• Announcements

    • IMPORTANT - REACH US IN THE NEW FORUM   05/04/2017

      Ladies and gentlemen ATTENTION please:
      It's time to move into a new house!
        As previously announced, from now on IT WON'T BE POSSIBLE TO CREATE THREADS OR REPLY in the old forums. From now on the old forums will be readable only. If you need to move/copy/migrate any post/material from here, feel free to contact the staff in the new home. We’ll be waiting for you in the NEW Forums!

      https://community.blackdesertonline.com/index.php

      *New features and amazing tools are waiting for you, even more is yet to come in the future.. just like world exploration in BDO leads to new possibilities.
      So don't be afraid about changes, click the link above and follow us!
      Enjoy and see you on the other side!  
    • WICHTIG: Das Forum ist umgezogen!   05/04/2017

      Damen und Herren, wir bitten um Eure Aufmerksamkeit, es ist an der Zeit umzuziehen!
        Wie wir bereits angekündigt hatten, ist es ab sofort nicht mehr möglich, neue Diskussionen in diesem Forum zu starten. Um Euch Zeit zu geben, laufende Diskussionen abzuschließen, könnt Ihr noch für zwei Wochen in offenen Diskussionen antworten. Danach geht dieses Forum hier in den Ruhestand und das NEUE FORUM übernimmt vollständig.
      Das Forum hier bleibt allerdings erhalten und lesbar.   Neue und verbesserte Funktionen warten auf Euch im neuen Forum und wir arbeiten bereits an weiteren Erweiterungen.
      Wir sehen uns auf der anderen Seite!

      https://community.blackdesertonline.com/index.php Update:
      Wie angekündigt könen ab sofort in diesem Forum auch keine neuen Beiträge mehr veröffentlicht werden.
    • IMPORTANT: Le nouveau forum   05/04/2017

      Aventurières, aventuriers, votre attention s'il vous plaît, il est grand temps de déménager!
      Comme nous vous l'avons déjà annoncé précédemment, il n'est désormais plus possible de créer de nouveau sujet ni de répondre aux anciens sur ce bon vieux forum.
      Venez visiter le nouveau forum!
      https://community.blackdesertonline.com
      De nouvelles fonctionnalités ainsi que de nouveaux outils vous attendent dès à présent et d'autres arriveront prochainement! N'ayez pas peur du changement et rejoignez-nous! Amusez-vous bien et a bientôt dans notre nouveau chez nous

[Notice] Account Security

184 posts in this topic

Posted

If you need to change your password, you also have to change your whole email address too?! What about those of us who do not have multiple email addresses at our disposal, we have to create a whole new one we'll never check because of this? What the hell. 

:DD Creating new email is so hard?

How much time it takes for you to set up new email? 2minutes?

Share this post


Link to post
Share on other sites

Posted

i'm not supplying a photo ID just to have my email changed incase this happens again...

2 people like this

Share this post


Link to post
Share on other sites

Posted

This is why we need  2-Step Verification.... please.

PLEASE!!

Share this post


Link to post
Share on other sites

Posted

Just tried to log on and it seems my password has also been reset. This email (alias) is only used for BDO, for reasons like this.

Now, if this alleged third party site got hacked how the hell would Kakao know MY email was taken.

Kakao either got compromised or one of their bargain basement service protectors did.

Yeah this is not time for people to whiteknight the issue.  We need to know more.  You never, ever, trust a gaming company to do what's right for you. This is why you don't just assume you're "safe" and "ok" if your password didn't get reset.

So far there are too many inconsistencies to who got their passwords reset and why. People who didn't use 3rd party sites with the same email address also got their passwords reset.  We really need to know what 3rd party sites they're talking about and what information was stolen (was it clear password? encrypted hash? what other personal information was taken?).

We're getting the usual cryptic messages that's why people are questioning it.

1 person likes this

Share this post


Link to post
Share on other sites

Posted

Just tried to log on and it seems my password has also been reset. This email (alias) is only used for BDO, for reasons like this.

Now, if this alleged third party site got hacked how the hell would Kakao know MY email was taken.

Kakao either got compromised or one of their bargain basement service protectors did.

Aye, it doesn't really go over well with the idea that the forums haven't had an SSL certificate for half a day does it?

Thanks for your report as well ^_^

Share this post


Link to post
Share on other sites

Posted

ITS TRU i got my pearls stolen thanks to a GM was able to recove them but if it can happen to me it can happen to u

Share this post


Link to post
Share on other sites

Posted

ITS TRU i got my pearls stolen thanks to a GM was able to recove them but if it can happen to me it can happen to u

You don't have to divulge, but outta curiosity, did you register to any third party sites?

Share this post


Link to post
Share on other sites

Posted

BDO isn't on steam yet right?

