I hope PW/Cryptic logs all transactions, because if they do, they could easily.....oh wait they set all emails more than a week old to solved status with no answer, never mind.
Occam's Razor states the most likely scenario is that there is a security hole in the game.
Seriously? You think that it's more likely that there is a mysterious security hole in the game, that seems to be only used to hack the OP's account at this time, than the fact that all this is probably OP's fault (he fell for a scam or "just wanted to buy some AD so much" or that he uses the same e-mail/username and password combo on multiple sites) and he is just trying to cover it up and play little innocent victim.
P.S. I dont know about your e-mail, but mine comes with an option to mark mail as un-read
The other day the email my cousin registered his Cryptic Account with was hacked, definitely something to look into Cryptic, I even have heard a ton of founders were losing their accounts, hope it gets resolved shortly.
Foundry Missions ;
By ; @pestilence149
Gladiators of Dhara (Easy) & (Hard)
ELIGIBLE FOR THE DAILY FOUNDRY REWARDS!
Search by Best : Name/Summary/Short-Code ; Gladiators
NW-DJJS7OWZI (For easy)
NW-DPT9I8RKF (For hard)
Any feedback and suggestions are welcome please enjoy!
My account was also hacked and all my diamonds and zen were stolen. It has been over a week and I still have not heard anything back from PWE very frustrating! I know the hacker did not access my email because I have the text code to cellphone security option turned on for the gmail I use for the game. I also checked the IPs that accessed my email and noone but me was listed. I received an email stating a new computer had been saved for my account without the prior code email. My password was unique and only for this game and this computer is only a few weeks old and I have not accessed anything that should have had keyloggers. I did double check by checking for viruses and spyware and found none. I went to the Star Trek Online Account page and went into Account Guard and found they had turned it off so I turned it back on and of course changed my password again. I did use the gateway to craft before the hack and wonder if that is how they got my account information. Even though I enjoy the convience of crafting through the gateway I am too afraid of getting hacked again to use it again.
This is the exact same situation... the same modus operandi!
So there must be a flaw on the password recovery link!
I think that it may not be so dificult to bypass the email, if somehow the guy who is doing this have found a pattern on the hash generated to the password recovery or somehow knows the algorithm that generates because it may be used on other systems too
What happens is that when you request a password the link becomes active untill you go there! And that means that if you somehow know a good way to find the hash on the link, even if using brute force. It can be done! easily!
I am trying to get more information about the hash code on the link because I KNOW that the flaw is in there. I'm pretty 100% sure that my email account has not been compromised, neither I bought AD or Zen or third party!
I know this must make sense since that hash code is not completely random
Dont forget either that its not entirely out of the question to wonder about the forums. It IS VBulletin you know. Even low level wanna bes can find good stuff on messing with it and if a pro group really thought it was worth the time, I'd say its not out of the question too.
Best we can hope for is if it continues, they find it.
[SIGPIC][/SIGPIC]
Still trying to find a reference to AD in my AD&D Manuals.
It could very possibly be that there is a hole of this magnitude, and people like yourself just assumed that the people getting hacked are dumbasses that can't secure their computer and information. Besides, it's better to be cautious of a possible system exploit this huge, rather than ignore it and mutter, "inconceivable!" to yourself.
It also could very possibly be that he is loaded with a rootkit that he has not (and in fact cannot from usermode) detect. Without more information than the OP's word, it's just not possible to determine the truth of the matter.
It's never better to be cautious purely for the sake of being cautious--the only thing that leads to is wasted time suspecting everything unnecessarily.
Your point is your own counterpoint...what if the OP says is true? Are you willing to ignore it just because you don't want to believe it?
It's not that I "don't want to believe it", it's that there's no positive evidence for it. Provide me some concrete positive evidence and then I'll start believing; until then, it's all hearsay.
It also is not very necessary for the Ad Hominems, it only makes your argument appear weaker and makes you look more trollish.
If you think that's an ad hominem, then you're sorely mistaken. That's merely snarky. I'd really suggest you go read over logical fallacies again at this point, because it's very clear you have no idea what any of them are or mean.
I notice you still aren't counterpointing my argument here, rather just calling me and the OP liars and idiots. Attack the argument, not the person.
I have counterpointed your argument twice; you have yet to provide concrete positive evidence--you are merely speculating and taking the OP's word as solid fact.
