Wednesday, March 16, 2011

Rift - Entertainment? Service? or Nightmare REDUX

Previously I had written about being hacked in my MMO of choice, Guild Wars. It was a devastating blow due to how the issue was handled, and the outcome (which was "too bad buddy, you get nothing back"). It made me feel like I did not want to ever touch the game again...

I felt violated, like a rape victim.

Read more on that story...HERE.

In case you have not paid attention to the forums for Rift, the outcome has been a mess. It seems that many a player has been hacked, and of course all of them cannot understand why. We can look through and see how people seem to be very careful with their PC's, and have all sorts of adware, spyware and virus scanners running.

So, how could they be affected?

Is Trion at fault here? Has their database been compromised? This is hard to say...and of course, Trion will be the last to tell us such.

Lets take a clear look at what some issues may be, and learn how to protect ourselves from mayhem... (after my abject lesson, this stuff came in handy).

The most obvious seems to have been done by these users who were hacked. Installed a program to log combat data, or some mapping system to find nodes...etc, etc. Of course, these players think they are safe as they use all sorts of tools to watch for trouble. To me, this also screams going overboard. A really good virus scanner ran monthly with full scans and daily with quick scans (takes about 1-2 minutes of your time) is the best protection. I currently use Avast which has a small memory footprint, and is free. I have used it, and found many a problem, especially visiting certain websites. Want to run a malware tool? Cool...but, it is just a bit too much. Just use other safety protocols and you can run a cleaner system.

Websites...ah yes. There are so many no-no's here, that I just cannot begin to share the misery. I do not care just how good that site may be in sharing information on the game...looking for the secrets of those shinies and achievements, playing with builds on Zams Soul Builder....but, guess what? These sites leave cookies, that are suspicious and have been flagged by Avast as bad. I cannot find one to blame.

All I know is IF you must use these sites, here are several tips to help.

If the site requires a user name, pass or email...well, please don't use your Rift login data. After visiting said sites, why not be safe and run a quick scan with your virus protection (malware tool..whatever) before logging into Rift or the Rift account management. Finally, NEVER, NEVER, NEVER leave a web browser running in the background when playing. You just cannot do this anymore. Flash ads with scripting tools and cross server access leads to hidden keyloggers watching you.

Paranoid? Yes. But, you will be too when you lose 5 years of goods, and a company refuses to restore those items.

Now, how about that email account? This has been a sore issue with me. Using an email address as your login is the suck. I feel this was a mistake from Blizzard and Trion. We as a society fall into "habits". We also like familiarity. So, we will use the same email address we always use and the same passwords (remembering gets hard...especially as you get older).

Straight up...use a new and unique email address. Use gmail as the preference. Whatever you do, just be unique. Speaking of unique, passwords, should be bizarre. Do not use the name of anything (people, objects, etc)...use upper and lower case letters and include numbers (at least two numbers). AND make sure it does not exist ANYWHERE ELSE. Write this down and live with the fact that you must have more information that you are use to.

Finally, any forums you need to use...just stick to the basics. Use your original email, but please make sure this email is not the one for game logins.

If you follow these for real (not saying "Hey, I didn't visit any websites....but ZAM") should be good to go. If you get hacked after that, then we will know who the culprit is. The company will have to accept their issues and man up.

Luckily, Trion is taking some measures with the new coin lock system, which sets your client to a region. If they see you login from another region, your coin and gear get locked. You cannot sell anything, send any money or items through mail and armor cannot be removed...etc. You can buy, just not sell or give away cash in any manner, until you type in a code sent to your account email address; you know, the unique one you made just for the game?

This is an impressive step being taken by an MMO developer, and I hope this works.

So, did I miss anything? Why not tell me about your experiences of being hacked.

Just stay safe, put some rubber on it (unique passwords), slather some disinfectant (new emails)...and all will be good and toasty (uh, ok...hope not).



troy said...

My bad experience occurred with World of Warcraft. Some entity hacked into my account and stole everything, and when I tried to retrieve my avatars and equipment, I was met with silence.

The real freaky thing is that I continue to get emails from a place proclaiming it is Blizzard but when I specifically go to their website and open a ticket with them, they have no record of my other dealings -- so now I don't know who to trust anymore. Seems like anything I get in my email is circumspect and I can't even be sure that when I key in the Blizzard URL I am going where I think I am going?!?!


Syl said...

Given that Rift is a 2011 game, I really dont understand why they didnt include authenticators with the game straight away. You could think the whole issue got enough attention through the past years of wow.