test content
What is the Arc Client?
Install Arc

My account has been TRIBBLE!!!!

nafeasonto1nafeasonto1 Member Posts: 0 Arc User
I am still logged in because of the cookie saving on my browser. I can't sign onto STO. MY email has been changed to some weird hotmail address. WTF is going on!!! Who do I contact what do I do. this is insane!

I tried emailing cryptic they haven't gotten back to me. I have no CC informaton on my account jjust a link to my Paypal for subscription.

TRIBBLE this is sacring the TRIBBLE out of me.
Post edited by nafeasonto1 on
«1

Comments

  • warpetwarpet Member Posts: 506 Arc User
    edited May 2013
    support ,and most common hackers is your family
  • nafeasonto1nafeasonto1 Member Posts: 0 Arc User
    edited May 2013
    I never tell ANOYNE my passwords. still i still am logged in I can see the changed email address. If i try to do a forget password it's in Korean or Mandarin and the translate says favorite pets name, and well that I can't answer. THis is fcking horrible!!!

    THis is the new email address:

    whapstfe364@hotmail.com
  • anazondaanazonda Member Posts: 8,399 Arc User
    edited May 2013
    can you name any in-game character (or all)... that way we can try to check if your chars seem in order until you get reply from PWE

    Using Gateway
    Don't look silly... Don't call it the "Z-Store/Zen Store"...
    Let me put the rumors to rest: it's definitely still the C-Store (Cryptic Store) It just takes ZEN.
    Like Duty Officers? Support effords to gather ideas
  • happymarvinhappymarvin Member Posts: 89 Arc User
    edited May 2013
    I thought your e-mail couldn't be changed without a message being sent to the email associated with the account?
  • mirrorchaosmirrorchaos Member Posts: 9,844 Arc User
    edited May 2013
    I am still logged in because of the cookie saving on my browser. I can't sign onto STO. MY email has been changed to some weird hotmail address. WTF is going on!!! Who do I contact what do I do. this is insane!

    I tried emailing cryptic they haven't gotten back to me. I have no CC informaton on my account jjust a link to my Paypal for subscription.

    TRIBBLE this is sacring the TRIBBLE out of me.

    never save cookies, they contain information that is saved on your computer that would make it significantly easier for any hacker to use to get access to you. it maybe needed to some for convenience, but it is a security risk. also trackers follow your movements and these report as 1st hand info to advertisement sites and such. for example ghosery is telling me there are 3 trackers on this site as i am writing up this reply, two from google and one from facebook, all three blocked and with spybot running in the background blocking others, not saving info at all using your browser options to erase history the moment the process has ended.

    its good you still have access and still on your account, you can change your email back still, but doubtless when you log off your password may of changed as well, double check that.

    so change your password, recovery answers and such and report to cryptic with a ticket of the incident. you may want to check your ingame stuff as well.
    T6 Miranda Hero Ship FTW.
    Been around since Dec 2010 on STO and bought LTS in Apr 2013 for STO.
  • anazondaanazonda Member Posts: 8,399 Arc User
    edited May 2013
    I thought your e-mail couldn't be changed without a message being sent to the email associated with the account?

    Just changed my email to test it... Indeed a confirmation email is send, but to the NEW email address registered.

    Now thats just plain simple stupid.

    Edit:

    Ironically, this mail is sendt to the original mail too:
    Hello,

    We have received a request from you to change your account's registered email address. A confirmation email has been sent to your new email address for verification.

    If you did not request your email address to be changed, please contact our customer support department immediately.

    http://support.perfectworld.com/

    -Perfect World Entertainment, Inc.

