test content
Logo
What is the Arc Client?
Install Arc
How to PREVENT your Account from being Hacked
bobhunter1
Member Posts: 67 Arc User
I've been reading Neverwinter forums for quite some time now and only recently starting to see myriad of posts regarding accounts being hacked. I've experienced many other online games before and never have I seen complaints rate matching what we are seeing these past few weeks (normally only once every 3 months or so). At this point, I believe I'm not the only person here who is starting to worry about my Neverwinter Account & Personal Email being compromised and would like to request Developers/Moderators to help clear this up for the players by creating a Sticky Thread with FAQ addressing some of the questions & concerns below.
To update those who have not been keeping up with the forums recently, here are the topics & dates of each Closed Thread regarding this subject. As to abide by the Rules, I am not posting any direct link to these threads, but will instead share some of the comments - which raised many questions - below.
Where do we store valuable items if Personal Inventory & Personal Bank can't be restored - Shared Bank Slots, Mail Box?
If possible, we would also like Developers to share the #1 reason that compromised players reported as being the culprit for their Neverwinter Accounts being compromised. This is so we players can educate ourselves and do our best to avoid them in the future.
Thank you in advance
To update those who have not been keeping up with the forums recently, here are the topics & dates of each Closed Thread regarding this subject. As to abide by the Rules, I am not posting any direct link to these threads, but will instead share some of the comments - which raised many questions - below.
A lesson for all (2014-12-21; Joined: Jul 2014)
Is it possible to retrieve what i had lost? (2014-12-24; Joined: May 2014)
Problem , more ppl having it! Need talk staff now (2014-01-01; Joined: Nov 2014)
What happend to my characters (2014-01-02; Joined: May 2013)
Is it possible to retrieve what i had lost? (2014-12-24; Joined: May 2014)
Problem , more ppl having it! Need talk staff now (2014-01-01; Joined: Nov 2014)
What happend to my characters (2014-01-02; Joined: May 2013)
Do players get their Astral Diamond & Zen restored on each character?oldbaldyone wrote:There is nothing anyone can do for you on the forums regardless of how many screenshots you have. From what you say and what you've shown, your account has been compromised. They sold or traded away everything they could to their account and left you dry.
Put in a support ticket in game and tell them what happened, and specifically when. What will happen is they will revert your account back to the time prior to the time the hacker got in (if you are lucky that is). Your stuff will come back to what it was at that time so you might still lose some stuff, but it is the only option.
Good luck.
Cryptic - This does seem to happen a lot. I'm usually of the mind that this is usually the victims fault (going to wrong site, non-secure password, untrustworthy friends or shared accounts). Having this happen to me (I only access the system with all security options on, secured passwords and an encrypted laptop)...seems there is some security flaw that folks are able to bypass.
PS players - if you have a personal guild storage, dont store valuables in it as they will not restore anything that was on your personal inventory or personal bank.
Where do we store valuable items if Personal Inventory & Personal Bank can't be restored - Shared Bank Slots, Mail Box?
When one's Neverwinter Account is hacked, does that always mean their Personal Email Password (assuming different from their Neverwinter Account Password) has been compromised as well? (This is very important)destinyknight wrote:When it happened to me, I'd usually get an email saying my account was accessed from a different Ip (usually when its myself when something odd happens to my net) and again when i accessed the game from a different computer (but still in the same house using the same net), but that didnt happen when my own account got compromised some time ago.
Is this true regarding times away increasing the chance of Accounts being hacked?vasdamas wrote:Most likely, you got hacked I heard way too many and seen enough posts/threads about people getting their account robbed in the same way. For some reason those who took a long vacation from the game always get their accounts hacked
Was there ever a known issue relating to Server Transfer before?magenubbie wrote:Or never migrated to Dragon after the server merge. Support is the way to go.
If possible, we would also like Developers to share the #1 reason that compromised players reported as being the culprit for their Neverwinter Accounts being compromised. This is so we players can educate ourselves and do our best to avoid them in the future.