As far as I know it is not. However, you can add every game ever made to your steam library and log into it from there. Many people do.

Share this post


Link to post
Share on other sites

Posted

As far as I know it is not. However, you can add every game ever made to your steam library and log into it from there. Many people do.

That doesn't actually tie the game to steam though.

Share this post


Link to post
Share on other sites

Posted

Just tried to log on and it seems my password has also been reset. This email (alias) is only used for BDO, for reasons like this.

Now, if this alleged third party site got hacked how the hell would Kakao know MY email was taken.

Kakao either got compromised or one of their bargain basement service providers did.

They don't, that's why they state it.
Many people use the same passwords across accounts because they are lazy and or don't know any better.
It's not uncommon to assume that 70% of the people on these forums have the same email password as they do game password.

Yeah this is not time for people to whiteknight the issue.  We need to know more.

No, you don't.
I doubt you'd be qualified to.

What is it you expect to do with the information that's out there?
I'm really curious.

Even so, as i stated. It would give a vector of danger to those whos data is dumped on that site. I haven't checked myself as technically that's a felony in my country, America.

1 person likes this

Share this post


Link to post
Share on other sites

Posted

They don't, that's why they state it.Many people use the same passwords across accounts because they are lazy and or don't know any better.
It's not uncommon to assume that 70% of the people on these forums have the same email password as they do game password.

I don't know why people don't have a junk email with a different password than their main email that they use for game logins, etc. That way, even if their information gets stolen by a website, they won't have any of your login credentials. 

Share this post


Link to post
Share on other sites

Posted

I don't know why people don't have a junk email with a different password than their main email that they use for game logins, etc. That way, even if their information gets stolen by a website, they won't have any of your login credentials. 

1. Laziness.
2. They don't know any better.
3. They think either/or/and that `This can't and won't happen to them because they are a special snowflake of good karma and there is no reason for anyone to target them because of ${x}`

Those are the most common cases I've seen.

1 person likes this

Share this post


Link to post
Share on other sites

Posted

They don't, that's why they state it.Many people use the same passwords across accounts because they are lazy and or don't know any better.
It's not uncommon to assume that 70% of the people on these forums have the same email password as they do game password.

It makes no sense that they would force a password reset  for their customers. If this was done with every compromise then we'd be doing it every week.

Something is fishy here.

Share this post


Link to post
Share on other sites

Posted

So if it's a 3rd party site why have none of the sites reset all their users passwords or announced a data breach?

Also how do you know specific accounts involved? 

 

Doesn't sound like a 3rd party site to me unless it was the payment portal or something similar on your end, not ours. 

Share this post


Link to post
Share on other sites

Posted

Yeah this is not time for people to whiteknight the issue.  We need to know more.  You never, ever, trust a gaming company to do what's right for you. This is why you don't just assume you're "safe" and "ok" if your password didn't get reset.

PS. Like I said. If you want to know so badly, go look for it. As stated- I found it in 10 minutes.
Again, not sure what you're expecting to do with the information there, as anything you would be doing unless your name is on that site(and even then they've reset your password anyways) would be a felony in most countries for Identity charges and computer hacking if prosecuted.
For those of you who are slow, what i'm implying is, if you login to someone elses shit and you get caught;

68120100.jpg

It makes no sense that they would force a password reset  for their customers. If this was done with every compromise then we'd be doing it every week.

Something is fishy here.

What?
What are you even talking about lol. I don't think you're following what's happening here. You more than likely got screwed on your own account because you were account sharing, chances are this had nothing to do with you, and if it did then damn, that sucks.

So if it's a 3rd party site why have none of the sites reset all their users passwords or announced a data breach?

Also how do you know specific accounts involved? 

 

Doesn't sound like a 3rd party site to me unless it was the payment portal or something similar on your end, not ours. 

1. Because it's not a data breach. READ THE -----ING POST.

2. BECAUSE IT'S ON THE DATA DUMP LMFAO.

3. you clearly have never experienced this specific type of issue before. The first time I was introduced to this(though it's been happening for AGES) was the rsclient data dump back in like 08. That is the exact dump, in fact, that pushed me to get into cyber security & risk management in the first place.

Share this post


Link to post
Share on other sites

Posted

You don't need it.Why would they give that out.

I can't think of any practical reason to give this to an end user and i deal with situations like this on a daily basis.
Not to mention, smarty pants. Giving the site out publically would increase the vector of attack and possibly jeopardize emails. Many people use the same password for multiple accounts. If you couldn't figure that out yourself i don't know what you expected to do with the site once you got the name for it.

Transparency and due diligence I'd suppose. 

Right now it seems that there is some 3rd party company that may have peoples info and further down the line from that the source that hacked that info and whomever / whatever they intend to do with it in the coming days, months years etc.

