Unfortunately, this is what happens in F2P games... He gets banned, just go create a new account, rinse, repeat...
The MORE unfortunate thing is that someone from Cryptic will come in here, see his post and close this thread without helping us. That's what's happened to all of the other "got hacked" threads.
0
Options
professorzMember, Neverwinter Beta Users, Neverwinter Hero UsersPosts: 0Arc User
You're both right. It IS sent to the new email address, but his point is that they should require the existing account owner to verify as well. The only time this doesn't work is when someone has lost access to their email account but that's the minority of cases I'm sure.
They should only require the original email address.
Sending anything to a newly changed email without confirmation through the original is just <font color="orange">HAMSTER</font>.
They should only require the original email address.
Sending anything to a newly changed email without confirmation through the original is just <font color="orange">HAMSTER</font>.
Agreed, they shouldn't send anything to the new email until the previous has verified.
Sadly, the community mods (the green names) are just player volunteers, and cant ban or issue infractions. They can only move, edit, and delete posts. It takes an actual employee (red name) to ban. And being the weekend, that is not likely. Notice weekends tend to be the time you see most of this garbage.
0
Options
nakkychanMember, Neverwinter Beta Users, Neverwinter Hero UsersPosts: 0Arc User
if you read my whole post you would see that i stated the confirmation email is sent to the NEW email.
this is one of the flaws in the current system.
I read your whole post, I suggest you read mine. I said that they should send an email to mail address currently bound to the account before allowing a change of email.
I checked for this and there's no keylogger. Don't just assume it's the user that's at fault here.
Sorry but the only person that could cause you to have a hacked pc is yourself. Fine, type out your passwords I really don't care, I was just trying to be helpful. But don't say I didn't warn you.
Sorry but the only person that could cause you to have a hacked pc is yourself. Fine, type out your passwords I really don't care, I was just trying to be helpful. But don't say I didn't warn you.
My point is that my pc hasn't been hacked, my ACCOUNT has been hacked and my view is that it had NOTHING to do with my PC. Given the number of people having the exact same problem, it's pretty clear that something is amiss on the Cryptic side, and as someone else noted, other games, RIFT in particular, blamed customers for weeks until they found that packet manipulation allowed people to not only steal accounts but actually unban themselves too.
0
Options
prowesssssMember, Neverwinter Beta Users, Neverwinter Guardian UsersPosts: 31Arc User
edited May 2013
Since when is it a service provider's responsibility to protect your account?
You should NEVER type your password anywhere. Put it on a notepad file and copy and paste it. You probably need to do some more vigorous security scans. Have you checked for malware? Done any registry scans? The only way someone could steal your info is if you have been lax in your pc security. I'm sorry you lost your stuff though.
Clearly you have no clue of what you are talking about.
More than 80 - 90% of the time, the breach in security is NOT the client but the server/business side! Take this pathetic game for an example. Anyone that knows anything about security knows that the more times you have to log in to a system, the MORE chances that it WILL be breached. So how many times do you/I/anyone that plays this game, has to log in? Personally, I must log in over 50+ times a day. Why? JUST TO CHANGE BETWEEN CHARACTERS!!! This is the most dumbest thing ever, and the biggest security hole.
And btw, most security breaches are NOT key logger hacks, most are PORT SNIFFERS. Big difference. And again, that would only account for roughly less than 15% or so. MOST of the security breaches are AFTER the client(in route to server/business) or AT the server/business itself! So please stop automatically trying to put the blame on the user, when in FACT it is NOT. And next time better inform yourself before you post false nonsense.
Guardian Founderposition in queue:187,978 with 2+ hrs. wait time. So glad I supported PWE and...[SIGPIC][/SIGPIC]
Sorry but the only person that could cause you to have a hacked pc is yourself. Fine, type out your passwords I really don't care, I was just trying to be helpful. But don't say I didn't warn you.
Wow, you are 1000% wrong!!! PLEASE don't give anyone ANY more "so called help" because you are clueless. You do realize that you don't have to even have a friggin computer for someone to hack THE SERVER/BUSINESS side of the equation? Wow, just wow. You really should refrain from posting such wrong, nonsense.
