Quote:
Originally Posted by trevius
The main issue is that the forums database has been compromised one or more times within the past few years or so. It has been secure since Rogean took it over, but there were hackers that stole the DB prior to that. This means that anyone who hasn't changed their forums password since then would be at a major risk of getting their LS accounts stolen at any time if there was a recovery method based on the email account associated with EQEmu. Since the email account is an editable field, they could hack your forum account and change the email it points to then reset your LS accounts and take control over them.
There are ways to secure things going forward, but old accounts are probably completely out of luck indefinitely due to the previous security breaches.
|
Thanks for taking the time to discuss this problem. With what you said though there is a simple fix. ALL changes to the accounts email can only be done with a confirmation to the original email address. So in order to get hackd, one would not only need the email address but to hack the PW on the email address. I really think we are overthinking this. I really wish we could handle things on case by case basis right now, similiar to IP exemptions.
Threaded Mode