It also could very possibly be that he is loaded with a rootkit that he has not (and in fact cannot from usermode) detect. Without more information than the OP's word, it's just not possible to determine the truth of the matter.
It's never better to be cautious purely for the sake of being cautious--the only thing that leads to is wasted time suspecting everything unnecessarily.
It's not that I "don't want to believe it", it's that there's no positive evidence for it. Provide me some concrete positive evidence and then I'll start believing; until then, it's all hearsay.
If you think that's an ad hominem, then you're sorely mistaken. That's merely snarky. I'd really suggest you go read over logical fallacies again at this point, because it's very clear you have no idea what any of them are or mean.
I have counterpointed your argument twice; you have yet to provide concrete positive evidence--you are merely speculating and taking the OP's word as solid fact.
You are being blind with your cepticism!
If in fact there was a root kit that was keylogging or some kind of stealling there would be no need to try to retrieve the password, they would just log in and there would be any emails except the guard system saying that someone asked for authorization!
Also once again there was no logs of another ipaddress on the gmail neither the emails from neverwinter where opened when I found it out!
I believe that you only get more evidences if I send you screenshots. If you don't believe don't even bother aswering to this topic!
*Logs into your email*
*Accepts password change* *MARKS MESSAGES AS UNREAD*
*Logs into account* /trollface
*Steals everything while laughing*
People seem to forget that you can mark emails as unread even if you have read them. :rolleyes:
Thought I should be helpful as well: Check your email account to see where it was logged into from over the past couple of days, if it wasn't logged into by an IP you don't recognize then it would seem there's something fishy in Denmark indeed...
*Logs into your email*
*Accepts password change* *MARKS MESSAGES AS UNREAD*
*Logs into account* /trollface
*Steals everything while laughing*
People seem to forget that you can mark emails as unread even if you have read them. :rolleyes:
Thought I should be helpful as well: Check your email account to see where it was logged into from over the past couple of days, if it wasn't logged into by an IP you don't recognize then it would seem there's something fishy in Denmark indeed...
As I told before: No accesses from anyone besides me for the last days...
0
mitoteMember, Neverwinter Beta Users, Neverwinter Hero UsersPosts: 42Arc User
You guys are missing the part where they completely bypassed his email. They changed his password and email on his account without access to his email account. Meaning the security checks are completely worthless.
EXACTLY.
I started a thread as i had the same problem. I was hacked without my email being compromised.
IT IS ON PWE SIDE.
ACCOUNTS ARE NOT SAFE.
PLAYERS THAT BOUGHT FOUNDERS PACK ARE ESPECIALLY TARGETED.
0
mitoteMember, Neverwinter Beta Users, Neverwinter Hero UsersPosts: 42Arc User
Thought I should be helpful as well: Check your email account to see where it was logged into from over the past couple of days, if it wasn't logged into by an IP you don't recognize then it would seem there's something fishy in Denmark indeed...
Gmail has this option. My email was accessed only from my IP. Still my account was hacked and a new web browser from an IRAN IP was saved on their part as "safe".
Gmail has this option. My email was accessed only from my IP. Still my account was hacked and a new web browser from an IRAN IP was saved on their part as "safe".
I am almost 100% sure that the problems is on the hash generated to create the link! It is probably generated with data like username / timastamp or something easy to get it! If the attacker knows by change what is inside the hash it will probably try to generate a bunch of codes to get the correct link!
This is speculation, although it's a real scenario... there are a bunch of ppl getting hacked in this way!
0
mitoteMember, Neverwinter Beta Users, Neverwinter Hero UsersPosts: 42Arc User
edited June 2013
It's interesting how a topic about the health of trash mobs of some random dragon got an insta reply from PW.
And on topics like this one they are completely silent.
It's interesting how a topic about the health of trash mobs of some random dragon got an insta reply from PW.
And on topics like this one they are completely silent.
Remember you are dealing with coders who stored editable information on the client.
[SIGPIC][/SIGPIC]
Still trying to find a reference to AD in my AD&D Manuals.
It's interesting how a topic about the health of trash mobs of some random dragon got an insta reply from PW.
And on topics like this one they are completely silent.
Because the nanosecond they admit to something being faulty on their end they just opened the door to undisputed chargebacks. If it is maintained that users should be more security oriented however.....
