test content
Logo
What is the Arc Client?
Install Arc
Security Issues
killercoderpt
Member Posts: 0 Arc User
Hi all!
This is what happened to me today and I strongly believe that it must be a security flaw!
I have a strong typed password on my emails, I have a updated antivirus and firewall, also I never go to weird sites neither I fill the ingame user info on other websites! Also I didn't fell in a phishing scheme, since I am very cautious about security!
Today I had my laptop offline all day, and I was out.
When I arrived I saw 3 new emails, that didn't have been read yet! This was the following order, password change request, key to new computer access and confirmation that a new computer was authorized.
I immediatly tried to login but the password was really changed. So I had to request a new one, I logged in and all the AD and a few zens where all gone!
I got hacked by someone!
Now my question is, if I have different passwords, if I don't have a keylogger (otherwise a password change request was not needed), if the emails where yet to be opened and read, and the access to my emails for the last month where only made by my ip address and no records of access to it was done since yesterday untill I got home after 4 hours of the attack.... HOW DID SOMEONE CHANGED MY PASSWORD AND STOLE MY AD!?
I believe there most be some kind of exploit on the recover link generation or something because no one could access that link unless the email message was opened (which didn't happened).
Also I have reports of at least 2 more guys that investigated this issues too and found that no access to the webmail was done neither have entered in "weird" websites or such. And the exact same thing happened... they received those emails yet no external access was done to their mail accounts.
I believe that someone should review this quickly because some knows how the links are generated.
I reported this to the PW team with the IP address of the offender (some American guy) and the times when this ocurred and all this info... I hope to get a refund of the materials stole and I am pretty sure that perfect world have logs to see to where it was transfered.
Thanks!
This is what happened to me today and I strongly believe that it must be a security flaw!
I have a strong typed password on my emails, I have a updated antivirus and firewall, also I never go to weird sites neither I fill the ingame user info on other websites! Also I didn't fell in a phishing scheme, since I am very cautious about security!
Today I had my laptop offline all day, and I was out.
When I arrived I saw 3 new emails, that didn't have been read yet! This was the following order, password change request, key to new computer access and confirmation that a new computer was authorized.
I immediatly tried to login but the password was really changed. So I had to request a new one, I logged in and all the AD and a few zens where all gone!
I got hacked by someone!
Now my question is, if I have different passwords, if I don't have a keylogger (otherwise a password change request was not needed), if the emails where yet to be opened and read, and the access to my emails for the last month where only made by my ip address and no records of access to it was done since yesterday untill I got home after 4 hours of the attack.... HOW DID SOMEONE CHANGED MY PASSWORD AND STOLE MY AD!?
I believe there most be some kind of exploit on the recover link generation or something because no one could access that link unless the email message was opened (which didn't happened).
Also I have reports of at least 2 more guys that investigated this issues too and found that no access to the webmail was done neither have entered in "weird" websites or such. And the exact same thing happened... they received those emails yet no external access was done to their mail accounts.
I believe that someone should review this quickly because some knows how the links are generated.
I reported this to the PW team with the IP address of the offender (some American guy) and the times when this ocurred and all this info... I hope to get a refund of the materials stole and I am pretty sure that perfect world have logs to see to where it was transfered.
Thanks!
Post edited by killercoderpt on
0
Comments
also they tried to get me around 2am saturday morning but everything was there (got email from account guard but nothing past that).
Ability Scores || All Attribute Roll Combinations || My Cleric Stream \o/
You will probably not want to hear this, but im gonna do it anyway :
You used you password before, or you used a password which is common/ (btw, did you use the gateway by any chance ?)
If that aint the case then Cryptic's security has been compomised, but if so you would have probably seen a flood of complaints on this forum (or youre just the first)
People normally don't like to hear this, but it's the user's responsibility for keeping their information safe. No matter how good your system is protected, it does no good at all if you do things you aren't suppose to do. Rarely have I actually seen an account get hacked out of the blue.
It takes over a day or even longer to proof that my email was hacked.
Not saying the OP made mistakes, but its just difficult to blame it all solely on Cryptic in this case.
keep in mind if you do that, and one of those sites gets hacked (for example, like, sony i think 3 years ago) these hackers will hold on to this information and use it on entirely different website/games (like neverwinter) much later on
in short, it isn't about having a strong password, it's about being able to create multiple strong passwords that you can easily remember, i suggest using a random string of four to five words
like horseradishpotatopie for example, it's random enough that you can't guess it at first glance, but it's easy enough to remember since there's no complex number combination or exchanging numbers for letters
Even GW2 made a separate and extensive blogpost about it just to point their customers at the risk of reusing passwords. When they did and people started to change passwords the number of hacked accounts also dropped considerably.
Hotmail for example doesnt. Even then I could hide my IP or better let it tunnel through the same hops the OP was using.
Where's the guarantee they didnt have access to his email account ?
Ehm, my 10 year old brother can hack hotmail...., so the razor aint so sharp no more I would say.
My account was hacked towards the beginning of May as well. I somehow caught it after they changed the e-mail address, but before they changed the password. I was able to change it again without access to the other parties e-mail account since I still had password control over my main account. My password was strong (caps, numbers, and symbols) on both my account and my e-mail.
I ended up changing everything, for whatever that's worth, and reporting it to CS. Any information you can provide CS, you really should. I was able to provide them the e-mail account the hacker changed my access to. I'm sure it was just a dummy account, but at least they could look for a pattern that way.
The long and short of if is, accounts are being hacked. I would guess they're doing it with brute force through scripting since they had my account hacked, but didn't finish the job. Be sure to contact CS and they might be able to recover your goods (especially the Zen since it is heavily tracked). While there could be some sort of security hole with PerfectWorlds, it's just as likely some organization is just pickin' and guessin'.
Actually a lot of people I know in game have all talked about getting new browser/new pc requests randomly from people logging into their accounts (or at least attempting to).
No, Occam's Razor states that the most likely scenario is that he got phished, since that requires the least assumptions.
You've made an implicit assumption that they did not know the current password. Try again.
He has also made the implicit assumption that his password was not already compromised. You're also making the assumption that he is not mistaken or lying.
Yes, because every dissenter is obviously a shill. Would you like to address my valid points, or do you just want to blow me off?
I have not resorted to any straw man tactics; perhaps you should review the meaning of "straw man". Additionally, my points have been that there is no evidence to back up the OP's claims, and that extraordinary claims (such as a game has a hole so large that it allows you to bypass the usual safety and recovery mechanisms) require extraordinary evidence. Consider: if there is a hole of this magnitude, why are there not more reports of this?
And there's the assumption: IF what the OP says is true. Now that I have once again pointed out your flawed reasoning, would you like to try again?
So what you're saying is that you're so blinded by your desire for there to be an exploit of this magnitude that you're willing to disregard reason entirely? OK.
Errr no the only way you can request a password change and then successfully steal an account is if you have access to the email account. Not if you have access to the game system.
So from the OP's story despite claiming otherwise it is clear that the email was hacked.
[SIGPIC][/SIGPIC]