Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links

Security problems at Roberts Space Industries?

DanagDanag Member UncommonPosts: 67
in Star Citizen
So, I recently created an account at Robert’s Space Industries to take advantage of the Space Citizen free trial. The email address I used is seldom used, and only used for gaming accounts. Within just a few hours of creating my new account, I started receiving Emails from Booking.com in-regards to apparently having booked a reservation in Pattaya, Thailand under the name of Yorell Lee.

Having been in IT for over 30 years now, primarily in systems and development, including parameter security and applications, I don’t tend to believe in coincidences.

I’ve already reached out to their support team to pass along this information. I’ve recommend they have their IT staff take a look at their parameter firewall, systems and enduser databases for types of security breeches.

Best case scenario, none of this is related. Maybe the Booking.com Email I received just happened because, and no other reason. But if not, and RSI‘s data has been breeched, who knows what type of information could be available from the accounts of actual backers and paying players. I’ll admit, I’m glad I only visited for the free trial.

Best of luck folks

-
Danag

[Deleted User]Gdemami

Comments

  • maskedweaselmaskedweasel Member LegendaryPosts: 12,195
    edited May 2021
    Danag said:
    So, I recently created an account at Robert’s Space Industries to take advantage of the Space Citizen free trial. The email address I used is seldom used, and only used for gaming accounts. Within just a few hours of creating my new account, I started receiving Emails from Booking.com in-regards to apparently having booked a reservation in Pattaya, Thailand under the name of Yorell Lee.

    Having been in IT for over 30 years now, primarily in systems and development, including parameter security and applications, I don’t tend to believe in coincidences.

    I’ve already reached out to their support team to pass along this information. I’ve recommend they have their IT staff take a look at their parameter firewall, systems and enduser databases for types of security breeches.

    Best case scenario, none of this is related. Maybe the Booking.com Email I received just happened because, and no other reason. But if not, and RSI‘s data has been breeched, who knows what type of information could be available from the accounts of actual backers and paying players. I’ll admit, I’m glad I only visited for the free trial.

    Best of luck folks

    Not sure what you get in your spam folder but this could have been some break through spam. Without knowing what the actually email stated it was likely some.kind of phishing email. 

    And while it could be coincidental, I wouldn't put it past RSI to share data with other services all of which could equally be compromised at some point. 

    "Other than as expressly set out in this Privacy Policy, RSI will never share your Personal Data with third parties without your consent.

    RSI may share your Personal Data:

    • with any of our affiliated companies, including Roberts Space Industries International, Ltd., Roberts Space Industries Germany GmbH, Cloud Imperium Games Ltd. f.k.a. Foundry 42 Ltd., Cloud Imperium Games, LLC and Cloud Imperium Games Texas, LLC (individually and collectively “CIG”).
    • any person to whom disclosure is necessary to enable us to enforce our rights under this Privacy Policy or under our Terms of Service (such as law enforcement authorities in case of fraud investigations). The legal basis under GDPR is Art. 6 (1) lit. f GDPR to with defending our rights as legitimate interest.
    • at your request or your direction.
      • Notwithstanding the above, we may share Non-Personal Data except as prohibited by applicable law."

    Not an extensive list of their Privacy or data security policy but you get the gist. 
    Danag



  • WizardryWizardry Member LegendaryPosts: 19,332
    edited May 2021
    Well your account is very likely to be sold or passed on by other websites and not necessarily by  Roberts Space Industries.There is also a chance of your email or user information being hacked from websites.

    You would be surprised at how capable some hackers are.I had a case used on me where they simply asked me a few questions to get to me say yes and recorded my voice saying yes to use for  in some illegal activity.,i ended up calling the government and they got involved and in the end my money returned AND another 500 on top for forged documents and contract agreement using my voice.Point being you need to be very careful at all times.

    Yahoo was fully hacked like 3-5 years ago i lose track of time and denied first being hacked then denied any real breach of user accounts.Well they lied and lawyers were setup to handle any complaints that caused financial harm to users.So you just never know when your personal information will be used to get documents or your emails sold ,websites hacked etc etc.

    It is even possible that a lot of studios hire 3rd party businesses to look after their servers for example and of course as support teams.However with support it is usually just minimal activity like a bunch of nobody's reading off cue cards set BS answers to get rid of you.
    Champie

    Never forget 3 mile Island and never trust a government official or company spokesman.

  • VrikaVrika Member LegendaryPosts: 7,989
    maskedweasel said:

    And while it could be coincidental, I wouldn't put it past RSI to share data with other services all of which could equally be compromised at some point.  
    Whether the data leaks through RSI or one of their partners, that would still be a security problem at RSI until they get it solved.

    But personally I believe that one problem reporting spam e-mails is just a coincidence. If there are multiple people reporting the same happening to them, only then it shows that it's a problem on RSI's end.
    BabuinixScotDanag
     
  • BabuinixBabuinix Member EpicPosts: 4,462
    I've noticed a lot of new players testing the free-flight event this year and this complaint hasn't come up at all. Coincidence mosy likely.
    WalkinGlennDanagErillion
  • MaxBaconMaxBacon Member LegendaryPosts: 7,846
    The internet is a mess in terms of your details not being leaked, because they will, and more than once, it can happen in so many ways beyond a data breach is just painful to even trying to figure out the how of it.

    End of the day what matters is that our accounts are secure, and the multi-facctor authentication using phone/etc do the trick. The spam email on the present day is really the lesser evil. 

    When many reports hit from users of the same service you can kinda pinpoint, and it wouldn't be that hard to create a fresh email to register just on the X place and see if the behavior repeats.
    Danag
  • ScotScot Member LegendaryPosts: 24,426
    Sounds like a coincidence to me, have a nice trip in Thailand btw. :)

    Seriously, it is good to bring anything like this up, just in case.
    BabuinixDanag
  • DanagDanag Member UncommonPosts: 67
    edited May 2021
    Thanks for the feedback and various thoughts of possibilities.  I know the Internet in-general is basically just a hole of craziness, having doing what I’ve been doing for as long as I have.

    My main concern was to inform the other RSI members, so they could at least have the information and be aware.  I tried posting to their own forums, but apparently don’t have permission to create posts, assumingly because I’m not a paid supporter.

    I knew at least MMORPG.com would let me voice my concerns

    Cheers!
    [Deleted User]ScotGdemami

    -
    Danag

Sign In or Register to comment.