0
mitoteMember, Neverwinter Beta Users, Neverwinter Hero UsersPosts: 42Arc User
edited June 2013
Well I am just gonna add on the forums every day that passes w/o an oficial answer on my ticket (except the standard macro).
Day 11 for me.
Seems like every day I log onto the forums thats another thread or two talking about their account being hacked. Who wants to buy a founder pack knowing that they just turned themselves into a target for having their stuff taken by a third party, with all the white knights constantly repeating its their own fault because they totally must have re-used a password or fell for some phishing email, while completely dismissing the sheer quantity of occurrences compared to other MMOs.
Marking your email read is a client-side thing, so that part's not a mystery; they could simply mark those emails unread to confuse you, or be reading a forwarded copy, or be reading them directly at the server as they come in (depending on your email provider, they are either stored in files on a filesystem or in a database, and either can be read directly). This has to be somebody with access to your email; they had to get that Account Guard code from it somehow.
You might check and make sure your email hasn't been set to forward a copy of all mails to a second address.
0
mitoteMember, Neverwinter Beta Users, Neverwinter Hero UsersPosts: 42Arc User
Marking your email read is a client-side thing, so that part's not a mystery; they could simply mark those emails unread to confuse you, or be reading a forwarded copy, or be reading them directly at the server as they come in (depending on your email provider, they are either stored in files on a filesystem or in a database, and either can be read directly). This has to be somebody with access to your email; they had to get that Account Guard code from it somehow.
You might check and make sure your email hasn't been set to forward a copy of all mails to a second address.
We already established that part.
But how do you explain that my gmail account was accessed ONLY BY ME (my IP) ? (gmail can show that). And I still got hacked.
Most likely the flaw here is that his login is the same as his @game name which is the same as his email address. So it was easy for the cracker to figure out his email address. With that it was probably a web mail account which itself is compromised. The hacker just needed to reset the password, use the OP's email account to click the link, change the password, authorize the new computer, and then buy your character something neat from the ah from the cracker's mule for the total amount of AD in your account, email the gold to a mule, and leave.
I don't think he was a hacker (he didn't use any tools to break your email password - just some list a hacker made) and walla he was able to get into your stuff.
0
mitoteMember, Neverwinter Beta Users, Neverwinter Hero UsersPosts: 42Arc User
edited June 2013
Password was NOT reset (in my case).
Also Gmail address was accessed only from MY IP (telling this like a gazillion time now).
Gmail address was not changed/hacked. They bypassed the whole email code verification.
What's your "Grant Access" look like? What does your forwarding and pop/Imap look like, what is in your sent folder? You never use your cell, etc to open your gmail? You have a static IP? Do you have roommates/family? Your email is the most likely weak spot, and no no one needs mark an email read if they preview it. Email esp is the source since they did authorize themselves to use their computer using your account, which requires email access to get the code.
Password was NOT reset (in my case).
Also Gmail address was accessed only from MY IP (telling this like a gazillion time now).
Gmail address was not changed/hacked. They bypassed the whole email code verification.
The exact same thing happened to me. My gmail was not even sent an email verification code just the email for a new computer added. I have two step verification on my gmail and no IP accessed my gmail but me. This has me so confused. And the password was only for NW and a mixture of numbers, symbols, upper and lower case letters.
What's your "Grant Access" look like? What does your forwarding and pop/Imap look like, what is in your sent folder? You never use your cell, etc to open your gmail? You have a static IP? Do you have roommates/family? Your email is the most likely weak spot, and no no one needs mark an email read if they preview it. Email esp is the source since they did authorize themselves to use their computer using your account, which requires email access to get the code.
I have two step authentication turned on which requires text code from my phone to get into my email. No forwarding or pop/imap turned on. Never use phone to check this email. My husband does not need to know email info for this seperate game email. Nothing unusual in sent folder. No static IP.
Comments
Seriously? You think that it's more likely that there is a mysterious security hole in the game, that seems to be only used to hack the OP's account at this time, than the fact that all this is probably OP's fault (he fell for a scam or "just wanted to buy some AD so much" or that he uses the same e-mail/username and password combo on multiple sites) and he is just trying to cover it up and play little innocent victim.
P.S. I dont know about your e-mail, but mine comes with an option to mark mail as un-read
By ; @pestilence149
Gladiators of Dhara (Easy) & (Hard)
ELIGIBLE FOR THE DAILY FOUNDRY REWARDS!
