cdr wrote on Apr 19
th, 2013 at 11:30am:
Basically, having separate forum and game accounts is a fig leaf. I'd be willing to bet 50%+ of people on the forums reused login/password anyway because that's what normal people do. Going all chicken little about it now just because they're moving to a single account is a bit silly. I didn't see Memnir going apeshit when the forum hack happened.
yet again, someone who says "because there are idiots in the world, might as well treat them all as idiots". There are people who don't wear seatbelts so lets remove them from all cars... Do you work for Turbine?
Yes, there are a lot people who do not practice safe internet (e.g. using different login names / passwords).
That is no excuse.
In the beginning, the game accounts and game login were totally separate from the forum accounts. In fact, you could sign up without having a forum account (that is why some people had a later forum account join date than their paying account). It was subscription based, so anyone who paid, had the same level of access on the forums.
When F2P came along, they needed a mechanism to separate the unwashed masses. They had accounts linked, but it only linked up to their name and whether they were VIP, F2P - it never exposed the actual password in their game login nor their game account.
Now, you will have a single game login and password that vBulletin will pass on. What could this expose? All of your game data and possible your credit card data (based on how they linked it up).
Just by linking a forum account to a game login, someone can use that to buy stuff from the DDOStore and dump it to other accounts (the DDOStore never asks for your game account login).
Have you ever clicked on the DDOStore / My Account? It shows your game account name (hack point) and minimal credit card info (not much). Now, click on the ENTER DIFFERENT CARD and they now have your BILLING ADDRESS for that card. Yes, if you have your billing address the same as your home, they know it!
I am troubled that they didn't come forward and said they were maintaining the segregation of accounts between the game login and the game account (where your pay information is stored). If they didn't do that, someone can harvest the database for ALL the credit card information.
How could I know? I ran vBulletin for several years and knew their bugs and how data got exposed to outside security agents. There are kiddie scripts to do this very thing.
tl;dr You are an idiot...shut up.