Guardian Founderposition in queue:187,978 with 2+ hrs. wait time. So glad I supported PWE and...[SIGPIC][/SIGPIC]
My point is that my pc hasn't been hacked, my ACCOUNT has been hacked and my view is that it had NOTHING to do with my PC. Given the number of people having the exact same problem, it's pretty clear that something is amiss on the Cryptic side, and as someone else noted, other games, RIFT in particular, blamed customers for weeks until they found that packet manipulation allowed people to not only steal accounts but actually unban themselves too.
BINGO! Someone with some intelligence. This is an absolute possibility. Rather than repeating myself again, I have posted nearly this exact issue already, so I will just end it here.
Guardian Founderposition in queue:187,978 with 2+ hrs. wait time. So glad I supported PWE and...[SIGPIC][/SIGPIC]
You're an idiot and talking ****. I can guarantee you the op was hacked because his security sucks. Trying to blame other people for your bad security is arrogant and stupid. The amount of times you log in has nothing to do with your potential for being hacked that is something a moron who knows nothing would say. So stop trying to put the blame on the client when it is not. And next time don't put incorrect and misleading information when talking about security or are you actually a hacker yourself?
You're an idiot and talking ****. I can guarantee you the op was hacked because his security sucks. Trying to blame other people for your bad security is arrogant and stupid. The amount of times you log in has nothing to do with your potential for being hacked that is something a moron who knows nothing would say. So stop trying to put the blame on the client when it is not. And next time don't put incorrect and misleading information when talking about security or are you actually a hacker yourself?
How can you guarantee the op was hacked? You can't. I won't even comment on the rest of your rant.
Well, I can't understand how you always forget about the easiest way for a "hacker" to get your password: OPEN WIRELESS NETWORKS. (aka sitting in a cafe and surfing the net via free wifi)
Your forum password (=your ingame password) seems to be stored for an unlimited amount of time in a cookie. Forum login does not have an encrypted SSL-Login (no "https" used). Everyone with just a little knowledge can now hijack your current forum session to use your account for whatever they want.
This could apply for wireless networks where your "hacker" knows the network "Passkey".
Learn to use a VPN if you use non-encrypted services in public.
Since when is it a service provider's responsibility to protect your account?
Since forever. I could drum up dozens if not hundreds of examples... It wasn't Sony's fault for their DB breach that had customer logins and other data?
But how about foresight? How about protecting customers from themselves? How about customer experience?
In these cases I can't say who ultimately is at fault here, but have no problem finding out it was the customer using the password many places. But that is why you have authentication. It is 2013. This is a mmo. You don't think about having it, you have it!
You're an idiot and talking ****. I can guarantee you the op was hacked because his security sucks. Trying to blame other people for your bad security is arrogant and stupid. The amount of times you log in has nothing to do with your potential for being hacked that is something a moron who knows nothing would say. So stop trying to put the blame on the client when it is not. And next time don't put incorrect and misleading information when talking about security or are you actually a hacker yourself?
Who's the idiot? You just proved you are. You have no clue what you are talking about, hell, you just stated that I was trying to put the blame on the "client"??? Ahahahahah you don't even know what a client IS? ROFL. You idiot, the CLIENT is YOU/YOUR CPU, LOL moron, which is exactly opposite of what I said. So you maybe you meant the SERVER/BUSINESS side, you dummy. Oh, since you started attacking me by calling me an idiot, you deserve the same, dumbass.
Guardian Founderposition in queue:187,978 with 2+ hrs. wait time. So glad I supported PWE and...[SIGPIC][/SIGPIC]
Well, I can't understand how you always forget about the easiest way for a "hacker" to get your password: OPEN WIRELESS NETWORKS. (aka sitting in a cafe and surfing the net via free wifi)
Your forum password (=your ingame password) seems to be stored for an unlimited amount of time in a cookie. Forum login does not have an encrypted SSL-Login (no "https" used). Everyone with just a little knowledge can now hijack your current forum session to use your account for whatever they want.
This could apply for wireless networks where your "hacker" knows the network "Passkey".
