14 DAY TRIAL // The Lord of the Rings community forum has been breached by hackers due to a bug in the code that allowed unauthorized access to the database.
Gaming communities have lately been targeted a lot by hackers, but fortunately, in most situations, no credit card information is exposed as a result.
A FAQ on the official forum reveals that this is one of the lucky cases when no financial data is obtained by the assailants.
“We turned off the forums and conducted a full analysis of the issue. As part of our review we brought in experts to help address any findings. We were able to find and fix the bug and took specific additional actions to further strengthen the security of our web applications,” revealed the post.
It seems as the situation is not new, but being afraid of what speculations would bring, administrators wanted to make sure they fully understand the situation before alerting the public.
Some of the players' passwords were automatically changed as a precaution, the rest of the members being advised to do so themselves. The most important message from both situations was regarding the use of a strong, hard-to-guess password.
Some members were unhappy with the answers from the simple FAQ, especially the part about the credit card information.
“Payment details not being in the forum data doesn't mean the payment data wasn't exposed if the forum data was used to get it. That's what they aren't addressing,” revealed an unhappy customer.
Another member reassures others of the fact that it's highly possible that Turbine stores their payment data in a different location than the forum credentials.
“ [I] assume (or hope) that Turbine is not breaking the 47 or so state breach notification laws and 2 state laws that specifically address cardholder data,” he states.