Pages: 1 [2] :: one page |
|
Author |
Thread Statistics | Show CCP posts - 1 post(s) |
SkaffenAmtiskaw
|
Posted - 2006.01.07 01:36:00 -
[31]
Originally by: Dave Day I'm very sure...The Data Protection Act 1998 For the EUA (European Economic Area) came into effect on 1 March 2000. The European Economic Area is the EU plus Norway, Iceland and Lichtenstein ...
I see... I'd sort of subconciously filed it under 'EU only' - thanks for clearing that up! ______
|
Embattle
|
Posted - 2006.01.07 01:36:00 -
[32]
You do realise you lot are sad, and I've be forced to join you....I really think we should let CCP sort it and get back to those of us who are really building a house out of **** bricks ----------- STFU Macromoaners |
Prof Bob
|
Posted - 2006.01.07 01:37:00 -
[33]
Originally by: Zenst
Originally by: Prof Bob
Originally by: Zenst
Originally by: SengH Edited by: SengH on 07/01/2006 01:11:00 Y<SNIP>
Only secure computer is an off computer - FACT.
Or one wraped in tin-foil! You know im right.
Actualy the tinfoil will act as an antanea and boost the signals /me points and laughs at teh tinfoil hat mobs.
Not if the shiny side is pointed in. Dont you know anything!
|
TauTut
|
Posted - 2006.01.07 01:38:00 -
[34]
Dave .. if you have a serious point to make to CCP then why not contact their customer services / support people. They're there to help.
Chest beating on the forums isn't going to be taken seriously - more likely people will think you're trying to show off how much you know about the data protection act in front of your peers rather than making a serious enquiry. Not that I believe that, of course -TT
|
KIAPieman
|
Posted - 2006.01.07 01:38:00 -
[35]
"and tonight on jerry springer......
should CCP get sued?"
JERRY JERRY JERRY JERRY -------------------------------------------------- BNC + KIA = The Ultimate Drunken Retard
|
Zenst
|
Posted - 2006.01.07 01:47:00 -
[36]
Originally by: Nyphur Under the Data Protection Act, you're allowed personally to have access to any information regarding data stored on you, including full knowledge of data stolen or leaked. Email CCP and request it personally, it's probably against standard procedure to give it out automatically since the DPA says you are allowed it on request.
The DPA and added Information act allow you acces to such data pertaining towards yourself and an interpritation of such data (sheet of 10001010110101 is giving you the data but interpretation has to be given as to what each bit means if say a boolean flag feild) after you have submitted a formal request. The company that is issued such a request has 28 days (last a looked) to provide such data/information (data is raw numbers - information is for all effect a translation of said data into meangful english).
They have the right to charge a nominal fee for providing such data (to prevent abuse and stop companies going bankrupt due to all the work that can be involved). Failure to do so leave said company open to a fine.
All that said, the company would be neglagent to proved data upon request unless they are sure there sending said data to the correct individual, otherwise that in itself would be a breach.
All that said I see no violation being carried out from the information provided. That and CCP have acted as they should of and had you had say FBI etc etcetc involved they still woudl of been told to do exactly what they did. Maybe things done were not aware of and given the nature and its an ongoing investigation would be prudent not to beyond what we need to know and the steps taken to limit damage. That is what security is about damage limatation, be it proactivly or reactivly.
As stated CCP donot hold credit card details and as you are not allowed to sell isk for money and all assets belong to CCP no monies were at risk and as such no monertary value for loss can be levied against any breach. Now we know that not truely the case as time/efforts..... but if people realy wish to get anal then bottom line they wouldn;t even have to report it to any law enforcements or even decalre it. But they did declare it and instead of flapping aroudn the matter and trying to cover it up just got on and dealt with it in the BEST way possible. No messing they acted.
So if you wish to send CCP a request under the DPA/whatever law your country has, then feel free but like most I already know my own name and address and remarkably enough its not ZENST - as such feel its totaly unproductive beyond finding out what moderators might of said during petitions, and then unproductive.
|
Equinox II
|
Posted - 2006.01.07 01:56:00 -
[37]
Please give us more information about this CCP, we have multiple people in corp and alliance that got affected by this. Some have lost assets, some even got their entire char deleted...
