PDF Esloan over at HorRIFTic Intentions added a post on his site recently that may indicate the end of the current rash of hacked Rift accounts.
A player (ManWitDaPla) posted in the official forums that he had discovered how to by-pass the current security system – and openly asked for someone to contact him. During that time, there was an official post further along in the thread.
All,
We have some things in the works right now and have been passing on your feedback, concerns, and thoughts throughout the day (no matter how radical or unlikely).
Sharing sensitive information about our actions (no matter how broad) naturally also informs those carrying out these attacks. This puts us in a tight spot with how much information we can provide, and the questions we can answer.
Apologies we can't be more forthcoming at this time, but we appreciate your understanding – its always our goal to ensure you can play and enjoy the game securely, and unfettered.
Thanks everyone,
Elrar
Followed by a response by ManWitDaPla who said Trion was then taking down the servers to make the fix. And then a follow up later yet with some more details on what happened and why. The key point being that player account details were NOT compromised. The hacker(s) bypassed the normal account authentication process but never actually got login/password details.
In another later post in the same thread, ManWitDaPla stated:
Got word back from Steve Chamberlin, the development lead for Rift. This hole is sealed.
Read the full post here.
One thing I think important to reiterate here is that Trion is concerned that a lot of hacked accounts are re-using login/password combinations they use from other games (namely WoW). Hackers have access to a plethora of hacked account details from that game and use it against Rift accounts. If you use an email and password even remotely similar to one you've used in another game (especially WoW), change it now!
Use a completely unique email address and password for your Rift account. Free-mail accounts are easy to come by. Simply forward the free-mail account (gmail, yahoo, etc) to your real email account to make sure you get Coin Lock notification (and other Trion emails). That way you don't have to log in to multiple email accounts when you need to access mail from Trion. We're using unique emails for Rift in our household and feel much safer for it.
Esloan at HorRIFTic Intentions also pointed out some positives that players may have learned from this whole fiasco. Your computer and browser's security really IS important. And perhaps many Rift players have taken further steps to ensure they are better protected than they were.
This issue may be currently resolved, but hackers are always finding that backdoor (pun intended) method to get your account details. Remain vigilant and keep your account safe!
Scott Hartsman makes an official statement in regards to this security issue – which is now indeed resolved.
