Its just a shame it happened at 6am whilst i was still sleeping!
I logged in at 7:30am to find everything gone!
And for just those odd instances you have Cryptic Support. They can go in, check to see what computer was used when the theft occurred, what IP address was used, where all your items were traded to - and their IP addresses - and so on. If it's an actual theft you'll get your stuff replaced.
STO is about my Liberated Borg Federation Captain with his Breen 1st Officer, Jem'Hadar Tactical Officer, Liberated Borg Engineering Officer, Android Ops Officer, Photonic Science Officer, Gorn Science Officer, and Reman Medical Officer jumping into their Jem'Hadar Carrier and flying off to do missions for the new Romulan Empire. But for some players allowing a T5 Connie to be used breaks the canon in the game.
Again, Account Guard does not cover changes to your account, but the website covers that. If your password or email address is changed you are notified. Thus you can take the steps to deal with it.
In other words, as long as you're using a real email address you instantly know if someone tries to change your password, change your email address, or log into your game. And you can take instant steps to stop them - as the emails provide a link stating what to do if you didn't authorize the change.
That's all any system can do.
Except it should. Steam uses a similar system, where upon your first login on a new device, whether it be a phone, web browser, or Steam client, require a one shot verification code before you gain access to the account. Other MMOs provide authenticators (either keyring sized devices, or smartphone apps) that when enabled on your account must be used each and every time you log in, whether it is to play or make a change to your account. Most of the major email providers allow for two-stage verification now, where a one use code is sent via SMS to your phone whenever you're attempting to log in from an unfamiliar device.
In none of these examples can your account email or password be changed without providing the verification code. In the event that you have lost access to your email account, they provide other mechanisms to prove your ownership as detailed in my previous post.
As for your point about the user receiving an email notification on the event of the change. It's a good step, but it's not sufficient for total coverage. No-one is able to monitor their email account 24/7. Assuming that the notification email arrives instantly (there's no guarantee of this, I've seen it take up to an hour at times), there is at the very least a 6-8 hour period where most people will be sleeping and unable to take any action. You also need to factor in any "lag" time it takes customer support to receive, read, and act upon your email notifying them of a problem.
I'm not disagreeing that it's possible to 100% secure your account. However Cryptic's system does have a major flaw in its logic, making it significantly easier than it should be for someone to hijack an account.
Cryptic needs to investigate this ASAP and tighten up security around their account servers. They should also issue a message in the STO launcher that recommends we immediately reset our STO account passwords, clear our browers cookies, etc. The fact that more than 3 people are already reporting that they've been TRIBBLE and don't remember giving their user name to be anybody is worrying.
Actually easiest way for Cryptic to avoid the account guard failing is to have a text message option, if that's even possible. The server will send us a a code to reset our account password via text message. You can't hax my SMS's hackers!!! :P
Edit: I can't even reset my account password because whatever is running the account resets is broken. I have no verification email showing up in my inbox.
Edit: I can't even reset my account password because whatever is running the account resets is broken. I have no verification email showing up in my inbox.
Check your email account doesn't have any rules set up to instantly delete incoming emails from certain senders or with certain subject lines. Otherwise it may be a case of just waiting, the longest I've had to wait for a reset email to be sent is ~1 hour.
Check your email account doesn't have any rules set up to instantly delete incoming emails from certain senders or with certain subject lines. Otherwise it may be a case of just waiting, the longest I've had to wait for a reset email to be sent is ~1 hour.
I received an email for account guard on May 1rst because that's when I started playing again after 6 months. I'd also reformatted my computer since then. So yeah, if I got it May 1rst, there should be no reason why I shouldn't get it now.
Edit: I can't even reset my account password because whatever is running the account resets is broken. I have no verification email showing up in my inbox.
I just used the password reset without incident. Within 2 minutes they sent me a verification email that required me to click on a link in the email to verify the password change.
