Dungeons & Dragons Online - April 2013 Data Breach

[psymun]

I would be highly surprised if this were true. Not reporting such a known incident surely would open them up to a class action suit.

Edit: Actually that may not be true. They may not be required to inform there customers of data breaches if they can be sure that the data lost did not include credit card information. Dunno, who of us is an actual lawyer,

Your edit is correct. The data breach only needs to be reported if the information breached meets certain criteria. Sorry, but I don't remember what the criteria is.

[Coyopa]

Your edit is correct. The data breach only needs to be reported if the information breached meets certain criteria. Sorry, but I don't remember what the criteria is.

Still not good, though. They knew passwords were taken and they know people re-use passwords. Even if passwords weren't taken, the fact any data was taken should be enough to prompt an advisory from the company. It's a simple matter of respect - and we don't rate any.

[Krelar]

Still not good, though. They knew passwords were taken and they know people re-use passwords. Even if passwords weren't taken, the fact any data was taken should be enough to prompt an advisory from the company. It's a simple matter of respect - and we don't rate any.

I don't know if it was from this breach but I do know that I have changed my password for DDO once because I was notified by them that there had been a breach. So maybe they did tell us and it's just that after 3 years everyone has forgotten about it?

[Coyopa]

I don't know if it was from this breach but I do know that I have changed my password for DDO once because I was notified by them that there had been a breach. So maybe they did tell us and it's just that after 3 years everyone has forgotten about it?

Maybe, but I doubt that would also include all the LOTRO players that are commenting about it on their forums. From what I can tell, my data was not included in the breach, though I would expect to have received a notification as a precautionary measure. Since I keep an archive of all my email, I do not have to rely solely upon my memory for things like this. And no, there is no email from Turbine in my archive notifying me of any breach.

[Duana]

Dunno. I remember being notified about a possible data breach by turbine, but it was more than three years ago.

Is it possible that website is referencing an older breach, they were just not aware of it until the later date?

[Tilomere]

Dunno. I remember being notified about a possible data breach by turbine, but it was more than three years ago.

Is it possible that website is referencing an older breach, they were just not aware of it until the later date?

I vaguely remember them telling people about this and having everyone change their password.

https://www.gamerswithjobs.com/node/1259766 << 2011 one.

[DefecTalisman]

I have every email sent to me from DDO/Turbine archived and I cannot find any resemblance to a notification about a data breach. Also if this was the case then why doesn't a Turbine employee just post here saying something along the lines of "We did inform all the people affected by this via (insert preferred means)" instead of just ignoring this post and the one on the LOTR forums.

Also this is the reply I got from customer support (I also sent a link to the forum post):

Any information in regards to this would have been made available on the website and forums. Unfortunately support does not have any additional information however we will be happy to pass your feedback along.

If you have any additional questions or concerns, please respond to this email and I will be happy to assist you.

Thank you,
Customer Service Agent

Caergoth

Turbine, powered by our fans.

I have replied and asked that my CONCERN be passed on to the relevant people who will be able to assist me.

[DefecTalisman]

Well it looks like I will be making a call tomorrow -> https://www.gov.uk/data-protection/make-a-complaint

[Minezeye]

Well it looks like I will be making a call tomorrow -> https://www.gov.uk/data-protection/make-a-complaint

Ok, You were prob going to do that anyway, but I have to ask, What exactly are you trying to accomplish with this post?

[Chai]

Who sent you the email? Was it Turbine, or a third party?

[Chai]

I did receive an email from them in 2011. It read as follows:

Turbine is concerned that a third-party recently may have attempted to access forum account information. There is no indication at this time that your account was modified or compromised. For your protection we suggest you change the password to a unique, hard to guess password not associated with any other sites or services. If you changed your password after October 11th, then you can disregard this message.

To change your password, please follow these steps:
1.Go to https://myaccount.turbine.com/ and click on "Forgot your password?" You may also click this in the game launcher.

2.Follow the instructions on how to recover your password. A new password will be sent to this e-mail address.

3.Once you have received the password reset e-mail, change your password. Please remember to use unique, hard-to guess passwords that are not associated with other online services or sites.
Turbine takes your account security seriously. If you have any questions, please feel free to contact us at https://support.turbine.com/. You may submit a new inquiry to our Customer Service team, and they will be able to assist you further.

Thank you,

Turbine Support

[Coyopa]

I did receive an email from them in 2011. It read as follows:

And that was two years before the breach the OP is talking about in this thread....

[Duana]

And that was two years before the breach the OP is talking about in this thread....

Article about "Have I Been Pwned" - http://motherboard.vice.com/read/the...-age-troy-hunt

Interesting snippet from the creator of the site - “Sometimes it takes four, five years before data either comes my way, or just begins to be broadly circulated,” Hunt said.

[Coyopa]

Article about "Have I Been Pwned" - http://motherboard.vice.com/read/the...-age-troy-hunt

Interesting snippet from the creator of the site - “Sometimes it takes four, five years before data either comes my way, or just begins to be broadly circulated,” Hunt said.

He looks a little bit like Damian Lewis ( http://static.independent.co.uk/s3fs...is-Reuters.jpg ).

[DefecTalisman]

I did receive an email from them in 2011. It read as follows:

Thats odd, I never got any mail like that. Also this is supposed to be in 2013, maybe this is the date that the actual data was leaked to the public. I like how Turbine under plays it in that email you got saying "may have attempted " when in actual fact the data was leaked. Just like them to not miss a opportunity to lie to their paying customers. Also just like them to ignore any real life concerns their customers might have. An absolute joke of a compan

[DefecTalisman]

So still no answer from Customer Support or any staff regarding my concern about the data breach. This is a absolute joke. I have had some PM's for stuff I am not allowed to discuss because I must follow the forum rules and had a post deleted by a staff member because of the "rules", but never mind Turbine following any laws or just having the decency to answer my question.