Let say this very clearly: Trion Worlds’ security has not been compromised in any way. There has been absolutely no breach of Trion’s servers.
Whats been happening is sadly nothing new: Every day, bots obtain user credentials from various unprotected sites around the Internet, build lists of login and passwords, and try them on Trion’s servers (along with many other sites). If players consistently use simple or repeated passwords across different online services, these bots may get access to their accounts. Because of the current momentum around ArcheAge and RIFT, hundreds of millions of such attempts were made from well over a million different IP addresses in the last few weeks, only a tiny fraction of which have ended up being successful.
The team has already started providing refunds and all players affected by unwanted charges will be automatically refunded.
As previously mentioned, this type of issue is recurrent in the online world and we have actually been working on a solution to address this particular problem for a while now. Coincidentally, starting Thursday, we are adding a new security feature to Glyph to help keep player accounts safe: When players log in from a new computer or a place that we haven’t seen them log in from before, they’ll be asked to verify that it really is them logging in, by entering a code emailed to their account’s primary email address or the code from their authenticator.
Trion Worlds encourages all players to update their existing passwords and to make sure to use different, secure passwords for across the Internet. Players can go here to update their account information immediately, including their passwords and login information:
https://session.trionworlds.com/login. If you believe that this has happened your account and have any questions, please contact Trion Customer Support as soon as possible:
https://support.trionworlds.com/