Are we really getting the full picture about what happened?

[iziz]

Maybe I'm just being paranoid, but I can't help feeling that we're not getting the whole story here.

The first thing that struck me as odd was that we were assured that our billing information and characters are safe, but we have never been told that the personal information that goa holds about us (which includes billing receipts), was never compromised.

Then, as a 'precaution', everyone's game and subscription password has been changed. This is not something that needs to be done when information has not been compromised on your system.

Now if your email address is different your account info will be sent out by snail mail, whereas reauthenticating by your cd key is probably a lot safer option than the social engineering that can happen between people... if the cdkeys were never compromised.

As a result of all this, people seem to have gotten passwords that don't work, or maybe even other people's passwords...

I'm 99.9% sure that I won't get a response to this (at least not here), but until we get a straight answer as to what exactly happened, the speculation will continue... and probably quite rightly considering what we have (or rather haven't) been told and what's happening as a result.

I'd also love someone to be able to tell me what the data protection act covers, because I for one will be wanting to know exactly what happened to my personal information as soon as the subscription email reopens. I'll also be cancelling my account at the end of the current subscription and asking GOA to remove any personal information they hold about me. I just don't feel that I can trust GOA any more with regards to these matters... do you?

 

[Aussie-]

are you waiting for a 'we fucked it up' statement or what? xD
i'm sure they will do that

 

[Coim-]

Originally posted by Aussie-
are you waiting for a 'we fucked it up' statement or what? xD
i'm sure they will do that

I hope you're being sarcastic.

 

[Mid - Kirinia]

I'll also be cancelling my account at the end of the current subscription and asking GOA to remove any personal information they hold about me. I just don't feel that I can trust GOA any more with regards to these matters... do you?

You seem to blame GOA for this. Anyone connected to the net is at risk of a computer crime of some sort. Removing your details from GOA won't remove the risk of being a victim of a crime as long as you keep using the Internet. It's a cruel world, but don't let paranoia take over

And the data protection act : GOA have not given any details out to anyone, and are therefore not in breach of the act. If any details have been acquired unlawfully, then it is not GOA that is in breach, it is the attacker. The reason GOA has issued new passwords is not necessarily due to account billing information. It could be due to a number of reasons. I'm no computer wizz so don't know much off the top of my head, but GOA does store IP addresses of everyone that accesses accounts, and if the relevant IP address list was somehow accessed by an intruder, it would be a reasonable cause to change the passwords in my opinion.

Also, changing everyone’s passwords is 'healthy' for GOA. Firstly, it checks their player records are up to date, and in the instances that they aren't, it often prompts the customer to update their records (e-mail address etc).

Secondly, changing the passwords reduces the potential of customers being hacked. Many hackers have known their..”victim's".. password weeks/months before committing the crime. Changing the passwords will really mess many hackers over.

I wouldn't be surprised if GOA simply saw this event as a chance to change the passwords without being flamed for server downtime quite so much.

 

[Driwen]

Then, as a 'precaution', everyone's game and subscription password has been changed. This is not something that needs to be done when information has not been compromised on your system

you do that if there is a small chance that it has been compromised and billing information was kept under a different server as passwords. It isnt that strange to have two different servers and it cant be so hard to be 100% sure that a server has not been hacked. It can be hard however to be sure what has been taken from your server when it has been hacked. So goa not being sure what precisely happened decided to change all passwords.

 

[old.Tzeentch]

Originally posted by Mid - Kirinia
You seem to blame GOA for this. Anyone connected to the net is at risk of a computer crime of some sort. Removing your details from GOA won't remove the risk of being a victim of a crime as long as you keep using the Internet. It's a cruel world, but don't let paranoia take over

And the data protection act : GOA have not given any details out to anyone, and are therefore not in breach of the act. If any details have been acquired unlawfully, then it is not GOA that is in breach, it is the attacker. The reason GOA has issued new passwords is not necessarily due to account billing information. It could be due to a number of reasons. I'm no computer wizz so don't know much off the top of my head, but GOA does store IP addresses of everyone that accesses accounts, and if the relevant IP address list was somehow accessed by an intruder, it would be a reasonable cause to change the passwords in my opinion.

Also, changing everyone’s passwords is 'healthy' for GOA. Firstly, it checks their player records are up to date, and in the instances that they aren't, it often prompts the customer to update their records (e-mail address etc).

Secondly, changing the passwords reduces the potential of customers being hacked. Many hackers have known their..”victim's".. password weeks/months before committing the crime. Changing the passwords will really mess many hackers over.

I wouldn't be surprised if GOA simply saw this event as a chance to change the passwords without being flamed for server downtime quite so much.

A great example of what can happen when people actually use their brains.