STO is about my Liberated Borg Federation Captain with his Breen 1st Officer, Jem'Hadar Tactical Officer, Liberated Borg Engineering Officer, Android Ops Officer, Photonic Science Officer, Gorn Science Officer, and Reman Medical Officer jumping into their Jem'Hadar Carrier and flying off to do missions for the new Romulan Empire. But for some players allowing a T5 Connie to be used breaks the canon in the game.
Hmm it would be cool if we would have the code/pin system(to secure our account from totaly being demolished)..that sayed ull make the code ofc and if u are smart u will be only 1 who will know it.So if hacker goes to ur account he wouldn't be able to do a thing(he would need to enter code to delete ur chars,ship,gear etc..). x) some games i used to play before have this.
....
All this talk about people hacking multiple passwords, or performing a mass breach of PWE's servers...yeah right, what a load of nonsense. All that effort and for what? What exactly would they do with all that Dilithium and all that Zen?
Since neither of those two are transferable between characters outside of an account it would be utterly useless to anyone but the account holder. So what exactly would they steal? EC? Some non-bound consoles? OK, that's really worth all that effort to steal isn't it?....
Um... Have you received any in-game SPAM Email from Gold Farmers offering to sell ECs for $$$. There seems to have been a noticeable increase of them lately...
And considering that there are some in-game items that can only be obtained by ECs (e.g. Jem'Hadar 'Bug' Attack Ship) though Exchange purchases...
I just used the password reset without incident. Within 2 minutes they sent me a verification email that required me to click on a link in the email to verify the password change.
The email finally came through. It had a 30 min delay. I would also recommend changing your password at least every month, at latest, every 2 months. You can't be too careful after the last Cryptic account hax fiasco where they didn't discover the accounts had been TRIBBLE until months and months after.
Considering how many people have been hit by this hack, I would suggest to Cryptic that they consider following the examples of Blizzard and Bioware, and apply Security Keys that they can sell through a vendor, or offer a free mobile app, that requires a player to input a 6 to 7 random number code. It adds another level of security to the game, and Cryptic can use the security keys, to tie IPs of accounts to mobile numbers/security keys, as opposed to the email/@handle.
And both Blizzard and Bioware state that these security keys make hacking gaming accounts impossible.
Could be something as simple as the person received the gold spam email (I even received one a couple of days ago), and decided to visit the website just to see it, for curiosity's sake.
Second they hit the site, boom. System compromised.
Considering how many people have been hit by this hack, I would suggest to Cryptic that they consider following the examples of Blizzard and Bioware, and apply Security Keys that they can sell through a vendor, or offer a free mobile app, that requires a player to input a 6 to 7 random number code. It adds another level of security to the game, and Cryptic can use the security keys, to tie IPs of accounts to mobile numbers/security keys, as opposed to the email/@handle.
And both Blizzard and Bioware state that these security keys make hacking gaming accounts impossible.
Sounds like a better idea to tie ip's to mobile numbers which is basically what i was suggesting with the texting, though that's a somewhat different idea. It's clear Cryptic isn't taking these threats as seriously as they should, or they would have already issued some sort of statement and taken steps to tighten security.
Ouch, after a week of absence I just found out that my characters have been stripped of everything remotely valuable.
I can confirm that the hacker(s) have changed the account email prior to logging in so there would be no account guard mail sent to their victims.
EDIT: I received an information mail about the change of my account email but only found it when it was too late. Unfortunately I didn't check this account daily.
Believe it or not: I did never share my account or browse any suspicious STO related website (e.g. gold spammers).
After changing my login data I took a close look at my running processed and looked up every one that seemed only remotely suspicious. I did not find any process running that could be identified as a keylogger. Furthermore I am running an up-to-date virus scanner that acts quite paranoid most of the time.
A report to PWE has been filed and I'm curious what is going to happen. I really would like to know how my data have been compromised. I have read the theories about this in the previous posts but none of this seems to fit (and I would have no problem to admit that I did something stupid in order to prevent this from happening to others )
Well, if the system is clean of any malware/loggers, and the password wasn't super easy to guess, there's only two likely possibilities left, IMO. Cryptic compromise OR you use the same email address and/or login & password for STO as you use for other games that may have been compromised... But I believe I read that a few folks who were compromised used different "everything"... so... /shrugs
Sorry to hear that boggis. I hope your issue gets resolved soon.
