Yea...so I got home from work, passed out, woke up and checked my emails and it said,
"Hello (insert account name),
A new computer named "My Browser" has been authorized to your account on May 24, 2013 5:15 p.m. UTC-0700 from the following ip address: 110.178.66.238
If you did not authorize this computer on your account, blah blah blah etc etc"
I didn't freak out, for some reason I figured it might've been a mistake email. None the less, I logged in and find my level 60 character that I spent 60+ dollars on deleted and replaced with a level 1 named "www".
I'm the kind of person who doesn't joke around with account security. I am cautious of the sites I visit, use ESET NOD 32 anti virus software (and scan daily), etc. I'm thinking there's another way to get someones account info. Whether its a site loop hole on here or something, no idea. But I'm pretty certain theres little to no possible way they got the info from my end.
I'm not asking for a refund or my character restored (although, it would be nice seeing as how I spent money that I have nothing to show for now), I'm just posting this so Cryptic will know. Cryptic, I suggest you change things to where you have to accept via email the new ip login before you can do anything. Being at work, for example, and not being able to check emails til you get home, just to find out someone logged onto your account hours after the event, is kind of a slap in the face.
they do have a verification system, it sends you an email with a verification code, then after entering that code, the new PC is accepted as you
the person that used your email to get the copy of the verification code, probably deleated that email, but didn't know that a "sucseffully, added new PC" email was also going to be sent.
0
silverspriteMember, Neverwinter Beta Users, Neverwinter Guardian UsersPosts: 0Arc User
edited May 2013
sad to say but its not Perfect Worlds fault that you were hacked, and also sad to say many times people are hacked by someone they know, especially when its something as serious as deleting a character. I know when my son got hacked (in other games) he would usually log in to find his character stripped naked and absolutely nothing left in his bank or inventory, but never were his characters deleted.
Are you in China? It seems very strange that this game would not flag the account and DC whoever logged in if you are in North America and all the sudden someone from China logs in. The game really needs this safety feature.
I'm sorry this happened to you.
0
kaninchenMember, Neverwinter Beta UsersPosts: 0Arc User
edited May 2013
This happens a lot when people buy "services" from certain unofficial websites..the fact that you're posting here instead of submitting a ticket or getting on the phone with customer service makes it seem like you're accepting your guilt.
Sounds like someone has the password and login for the email account you use for Neverwinter. And if you use that same email address for other accounts, then they likely will be hitting those soon as well.
the person that used your email to get the copy of the verification code, probably deleated that email, but didn't know that a "sucseffully, added new PC" email was also going to be sent.
You must be right, if they have the verification already then.
silversprite - Never really said it was their fault, just that I was thinking it might be on their end because I'm very cautious. I've learned too many times how serious account security is, and if it was something on my part, it baffles me what that was. Also, no one I know plays NeverWinter. They hate it, lol.
velourian - Nah, in North America. Thanks for the sympathy.
kaninchen - Yea, unfortunately I don't do that because its too easy to get everything you need in this game legit.
I changed my email password to be safe for other games I may play. Just be cautious with ya'lls accounts.
Khalimet, the reason I asked if you are in China is because that's where that IP is. I wonder if you made a player from China mad because you were level 60 ;-) Or they could have just used a fake IP :-/
Rule 1: Don't ever use the same password in two or more different places, especially re-using your email password. Rule 2: Humans suck at making strong passwords and remembering them. Use a password manager like Keepass (http://keepass.info/) or PasswordSafe (http://passwordsafe.sourceforge.net/) to generate passwords. You never need to even see or know what the password is, you just copy and paste it. Rule 3: See Rule 1.
i got hacked once before on rift, they got my character banned when they used it to advertise gold they were selling.
It was my stupid mistake of keeping the password the same as my email. So i changed it, make sure it has a capital letter and at least one alphanumeric, and added security that if they try to log in from another location or computer, they will require a security pin that will be sent to your phone number.
Come on now, tell us. No one here is going to judge you. Did you buy Gold or Astral Diamonds or anything like that in this or any other game?
Just to make coming out easier for you I proudly purchased Credits in SWG and Gold in EQ2!
0
botcher233Member, Neverwinter Beta Users, Neverwinter Guardian UsersPosts: 3Arc User
edited May 2013
I actually got the same message a few minutes ago. Got on before anything could happen (if it was going to). It's highly unlikely anyone got into my email though, as I would've gotten a few messages to confirm due to two-step verification(also, I don't use repeat passwords). Not to mention, my phone would still have the previously sync'd confirmation code as it doesn't auto-delete messages deleted via my desktop email, only displays them (I have to manually wipe them from my phone each time I do a clean-up). Just filed a support ticket, we'll see where this leads I guess. Changing passwords all over the place, just in case.
You know it's almost imperative that you have a quality anti virus/anti malware suite that has built in a keystroke scrambler..if you're using a freebee you're getting what you are paying for. I also never type in a password with my keyboard, and finally the cheap gold and AD is a lie.
