Possible security breach in LoTRO – change your passwords!

News is filtering out into the LoTRO community that there may have been a security breach at Turbine, the owners of the game. Whilst the full extent of the breach really isn’t known, it’s possible that usernames and passwords amongst other things may have been compromised.

Nerdy Bookahs has a summary of how the news has developed – it’s sounding like a decidedly curious affair, with postings on the official forums being deleted, alleged screenshots of a breach floating around the Internet, and generally the feel of some kind of conspiracy thriller

“All in all, it seems that there could be/could have been a security issue on the official Lotro forums. The forum database could have been “open” and granted access to usernames and passwords. The user who reported about it on the unofficial forums had apparently posted on the official forums prior to that but that posting got deleted. No reply from Turbine to him or to anybody else who asked about it.

Then yesterday evening (European time), the Lotro forums went down. Several hours later, we got one tweet about it: “The LOTRO Forums are currently unavailable. We do not have an ETA for their return at this time.””

This really isn’t looking good for Turbine. I’ve heard bubblings about this issue for a couple of days now, but the Bookahs are the first to put all the pieces together. It sounds like this could be a major embarassment, not to say a PR disaster, if the full facts aren’t revealed pretty soon – particularly since the person who originally whistle-blew about the issue – and subsequently had their postings deleted – has proof, and has been posting it.

In the meantime, I recommend anyone who’s playing LoTRO should probably change their password – I’m off to do that myself right now. If you use the same password for multiple games and sites, you should probably change it on all of them – it’s a pain, but better safe than sorry. These days I use a password vault program – LastPass is one good option – to ensure that I’m using a unique password for everything, and I’d recommend doing the same for most online gamers. Sadly, whilst game companies are awesome for a lot of reasons, their security really doesn’t seem to be one.

And we’ll keep an eye out for updates and developments on the situation! Personal worries aside, it sounds like this could be a very interesting – if alarming – story starting to brew up.

What do you think? Security breach, or Something Else?

Article Source: Nerdy Bookahs, at http://nerdybookahs.wordpress.com/ .