we need more threads about this
Printable View
we need more threads about this
You didn't read all the details (or anything of the DDO posting apparently). Just by clicking on the link your username and email would be sent to SuperRewards. No warning.Quote:
Originally Posted by gildhur
Also, someone had mentioned something about Firefox's prefetching. I don't think this should be an issue, as it shouldn't be running any remote scripts without actually going to the page but it might be worth looking into.Quote:
When you view the "Offer Wall" (and no, I will NOT provide the link), Turbine sends the email address tied to your account as well as your DDO billing/launcher username over the Internet UNENCRYPTED.
This was a serious oversight by Turbine. They didn't really see it coming, but anyone who runs a website should have known that this could have been easily prevented (read the link to the forum post to understand).
Fine. But your username is useless without your password, and the FAQ about the program on the DDO site SAYS that your email address will be sent.Quote:
Originally Posted by Rawlor
They totally should offer you the PR job at Turbine. I hear they have some nice rose-colored glasses available for just 150 points. Dont worry - they already have your info on file...no need to send it again...
They'd have to stop giving me infractions first. :rolleyes:Quote:
Originally Posted by Thuarval
Fair point. I wonder if we can spend point to remove them...now THATs an idea!Quote:
Originally Posted by gildhur
DDO may have a free to play option, but there are plenty of paying subscribers playing the game. The free part is like DDO-Lite, if you want the whole game, every class, every dungeon, you have to pay a subscription, just like Lotro. And those paying subscribers would be just as exposed to this scam as any free players. So please don't tell us this will never happen here because lotro is a subscription based game, no one knows that apart from Turbine.Quote:
Originally Posted by gildhur
Gildhur defending Turbine? No friggin' way.... :rolleyes:
The problem is that they would even associate with shadiness like this. There are countless other ways to generate revenue for your game without turning to 3rd party spam and malware distributors. Get real, bro.
This is highly unethical for a company a whole lot of people trust with a credit card number. Finally a reason to actually be happy I've been playing for free for the past 6 months.
An issue like this surpasses any and all gripes about the state of the game - that is, if you care what types of people you give your money and time to. I'll be watching this closely, as I've never had a better potential reason to quit altogether.
True, but even having your username is terrible. A lot of people have easy/stupid passwords.Quote:
Originally Posted by gildhur
But that along with your email address invites very accurate phishing. If it looks believable enough (after all, they have my username correct right?) some people will get hooked.
And beyond that it's silly to have to go all the way to an FAQ to be told that your info is being sent by clicking on a simple link. Especially a link that Turbine provided (is essentially an endorsement).
Turbine screwed up, plain and simple.
I just feel bad for Patience and the rest of the relations team that has to deal with this.
I think it's important that we let Turbine know pre-emptively that we as a community won't stand for something like this, lest they get the idea to try it out. So this thread serves a good purpose.
For anybody who says, "It's only DDO, it can't happen here because DDO is free to play/microtransaction based!" - you're not thinking creatively enough. You can be confident that the people pushing these services (not necessarily Turbine; they are the clients of these shysters) have already worked up a sales pitch that can be applied to any service. A game doesn't need microtransactions/Turbine Points/etc for these places to work their way in. Consider:
-How many people paid for the Mirkwood Adventure Pack? I did. Maybe in the future another AP will be available with more slots of Shared Storage and a cloak. $9.99, but you can get it for FREE! by just visiting a few of our Partner Links and taking some surveys.
-How many people enroll in the MyLotro Lotteries? I do. What if a lottery is offered with really great in-game item rewards (Empowerment Scrolls, maybe a Symbol of Celebrimbor for each server) - only instead of enrolling through MyLotro you need to click through a few Partner Links and send a text message to our Affiliate, ScamCorp.
-A new mount is on the way: Look how cool it is! It's even sturdier than any Rep horse! How do I get it? Oh, just install this third-party toolbar and have it track my internet usage for a month? That sounds simple enough, and OMG PONIES!!