A new computer named “My Browser” has been authorized to your account on May 25, 2013 5:48 a.m. UTC-0700 from the following IP address: 183.71.51.85
So you mean someone logged into my account, verified their computer by logging into my email account? That's a load of bull because my gmail session log states otherwise...
Last time I saw that kind of statement on a board was in Rift.
Tons of people lampooned the poor guy for shoddy passwords and using dodgy sites. After several days and the hacks reacjing a huge level some guy found out it was actually some kinda fault, hole in Trions side or somthing. He posted on the forums he was able to enter anyones account at will.
They contacted him pretty **** quick and it was all sorted.
Not for one moment pointing any fingers here. But it's not always the user's ignorance.
BTW OP, you've taken this realy well I'd be a tad more miffed than yourself !
I want to add that I'm quite good when it comes to IT security and I simply _don't_ get hacked, more or less impossible :P. They did not get the password from me that I can tell you, and they have not verified the new computer through my email account either.
EDIT: I might as well come clean and say I used a HAMSTER password that was 6 characters long, because I generally don't trust third party sites and it looks like I did the right thing .
I had a similar issue recently.
someone gained access to my game account (a Chinese prick of course) while i was using a very simple ("default") password that i use for most websites where security is not an issue.
the mail said:
"A new computer named “My Browser” has been authorized to your account on May 24, 2013 12:51 p.m. UTC-0700 from the following IP address: 61.181.131.34"
folks, by default this is NOT active !
it is my opinion (and i sincerely believe that of many other players) that cryptic studios should set this to active by default
other games like Guild Wars 2 also use something similar that requires you to confirm a pin code sent by email.
this happens only if you log in from a "different" location.
i will sent a separate mail to Cryptic Studios to enforce this option asap.
note 1:
now, i wonder what the definition of "location" is.
Location could mean 1 unique ip address which is perfect if you have a static IP
Location could also mean a range of IP addresses.
for example crypticstudios.com = 208.95.185.46 (currently) but their range is : 208.95.184.0/22
(crypticstudios could own other IP ranges also)
location could be defined as coming from an IP in range "208.95.184.0/22" and therefore granted access.
so if someone is hacking your account from the same (ISP) range you're (sorta) screwed because you will not be notified.
Location could also mean a country...
in that case several IP ranges should be added to that definition as most countries have several IP ranges that can not be defined by the number solely.
example : 208.95.185.46 is from the US but 208.95.170.1 could be from Canada for example.. and 208.95.160.1 also from the states again and so on...
you can check your country ranges on this site : http://services.ce3c.be/ciprg/
conclusion : location is a volatile word that has a limited significance.
if each account holder could have access to that definition it would be a great help
note 2:
at home i have a pfsense firewall that can block on countries too but unfortunately
this issue mentioned here can not be covered by my device as the NW servers are not behind this one
ps: feel free to send me some pocket change/coins in game if you like this contribution
Last time I saw that kind of statement on a board was in Rift.
Tons of people lampooned the poor guy for shoddy passwords and using dodgy sites. After several days and the hacks reacjing a huge level some guy found out it was actually some kinda fault, hole in Trions side or somthing. He posted on the forums he was able to enter anyones account at will.
They contacted him pretty **** quick and it was all sorted.
Not for one moment pointing any fingers here. But it's not always the user's ignorance.
BTW OP, you've taken this realy well I'd be a tad more miffed than yourself !
Yea...so I got home from work, passed out, woke up and checked my emails and it said,
"Hello (insert account name),
A new computer named "My Browser" has been authorized to your account on May 24, 2013 5:15 p.m. UTC-0700 from the following ip address: 110.178.66.238
If you did not authorize this computer on your account, blah blah blah etc etc"
I didn't freak out, for some reason I figured it might've been a mistake email. None the less, I logged in and find my level 60 character that I spent 60+ dollars on deleted and replaced with a level 1 named "www".
I'm the kind of person who doesn't joke around with account security. I am cautious of the sites I visit, use ESET NOD 32 anti virus software (and scan daily), etc. I'm thinking there's another way to get someones account info. Whether its a site loop hole on here or something, no idea. But I'm pretty certain theres little to no possible way they got the info from my end.
I'm not asking for a refund or my character restored (although, it would be nice seeing as how I spent money that I have nothing to show for now), I'm just posting this so Cryptic will know. Cryptic, I suggest you change things to where you have to accept via email the new ip login before you can do anything. Being at work, for example, and not being able to check emails til you get home, just to find out someone logged onto your account hours after the event, is kind of a slap in the face.
Thanks for the 2 weeks of gameplay.
Pretty funny that everybody who gets hacked claims to be an IT professional with the best antivirus software money can buy, rofl.
0
ambisinisterrMember, Neverwinter ModeratorPosts: 10,462Community Moderator
edited May 2013
Based on the information you supplied the person has access to both your e-mail and your Neverwinter Account which is the likely reason anybody loses their security on Neverwinter.