Thanks for your sympathy. Really appreciated right now.
After almost half an hour I now received my confirmation for the login and email change.
When I turn on conspiration mode and wear my tinfoil hat I realize that yesterday or the day before there was an emergency maintenance for the STO servers. I remember this because I thought something like "Oh well, there you try to play once a week and then this". Can't find anything in the forums now. Maybe there is some mysterious connection?
I can confirm that the hacker(s) have changed the account email prior to logging in so there would be no account guard mail sent to their victims.
As far as I'm aware, if you change your email address you're sent an email to your old address notifying you of the change - just as they do with Passwords. Thus even if they change your system email address you would have been notified of that change via email.
So unless people are using throw-away email addresses for the game, or not bothering to make certain PWE emails don't go to spam, I don't see how anyone cannot be made aware of the change.
Hopefully Cryptic will give you a full restore, though.
STO is about my Liberated Borg Federation Captain with his Breen 1st Officer, Jem'Hadar Tactical Officer, Liberated Borg Engineering Officer, Android Ops Officer, Photonic Science Officer, Gorn Science Officer, and Reman Medical Officer jumping into their Jem'Hadar Carrier and flying off to do missions for the new Romulan Empire. But for some players allowing a T5 Connie to be used breaks the canon in the game.
As far as I'm aware, if you change your email address you're sent an email to your old address notifying you of the change - just as they do with Passwords. Thus even if they change your system email address you would have been notified of that change via email.
So unless people are using throw-away email addresses for the game, or not bothering to make certain PWE emails don't go to spam, I don't see how anyone cannot be made aware of the change.
Hopefully Cryptic will give you a full restore, though.
Good point! I checked my mail account again and found an email from Thursday morning that I overlooked:
"We have received a request from you to change your account's registered email address. A confirmation email has been sent to your new email address for verification. "
This will teach me to look more often into my private account. But in hindsight it seems to be a bit weak that the confirmation link is sent to the new email.
I will add this information to my ticket.
Except it should. Steam uses a similar system, where upon your first login on a new device, whether it be a phone, web browser, or Steam client, require a one shot verification code before you gain access to the account.
And so does Cryptic's Account Guard; you've simply forgotten, since it was so long ago.
I've gotten several of them lately because of clustered proxy servers and multiple web browsers on VMs and things.
Former moderator of these forums. Lifetime sub since before launch. Been here since before public betas. Foundry author of "Franklin Drake Must Die".
And so does Cryptic's Account Guard; you've simply forgotten, since it was so long ago.
I've gotten several of them lately because of clustered proxy servers and multiple web browsers on VMs and things.
I'm sorry syberghost but you're wrong. As I said, I tested it today on a computer (my work PC) that has never logged into either the game or the STO website. I have Account Guard enabled on my account. I was able to trigger an email address change without triggering an Account Guard verification. The only actions that trigger verification on the STO website are the Gateway and enabling/disabling Account Guard.
Um... Have you received any in-game SPAM Email from Gold Farmers offering to sell ECs for $$$. There seems to have been a noticeable increase of them lately...
And considering that there are some in-game items that can only be obtained by ECs (e.g. Jem'Hadar 'Bug' Attack Ship) though Exchange purchases...
Being a veteran of online gaming, I can assure you that "gold" sellers, should they obtain their "gold" through such means as account hacking, tend to do so on much much larger scales than this.
There would literally be hundreds and hundreds of such accounts of hacking and not something that Cryptic could allow to pass without informing its paying customers. These purported "gold farmers" are scammers and nothing more, they do not actually have any EC to sell.
It should also be noted that scams like these tend to come in waves at roughly the same time every year as has been witnessed and verified in numerous other online games such as EVE Online and WoW. This "noticeable increase" is nothing more than one of a few such bi/tri-annual "events" and as has already been pointed out by Syberghost, is only more visible than any other day because people made a post about it on the forums.