CCP Hammer > Next patch we will make sure to boost Amarr and Nerf Caldari. |
Dave Day
|
Posted - 2006.01.07 02:00:00 -
[38]
Originally by: TauTut Dave .. if you have a serious point to make to CCP then why not contact their customer services / support people. They're there to help.
Chest beating on the forums isn't going to be taken seriously - more likely people will think you're trying to show off how much you know about the data protection act in front of your peers rather than making a serious enquiry. Not that I believe that, of course
Chest beating honestly is not my intention... sincere apologies if I come across that way. What bothers me is the whole ''We reset your password today because our data may have been compromised but hey, life goes on'' mentality that CCP have adopted here.
At the very least, grown up people should call for a grown up explanation of today's events
|
Dale Cussler
|
Posted - 2006.01.07 02:03:00 -
[39]
Originally by: Dave Day
Originally by: KIAPieman the data protection act is there to sa***uard your information from being intentionally released by the holding company. there is also legislation reguarding the security of the said information as well.
BUT HARPING ON ABOUT IT DOES NOTHING, THIS WASNT AND INTENTIONAL BREACH BY CCP.
there is no such thing as a 100% secure database on a computer, with enough time a hacker will gain access. think on a bit, those compramised accounts could have all been the property of people who have no concept on why a password should be secure and as a result were easily hackable.
be thankfull that ccp have done all the action they can to sa***uard this situation, but you are going on the premise that they are in the wrong when it could be the fact that all 57 accounts were hacked due to negligence on the account holder part, or could have been compramised by keyloggers etc.
Possibly true, though the sheer scale of the response from CCP would indicate that there has been a serious security breach of the information they hold.
The Data Protection Act is quite clear in this respect, it is the responsibility of the holders of the information to ensure that it is held securely. CCP have either been actually hacked or at the very least fear for the security of their information enough to embark upon this large scale password changing exercise. Even if we assume the latter then clearly our information is at a very real risk and an explanation is called for.
Of course it isn't an intentional breach by CCP, and I'm not ''Harping on '' about it. Let's keep factual, now. If I disclose personal information to a third party (CCP) then that third party (CCP) is obliged BY LAW to maintain the security of my information. Sure, If they have been hacked I sympathise, but I need a better explanation than ''Didn't we do well, we changed your PW and protected you'' My question is, how did you get hacked in the first place and why has the personal data which I provided you with been possibly compromised?
To me it's just the standard lockdown procedure. The minute someone has been brute-forcing their way into passwords, you need to basically check the entire set of passwords to see if they are "weak", or whether some have become known without triggering alerts. Easiest way to do it for a good 100.000 accounts is to force everyone to change their password.
Yes, you did get the new one in plain text, with the added warning that one should change it immediately. There is no other, easy way, to handle this.
So instead of playing the "omgz0rz my privacy!" (which, might I add, is gone anyway, yay EU laws, yay US snooping) just do as the mail says, quitcher*****in' and wait for CCP to release a statement of sorts. I doubt they'll be sharing the nitty-gritty with us since that's none of our business.
|
Jenny Spitfire
|
Posted - 2006.01.07 02:45:00 -
[40]
LOL.
If passwd and security is so much an issue, why not ask CCP (like how some health clubs are doing) provide a membership card just to access EvE? In this sense, a USB dongle that can hold a unique membership key and requires to be plugged into the PC whenever, we logon to EvE. EvE is authenticated by the hardware itself and not just only passwd. Expensive solution but sure can cool down the current mob in this thread.
For me, I think I will enter my 12 characters alphanumeric code. Should be sufficient for me.
----------------
RecruitMe@NOINT! |
|
News
|
Posted - 2006.01.07 02:58:00 -
[41]
In the past whenever CCP had problems with anything, most of the time they've made a dev blog about it a while later. I'm sure they'll do the same this time. As for today, I'm pretty sure the entire CCP staff has been pushed to the maximum to get things running smooth (or as smooth as the current state of TQ will allow ) again.
