OpenSSL Heartbleed issue - please change your TERA password

    Dear players,


    Currently in the media you may have seen reports of gap in the security of encrypted data transfer using SSL technology. The first enquiries regarding this topic have now reached us too. At this point we would like to offer some good news: Gameforge does not make use of the affected version of OpenSSL on the majority of its games and websites. However, the game TERA: Rising was affected. It made use of OpenSSL for the login process. We have promptly reacted and have already closed the gaps in the security. We have also changed the certificate. Even so, TERA: Rising players should change their passwords to be on the safe side, even though we have found no evidence suggesting any form of theft. Even if you have only recently changed your password it is important that you once again do so: the data security was only guaranteed after the implementation of the new certificate.


    As a general rule, we recommend you use a combination of usernames and secure passwords whilst using the Internet. The use of the same password for multiple web services increases the danger that third parties will exploit this.
    The use of payment services is not carried out directly by Gameforge, but rather through the servers provided by our partner services. For these providers as much as ourselves, the security of customer data is of the upmost priority.


    Regards,
    The Gameforge Team

    Some nice feature that TERA has that might help.


    1. Login the website http://en.tera.gameforge.com/news/index
    2. Once logged in, go on "Account Managemenet".


    There you can find this:



    Click "To old account management", this will send you to the old website, login again there and click on the tab called "Profile Management".


    3. On the right side you will see "Account protection" and it will probably be disabled like in here:



    4. Click on "Edit" in order to change the settings.
    What I suggest you to have is the following:



    If you have the first one chosen it means that each time another pc tried to login to your account you will have to accept this in your email. You have to enter a code each time you will enter from another computer actually, which can be painful if you use more than one computers but much more secure.


    The second option to de-authorize all other devices it basically resets this setting to not accept, from now on, any device that might have been accepted by default before. So this you will have to do only once now.


    I strongly recommend you to do that.