I'm not suggesting Turbine is planning on doing any of this in LOTRO of course. I'm just saying it's not impossible for these disreputable companies to sink their hooks into a subscription based game. It's not as blatantly easy as DDO ("Free points?! WHERE DO I SIGN!") but the people running these things have literally nothing better to do all day than come up with barely-legal methods of separating you from your money. They already have it all figured out. And the only thing *WE* can do as Turbine's customers is make it abundantly clear that we will not stand for it, and any attempt to go down that path will result in a loss of subscription revenue.
I think that a good number of people may think I'm a Turbine fanboy. Generally I've been pretty supportive of them. So I'm off on vacation for over a week and come back to find this.
Wow. I'm speechless. Almost. So I'll put this as politely as I can.
Whoever's bloody idea at Turbine it was to hook up with this company out to be taken outside in front of the building, strung up from the flag pole, left there for 3 days, and used for paint ball target practice. Un-flipping-believable that they would even consider doing business with that shod-pile of a company let alone actually doing it.
Gildhur- when it's transmitting your forum name AND password unincrypted just for looking at the page, that's inexcusable. And it wouldn't be the first time that those crooks loaded keyloggers and trojans to get your full account info just for looking at their pages, let alone taking part in one of their "offers." There is absolutely no way to justify working with that company at all. None. Optional? Not an excuse when clicking once is the same as jumping on a sinking ship, nor when even allowing that company to place ads on Turbine's site gives them a relationship with one of the slimiest jobs around. There are other ways that they can generate revenue- even in a similar manner- without having to go to this company.
Bring it to Lotro and I- and all 3 of my accounts- will be gone. And so will a heck of a lot of others. And that's something that I never would have considered before.
Amazing, the company in question was a small fledgling company made an overnight success by Turbine...
Wait, they existed a long time before Turbine existed and raked it huge amounts of revenue through public donations...
No, that's not how they made the money, they made it through people going there to get *free* stuff for a few minutes of their *valuable* time. You know, the same people that get free vacations from time shares and travel agencies?
Shame on Turbine indeed for introducing their customers IN A FREE GAME and tarnishing their reputation while practicing in questionable security/privacy practices. I can go along with that sentiment 100%. That should have never happened, however lets also call it for what it ALSO is.
People visited that site thinking they just found a gold mine of freebies to use in their freebie game. The gold mine, as it often does, turned into a stinking tar pit. People in a greedy moment seldom bother to think about the consequences of their innocent self benefiting actions. That's how sites like those exist and how con men and scammers make their living.
Could Turbine have made a better choice? You Betcha!
Could those who linked to the *trusted* site made a smarter choice? I guess not.
Just to add something here.
With turbine, Your account user name, password, and also e-mail is completely different then your forum user name and pass word and e-mail. Unless you chose to use the same data.
All My.lotro/DDO sites use FORUM user names, there is zero connection to your billing account unless you set it up that way.
How dare you go bringing up relevant factual information! People are angry here!Quote:
Originally Posted by MrBloodworth
I'm not defending Turbine, they don't need my lame opinions.
I tend to look at the overall situation as them taking a game that was loosing money, making it free and gaining 500% in revenue. Think about that for a moment. They took something they charged a subscription to, made it free and then started to turn a profit. That has to say something about how "free" rarely works out to be "free".
Someone there most likely came up with the not so brilliant idea that people supporting a "free" game would in all probability be for this added Pandora's Box of "free/Discounted" offers.
Over the years I have met my share of people that believe that they found the Secret Holy Grail on the internet, of all places, that will make them rich overnight or save them a fortune because they are the select few in on the deal.
Look at late night TV; someone out there is buying those electric nose hair clippers that glow in the dark with the GPS and state logo on them for only $1.99, buy one get two free with only a $19.99 shipping and handling charge, each.
Did people really think that they were going to sign up for tons of rewards without having their personal information disclosed? Hi! I'm BobbyD214 who just made up this spam email account to get all your "freebies". There had to be a link somewhere to verify things. That of course turned out to be the weak link in the system.