When **** hits the fan like this on a friday, the last thing you want to do is think of a way to tell the public what happened, without getting into too much detail security wise, and without misrepresenting any facts. You'll want to drink beer, and probably lots of it.
Just hold on to your horses, be happy that the situation appears to be fixed, give CCP some time to catch their breath, and your questions will be answered in the near future.
|
SengH
|
Posted - 2006.01.07 02:59:00 -
[42]
Realistically couldnt they just have it as an optional one time security enhancement you can choose to add to your acct. That would work the best and since your password changes every minute, it would be totally useless keylogging. OFC having to dig up your token every time you log into eve would be a pain.
|
dosperado
|
Posted - 2006.01.07 03:13:00 -
[43]
As far as I know loginname and password are sent in plain text through your internet connection from the EVE-client to the server. Someone mentioned this in a thread a while ago. Just wondering why CCP does not add SSL encryption while authenticating with the server. It's only a matter of time when user accounts get hacked again. ____________________ CEO Denial of Service
NPC Mass Murderer Security Status 7.8 |
SHINJI AKARI
|
Posted - 2006.01.07 03:18:00 -
[44]
So the OP is kinda sorta threatening legal action by speaking in legal terms. Stop and think about it. How much information would you give out if you were in CCP's position?
Talk to any lawyer you want about any legal topic. The first thing they will tell you is to never say a word to anyone without them there.
You don't make a game this size by having a bunch of morons working for you. I have complete confidence in the decision making capabilities of the CCP crew, and if they said they had to do it, then I truly believe they had to do it.
Theres really no point in starting conspiracy theories. If your in any long term danger from what happened today I am %5000 sure that CCP will let you know.
|
Swafa
|
Posted - 2006.01.07 03:18:00 -
[45]
For all of you who didn't truly get and hacked and are telling us defiled ones to STFU and go on.
How would you feel if, 3 years of intense gaming all went kaput one day eh?
You probably don't have any real game assets anyway.
I was one of the ones who were hacked.
Here is just a little list a stuff I may never get back.
3 T2 BPOS 2 Dreads 24 BS 15 HAC Tons of Frigates/cruisers to include unknown # of t2 frigs Billions in minerals 200 T1 BPO originals all Highly researched Including all BS BPOs. 4.9b in isk. 5 Large POS 8 Medium POS 15 Small POS Buttload of POS Equipment 8m in sp lost due to the jerk getting me repeatedly podded w/o clones.
U lose that and the ability to do absolutely nothing about it.
I really don't see the humour in that.
|
Nyphur
|
Posted - 2006.01.07 03:27:00 -
[46]
Originally by: Zenst
Originally by: Nyphur Under the Data Protection Act, you're allowed personally to have access to any information regarding data stored on you, including full knowledge of data stolen or leaked. Email CCP and request it personally, it's probably against standard procedure to give it out automatically since the DPA says you are allowed it on request.
All that said I see no violation being carried out from the information provided.
That's not what I'm saying, though. I know there's no violation, I'm saying the OP shouldn't be posting this ont he forum if he wants a response. All he has to do is ask CCP for the info and he'll get it.
|
Kane Ululani
|
Posted - 2006.01.07 03:32:00 -
[47]
CCP escalated appropriately, and I'm impressed that the company made the issue public knowledge. This is not customary for most firms.
|
Nyphur
|
Posted - 2006.01.07 03:38:00 -
[48]
Originally by: Swafa For all of you who didn't truly get and hacked and are telling us defiled ones to STFU and go on. How would you feel if, 3 years of intense gaming all went kaput one day eh?
Oh my god... That ISKworth being lost is one thing but the guy forcibly reverted your character by 8mil SP.. that's like a year of training skills. Christ...
|
Richard Villiers
|
Posted - 2006.01.07 03:45:00 -
[49]
Who gives a **** really? Important part is, CCP is trying and doing their best (and have always been as far as I'm aware of) and that's more than pretty much all online-games' devs can say about them.