You allowed someone else access to your computer or passwords and they did this to you on purpose or you did this yourself in some bizarre ragequit style maneuver.
All this talk about people hacking multiple passwords, or performing a mass breach of PWE's servers...yeah right, what a load of nonsense. All that effort and for what? What exactly would they do with all that Dilithium and all that Zen?
Since neither of those two are transferable between characters outside of an account it would be utterly useless to anyone but the account holder. So what exactly would they steal? EC? Some non-bound consoles? OK, that's really worth all that effort to steal isn't it?
Here's some solid advice. Stop lying, don't be stupid and don't let anyone else use your account in future. Oh and don't leave the notepad you have your passwords written down in just laying around, that's just asking for trouble.
Hate to burst your bubble, but what richandrews said can happen, not likely, sure, but it can, as others have been having pretty much same thing happen, including myself, as for the game itself being compromised a friend of mine and i use to play a game about 5 years ago that, i kid you not, was TRIBBLE so bad that the game was down for almost 3 weeks, yes, that's right, the entire game was TRIBBLE, and another game from another company, (combat arms) use to get TRIBBLE so much about every other month there where more hackers then legitimate players, and the company was always having to do a big update to give a very temporary fix to block the hacking, only difference is that game the hackers where doing it to cheat, not steal. As for the other game that got TRIBBLE, the one who did it actually used the info to make a private server of the game. so, again it could be possible,, in hind sight, my email was TRIBBLE a week ago, so its possible that's how they got mine, but the fact that a lot of the emails that are being changed over to are hotmail emails defiantly lends wait to someone hacking accounts and then either stealing or deleting the stuff, and not some friend of there's doing it for the lols or rage quitting like you feel, granted, its possible your right, but also possible your wrong, since i know that in my case at any rate, i was defiantly TRIBBLE by someone i didn't know.
Being a veteran of online gaming, I can assure you that "gold" sellers, should they obtain their "gold" through such means as account hacking, tend to do so on much much larger scales than this.
There would literally be hundreds and hundreds of such accounts of hacking and not something that Cryptic could allow to pass without informing its paying customers. These purported "gold farmers" are scammers and nothing more, they do not actually have any EC to sell....
But if this was true, then that brings up your original question, on why accounts are being broken into. Incidents, such as the documented malicious keylogging banner ad on STOwiki, (which led to the introduction of 'Account Guard'...) and the numerous break-ins at Steam, takes considerable time and resources to accomplish, and cannot be simply dismissed as someone's sick hobby...
Had my account TRIBBLE yesterday as well, basically the same case. Got a notification about the changed email, but by the time I was able to reset email and password (from my cell, WITHOUT trigger Account Guard despite never accessing the game site from there), my account was practically empty. Even most of my characters were deleted, and my Neverwinter ADs were gone as well.
So far, no reply from Cryptic.
Account Guard is useless as it is. I sure hope there will be a full restore.
But if this was true, then that brings up your original question, on why accounts are being broken into. Incidents, such as the documented malicious keylogging banner ad on STOwiki, (which led to the introduction of 'Account Guard'...) and the numerous break-ins at Steam, takes considerable time and resources to accomplish, and cannot be simply dismissed as someone's sick hobby...
Simple information which is more valuable than people think. Personal details can be sold on to "advertising" companies for mailing and bank details can be used for fraudulant actions. Finally EC can be sold on for real cash, though why anyone would buy it I do not know.
I have seen people list their security measures before that is just giving themselves a false sense of security as none of them are 100% effective. I have quite a bit of security on my PC yet I know that it is not something that means I will never be compromised, so far I have been lucky and never had an account compromised. The only ones that may be even safer are those with a seperate secuirity device like WoW and SWTOR, maybe PWE should look into it for their games if it isn't already there.
This means if any of my game accounts are compromised the first place I look is in the mirror to see who is the most likely reason for it to have happened, then I get intouch with my bank to have my card cancelled and a new one issued and also for a statement to be sent to me.