    Now if this mail is not in your inbox, then whoever changed your password, also knows your email account details.
    ~snip

    It saddens me how little people know about cookies.
    Don't look silly... Don't call it the "Z-Store/Zen Store"...
    Let me put the rumors to rest: it's definitely still the C-Store (Cryptic Store) It just takes ZEN.
    Like Duty Officers? Support effords to gather ideas
  • mirrorchaosmirrorchaos Member Posts: 9,844 Arc User
    edited May 2013
    anazonda wrote: »
    It saddens me how little people know about cookies.

    yeah, right.. whatever you say :rolleyes:. i know what a cookie is and i will never allow one on my machine long enough.
    T6 Miranda Hero Ship FTW.
    Been around since Dec 2010 on STO and bought LTS in Apr 2013 for STO.
  • anazondaanazonda Member Posts: 8,399 Arc User
    edited May 2013
    yeah, right.. whatever you say :rolleyes:. i know what a cookie is and i will never allow one on my machine long enough.

    Your resources to waste... But let me tell you, as a web-developer, whatever is stored in a cookie, is just as easily recovered without a cookie.

    Roll your eyes all you wan't, but believing that you're safe just because you don't store cookies is just naive.
    Don't look silly... Don't call it the "Z-Store/Zen Store"...
    Let me put the rumors to rest: it's definitely still the C-Store (Cryptic Store) It just takes ZEN.
    Like Duty Officers? Support effords to gather ideas
  • mirrorchaosmirrorchaos Member Posts: 9,844 Arc User
    edited May 2013
    nothing is safe from tampering, it happens even to the most secure websites, dont kid yourself thinking your secure because your not and neither am i or anyone else.

    ever heard of cross-site scripting. so yes i know what im going on about and that resource is a security risk. the only way information says safe is in my head.
    T6 Miranda Hero Ship FTW.
    Been around since Dec 2010 on STO and bought LTS in Apr 2013 for STO.
  • nafeasonto1nafeasonto1 Member Posts: 0 Arc User
    edited May 2013
    I thought your e-mail couldn't be changed without a message being sent to the email associated with the account?

    My fleet is checking it for me.

    It's any @nafeasonto account
  • ironmakoironmako Member Posts: 770 Arc User
    edited May 2013
    anazonda wrote: »
    Your resources to waste... But let me tell you, as a web-developer, whatever is stored in a cookie, is just as easily recovered without a cookie.

    Roll your eyes all you wan't, but believing that you're safe just because you don't store cookies is just naive.

    I am also a web developer, and i agree with this.

    I've been online gaming for years, and have never been TRIBBLE, Simply because I change my passwords regularly, I never store info on computers used by someone else and I never give my in-game name or e-mail address on any public platform such as a forum.

    The safeguards which STO use are more than adequate to protect you. If you have been TRIBBLE, then it is only due to your carelessness in some way.
  • nafeasonto1nafeasonto1 Member Posts: 0 Arc User
    edited May 2013
    LUCKILY my sub is through my Paypal. I removed ALL my Credit cards and bank info from PayPal. Canceled all my Credit cards that I ever used with Cryptic. No money charge can be done now.
  • nafeasonto1nafeasonto1 Member Posts: 0 Arc User
    edited May 2013
    ironmako wrote: »
    I am also a web developer, and i agree with this.

    I've been online gaming for years, and have ever been TRIBBLE, Simply because I change my passwords regularly, I never store info on computers used by someone else and I never give my in-game name or e-mail address on any public platform such as a forum.

    The safeguards which STO use are more than adequate to protect you. If you have been TRIBBLE, then it is only due to your carelessness in some way.


    Carelessness IN WHAT WAY? I have extremely long passwords. WTF carelessness could there be. You are blaming me now?

    MY EMAIL security has NOT been comprimised. Stop jumping to conclusions


    I have been playing MMO's since I was 14. Now I am 28. This is the first time EVER I have been TRIBBLE.
  • threat21threat21 Member Posts: 300
    edited May 2013
    ironmako wrote: »

    The safeguards which STO use are more than adequate to protect you. If you have been TRIBBLE, then it is only due to your carelessness in some way.

