[PSA][Important] Account Safety PSA

kalystconquerer#0876
kalystconquerer#0876 Posts: 1,421 Perfect World Employee
edited February 2018 in General Discussion
Hello PWI players!

The PWI team here would like to take a moment to remind you of how to keep your account safe.


1) Create Strong and Varied Passwords - Keep passwords between all your online accounts varied and different. Having 1-3 universally used passwords you rotate between puts you at a huge risk of losing not just your access to your PW account but could compromise things like the email accounts associated with those passwords. With regards to emails specifically - make sure you are using different passwords for emails you're using here and any other online services you're using.

2) Do not Enter Your Login Credentials on Unofficial Third Party Sites - We include this in our welcome message when you first log into the game. No mater how official the third party site you are visiting looks, do not use the credentials you are longing in with here on sites that aren't trustworthy. This also includes sites such as Gold Selling or Coin Selling sites. There have been various scams over the years (wedding registries, coin and gold farming sites) so please be careful about where you are entering your credentials.

3) Do not Share Your Login Credentials With Anyone - Its easy to just give access to a friend to do dailies, to your in-game spouse to do Marriage Quest, or share a password for a farming character throughout a guild. But understand that, not only is this practice not allowed in our TOS, this can also compromise your security if something goes wrong. Even if you trust the person you are sharing your credentials with, you can't trust what will happen to those credentials in the case of that user getting compromised. Keep yourself protected and don't share your login credentials to anyone.

So what can you do if you're concerned about your accounts' safety?

1) If you haven't already, update your passwords to your PW account as well as your email address.
2) Be sure to update these passwords as frequently as possible.



Thank you for playing PWI and stay safe!
Tagged:

Comments

  • ironpwner
    ironpwner Posts: 94 Arc User
    Would it be possible for you to tell us what are the issues that have been happening? Please.

    There was a facebook post saying a "Fraudulent Behavior" was detected, and that it affected quite some players. I think if a player charges money to the game, they should at least know if they're at risk of something.
    War. War never changes. Memento mori
  • wettstyle
    wettstyle Posts: 236 Arc User
    edited February 2018
    Is BlaBlabla a third party?. cuz its been on dawnglory now for like over two years or so.. with bots continually checking cat shops and posting items on a website out of PWI. Runs 24 hours a day every day. Thanks. Edited name out of site, just cuz.
    Post edited by wettstyle on
  • tek1nig
    tek1nig Posts: 793 Arc User
    Terms of service specifies in common tongue :

    ((((( If you decide to account share and something goes wrong we are no longer liable and will not assist with stolen items ))))))
    ​​
    VWjvQZ8.jpg
    Assassin - SyntherosX - 105, 105, 105 Calc : https://mypers.pw/13/#654396
    Loyal Perfect World Player 9 Year Vet.
    Youtube&LiveStream @ OROCx24

    Get the Forums Enhancement Extension!
  • valdisman
    valdisman Posts: 568 Arc User
    edited February 2018
    Seems PWI might have been hac.ked and had a data list taken. Hense this sudden 'reminder' to update PW passwords..
    #kylehawkinsuck
    Moonshine drinker
    In a world of 10s, be an 11.
  • greenfire312
    greenfire312 Posts: 269 Arc User
    edited February 2018
    wettstyle wrote: »
    Is Gamazon a third party?. cuz its been on dawnglory now for like over two years or so.. with bots continually checking cat shops and posting items on a website out of PWI. Runs 24 hours a day every day. Thanks.
    If you're referring to the site I think you're referring to... they have those same bots on Etherblade, but they're all Lv1 clerics and all they need to do is endlessly fly around the shops. I seriously doubt anyone's account is being compromised in that effort, because why would they need to? They're breaking the multi-account and botting rules, sure, but at the end of the day it's not hurting anyone.

    (As a side note, for what it's worth, those bots seem to be pretty well programmed. A couple years ago before I knew what they did, I tried to mess with one by using a transform staff on it, ending up with it running into a wall until I left it. A few minutes later I came back and saw it back up and flying again. :tongue: )
    Mains: Miugre / LigerKing
    Etherblade server
  • wettstyle
    wettstyle Posts: 236 Arc User
    Had a few people on server say the site is pretty malicious, and you have to use that site to take advantage of what those flying clerics are doing. I mean if its ok, then its ok for another group of peeps to create there very own version or what?. It is very much against the TOS, definently a third party, and if vulnerable people are thinking HEY, it's around the game for awhile, heck it's got to be ok to go the site, and Boom you have been touched by you know what. I guess it has the backing of the game lol, since its been around so obviously for a couple years or so now. I just don't get the warning, and at the same time a third party with malicious warnings is allowed to touch my Kitty cat:).
  • kalystconquerer#0876
    kalystconquerer#0876 Posts: 1,421 Perfect World Employee
    edited February 2018
    We've notice some strange login behavior and have been investigating this and other third party sites for leads. We had also received some reports of users getting compromised/loosing items. And we also saw an uptick in the reporting of one particular 3rd party site.

    @tek1nig You really shouldn't be sharing your details - I cant tell you how many times I've heard of in game spouses/friends having fights and then proceeded to NPC gear off of the other person's character. This rule isn't done to be malicious, since it takes alot of digging and back and forth to get to the bottom of it.

    @valdisman We're still investigating, but preliminary results are showing our DB was not compromised.

    To be fair, I'd like to make account safety in general a more semi annual thing, because I will get users who come across my desk on maintenance distributions listed as "account was compromised". When I saw it a few months ago, I know I made an off handed comment on the forums, but I really want to stress it this time, especially since we've been seeing some suspicious behavior as of late. This is incredibly important to everyone, regardless of weather you think you've been compromised or not and weather or not you've been compromised in the past.