Thank you in advance
Post edited by bobhunter1 on
0
This discussion has been closed.
Comments
The Devs work on game issues. Customer service deals with problems with accounts.
as a matter of interest, I stopped playing the game for a year due to computer problems and my account was never hacked.so the ALWAYS is wrong.
Number 1 reason is likely to be;
visiting the wrong sites- gold sellers or zen hacks. this includes Facebook pages as you have to login to post on them.
the players will not however ay this, as it is likely to get their account banned anyway.
just watch the gold seller ads in zone chat, notice there are 2 types of handles.
random letters- which will be created by spam program.
actual proper words- these will be people who have visited their sites or opened emails from them after visiting the sites.
number 2; GW2 has a list of common passwords not to use, that game hackers use to check against accounts. Too many people use the same ones on different games or the same game handle.
Note:
characters can only have a roll back done 1 month after the date.
Get the Forums Enhancement Extension!
Don't click on any link from any website that requires you to enter your passwords and personal information, and that include your guild's site.
Report all suspicious activities and people to the game operators. If threats or illegal attempts are included, don't hesitate to contact the Law Enforcement.
That's how you put the Lizard Squad, Anonymous and Kim Dotcom not only out of business, but also behind bars.
Step 1: Don't be stupid.
Step 2: Win.
I personally think if you get hacked online (in general) its 99% your fault and therefore you deserve it.
As morally correct as you may find such a statement, this is utter idiocy, this is something a politician who knows nothing about the internet might suggest (or, otherwise order). Any infantile script kiddie could run a phishing redirect or use a SQL injection script to take encrypted password tables for later decryption. To be fair, most "hacked accounts" are NOT the result of such cyber attacks, most accounts are still lost to bruteforce and lucky (or, usually, easy) guesses.
Now, how practical does it sound to go and "put the Lizard Squad, Anonymous and Kim Dotcom not only out of business, but also behind bars"?
Anybody who undertakes such a task now or in the future, is in for a rude awakening....
Were you using any commonly widespread 3rd party software (Advanced Combat Tracker) or involving yourself in any 3rd party contents (Foundries) by any chance? I have not downloaded/tried any of them so any information about them is appreciated.
Given the information being breached through the forums, wouldn't the hacker still need access to your personal email to log into the account from a new location?
I was shocked how so many players casually tell me to download 3rd party program (ACT). And look at the 3rd party contents created by unverified authors (http://nw-forum.perfectworld.com/showthread.php?821001-Deleting-Foundry-files); no one even knows how to delete them, what if those 3rd party files contain something hazardous?
The current Topic: How to PREVENT your Account from being Hacked
isn't the original topic: Sticky Request - How to PREVENT your Account from being Hacked?
As you can see there was a log of the modification at the end of my original post not done by me.
I knew instantly what happened and tried to multitask by constantly logging in to break the hackers prossess, and at the same time try to change password for ingame login.
It would have worked to keep them at bay this way, but unfortunately it took cryptic 12 minutes to send me a mail with a new password, so it was not possible to do this fast. 12 min is to slow... So I gave up.
So i had to wait a few weeks or so before the reroll-account prossess started, thats fine and all...But what was a dealbreaker for me was that they gave back everything i had on my account exept my p.vorpal wich I had been saving up for a long time. I had already had the vorpal a long while, so why that should not return it is kinda obvious. Lets just say, they saw I had bought zen before, so i guess they thought i would buy more to make another. Unfortunately that backfired for them, cause I quit the game for a good while, and after that I have never bought more zen. But thats not the point, just sharing my experiences.
Point is; a good tip to prevent hacking is to never acctually type your password and mail into the fields. I have all my mails and passwords written on a word-document on my desktop and i copy-paste inn that information every time i am logging into game, arc or forum - anything that concerns the game.
This will at least keep you safer from keyloggers who use the tactic as to see what you write, wich is a common hackinstyle.