    I have to disagree with you. there's been a rash of reported account hacks over the last couple of weeks with the exact same circumstances as the OP. it seems to me that cryptic has a security breach and the "account guard" isn't sufficient to protect against it.
  • nafeasonto1nafeasonto1 Member Posts: 0 Arc User
    edited May 2013
    They need to make an APP and a rotating Key like Blizzard. I don't play WOW anymore, but this is the only smart way.
  • anazondaanazonda Member Posts: 8,399 Arc User
    edited May 2013
    Carelessness IN WHAT WAY? I have extremely long passwords. WTF carelessness could there be. You are blaming me now?

    MY EMAIL security has NOT been comprimised. Stop jumping to conclusions

    I have been playing MMO's since I was 14. Now I am 28. This is the first time EVER I have been TRIBBLE.

    I won't go to the level of saying careless, but I can only think of (based on the information you've supplied) these ways, in witch your password has been compromised:
    • Someone knows/guessed/saw you enter your password.
    • You have a Key logger, or another malware application that stores and leaks your information
    • Interception of clear-format username and password requests to servers. Testing this, it is in fact the case. Headers when you submit login forms are send as clear text, meaning that it's readable in your GET request. (Meaning even blocking cookies will protect you).
    • Edit: Cryptics database might have been compromised again.

    The two latter are the most likely scenarios. They are also things you and I have no control over.

    There are more sophisticated ways of getting your info, but people who use those, likely aren't interested in your gaming account.
    Don't look silly... Don't call it the "Z-Store/Zen Store"...
    Let me put the rumors to rest: it's definitely still the C-Store (Cryptic Store) It just takes ZEN.
    Like Duty Officers? Support effords to gather ideas
  • romeowhiskey4romeowhiskey4 Member Posts: 266 Arc User
    edited May 2013
    Would this all be anythign to do with the recent 'emergency' Cryptic had where they shut everything down?
  • anazondaanazonda Member Posts: 8,399 Arc User
    edited May 2013
    Would this all be anythign to do with the recent 'emergency' Cryptic had where they shut everything down?

    The recent shutdown, to my knowlege, was because their serves could not handle the high amount of logins regular-games/LoR-Beta/NW-Beta.

    Granted, it might have been used as a coverup too... But that would be making conspiracy-theories, and in honesty, I don't believe in those.
    Things are usually as simple as they seem.
    Don't look silly... Don't call it the "Z-Store/Zen Store"...
    Let me put the rumors to rest: it's definitely still the C-Store (Cryptic Store) It just takes ZEN.
    Like Duty Officers? Support effords to gather ideas
  • thecosmic1thecosmic1 Member Posts: 9,365 Arc User
    edited May 2013
    I am still logged in because of the cookie saving on my browser. I can't sign onto STO. MY email has been changed to some weird hotmail address. WTF is going on!!! Who do I contact what do I do. this is insane!

    I tried emailing cryptic they haven't gotten back to me. I have no CC informaton on my account jjust a link to my Paypal for subscription.

    TRIBBLE this is sacring the TRIBBLE out of me.
    Follow the instruction in THIS post if you've been TRIBBLE.