    *EDIT - needed to use compromised instead of the "h" word
  • greenfire312
    greenfire312 Posts: 269 Arc User
    wettstyle wrote: »
    Had a few people on server say the site is pretty malicious, and you have to use that site to take advantage of what those flying clerics are doing. I mean if its ok, then its ok for another group of peeps to create there very own version or what?. It is very much against the TOS, definently a third party, and if vulnerable people are thinking HEY, it's around the game for awhile, heck it's got to be ok to go the site, and Boom you have been touched by you know what. I guess it has the backing of the game lol, since its been around so obviously for a couple years or so now. I just don't get the warning, and at the same time a third party with malicious warnings is allowed to touch my Kitty cat:).
    Just to clarify - I meant that the actual activity of the bots isn't harming anyone, taking over accounts or anything. I have no idea whether the site itself is compromised/malware-filled/otherwise sketchy. It wouldn't surprise me, given its apparent national origin, but then pwcalc and mypers are the same way (possibly PWDB too? I forget), and are generally accepted in this community.

    I'd love to see US-based tools that accomplish the same things (and, as long as I'm dreaming, a modern ecatomb as well). Until then, have we heard of any specific malware problems with the current sites?
    Mains: Miugre / LigerKing
    Etherblade server
  • wettstyle
    wettstyle Posts: 236 Arc User
    I agree Green. But seem's like its very hush hush when referencing about that particular site and its bot's. Makes me think too much hehe.. Be safe.
  • rieihdius
    rieihdius Posts: 468 Arc User
    Not sure why this thread is filtering what i post but anyways. I have a question for Kaly:
    Is PWE aware about the recent Meltdown and spectre cpu vulnerabilities that affect pretty much every cpu in the last years?

    I ask this because while is true that so far there not known large scalle attacks, still this technique can be very dangerous. Of course most of the fixes come in the form of an update on the OS, but in some cases like most of intel chips, they also seem to need some sort of firmware update on a motherboard level, and this can create a lot of trouble.

    Also on side note to a mod: if you see some of my post repeated on this thread, feel free to merge or remove them, since as I said before this thread is blocking everything a write now :p

  • nunuator
    nunuator Posts: 455 Arc User
    The toons spamming you selling coins is legitimately a key logger website the site you are referring to is pwcats.info which is actually super useful and I’ve been using it since I found out about it...

    The clerics flying around checking shops are recording info for that site and I bet the owner of said site also makes profit in doing so, possible coinseller source.

    The compromises are most likely players attempting to sell accs and getting scammed and or scamming the buyer and then requesting a reversal. This is merely due to the current update which is pushing all of the potential free to play completely out of the game.

    There seriously needs to be an update to TT or Nirvana that allows players to trade mats for G17 mats which would bring back farming in TT and Nirvana which is heavily needed since nearly everything in this game is now pay to play.
  • greenfire312
    greenfire312 Posts: 269 Arc User
    edited February 2018
    nunuator wrote: »
    The toons spamming you selling coins is legitimately a key logger website the site you are referring to is [I'm gonna save the mods time and remove the site name so they have one fewer edit to do] which is actually super useful and I’ve been using it since I found out about it...
    Whoa whoa whoa, wait. The site is useful but it's also a keylogger? Or is this two separate things? I'm getting whiplash here. What site exactly is keylogging people? Also, I never heard anything about that site being related to the coin spammers?

    I think for most people, all they ever do on that site is search an item. If it even has a login, either I never noticed it or immediately filed it under "Nope," as should everyone who uses the site. Obviously such a login should never be used by anyone, and especially with one's PWI login.

    More generally, you never enter your login to one service on any website except those you can personally confirm are being run by that same service (in this case, the Arc website or the game itself). That's Account Security 101.
    Mains: Miugre / LigerKing
    Etherblade server
  • nunuator
    nunuator Posts: 455 Arc User
    edited February 2018
    The site spammer, (not going to list the site for safety of people)
    is the key logger site, the one spamming your mailbox... don’t even bother going to this site.

    Pwcats.info
    does not log anything except cat shop prices in game and average cost of buy and sell.
    There is no login required with this and you can search via server and with item names...
    Dude basically stole the code off of commission shop and added a track cat shop bot into the mix which shows you cords of shops and things of that nature.
    My reason for saying this is a possible coin seller is this, there are no legitimately no human error in prices recorded on the site, as in one player maybe selling an item at 100mill and another shop has a buy price for 150mill, hence the bot makes coin, but also appears to pair the info of the human error to another bot which has coin to make profit off of said human error.

    IMHO not a bad way to make coin.
  • rieihdius
    rieihdius Posts: 468 Arc User
    edited February 2018
    Edit due double post..

    Post edited by rieihdius on

  • rieihdius
    rieihdius Posts: 468 Arc User
    Since some time ago there are some security vulnerabilities known as spectre and meltdown.
    This kind of problem affects pretty much all CPUs. Meltdown it is say to be something almost exclusive for intel cpus, while Spectre could affect almost all known cpus.


    Pretty much all info is here:

    https://googleprojectzero.blogspot.com/

    Some faq about how it could affect PCs and MACs:
    https://www.pcworld.com/article/3245606/security/intel-x86-cpu-kernel-bug-faq-how-it-affects-pc-mac.html

    Is PWE aware of this?


  • kalystconquerer#0876
    kalystconquerer#0876 Posts: 1,421 Perfect World Employee
    Closing this thread for now - will reopen it as a discussion thread (not an announcement) after the maintenance completes tonight!
This discussion has been closed.