Online Security – A Joke

by David Friday, December 23, 2011 2:56 AM

Well for about the 5th time in the last 3 months I’ve received another email about an online company having had a “security breach” and data being stolen, including account information, possibly credit card information (although they say they have no indication the data is being used yet!).

I personally got nailed earlier this month when evidently one of these thefts got my credit card information and used it to run up $500 in online purchases.  Thanks to CitiBank, I was able to stop it from going any further, and launch an investigation, but this has gotten ridiculous.

I work in the IT industry, I have been for 15+ years now, and I design and develop websites and online e-commerce sites and personally I am appalled at the lack of security many companies in the online world are taking.

Credit card information being kept in databases, but NOT ENCRYPTED, so that any asshole who can gain access has unfettered access to what they need to have a good ole time.  Christ, even common sense no longer seems to come into play anymore with these companies, because seriously I don’t think they give a damn.  THERE IS NO EXCUSE FOR LAX SECURITY, THERE IS NO EXCUSE FOR NOT DOING YOUR DAMN JOB TO PROTECT MY INFORMATION.

It’s gotten to the point to where I have seriously curbed my online purchasing, I just don’t trust anybody anymore.  So all you online gaming sites, online retailers, etc., get your act together, get off your “holier then thou attitude” and starting take precautions.  It’s bad enough when your sites are hacked because of security holes that were fixed with a patch 6 months ago, but you couldn’t be bothered installing the patch, or taking a lax attitude towards storing information in your database.  Encrypting data is not that hard, DO IT.

Below is the latest email I received, this from Trion Worlds because I had signed up to play their MMORPG game RIFT.  Well I had cancelled my account 2 months ago, and that credit card was the one I mentioned above that was stolen, so that account no longer exists.  Good luck Trion, you won’t see my business again, not that you care.

Oh and by the way, love how they are giving all us poor bastards a free in-game gift.  How thoughtful of you.  Tell me, will that in-game gift help those who get screwed in real life because of this little oops?

*******************************************************************************************************

Dear David,

We recently discovered that unauthorized intruders gained access to a Trion Worlds account database. The database in question contained information including user names, encrypted passwords, dates of birth, email addresses, billing addresses, and the first and last four digits and expiration dates of customer credit cards.


There is no evidence, and we have no reason to believe, that full credit card information was accessed or compromised in any way. We have already taken further action to strengthen our systems, even as we, with external security experts, continue to research the extent of the unauthorized access.


You will notice on your next log in to our website that you will be required to change your password, and existing Mobile Authenticator users will also need to reconnect their Authenticator. When you log in, you will be prompted to provide a new password, security questions and answers, and be given the option to connect your account to our Mobile Authenticator to enhance your account’s security.


If you have used your username and password for other accounts, especially financial accounts or accounts with personal information, we suggest you change your passwords on those accounts as well. We recommend that you carefully review your statements, account activity, and credit reports to help protect the security of those accounts. If you need information on how to obtain your credit report or believe any such accounts have been breached, please visit www.trionworlds.com/AccountNotification for more information.
You should have continued, uninterrupted access to RIFT, and we do not anticipate any disruptions to your playing time.


Nevertheless, if you own the RIFT game, you will be granted three (3) days of complimentary RIFT game time once you update your password and security questions.
Additionally, once you update your account and set a new password, your account will be granted a Moneybags’ Purse, which increases your looted coin by 10%, even if you have not yet purchased RIFT.


Please log in to https://rift.trionworlds.com (and we recommend that you copy and paste this link into your browser to access the site) to update your password, security questions and Authenticator.


We apologize for any inconvenience this may have caused you. If you have further questions, please visit our website, www.trionworlds.com/AccountNotificationFAQ.


– The Trion Worlds Team

Tags:

Comments are closed

Disclaimer

The opinions expressed herein are my own personal opinions and do not represent my employer's view in anyway.  (They might not represent anybody else's view either!)

© Copyright 2009