I have done this since i got hacked all those months ago, never got hacked again. I also have high security on my pc now, even more than i had before (im a bit paranoid...:)
Thats my tip at least.
AFAIK we are allowed to have two accounts.
WTB Class Reroll please
Doesn't gateway work from a browser?
They will restore your personal inventory and bank inventory. Basically, they will ask you when you thought the hacker got in, and roll your character back to prior to that. They make o promises that it will recover everything (which is odd) or that they will roll them back at all. They will state in a round about way that this is all your fault, and they are being nice trying to help you.
Shared Bank Storage - I don't know if they will restore that. 8 slows to me is pretty useless.
Guild Storage - They will not touch guild storage at all. If something is stolen, forget it. Even if you are the only person with access (your own account is the only one in there), they won't do anything to it and its lost.
Keep your valuables on you or in your personal bank.
All of the rest of the tips here are valid...except the copy paste one from word (copy paste would be caught by a decent keylogger also). Just seems odd that when I got hacked...I didn't get any emails or anything about another PC accessing my account or anything...
Anyways. I'm not one to blame the server security...but there is something odd with how they get in on here and there certainly could be a few more safeguards put into place - like needing a password to destroy gear or something (yes, annoying, but maybe as an option?)
1. When one's Neverwinter Account is hacked, does that always mean their Personal Email Password (assuming different from their Neverwinter Account Password) has been compromised as well? (This is very important|Devs)
2. Was there ever a known issue relating to Server Transfer before?
(New questions)
3. Do players get their Zen, Astral Diamond, & Gold Coins restored on each character?
4. Did they share their reasoning for not restoring Weapon Enchantments? Does this happen with anyone else (everything, but Weapon Enchantments restored)?
5. Are the offenders/hackers being identified & punished through Auction House/Mail transaction records or any other means? (I personally think if the company could come out and say they are actively punishing people for doing illegal activities then it will naturally lessen these activities) (Devs)
While we are waiting on official responses from Developers/Supports, I'll consolidate what we currently have here:
Prevention
Recovery Process
Big Thanks to everyone who came to share their experience with us. Hopefully, these will be our last cases once we are prepared & protected.
Is it possible to retrieve what i had lost? (2014-12-24; Joined: May 2014)
Problem , more ppl having it! Need talk staff now (2015-01-01; Joined: Nov 2014)
What happend to my characters (2015-01-02; Joined: May 2013)
How to request account restore when account gets hacked? (2015-01-10; Joined Feb 2013)
My account was hacked during the last 14-18 hours. I can say with certainty that none of those prevention methods worked.
Unfortunately, from all of this experience I can say with 100% guarantee that absolutely no player in Neverwinter is safe from getting account hacked. It is probable that hackers only target accounts which they perceive to contain a lot of astral diamonds or valuable items. In my case, they removed all diamonds, purple crafting assets and tools, perfect vorpal, perfect lightning, perfect soulforged, stacks of 99 x sapphire and lesser refining stones, but they didn't bother to take items like rank 9 azure/dark/radiant/draconic/black ice enchantments, greater plague fire enchantment, purple jewelry or pants/shirts kits. I had 2000 zen and they also didn't bother to transform it into astral diamonds and take it too. If they are so picky, it would indicate that it is very easy for them to hack any account. When I logged into the game, my character was standing near a mail box, which would indicate that they mailed my items to a different account. My stuff was removed from both character inventory and character's bank storage.
Basically this. I got hacked 2 months ago, two different and secure passwords for email and NW-account. No foreign IP logged into my email account and I got no notification that a new PC got registered to my account. Also I am online every day and don't visit 3rd parties.
I would suggest social engineering (insider) or a simple security flaw.
But I want to add that I don't care at all. THe customer service is very fast and friendly and restored my whole account
I have always only used one computer attached to a modem with no WLAN when playing Neverwinter or accessing Gateway. It's running in non-admin account and web browser (not Chrome) updated and security settings turned on to prevent Java and other scripts. I only visit e-mail and "trusted" websites like official game websites or major news agency sites on the computer.