 

[Nalikin]

one other thing , if i recall rightly no CC or debit card info is held by GOA . its all held by Bibit who handle their subscription payments

 

[iziz]

Originally posted by Mid - Kirinia
You seem to blame GOA for this. Anyone connected to the net is at risk of a computer crime of some sort. Removing your details from GOA won't remove the risk of being a victim of a crime as long as you keep using the Internet. It's a cruel world, but don't let paranoia take over

Of course I blame GOA for this. Of course anyone connected to the new is at risk of a computer crime. But I disagree that having my details removed from GOA won't remove the risk of being a victim of some sort of crime, if their systems are not secure. I guess I am waiting for a 'we fucked it up' statement aussie.

With regards to the data protection act, I'm not looking for compensation or anything, I'm looking to find out what I have a legal right to know. I'm fairly sure I'm allowed a copy of all information they hold about me, and that I can have that information removed, but do I have a right to find out what, if any, personal information about me may have been taken about me?

If information was taken it may include my name, address, telephone number, email address, billing invoices (which contain some elements of credit card info), correspondance with GOA, and effectively my license to play the game (the cd key). You don't think people have a right to know what, if any, information has potentially been taken?

edit:
P.S. I never mentioned that the credit card info wasn't safe - we have been told it is - I'm talking about the personal info.
And just because you're paranoid doesn't mean they're not out to get you

 

[~INCOGNITO~]

It was the Aliens. They are in league with the Government.

 

[Vell]

Originally posted by iziz


With regards to the data protection act, I'm not looking for compensation or anything, I'm looking to find out what I have a legal right to know. I'm fairly sure I'm allowed a copy of all information they hold about me, and that I can have that information removed, but do I have a right to find out what, if any, personal information about me may have been taken about me?

The second you sign (pressed accept) on the contract, you agreed to share your personal infromation with GOA. You can't demand to have the information removed - you accepted that they will take it and collate it for their own company records. They are entitle to keep that information for as long as they desire, not as long as you desire.

As for knowing what (if any) parts of your information has been compromised - again, GOA have no legal obligation to tell you. Part of the agreement of dealing with online companies is that you accept that there is a risk of the unauthorised persons hacking into the company's databases to glean the information, and that the company you are dealing with are under no obligation should their security systems fail.

If you wish, you can attempt to prove to a court of law that GOA's security systems are insufficient for the business they run - in which case you will be entitled to some sort of compensation. but the liklihood of a lawyer managing to prove that is highly unlikely, to be honest.

 

[**Aligro**]

Originally posted by Vell
The second you sign (pressed accept) on the contract, you agreed to share your personal infromation with GOA. You can't demand to have the information removed - you accepted that they will take it and collate it for their own company records. They are entitle to keep that information for as long as they desire, not as long as you desire.

As for knowing what (if any) parts of your information has been compromised - again, GOA have no legal obligation to tell you. Part of the agreement of dealing with online companies is that you accept that there is a risk of the unauthorised persons hacking into the company's databases to glean the information, and that the company you are dealing with are under no obligation should their security systems fail.

If you wish, you can attempt to prove to a court of law that GOA's security systems are insufficient for the business they run - in which case you will be entitled to some sort of compensation. but the liklihood of a lawyer managing to prove that is highly unlikely, to be honest.

is it you who writes all the small print on business documents?

 

[Flesh]

I want a cross-server duel :<
I wannel pwn Mr Sidi. :<

 

[old.Tzeentch]

Originally posted by iziz
Of course I blame GOA for this. Of course anyone connected to the new is at risk of a computer crime. But I disagree that having my details removed from GOA won't remove the risk of being a victim of some sort of crime, if their systems are not secure. I guess I am waiting for a 'we fucked it up' statement aussie.

With regards to the data protection act, I'm not looking for compensation or anything, I'm looking to find out what I have a legal right to know. I'm fairly sure I'm allowed a copy of all information they hold about me, and that I can have that information removed, but do I have a right to find out what, if any, personal information about me may have been taken about me?

If information was taken it may include my name, address, telephone number, email address, billing invoices (which contain some elements of credit card info), correspondance with GOA, and effectively my license to play the game (the cd key). You don't think people have a right to know what, if any, information has potentially been taken?

edit:
P.S. I never mentioned that the credit card info wasn't safe - we have been told it is - I'm talking about the personal info.
And just because you're paranoid doesn't mean they're not out to get you

Data protection act is a UK act/law - GOA servers are hosted/run in France, I'm not sure how that's gonna work.

A company is only entitled to hold data on you that is relevant to the provision of the service/goods, but they typically keep records a lot longer for audit/tax/customer purposes.

(I think it's 5 years or so they should really keep info for, can't remember why cus my head is messed up atm)

 

[~INCOGNITO~]

Originally posted by old.Tzeentch
Data protection act is a UK act/law - GOA servers are hosted/run in France, I'm not sure how that's gonna work.

A company is only entitled to hold data on you that is relevant to the provision of the service/goods, but they typically keep records a lot longer for audit/tax/customer purposes.

(I think it's 5 years or so they should really keep info for, can't remember why cus my head is messed up atm)

I think although im not too sure but whole of europe has the same act now. Ours was revised not long ago to bring it up to scratch with Europe.