test content
Logo
What is the Arc Client?
Install Arc
Options
So, someone apparently got onto my account while i was at work and deleted my main..?
khalimet
Member Posts: 2 Arc User
Yea...so I got home from work, passed out, woke up and checked my emails and it said,
"Hello (insert account name),
A new computer named "My Browser" has been authorized to your account on May 24, 2013 5:15 p.m. UTC-0700 from the following ip address: 110.178.66.238
If you did not authorize this computer on your account, blah blah blah etc etc"
I didn't freak out, for some reason I figured it might've been a mistake email. None the less, I logged in and find my level 60 character that I spent 60+ dollars on deleted and replaced with a level 1 named "www".
I'm the kind of person who doesn't joke around with account security. I am cautious of the sites I visit, use ESET NOD 32 anti virus software (and scan daily), etc. I'm thinking there's another way to get someones account info. Whether its a site loop hole on here or something, no idea. But I'm pretty certain theres little to no possible way they got the info from my end.
I'm not asking for a refund or my character restored (although, it would be nice seeing as how I spent money that I have nothing to show for now), I'm just posting this so Cryptic will know. Cryptic, I suggest you change things to where you have to accept via email the new ip login before you can do anything. Being at work, for example, and not being able to check emails til you get home, just to find out someone logged onto your account hours after the event, is kind of a slap in the face.
Thanks for the 2 weeks of gameplay.
"Hello (insert account name),
A new computer named "My Browser" has been authorized to your account on May 24, 2013 5:15 p.m. UTC-0700 from the following ip address: 110.178.66.238
If you did not authorize this computer on your account, blah blah blah etc etc"
I didn't freak out, for some reason I figured it might've been a mistake email. None the less, I logged in and find my level 60 character that I spent 60+ dollars on deleted and replaced with a level 1 named "www".
I'm the kind of person who doesn't joke around with account security. I am cautious of the sites I visit, use ESET NOD 32 anti virus software (and scan daily), etc. I'm thinking there's another way to get someones account info. Whether its a site loop hole on here or something, no idea. But I'm pretty certain theres little to no possible way they got the info from my end.
I'm not asking for a refund or my character restored (although, it would be nice seeing as how I spent money that I have nothing to show for now), I'm just posting this so Cryptic will know. Cryptic, I suggest you change things to where you have to accept via email the new ip login before you can do anything. Being at work, for example, and not being able to check emails til you get home, just to find out someone logged onto your account hours after the event, is kind of a slap in the face.
Thanks for the 2 weeks of gameplay.
Post edited by khalimet on
0
This discussion has been closed.
Comments
the person that used your email to get the copy of the verification code, probably deleated that email, but didn't know that a "sucseffully, added new PC" email was also going to be sent.
I'm sorry this happened to you.
You must be right, if they have the verification already then.
silversprite - Never really said it was their fault, just that I was thinking it might be on their end because I'm very cautious. I've learned too many times how serious account security is, and if it was something on my part, it baffles me what that was. Also, no one I know plays NeverWinter. They hate it, lol.
velourian - Nah, in North America. Thanks for the sympathy.
kaninchen - Yea, unfortunately I don't do that because its too easy to get everything you need in this game legit.
I changed my email password to be safe for other games I may play. Just be cautious with ya'lls accounts.
Take care.
Rule 1: Don't ever use the same password in two or more different places, especially re-using your email password.
Rule 2: Humans suck at making strong passwords and remembering them. Use a password manager like Keepass (http://keepass.info/) or PasswordSafe (http://passwordsafe.sourceforge.net/) to generate passwords. You never need to even see or know what the password is, you just copy and paste it.
Rule 3: See Rule 1.
It was my stupid mistake of keeping the password the same as my email. So i changed it, make sure it has a capital letter and at least one alphanumeric, and added security that if they try to log in from another location or computer, they will require a security pin that will be sent to your phone number.
Just to make coming out easier for you I proudly purchased Credits in SWG and Gold in EQ2!
A new computer named “My Browser” has been authorized to your account on May 25, 2013 5:48 a.m. UTC-0700 from the following IP address: 183.71.51.85
So you mean someone logged into my account, verified their computer by logging into my email account? That's a load of bull because my gmail session log states otherwise...
Tons of people lampooned the poor guy for shoddy passwords and using dodgy sites. After several days and the hacks reacjing a huge level some guy found out it was actually some kinda fault, hole in Trions side or somthing. He posted on the forums he was able to enter anyones account at will.
They contacted him pretty **** quick and it was all sorted.
Not for one moment pointing any fingers here. But it's not always the user's ignorance.
BTW OP, you've taken this realy well
EDIT: I might as well come clean and say I used a <font color="orange">HAMSTER</font> password that was 6 characters long, because I generally don't trust third party sites and it looks like I did the right thing
someone gained access to my game account (a Chinese prick of course) while i was using a very simple ("default") password that i use for most websites where security is not an issue.
the mail said:
"A new computer named “My Browser” has been authorized to your account on May 24, 2013 12:51 p.m. UTC-0700 from the following IP address: 61.181.131.34"
i changed my password shortly after.
this mail also mentioned
"For more information about Account Guard, see our FAQ at http://www.crypticstudios.com/accountguard"
i logged in and activated this option.
folks, by default this is NOT active !
it is my opinion (and i sincerely believe that of many other players) that cryptic studios should set this to active by default
other games like Guild Wars 2 also use something similar that requires you to confirm a pin code sent by email.
this happens only if you log in from a "different" location.
i will sent a separate mail to Cryptic Studios to enforce this option asap.
note 1:
now, i wonder what the definition of "location" is.
Location could mean 1 unique ip address which is perfect if you have a static IP
Location could also mean a range of IP addresses.
for example crypticstudios.com = 208.95.185.46 (currently) but their range is : 208.95.184.0/22
(crypticstudios could own other IP ranges also)
location could be defined as coming from an IP in range "208.95.184.0/22" and therefore granted access.
so if someone is hacking your account from the same (ISP) range you're (sorta) screwed because you will not be notified.
Location could also mean a country...
in that case several IP ranges should be added to that definition as most countries have several IP ranges that can not be defined by the number solely.
example : 208.95.185.46 is from the US but 208.95.170.1 could be from Canada for example.. and 208.95.160.1 also from the states again and so on...
you can check your country ranges on this site : http://services.ce3c.be/ciprg/
conclusion : location is a volatile word that has a limited significance.
if each account holder could have access to that definition it would be a great help
note 2:
at home i have a pfsense firewall that can block on countries too but unfortunately
this issue mentioned here can not be covered by my device as the NW servers are not behind this one
ps: feel free to send me some pocket change/coins in game if you like this contribution
Pretty funny that everybody who gets hacked claims to be an IT professional with the best antivirus software money can buy, rofl.
I am sorry but the mere fact you go e-mails sent to your account essentially verifies both your e-mail and you account passwords were compromised so please take appropriate measures to secure your account, e-mail and computer.
Account Related issues can't be solved on the forums, though, so I implore you to contact Customer Support and see what measures they can take. I don't know if they will restore your character but it is at least worth a shot.