I believe looomis is right about insider job or a security flaw somewhere in the game design, Gateway or forum.
Not having a firewalled router between you and the Internet is a big risk as hackers have unfettered access directly to your machine. A software firewall on your PC is NOT the same.
Especially since they are saved as plain text. Good password keepers should at least be encrypted, though passwords can still be guessed if they're not also hashed and salted. Though something you can do is use something like lastpass where you just need 1 password to keep a record of passwords for everything. I use it for a lot of websites that I'm not too bothered about. Payment and email ones I don't bother though.
chrome://settings/passwords (in url field)
You can click show and see it for yourselves
I guess for the time being, I'm going to put out some questionnaires on things not related to Cryptic's own security (but seem to be common among players) to see what everyone whose account has been compromised have in common.
2. Do you have your Neverwinter password stored by the Browser when using Gateway?
3. Have you ever downloaded any 3rd party contents (Foundries)?
4. Did you use any 3rd party program (Advanced Combat Tracker)?
5. Have you ever indirectly show your wealth to other players by putting/bidding expensive items (over 1,000,000 AD) on Auction House?
I'd like to think that this doesn't yet come from "Cryptic's security flaw" as if that's the case many unfortunate players who trusted Cryptic with their Personal Email & is using the same In Game Password as their Email Password will have all their personal & financial information compromised and must be informed immediately.
How long did your recovery process take?
Did they restore all your Zen, Astral Diamonds, Gold, & Weapon Enchantments?
(Updated)
Prevention
In Game
- Do not keep valuables in Guild Storage; keep them on the Character, Personal Inventory, & Personal Bank.
- Do not use bots/third party software.
OnlineRecovery Process
The whole process was around 3 days. It coud've been 2 days, because the customer service asked me after 2 days if I am aware that a character reset could result in a loss of items and progression. They need following information:
<<Do NOT repost responses from Customer Service, per Rules of Conduct!!>>
You can shorten the process by giving above information when you initialize the ticket.
They basically restored my characters a few days back and I lost a few Linus' Favors. I believe they make a character backup every week (Thursday maintenance?). The only things that I permanently lost were a BOC coalescent ward and around 15 BOC preservation wards.
So all in all, a good service!
As for my questionnaires above, feel free to omit some of the questions you do not remember the answer to (understandably admitting you bot might not be the best thing to do on the forums). Regardless, any of your comments are appreciated.
(Updated)
Incidents
How Long Does an Account Rollback Usually Take? (2014-11-12; Joined: Jun 2014)
A lesson for all (2014-12-21; Joined: Jul 2014)
Is it possible to retrieve what i had lost? (2014-12-24; Joined: May 2014)
Problem , more ppl having it! Need talk staff now (2015-01-01; Joined: Nov 2014)
What happend to my characters (2015-01-02; Joined: May 2013)
How to request account restore when account gets hacked? (2015-01-10; Joined Feb 2013)
Prevention
In Game
- Do not keep valuables in Guild Storage; keep them on the Character, Personal Inventory, & Personal Bank.
- Do not use bots/third party software.
- (Speculation)
- (Speculation)
OnlinePlay mostly on Tuesday - Thursday as character Rollback is on Thursday Maintenance; if you play most during weekends there's a larger gap for break in that could result in more items being lost.
Recovery Process
Gateway was not available when I was hacked about 9 months ago, so I had not used it.
2. Do you have your Neverwinter password stored by the Browser when using Gateway?
N/A - Gateway was not available when I was hacked.
3. Have you ever downloaded any 3rd party contents (Foundries)?
Never, on ANY MMO in my entire life on a PC.
4. Did you use any 3rd party program (Advanced Combat Tracker)?
Nope, I never have used anything like this.
5. Have you ever indirectly show your wealth to other players by putting/bidding expensive items (over 1,000,000 AD) on Auction House]?