There is an argument for keeping it internal but if there is nothing shady about this 3rd party relationship then Kakao should be protecting all of us not them.  There is a chance this is a 3rd party that people may visit directly, there is a chance that this is a 3rd party that other sites also use and have chosen not to or don't have the means to tell their customers. .In the event of something like this informing the consumer so they are aware enables them to be smarter in the long term, both in their dealings with you and outside of your domain. 

Share this post


Link to post
Share on other sites

Posted

ripperonis 

Share this post


Link to post
Share on other sites

Posted (edited)

Transparency and due diligence I'd suppose. 

Right now it seems that there is some 3rd party company that may have peoples info and further down the line from that the source that hacked that info and whomever / whatever they intend to do with it in the coming days, months years etc.

There is an argument for keeping it internal but if there is nothing shady about this 3rd party relationship then Kakao should be protecting all of us not them.  There is a chance this is a 3rd party that people may visit directly, there is a chance that this is a 3rd party that other sites also use and have chosen not to or don't have the means to tell their customers. .In the event of something like this informing the consumer so they are aware enables them to be smarter in the long term, both in their dealings with you and outside of your domain. 

Transparency at the risk of user security is not worth it, which is why they are not giving it.
The site could put users email at risk.

They'd probably end up doing more damage posting what site had it than fixing it the way they have now.

r i s k
m a n a g e m e n t .

Edited by War

Share this post


Link to post
Share on other sites

Posted

Nah. We need to know

Share this post


Link to post
Share on other sites

Posted

Nah. We need to know

Then go find out.

Share this post


Link to post
Share on other sites

Posted

If you need to change your password, you also have to change your whole email address too?! What about those of us who do not have multiple email addresses at our disposal, we have to create a whole new one we'll never check because of this? What the hell. 

I agree with you but gmail, hotmail, yahoo, all free.  I have two accounts in gmail, one I use for everything one is only for a small number of things and I don't give it out much so I don't have fifty pages of spam crap in it when I log in it is only important stuff and even if you check your gmail from your phone or tablet those easily handle multiple accounts and in the case of my phone if I get an email in either account I get a notification on the lock screen.  Just put an alarm in your phone or get an app from the windows store and set an alarm on your desktop to check the other address occasionally it's better than having somebody steal your account or worse try to use your linked paypal account to rip you off, don't laugh happened to me on my rift account I made the mistake of linking my paypal and some tard broke into my account after banging on it for weeks and made a 150.00 transaction through paypal that wiped out my checking account.  Personally I'd like to see the sort of setup that RIFT had and i think some others do it too where a code is sent to your phone or email email if you log in from an unfamiliar IP address or computer (I assume they must be checking mac address or something not sure) for the first time.  Then you can't get in without that code being provided.  Mostly they're trying to stop people from selling their accounts I'm sure.  

Share this post


Link to post
Share on other sites

Posted (edited)

Transparency at the risk of user security is not worth it, which is why they are not giving it.The site could put users email at risk.

They'd probably end up doing more damage posting what site had it than fixing it the way they have now.

Yeah ok...the info is already out there. 

Given the way Kakao manages things this does not feel like its "keep xyz safe".  It feels like oh we don't want backlash because this 3rd party should have never had the info in the first place and we're going to be screwed if they tell it now.

 

Again ^ another reason to be transparent - to stop people from assuming the worst or even worse than what actually is and just deal with the problem in the moment.  Your reasoning is akin to the Samsung nightmare and their initial choice to not sound the alarm.  Its definitely a way to manage risk but not one that ensures or maintains trust in the relationship.  Fall on the sword and work through it.

Edited by Trixologist

Share this post


Link to post
Share on other sites

Posted

Then go find out.

Oh, you're just trolling. Alright then. Ignoring you. 

Share this post


Link to post
Share on other sites

Posted

Yeah ok...the info is already out there. 

So we have this thing called an attack vector. 
Posting a site that most of you don't have, in a place where all of you can see it..

INCREASES THAT ATTACK VECTOR. Immensely.

I'd have to make fun of them.
Daily.
For ever.
If they did that.
It'd be one of the dumbest sec choice this year.

Oh, you're just trolling. Alright then. Ignoring you. 

No. I'm not. I found the site. If you want it so bad for clearly illegitimate reasons i'm assuming, go find it yourself. They've given you everything you'd need to know to ensure your current level of safety. If you didn't get a password reset your shit is safe from that attack vector. Sure you can keep up? I don't troll son. I shut kids like you down just fine without that. Get Facts.

Share this post


Link to post
Share on other sites

Posted

I think PA should also send an email to inform players about this.

Relying on twitter / game launcher is unlikely to cover all players affected.

Share this post


Link to post
Share on other sites