Trending Games | Final Fantasy XIV: A Realm Reborn | Star Wars: The Old Republic | EverQuest | Pirate101

  Network:  FPSguru RTSguru
Login:  Password:   Remember?  
Show Quick Gamelist Jump to Random Game
Members:2,901,356 Users Online:0
Games:753  Posts:6,271,888
Bigpoint | Play Now
MMORPG | Genre:Sci-Fi | Status:Final  (rel 2011)  | Pub:Bigpoint
PVP:Yes | Distribution:Browser | Retail Price:n/a | Pay Type:Free | Monthly Fee:n/a
Browser GameOut of date info? Let us know!

Battlestar Galactica Online Forum » General Discussion » *Beware!* Unsecured account information!

2 posts found
  BadSpock

Advanced Member

Joined: 8/21/04
Posts: 7750

Logic be damned!

 
OP  9/16/11 12:13:57 PM#1

So I tried this game for a few hours like a week ago. Meh, not bad but not worth my time.

Anyways -

Then today, out of the blue, I get an e-mail from Bigpoint that has not only my username but also my PASSWORD in plain-text format.

This is bad, this is very bad.

E-mailing me my password in plain-text format means that they have NO encrpytion what so ever on their account database, which means eventually they WILL get hacked and account info WILL get published out to the web.

I kindly e-mailed them to get my information purged from their database and informed them of the wonders of encryption and salts / hash lol

Case in point - don't trust any online game that doesn't understand or implement even the most BASIC of security precautions and certainly do NOT give them any money unless you want your identity stolen by hackers.

Now Playing: Destiny, WoW

  Phry

Elite Member

Joined: 7/01/04
Posts: 5343

9/16/11 12:15:46 PM#2
Originally posted by BadSpock

So I tried this game for a few hours like a week ago. Meh, not bad but not worth my time.

Anyways -

Then today, out of the blue, I get an e-mail from Bigpoint that has not only my username but also my PASSWORD in plain-text format.

This is bad, this is very bad.

E-mailing me my password in plain-text format means that they have NO encrpytion what so ever on their account database, which means eventually they WILL get hacked and account info WILL get published out to the web.

I kindly e-mailed them to get my information purged from their database and informed them of the wonders of encryption and salts / hash lol

Case in point - don't trust any online game that doesn't understand or implement even the most BASIC of security precautions and certainly do NOT give them any money unless you want your identity stolen by hackers.

that kind of thing can give companies a bad name.... after the sony debacle people are a bit wary about how their personal data is treated.. or perhaps we're just becoming more aware..