Never. I didn't even converse with others except for an in-game trade I made about a week prior to being hacked. I wanted a Dragon Egg, so asked in Zone chat. Someone finally sold me one for about 60 gold (I think). After agreeing to the price via in-game private messaging, I attempted the trade. It took the person several minutes to finally allow the trade to occur. One week later, all of my characters on the account were standing in PE (and they were not there at last log-off). They were all standing near some "town crier" guy, who stands facing the Emporium. All AD and gold were gone, as well as some valuable items.
I'd like to think that this doesn't yet come from "Cryptic's security flaw" as if that's the case many unfortunate players who trusted Cryptic with their Personal Email & is using the same In Game Password as their Email Password will have all their personal & financial information compromised and must be informed immediately.
I wouldn't hold my breath on that assumption. I tend to think there is some sort of bug/glitch that has yet to be found.
How long did your recovery process take?
I did not report it - took the loss.
Did they restore all your Zen, Astral Diamonds, Gold, & Weapon Enchantments?
N/A.
myles08807 said, "Back in my day, we didn't have any of this fancy Mulhorand gear while we were leveling . . . we walked uphill both ways while dying once every five seconds while leveling, and we liked it fine!" . . . Now, get off my lawn, you kids!"
pointsman said, "I don't rue the game. In fact I don't feel any regret for the game at all."
looomis said, "I don't like people changing to alts and then bragging about their mains like schizophrenic role players."
About 1.5 months later, I was on and then booted. Logged in from a different location. Both times, now my passwords are completely random letters and numbers. So much that I don't even remember it, I have to keep it written down. Completely different then my email. I was able to boot them and change my password yet again. But yet again, never got an email from cryptic.
The hack was also not from my end. Scans and scans and different programs have been used to try to find loggers, virus, trojans. I get there is usually a way around it all. But my computer is clean. The one I play from mainly, is used for gaming and my art. That is all. No random downloads or anything.
My brothers account, which has a level 40 something, has been hacked. He honestly had nothing on his account, so Im not sure I understand as to why for him. I kept asking him why he doesn't come on anymore. I say him log on once, and I messaged him, never got a response. Well that wasn't him. What little AD he did have, was now gone. Then my brother had started school again so it was wuite awhile since he tried. He told me his account had been banned. I told him to contact support and find out why. It was banned due to suspicious activity. They were able to retrieve his account for him, but not reroll it. I assume since it had been so long.
Playing with a guild mate and we were on TS, and all of a sudden his account boots him, saying he logs in from another location as well. He goes to change his password. I watched as it said my friend was logging in and out. It was not my friend. So he finally gets his password changed and as far as I know they didnt have the chance to take anything so he didnt need it rerolled.
So their account guard, yeah total waste. Even when active, since they clearly know how to get around it. Email passwords have not been the same, ever.
One thing that we have changed on my account recently was my @handle though. When I first made my account, a very very long time ago, I didn't know my login and @handle were the same thing, so I made it the same. My account was made BEFORE I needed to put @whateveremail to log in at. So far since my @handle changed, I have not had a problem. But my friends account and my brothers account, this was not the case for them.
However if you don't get notifications that someone "broke into your account" on a differnt ip / computer then that right there is the source for you losing stuff. The "hackers" know your e-mail and log in and they just deleted that e-mail so you won't know. If you don't get those e-mails then they know your ip and copies your ip on aproxy to get around that e-mail being sent and its false that the system knows your computer from any other computer.
Well that sucks that such a flaw exists
Good idea!
And I still stand behind my assumption that there is some sort of in-game bug being exploited by hackers. Most of the examples of hacking involved very secure situations.
Makes you scared to even converse in-game with anyone anymore . . .
myles08807 said, "Back in my day, we didn't have any of this fancy Mulhorand gear while we were leveling . . . we walked uphill both ways while dying once every five seconds while leveling, and we liked it fine!" . . . Now, get off my lawn, you kids!"
pointsman said, "I don't rue the game. In fact I don't feel any regret for the game at all."
looomis said, "I don't like people changing to alts and then bragging about their mains like schizophrenic role players."