I am sorry but the mere fact you go e-mails sent to your account essentially verifies both your e-mail and you account passwords were compromised so please take appropriate measures to secure your account, e-mail and computer.
Account Related issues can't be solved on the forums, though, so I implore you to contact Customer Support and see what measures they can take. I don't know if they will restore your character but it is at least worth a shot.
Comments
the person that used your email to get the copy of the verification code, probably deleated that email, but didn't know that a "sucseffully, added new PC" email was also going to be sent.
I'm sorry this happened to you.
You must be right, if they have the verification already then.
silversprite - Never really said it was their fault, just that I was thinking it might be on their end because I'm very cautious. I've learned too many times how serious account security is, and if it was something on my part, it baffles me what that was. Also, no one I know plays NeverWinter. They hate it, lol.
velourian - Nah, in North America. Thanks for the sympathy.
kaninchen - Yea, unfortunately I don't do that because its too easy to get everything you need in this game legit.
I changed my email password to be safe for other games I may play. Just be cautious with ya'lls accounts.
Take care.
Rule 1: Don't ever use the same password in two or more different places, especially re-using your email password.
Rule 2: Humans suck at making strong passwords and remembering them. Use a password manager like Keepass (http://keepass.info/) or PasswordSafe (http://passwordsafe.sourceforge.net/) to generate passwords. You never need to even see or know what the password is, you just copy and paste it.
Rule 3: See Rule 1.
It was my stupid mistake of keeping the password the same as my email. So i changed it, make sure it has a capital letter and at least one alphanumeric, and added security that if they try to log in from another location or computer, they will require a security pin that will be sent to your phone number.
Just to make coming out easier for you I proudly purchased Credits in SWG and Gold in EQ2!
A new computer named “My Browser” has been authorized to your account on May 25, 2013 5:48 a.m. UTC-0700 from the following IP address: 183.71.51.85
So you mean someone logged into my account, verified their computer by logging into my email account? That's a load of bull because my gmail session log states otherwise...
Tons of people lampooned the poor guy for shoddy passwords and using dodgy sites. After several days and the hacks reacjing a huge level some guy found out it was actually some kinda fault, hole in Trions side or somthing. He posted on the forums he was able to enter anyones account at will.
They contacted him pretty **** quick and it was all sorted.
Not for one moment pointing any fingers here. But it's not always the user's ignorance.
BTW OP, you've taken this realy well I'd be a tad more miffed than yourself !
EDIT: I might as well come clean and say I used a HAMSTER password that was 6 characters long, because I generally don't trust third party sites and it looks like I did the right thing .
someone gained access to my game account (a Chinese prick of course) while i was using a very simple ("default") password that i use for most websites where security is not an issue.
the mail said:
"A new computer named “My Browser” has been authorized to your account on May 24, 2013 12:51 p.m. UTC-0700 from the following IP address: 61.181.131.34"
i changed my password shortly after.
this mail also mentioned
"For more information about Account Guard, see our FAQ at http://www.crypticstudios.com/accountguard"
i logged in and activated this option.
folks, by default this is NOT active !
it is my opinion (and i sincerely believe that of many other players) that cryptic studios should set this to active by default
other games like Guild Wars 2 also use something similar that requires you to confirm a pin code sent by email.
this happens only if you log in from a "different" location.
i will sent a separate mail to Cryptic Studios to enforce this option asap.
note 1:
now, i wonder what the definition of "location" is.
Location could mean 1 unique ip address which is perfect if you have a static IP
Location could also mean a range of IP addresses.
for example crypticstudios.com = 208.95.185.46 (currently) but their range is : 208.95.184.0/22
(crypticstudios could own other IP ranges also)
location could be defined as coming from an IP in range "208.95.184.0/22" and therefore granted access.
so if someone is hacking your account from the same (ISP) range you're (sorta) screwed because you will not be notified.
Location could also mean a country...
in that case several IP ranges should be added to that definition as most countries have several IP ranges that can not be defined by the number solely.
example : 208.95.185.46 is from the US but 208.95.170.1 could be from Canada for example.. and 208.95.160.1 also from the states again and so on...
you can check your country ranges on this site : http://services.ce3c.be/ciprg/
conclusion : location is a volatile word that has a limited significance.
if each account holder could have access to that definition it would be a great help
note 2:
at home i have a pfsense firewall that can block on countries too but unfortunately
this issue mentioned here can not be covered by my device as the NW servers are not behind this one
ps: feel free to send me some pocket change/coins in game if you like this contribution
Pretty funny that everybody who gets hacked claims to be an IT professional with the best antivirus software money can buy, rofl.
I am sorry but the mere fact you go e-mails sent to your account essentially verifies both your e-mail and you account passwords were compromised so please take appropriate measures to secure your account, e-mail and computer.
Account Related issues can't be solved on the forums, though, so I implore you to contact Customer Support and see what measures they can take. I don't know if they will restore your character but it is at least worth a shot.