Sorry to say they did do this to their lotro customers. Some of us pay to play lotro and play ddo casually because it is free. Well both games share the same account information as it is a shared Turbine account. So guess what now lotro is compromised as well.Quote:
Originally Posted by jmcmike
Nothing is compromised unless you voluntarily email them your password, and even then it's only your FORUM account, not your game account.Quote:
Originally Posted by Sarmon
For a software company, that beta tests every product they put out, I wonder if Turbine bothered to maybe ASK the DDO community if they wanted this kind of snot in their game. The reactions are running roughly 3 to 1 against on that thread in the DDO forums. Seems like even a blindfolded chimp with a calculator glued to his **** could have run the numbers and decided it wasn't worth the trouble .... IF they bothered to check beforehand. Or maybe they did and decided the money was worth endangering their playerbase - in which case, they aren't the same company I once knew.
I've been a Turbine fan since the launch of AC1. I'm a lifer, have two accounts and have been with this game since Beta. I'm questioning that loyalty now. If this comes kind of shenanigan comes to LOTRO, I will terminate both accounts - and in all likelihood, never touch a Turbine game again.
It was not voluntary and it was not forum login info read the posts on the ddo forums just for viewing the wall not even clicking anything your username for your account and your e-mail address were sent to known phishers and spammers. Now they can try a brute force hack, or spam you to death as is happenning. Also Turbine has said in the past never give out your username or password but now they have given one of them out for us.Quote:
Originally Posted by gildhur
While billing/forum account aliases might be different, most likely people are using the same email address (and very likely password). The issue though, is not in someone gaining control over your Turbine game account, but what other types of information can be gained given an email address and alias.Quote:
Originally Posted by MrBloodworth
Let's face it, most people have a single personal email address that they use for everything - financial, social, etc. Now you also have an alias that you know pairs with that email address. Phishing/scamming relies on the fact that people use the same alias/email on a wide variety of sites. Install some malware that tracks the various sites you visit and viola, you have more data on that person.
Now, different websites have varying degrees of security/vulnerabilities. If a user is visiting a forum with vulnerabilities, a hacker could break in and steal passwords. Now the hacker has an alias, email, a password, and a list of the sites you visit. So now I log in to your email service and change your password. Then we see if I can get into your bank account or credit card, accept whatever "is this a new computer" validations, change other security settings, and bam, take your money.
But hey, it's only an email address, an alias, and a cookie that tracks my Internet browsing; nothing could possibly go wrong! :rolleyes:
Just to clarify, in case no one has yet (I haven't finished reading all the pages here)...Quote:
Originally Posted by TsarithArcher
No Passwords were transmitted. It was the account name and account e-mail address, which is bad by itself, but passwords were NOT sent.
Since the other thread is closed, I'll post where I probably should have to begin with:
They're a business, and they're going to look for as many ways to make money on their F2P game as they can. No, they don't want to burn their customers, so they'll investigate any problems that turn up and resolve them. But they're not going to dissolve any business association that's likely to produce more profit for them (meaning... pulls in more $$ than that lost by people willing to actually quit over this).
This is all optional, correct? So if people really hate the "Offer Wall", simply skip it. Or if you really, really hate it, use AdBlock to hide it.
All that said, I don't want to see any of that showing up here, but this is not a F2P game. I expect certain things for my subscription fees, and some of them are that I'm not going to be nickel-and-dimed on content and features or have advertising shoved in my face.
I'm not getting all of this "outrage". People can easily avoid clicking on anything on the "Offer Wall". I certainly would, were I still playing DDO. If I want more "points", I'll send Turbine some more cash... not spend money on some junk offers from some other companies.
Khafar
Actually accepting an offer is optional, but when simply browsing the available offers (and not agreeing to anything in them!) transmits information and installs potential malware, there is a problem. None of that information should have been transmitted until the player presses the final "i agree to sign up for this offer" button, and a confirmation regarding what information is to be sent is displayed.Quote:
Originally Posted by Khafar
I love this game, I've been happy with the staff too. But I agree with this. I don't want any part of that.Quote:
Originally Posted by SixFootDwarf
I think this is a good way of summarizing the debacle. Remember it was what maybe two months ago that we loaded up the game only to find "change your dang password" in bolded underlined red text because so many accounts were being comprimised. Then they introduce this feature, come on Turbine you know better.Quote:
Originally Posted by delphinius81