I do not believe this is an isolated incident and it's not just on STO. It's happening on NWNO also. This morning after I woke up I received an email time stamped at 0223 CST saying that someone had changed my account email address.
I immediately tried to log in and was unable to access my account. I submitted a ticket at 0602. This is a temporary account on a secondary email address until it gets sorted out.
I am very disappointed that the authentication guard did not work.
I also am disappointed in this community to think that everyone is a complete idiot regarding security. There is no way my email account was compromised. If it had been the people that compromised it would give no mind to my STO account and might be much more interested in things attached to quite a bit of money including my stock portfolio. I have been building and using computers for over 2 decades. I believe that PW may have been compromised as there is another thread in NWNO forums where the exact same symptoms are happening.
The STO site does what every website does: notifies if you your email address has been changed. That gives you the opportunity to correct the situation.
Account Guard does it's job as well, it notifies you when another computer is trying to log into your account.
Thus you have 2 different notifications that something is amiss - and thus 2 different opportunities to take steps and/or contact Support and nip it in the bud.
There's no way to prevent a hack. If someone wants to hack you they will hack you. All the systems can do is try and make you aware there's a problem so that you can take the steps to make sure it goes no further.
If you stopped trolling long enough to read his statement, you'll notice he points out that you'll receive only one alert in this case, regarding the change of e-mail. Worse, they're able to bypass the Account Guard feature entirely through this method, because all Account Guard e-mails will be sent to the new address.
Obviously, a confirmation e-mail or verification code should be sent to the original e-mail address before the e-mail address can be changed through the website. As it stands, more than half the account protection assumed to be in place can be entirely bypassed.
Good point! I checked my mail account again and found an email from Thursday morning that I overlooked:
"We have received a request from you to change your account's registered email address. A confirmation email has been sent to your new email address for verification. "
That just makes it sadly ironic. They do in fact send the necessary e-mail, just to the wrong account and at the wrong time.
As far as I'm aware, if you change your email address you're sent an email to your old address notifying you of the change - just as they do with Passwords. Thus even if they change your system email address you would have been notified of that change via email.
That's too late. Simply notifying me that the change has already taken place, instead of proactively requiring access to both accounts in order to effect a change of e-mail address (or any other sensitive information), is insufficient and not worth lauding.
So unless people are using throw-away email addresses for the game, or not bothering to make certain PWE emails don't go to spam, I don't see how anyone cannot be made aware of the change.
I wouldn't use an e-mail account simultaneously for gaming, personal and professional uses. With multiple addresses, I'm less likely to sit refreshing one constantly, and if anything a gaming address will be accessed the least frequently.
Its annoying to have my lifetime subscription account (300 dollars) compromised because someone wants to steal my zen and use it on NWNO (which I dont believe they can even do anyway)
Comments
Except it should. Steam uses a similar system, where upon your first login on a new device, whether it be a phone, web browser, or Steam client, require a one shot verification code before you gain access to the account. Other MMOs provide authenticators (either keyring sized devices, or smartphone apps) that when enabled on your account must be used each and every time you log in, whether it is to play or make a change to your account. Most of the major email providers allow for two-stage verification now, where a one use code is sent via SMS to your phone whenever you're attempting to log in from an unfamiliar device.
In none of these examples can your account email or password be changed without providing the verification code. In the event that you have lost access to your email account, they provide other mechanisms to prove your ownership as detailed in my previous post.
As for your point about the user receiving an email notification on the event of the change. It's a good step, but it's not sufficient for total coverage. No-one is able to monitor their email account 24/7. Assuming that the notification email arrives instantly (there's no guarantee of this, I've seen it take up to an hour at times), there is at the very least a 6-8 hour period where most people will be sleeping and unable to take any action. You also need to factor in any "lag" time it takes customer support to receive, read, and act upon your email notifying them of a problem.
I'm not disagreeing that it's possible to 100% secure your account. However Cryptic's system does have a major flaw in its logic, making it significantly easier than it should be for someone to hijack an account.