Learn to use a VPN if you use non-encrypted services in public.
Exactly my point, no keylogger needed, no malware. Securtiy breach is just as I said... AFTER the client. BTW, it's not my job to inform anyone else on HOW to hack. I am not a hacker just a very well informed computer user.
Guardian Founderposition in queue:187,978 with 2+ hrs. wait time. So glad I supported PWE and...[SIGPIC][/SIGPIC]
How can you guarantee the op was hacked? You can't. I won't even comment on the rest of your rant.
Wow, you idiots deserve to be hacked. I'm guessing you don't take security precautions either, been hacked recently?...... I'm guessing yes. I put what I did because the op stated he types his password into everything, anyone who has the slightest intelligence will know that's asking for trouble and that's why I can guarantee it's his own fault he was hacked.
Well, I can't understand how you always forget about the easiest way for a "hacker" to get your password: OPEN WIRELESS NETWORKS. (aka sitting in a cafe and surfing the net via free wifi)
Your forum password (=your ingame password) seems to be stored for an unlimited amount of time in a cookie. Forum login does not have an encrypted SSL-Login (no "https" used). Everyone with just a little knowledge can now hijack your current forum session to use your account for whatever they want.
This could apply for wireless networks where your "hacker" knows the network "Passkey".
Learn to use a VPN if you use non-encrypted services in public.
While I agree that this is certainly a point of entry, I wouldn't agree that it's the easiest. Keylogging and phishing are more likely easier than this since it doesn't require proximity to the user's residence/work in order to be an effective breach.
It could be argued that wireless security falls on the customer, and maybe it does, but that would assume that the login credentials are transmitted "in the clear" which would fall on the service provider.
Wow, you idiots deserve to be hacked. I'm guessing you don't take security precautions either, been hacked recently?...... I'm guessing yes. I put what I did because the op stated he types his password into everything, anyone who has the slightest intelligence will know that's asking for trouble and that's why I can guarantee it's his own fault he was hacked.
No need to name call, I never went personal on you. Maybe the op is at fault, maybe he/she is not. The fact is YOU can't guarantee either. We're simply asking PWE/Cryptic for help getting our accounts back.
You are correct that many people use the same credentials and they are compromised due to that. However in the VAST majority of those cases, people's credentials are stolen from weak security systems ELSEWHERE, like forums they frequent. Again, bad security on their part, but NOT the same as their PC being hacked.
As for me personally, I actually work in the games industry and have quite a bit of security experience on major MMO's and handling people's CC's, but hey I'm not here to convince you or anyone else of that. I'm simply trying to help PWE/Cryptic solve their problem and get my account back, in one piece.
Err no the client is the 3rd party program that sends or receives information. You are the user not the client dumbass. Stop trying to make it sound like you know it all when you don't.
Comments
I reported him. Hopefully they'll fix our accounts at the same time they nuke that guy's account.
The MORE unfortunate thing is that someone from Cryptic will come in here, see his post and close this thread without helping us. That's what's happened to all of the other "got hacked" threads.
They should only require the original email address.
Sending anything to a newly changed email without confirmation through the original is just <font color="orange">HAMSTER</font>.
Ugh you might be correct and that would be horribly ironic wouldn't it?
Agreed, they shouldn't send anything to the new email until the previous has verified.
Sadly, the community mods (the green names) are just player volunteers, and cant ban or issue infractions. They can only move, edit, and delete posts. It takes an actual employee (red name) to ban. And being the weekend, that is not likely. Notice weekends tend to be the time you see most of this garbage.
My point is that my pc hasn't been hacked, my ACCOUNT has been hacked and my view is that it had NOTHING to do with my PC. Given the number of people having the exact same problem, it's pretty clear that something is amiss on the Cryptic side, and as someone else noted, other games, RIFT in particular, blamed customers for weeks until they found that packet manipulation allowed people to not only steal accounts but actually unban themselves too.
I assume this is humor.
Clearly you have no clue of what you are talking about.