Get a life, seriously. _____
Originally by: Neon Genesis This forum is about opinion, however, you are wrong.
|
Kane Ululani
|
Posted - 2006.01.07 03:51:00 -
[50]
Originally by: Swafa
I really don't see the humour in that.
There is no humor in it. However, CCP has several issues;
1) Determine how it happened. 2) How to stop it from happening again. 3) Perform a forensic analysis of their data prior to and after the event to determine what happened to your account and others.
All these things take time, but will be resolved. It will not happen overnight. I know that there is no pleasure in this knowledge, as all that can be offered is patience.
|
|
Nyphur
|
Posted - 2006.01.07 04:16:00 -
[51]
Originally by: Kane Ululani
Originally by: Swafa
I really don't see the humour in that.
There is no humor in it. However, CCP has several issues;
1) Determine how it happened. 2) How to stop it from happening again. 3) Perform a forensic analysis of their data prior to and after the event to determine what happened to your account and others.
All these things take time, but will be resolved. It will not happen overnight. I know that there is no pleasure in this knowledge, as all that can be offered is patience.
For what it's worth, I really hope all that guy's stuff is traced and restored. And it can be traced, GMs do it all the time. If any company is going to be reasonable and give game items back to someone who lost them like this, it's CCP.
|
3rve
|
Posted - 2006.01.07 09:00:00 -
[52]
Can somebody answer me one question. If ccp does not store credit card information then how do I get billed every month for my subscription? I don't login and pay once a month. And if you check your billing history it shows you the last 4 digits of the credit card used for each billing cycle. So who has my information? And if not ccp then who does? And if this supposed hacker stole username/passwords from their database, then I am sure the hacker could have retreived database usernames and passswords as well.
|
SengH
|
Posted - 2006.01.07 09:05:00 -
[53]
3rd party billing company
|
Dudley Beekle
|
Posted - 2006.01.07 09:47:00 -
[54]
Originally by: Zuma Vain Well some might be allright with this but i sure aint... Ok i have couple of accounts witch i cant get back into since its on a company i used to work at and now i cant access it cause no 1 knows the email addy .. except 1 person and he aint reachable for the next generation since he kinda past away adn now i cant enter 5 accounts i got so im kinda lost ... and i know that ccp have banned for changeing email addys have happent before and now i cant access these accounts personally i cant think its really fair at all
gotta call ya now ccp ... thankfully im icelandic ..
bloody f*ck
Yeah it's terrible the way some computers are run. People can get into a real mess with it if they don't know what they are doing. All sorts of personal information can go astray.
I've even heard of people that don't track the email addresses they've used over the years and forget to update active subscription services with a useable email address.
Shameful. These people should not be allowed to operate a computer attached to a network.
|
Dave Day
|
Posted - 2006.01.07 15:39:00 -
[55]
Really, a day later and no word on what the issues were. I'm not expecting CCP to give away any little secrets that protect their security but surely a high level explanation of what happened is due, to reassure people if nothing else.
Were CCP hacked? Why were some PW's changed and not all? Has the security loophole that allowed the hack been closed or are we still vulnerable? C'mon guys, talk to us please.
|
Lord Nightcrawler
|
Posted - 2006.01.07 15:46:00 -
[56]
All I want to know is what is going to be done for those of us that lost hours of trainnig time do to this. It would also be nice to have the SoB name that did it. So I can stop by there home and steal their stuff. See how they like it. Indy mining is the life for me. |
|
Eris Discordia
|
Posted - 2006.01.07 15:50:00 -
[57]
Passwords were reset as an extra security measure, it doesn't mean you were hacked.
I'm sure when this all is solved CCP will explain what happend, and if they don't you betcha they have a good reason not to tell what happend ( prevent more abuse?)
Kieron is not available at the moment.
Oveur has answeres some questions in the sticky thread, the people responsible for this situation will face legal actions.
My broken heart leaves my mind in pieces, temptation wins in the end |
|
|
|
|
Pages: 1 [2] :: one page |
First page | Previous page | Next page | Last page |