Actually easiest way for Cryptic to avoid the account guard failing is to have a text message option, if that's even possible. The server will send us a a code to reset our account password via text message. You can't hax my SMS's hackers!!! :P
Edit: I can't even reset my account password because whatever is running the account resets is broken. I have no verification email showing up in my inbox.
Check your email account doesn't have any rules set up to instantly delete incoming emails from certain senders or with certain subject lines. Otherwise it may be a case of just waiting, the longest I've had to wait for a reset email to be sent is ~1 hour.
I received an email for account guard on May 1rst because that's when I started playing again after 6 months. I'd also reformatted my computer since then. So yeah, if I got it May 1rst, there should be no reason why I shouldn't get it now.
And i'am starting to think we will need it..
And considering that there are some in-game items that can only be obtained by ECs (e.g. Jem'Hadar 'Bug' Attack Ship) though Exchange purchases...
The email finally came through. It had a 30 min delay. I would also recommend changing your password at least every month, at latest, every 2 months. You can't be too careful after the last Cryptic account hax fiasco where they didn't discover the accounts had been TRIBBLE until months and months after.
And both Blizzard and Bioware state that these security keys make hacking gaming accounts impossible.
Second they hit the site, boom. System compromised.
Buying energy credits: not even once.
Sounds like a better idea to tie ip's to mobile numbers which is basically what i was suggesting with the texting, though that's a somewhat different idea. It's clear Cryptic isn't taking these threats as seriously as they should, or they would have already issued some sort of statement and taken steps to tighten security.
Still possible, just really really hard. They'd have to compromise your mobile device.
I can confirm that the hacker(s) have changed the account email prior to logging in so there would be no account guard mail sent to their victims.
EDIT: I received an information mail about the change of my account email but only found it when it was too late. Unfortunately I didn't check this account daily.
Believe it or not: I did never share my account or browse any suspicious STO related website (e.g. gold spammers).
After changing my login data I took a close look at my running processed and looked up every one that seemed only remotely suspicious. I did not find any process running that could be identified as a keylogger. Furthermore I am running an up-to-date virus scanner that acts quite paranoid most of the time.
A report to PWE has been filed and I'm curious what is going to happen. I really would like to know how my data have been compromised. I have read the theories about this in the previous posts but none of this seems to fit (and I would have no problem to admit that I did something stupid in order to prevent this from happening to others )
Either way, it sucks.
Thanks for your sympathy. Really appreciated right now.
After almost half an hour I now received my confirmation for the login and email change.
When I turn on conspiration mode and wear my tinfoil hat I realize that yesterday or the day before there was an emergency maintenance for the STO servers. I remember this because I thought something like "Oh well, there you try to play once a week and then this". Can't find anything in the forums now. Maybe there is some mysterious connection?
So unless people are using throw-away email addresses for the game, or not bothering to make certain PWE emails don't go to spam, I don't see how anyone cannot be made aware of the change.
Hopefully Cryptic will give you a full restore, though.
Good point! I checked my mail account again and found an email from Thursday morning that I overlooked:
"We have received a request from you to change your account's registered email address. A confirmation email has been sent to your new email address for verification. "
This will teach me to look more often into my private account. But in hindsight it seems to be a bit weak that the confirmation link is sent to the new email.
I will add this information to my ticket.
And so does Cryptic's Account Guard; you've simply forgotten, since it was so long ago.
I've gotten several of them lately because of clustered proxy servers and multiple web browsers on VMs and things.
I'm sorry syberghost but you're wrong. As I said, I tested it today on a computer (my work PC) that has never logged into either the game or the STO website. I have Account Guard enabled on my account. I was able to trigger an email address change without triggering an Account Guard verification. The only actions that trigger verification on the STO website are the Gateway and enabling/disabling Account Guard.
Being a veteran of online gaming, I can assure you that "gold" sellers, should they obtain their "gold" through such means as account hacking, tend to do so on much much larger scales than this.
There would literally be hundreds and hundreds of such accounts of hacking and not something that Cryptic could allow to pass without informing its paying customers. These purported "gold farmers" are scammers and nothing more, they do not actually have any EC to sell.
