Trion Worlds, the distributor of Rift got hacked.
I received an E-mail that stated the following:
We recently discovered that unauthorized intruders gained access to a Trion Worlds account database. The database in question contained information including user names, encrypted passwords, dates of birth, email addresses, billing addresses, and the first and last four digits and expiration dates of customer credit cards.
There is no evidence, and we have no reason to believe, that full credit card information was accessed or compromised in any way. We have already taken further action to strengthen our systems, even as we, with external security experts, continue to research the extent of the unauthorized access.
The extent of the hack isn’t entirely clear. They sort of assure us that no payment information was stolen. However, they have your name, your address and date of birth. This hack looks like it’s a lot worse then they want to make people believe. They also have part of your credit card info, namely: the first and last four digits and expiration dates of the credit cards.
Another thing that they don’t get into too much is the password. They say that they obtained the hashes. However, they don’t specify if they had any ample protection on them. This would mean double or triple hashing it or use a so-called salt with the password. This can mean the difference between cracking hundreds/ thousands of passwords within a hour, or not getting a single one.
So the best action you can take right now is:
- Change your password at Trion
- If you used the same password anywhere else (that might be important) CHANGE that too!
- Keep a close eye on your credit card purchases for a while to make sure its not abused (better safe then sorry)