If I decide to pay the company in the future, it will probably be with a method that doesn't get saved to my account.

I'd still like to hear a definitive answer from Turbine regarding what personal data (if any) were compromised, and I think a sincere apology wouldn't hurt the company's position, either. However, even if that never happens, I'm going to continue enjoying the game.

As I said, I still enjoy the output of those 90% of Turbine's staff that isn't involved in the customer facing end we are dealing with here.

BTW, I always use one-time credit cards for my Turbine payments. Very handy, as they are limited, and you can cancel even that limit without ever having to visit your user account at Turbine.

Share this post


Link to post
Share on other sites

Passwords should qualify pretty much anywhere, no?

Where I live, the law defines personal data strictly as the combination of my first name (or initial) and full last name, plus one or more of: a state-issued ID number (like driver's license), a Social Security Number, or a financial account (credit card, checking account, etc.) number. If any business improperly discloses these data in an unencrypted form to an unauthorized person, that business must notify me within 45 days.

Basically, these data are what a criminal would require to perpetrate identity theft, a.k.a. commit fraud in my name.

Other states have stricter standards for the protection of their own residents' personal data. My state simply isn't one of them.

Short of having access to what my state defines as "personal data", with my Turbine account user name and password, a criminal could still commit fraud by making unauthorized purchases of Turbine Points in the LOTRO Store using the saved payment method in my Turbine account. If Turbine's negligence contributed to such an act, and as long as I haven't disclaimed Turbine from such negligence in one of the many agreements I accepted during installation or in the Launcher window, I might be able to sue Turbine and recover damages. However, my Turbine account no longer contains any saved payment information, so that will never happen. It's not something I personally would ever do, anyway. I'd just chalk it up to life experience and move on.

Edit: Even if this last scenario ever happened, the most likely outcome is that Turbine would simply refund the purchases. Turbine doesn't lose anything refunding a purchase of virtual goods or currency, and they probably end up keeping a customer that way, too.

Share this post


Link to post
Share on other sites

Maybe they found another hole in their defenses. :)

Or put a new one in?

You know to solve the problem of uncertainty that we complain about so much :D

Share this post


Link to post
Share on other sites

Lol, I saw the maintance screen and my first thought was 'hey, maybe they got hacked', but that would be just too ironic, if true.

Anyway, it's a bit late for maintenance, on an early Sunday morning. Maybe it's those guys from AC getting their forum access back, but I doubt that that is a priority at this time of night.

Added:

Scheduled Maintenance: Monday, October 24th

Oct 21, 2011 17:54 EST The LOTRO Game Servers, http://myaccount.turbine.com, the forums and the wikis will be offline for maintenance on Monday, October 24th from 6:00 AM to 10:00 AM Eastern (-4 GMT). Thanks for your patience, and we'll see you back in the game soon!

Share this post


Link to post
Share on other sites

Maybe they are editing. Editing posts. Something they have gotten very proficient at this last year. I am tiring of the frequency of it. Ive been edited myself. Not just posts but topic statements too. Everything made nicey nice. Not listening is one thing but undue cleaning is another. I think overall this has led to a lot less interaction. Its just not very interesting anymore when the channel for statement has become so narrow. Ive also noted that many edit and re-edit their own posts daily now. I find that insanely funny for some reason.

Share this post


Link to post
Share on other sites

It seems time for 'WWTD' ;)

What Would Tolkien Do?

That editing stuff is just plain childish. I guess it's better done sooner than soon :P

It's so sad it's funny. Something like that?

Share this post


Link to post
Share on other sites

Scheduled Maintenance: Monday, October 24th

Oct 21, 2011 17:54 EST The LOTRO Game Servers, http://myaccount.turbine.com, the forums and the wikis will be offline for maintenance on Monday, October 24th from 6:00 AM to 10:00 AM Eastern (-4 GMT). Thanks for your patience, and we'll see you back in the game soon!

That's just dandy, but unless I slept for a VERY long time last night, today is the 23rd, not the 24th... :?

Edit: they seem to be working for me at the moment.

Share this post


Link to post
Share on other sites

Forums are back. Can't see any offensive action on Turbine's part offhand.

Share this post


Link to post
Share on other sites

See the "More hacking" thread in general forum

I can confirm that you are still allowed to use symbals in password.

-fanboi on

Just because there was a recent security breach (which Turbine dealt admirably, with) it does not follow that all future account problems are Turbine's fault. (Nor does it follow that all problems during the breach were Turbine's fault).

As far as demanding Turbine fix it... They did; in a timely manner, and didn't hide or obfuscate it. They came right out and said - we had a problem, and recommend everyone change their password.

/fanboi

There are 100 reasons why your friends account might have been hacked - only one of them is related to the recent issue at Turbine.

In short - correlation != causation.

I can't believe anyone would make a post like that.

Share this post


Link to post
Share on other sites

I do. Arbalister is famous for that. Apparently when he plays with dominoes, knocking the first in a line over never knocks over the next one in turn.

It wasn't Arbalister

http://forums.lotro.com/showthread.php?427053-More-hacking.&p=5769916#post5769916

Share this post


Link to post
Share on other sites

Anyone else getting an error message on the forum tonight

Yes, me :w

EDIT; but I guess this is the scheduled maintenance thingy wotsit :$

Share this post


Link to post
Share on other sites

I wager five Turbine points that the official discussion topic concerning the breach gets sent to Coventry's cellar.

Share this post


Link to post
Share on other sites

Well, if they delete or close that topic at this point, it's going to scream "COVERUP". I think they're still dithering over what to say and how to say it.

;)

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...