It should also be noted that scams like these tend to come in waves at roughly the same time every year as has been witnessed and verified in numerous other online games such as EVE Online and WoW. This "noticeable increase" is nothing more than one of a few such bi/tri-annual "events" and as has already been pointed out by Syberghost, is only more visible than any other day because people made a post about it on the forums.
Sig by my better half.
Hate to burst your bubble, but what richandrews said can happen, not likely, sure, but it can, as others have been having pretty much same thing happen, including myself, as for the game itself being compromised a friend of mine and i use to play a game about 5 years ago that, i kid you not, was TRIBBLE so bad that the game was down for almost 3 weeks, yes, that's right, the entire game was TRIBBLE, and another game from another company, (combat arms) use to get TRIBBLE so much about every other month there where more hackers then legitimate players, and the company was always having to do a big update to give a very temporary fix to block the hacking, only difference is that game the hackers where doing it to cheat, not steal. As for the other game that got TRIBBLE, the one who did it actually used the info to make a private server of the game. so, again it could be possible,, in hind sight, my email was TRIBBLE a week ago, so its possible that's how they got mine, but the fact that a lot of the emails that are being changed over to are hotmail emails defiantly lends wait to someone hacking accounts and then either stealing or deleting the stuff, and not some friend of there's doing it for the lols or rage quitting like you feel, granted, its possible your right, but also possible your wrong, since i know that in my case at any rate, i was defiantly TRIBBLE by someone i didn't know.
So far, no reply from Cryptic.
Account Guard is useless as it is. I sure hope there will be a full restore.
Simple information which is more valuable than people think. Personal details can be sold on to "advertising" companies for mailing and bank details can be used for fraudulant actions. Finally EC can be sold on for real cash, though why anyone would buy it I do not know.
I have seen people list their security measures before that is just giving themselves a false sense of security as none of them are 100% effective. I have quite a bit of security on my PC yet I know that it is not something that means I will never be compromised, so far I have been lucky and never had an account compromised. The only ones that may be even safer are those with a seperate secuirity device like WoW and SWTOR, maybe PWE should look into it for their games if it isn't already there.
This means if any of my game accounts are compromised the first place I look is in the mirror to see who is the most likely reason for it to have happened, then I get intouch with my bank to have my card cancelled and a new one issued and also for a statement to be sent to me.
I do not believe this is an isolated incident and it's not just on STO. It's happening on NWNO also. This morning after I woke up I received an email time stamped at 0223 CST saying that someone had changed my account email address.
I immediately tried to log in and was unable to access my account. I submitted a ticket at 0602. This is a temporary account on a secondary email address until it gets sorted out.
I am very disappointed that the authentication guard did not work.
I also am disappointed in this community to think that everyone is a complete idiot regarding security. There is no way my email account was compromised. If it had been the people that compromised it would give no mind to my STO account and might be much more interested in things attached to quite a bit of money including my stock portfolio. I have been building and using computers for over 2 decades. I believe that PW may have been compromised as there is another thread in NWNO forums where the exact same symptoms are happening.
you can check it out here
Neverwinter nights mod trying to escalate multiple accounts being compromised
Obviously, a confirmation e-mail or verification code should be sent to the original e-mail address before the e-mail address can be changed through the website. As it stands, more than half the account protection assumed to be in place can be entirely bypassed.
That just makes it sadly ironic. They do in fact send the necessary e-mail, just to the wrong account and at the wrong time.
That's too late. Simply notifying me that the change has already taken place, instead of proactively requiring access to both accounts in order to effect a change of e-mail address (or any other sensitive information), is insufficient and not worth lauding.
I wouldn't use an e-mail account simultaneously for gaming, personal and professional uses. With multiple addresses, I'm less likely to sit refreshing one constantly, and if anything a gaming address will be accessed the least frequently.
My guess is that it's targeting NWNO, but other Cryptic games are unwitting victims due to the shared account servers.
[SIGPIC][/SIGPIC]