Search by Best : Name/Summary/Short-Code ; Gladiators
NW-DJJS7OWZI (For easy)
NW-DPT9I8RKF (For hard)
Any feedback and suggestions are welcome please enjoy!
This is the exact same situation... the same modus operandi!
So there must be a flaw on the password recovery link!
What happens is that when you request a password the link becomes active untill you go there! And that means that if you somehow know a good way to find the hash on the link, even if using brute force. It can be done! easily!
I am trying to get more information about the hash code on the link because I KNOW that the flaw is in there. I'm pretty 100% sure that my email account has not been compromised, neither I bought AD or Zen or third party!
I know this must make sense since that hash code is not completely random
Best we can hope for is if it continues, they find it.
It also could very possibly be that he is loaded with a rootkit that he has not (and in fact cannot from usermode) detect. Without more information than the OP's word, it's just not possible to determine the truth of the matter.
It's never better to be cautious purely for the sake of being cautious--the only thing that leads to is wasted time suspecting everything unnecessarily.
It's not that I "don't want to believe it", it's that there's no positive evidence for it. Provide me some concrete positive evidence and then I'll start believing; until then, it's all hearsay.
If you think that's an ad hominem, then you're sorely mistaken. That's merely snarky. I'd really suggest you go read over logical fallacies again at this point, because it's very clear you have no idea what any of them are or mean.
I have counterpointed your argument twice; you have yet to provide concrete positive evidence--you are merely speculating and taking the OP's word as solid fact.
You are being blind with your cepticism!
If in fact there was a root kit that was keylogging or some kind of stealling there would be no need to try to retrieve the password, they would just log in and there would be any emails except the guard system saying that someone asked for authorization!
Also once again there was no logs of another ipaddress on the gmail neither the emails from neverwinter where opened when I found it out!
I believe that you only get more evidences if I send you screenshots. If you don't believe don't even bother aswering to this topic!
*Accepts password change*
*MARKS MESSAGES AS UNREAD*
*Logs into account* /trollface
*Steals everything while laughing*
People seem to forget that you can mark emails as unread even if you have read them. :rolleyes:
Thought I should be helpful as well: Check your email account to see where it was logged into from over the past couple of days, if it wasn't logged into by an IP you don't recognize then it would seem there's something fishy in Denmark indeed...
As I told before: No accesses from anyone besides me for the last days...
EXACTLY.
I started a thread as i had the same problem. I was hacked without my email being compromised.
IT IS ON PWE SIDE.
ACCOUNTS ARE NOT SAFE.
PLAYERS THAT BOUGHT FOUNDERS PACK ARE ESPECIALLY TARGETED.
Gmail has this option. My email was accessed only from my IP. Still my account was hacked and a new web browser from an IRAN IP was saved on their part as "safe".
I am almost 100% sure that the problems is on the hash generated to create the link! It is probably generated with data like username / timastamp or something easy to get it! If the attacker knows by change what is inside the hash it will probably try to generate a bunch of codes to get the correct link!
This is speculation, although it's a real scenario... there are a bunch of ppl getting hacked in this way!
And on topics like this one they are completely silent.
Remember you are dealing with coders who stored editable information on the client.
Because the nanosecond they admit to something being faulty on their end they just opened the door to undisputed chargebacks. If it is maintained that users should be more security oriented however.....
Day 11 for me.
You might check and make sure your email hasn't been set to forward a copy of all mails to a second address.
We already established that part.
But how do you explain that my gmail account was accessed ONLY BY ME (my IP) ? (gmail can show that). And I still got hacked.
I don't think he was a hacker (he didn't use any tools to break your email password - just some list a hacker made) and walla he was able to get into your stuff.
Also Gmail address was accessed only from MY IP (telling this like a gazillion time now).
Gmail address was not changed/hacked.
They bypassed the whole email code verification.
The exact same thing happened to me. My gmail was not even sent an email verification code just the email for a new computer added. I have two step verification on my gmail and no IP accessed my gmail but me. This has me so confused. And the password was only for NW and a mixture of numbers, symbols, upper and lower case letters.
I have two step authentication turned on which requires text code from my phone to get into my email. No forwarding or pop/imap turned on. Never use phone to check this email. My husband does not need to know email info for this seperate game email. Nothing unusual in sent folder. No static IP.