More than 80 - 90% of the time, the breach in security is NOT the client but the server/business side! Take this pathetic game for an example. Anyone that knows anything about security knows that the more times you have to log in to a system, the MORE chances that it WILL be breached. So how many times do you/I/anyone that plays this game, has to log in? Personally, I must log in over 50+ times a day. Why? JUST TO CHANGE BETWEEN CHARACTERS!!! This is the most dumbest thing ever, and the biggest security hole.
And btw, most security breaches are NOT key logger hacks, most are PORT SNIFFERS. Big difference. And again, that would only account for roughly less than 15% or so. MOST of the security breaches are AFTER the client(in route to server/business) or AT the server/business itself! So please stop automatically trying to put the blame on the user, when in FACT it is NOT. And next time better inform yourself before you post false nonsense.
Wow, you are 1000% wrong!!! PLEASE don't give anyone ANY more "so called help" because you are clueless. You do realize that you don't have to even have a friggin computer for someone to hack THE SERVER/BUSINESS side of the equation? Wow, just wow. You really should refrain from posting such wrong, nonsense.
BINGO! Someone with some intelligence. This is an absolute possibility. Rather than repeating myself again, I have posted nearly this exact issue already, so I will just end it here.
OMG This is one of the dumbest posts I have ever read!! ROFL!!!!
You're right, why would my bank(service provider) be remotely at all responsible to protect my account?!?!? ROFL!!!
I should hope so... cause I am still ROTFLMAO!!!! Hell, I think I just pee'd a little.
How can you guarantee the op was hacked? You can't. I won't even comment on the rest of your rant.
OPEN WIRELESS NETWORKS. (aka sitting in a cafe and surfing the net via free wifi)
Your forum password (=your ingame password) seems to be stored for an unlimited amount of time in a cookie. Forum login does not have an encrypted SSL-Login (no "https" used). Everyone with just a little knowledge can now hijack your current forum session to use your account for whatever they want.
This could apply for wireless networks where your "hacker" knows the network "Passkey".
Learn to use a VPN if you use non-encrypted services in public.
Since forever. I could drum up dozens if not hundreds of examples... It wasn't Sony's fault for their DB breach that had customer logins and other data?
But how about foresight? How about protecting customers from themselves? How about customer experience?
In these cases I can't say who ultimately is at fault here, but have no problem finding out it was the customer using the password many places. But that is why you have authentication. It is 2013. This is a mmo. You don't think about having it, you have it!
Who's the idiot? You just proved you are. You have no clue what you are talking about, hell, you just stated that I was trying to put the blame on the "client"??? Ahahahahah you don't even know what a client IS? ROFL. You idiot, the CLIENT is YOU/YOUR CPU, LOL moron, which is exactly opposite of what I said. So you maybe you meant the SERVER/BUSINESS side, you dummy. Oh, since you started attacking me by calling me an idiot, you deserve the same, dumbass.
Exactly my point, no keylogger needed, no malware. Securtiy breach is just as I said... AFTER the client. BTW, it's not my job to inform anyone else on HOW to hack. I am not a hacker just a very well informed computer user.
Thanks for pointing that out, that is another no-no they are allowing. They have to protect us, because we are their income.
While I agree that this is certainly a point of entry, I wouldn't agree that it's the easiest. Keylogging and phishing are more likely easier than this since it doesn't require proximity to the user's residence/work in order to be an effective breach.
It could be argued that wireless security falls on the customer, and maybe it does, but that would assume that the login credentials are transmitted "in the clear" which would fall on the service provider.
No need to name call, I never went personal on you. Maybe the op is at fault, maybe he/she is not. The fact is YOU can't guarantee either. We're simply asking PWE/Cryptic for help getting our accounts back.
You are correct that many people use the same credentials and they are compromised due to that. However in the VAST majority of those cases, people's credentials are stolen from weak security systems ELSEWHERE, like forums they frequent. Again, bad security on their part, but NOT the same as their PC being hacked.
As for me personally, I actually work in the games industry and have quite a bit of security experience on major MMO's and handling people's CC's, but hey I'm not here to convince you or anyone else of that. I'm simply trying to help PWE/Cryptic solve their problem and get my account back, in one piece.