    If it's found to be a true hack then Cryptic will restore your character and stuff. It will take a few days, though. It takes less time if you used the Compromised Account heading on your Support information, though.
    STO is about my Liberated Borg Federation Captain with his Breen 1st Officer, Jem'Hadar Tactical Officer, Liberated Borg Engineering Officer, Android Ops Officer, Photonic Science Officer, Gorn Science Officer, and Reman Medical Officer jumping into their Jem'Hadar Carrier and flying off to do missions for the new Romulan Empire. But for some players allowing a T5 Connie to be used breaks the canon in the game.
  • thecosmic1thecosmic1 Member Posts: 9,365 Arc User
    edited May 2013
    I thought your e-mail couldn't be changed without a message being sent to the email associated with the account?
    This is correct. The problem is that many times a gamer will use a throw-away email address for their game account, and thus it never gets checked - and thus they never see the original change happening.
    STO is about my Liberated Borg Federation Captain with his Breen 1st Officer, Jem'Hadar Tactical Officer, Liberated Borg Engineering Officer, Android Ops Officer, Photonic Science Officer, Gorn Science Officer, and Reman Medical Officer jumping into their Jem'Hadar Carrier and flying off to do missions for the new Romulan Empire. But for some players allowing a T5 Connie to be used breaks the canon in the game.
  • lan451lan451 Member Posts: 3,386 Arc User
    edited May 2013
    I have to admit, all of these recent account hacking threads popping up both here and on the NW forums seems odd. Normally I'm in the "well don't share your account info or buy from RMT" camp (which you should still never do), but since quite a few of these have popped up in a short period of time...I don't know. All of them seem to have similar gibberish email accounts too. Changed all my passwords to everything just in case.
    JWZrsUV.jpg
    Mine Trap Supporter
  • aexraelaexrael Member Posts: 0 Arc User
    edited May 2013
  • nyxadrillnyxadrill Member Posts: 1,242 Arc User
    edited May 2013
    I read this interesting article the other day about passwords.

    Made me think about the ones I use.

    http://www.pcworld.com/article/2038067/passwords-youre-doing-it-wrong-heres-how-to-make-them-uncrackable-.html
    server_hamster6.png
  • ironmakoironmako Member Posts: 770 Arc User
    edited May 2013
    To gain access, there are safeguards in place. For example, to change e-mail address, you would need confirmation to your own origianal e-mail address. Which means that your e-mails have actually been TRIBBLE. Just because your e-mails aren't spamming TRIBBLE to everyone in your address book, does not mean that it hasn't been TRIBBLE.

    Also, try using 'Dev' passwords, rather than words with letters and numbers. Dev passwords are near solid.

    Try this out. http://strongpasswordgenerator.com/ This will generate very strong passwords which are nigh on solid. Then WRITE the passwords down. Every online techie will tell you the safest place to keep passwords is on a piece of paper, and store it in a small lock box, or in a book or something. If your still living with your parents, then give the piece of paper to your mum or something. NEVER store on your computer. Nobody will burgle your house just for a password.

    Oh, and i'm not saying you're naturally careless :) but you do sound to be over confident, and maybe you have overlooked something. I hope you get it all sorted out, and I'm sure Cryptic will help. :)
  • threat21threat21 Member Posts: 300
    edited May 2013
    the sad thing here is if cryptic has been compromised, passwords may not even be a security factor here. I'm not trying to cause a panic but the amount of reported hacks is cause for concern. Granted we have no hard evidence to know what extent any breach, if it has occurred, has compromised account security. But its obvious there is a flaw somewhere and I hope that it is addressed and quickly before more accounts get compromised.
  • pwebranflakespwebranflakes Member Posts: 7,741
    edited May 2013
    Hi Captains,

    We take these situations very seriously. If you have received a notification that the email address on your PWE account was changed, and you were not the one who initiated the change, please take these steps to secure your account:
    1. Log into your account and change the email address back to something that you control.
    2. Change the password to something that is strong and unique.
    • The password should be between 6 and 14 characters.
    • A mixture of lowercase letters, uppercase letters, and numbers is recommended.
    • The password should NOT be the same as one you have used in the past or used on
    another account you have.
    3. Contact Customer Support if you need further assistance by sending an email directly to customerservice@perfectworld.com.
    • The subject line should read "Compromised Account".
    • Please include your PWE account name, in-game @Handle name, and original email address that was used when registering the account so we can quickly identify you.
    • Please send only one (1) ticket about this and avoid submitting duplicates.
    General guidelines to keep your account as secure as possible:
    • NEVER share your user name or password with anyone else.
    • NEVER use the same user name or password on multiple accounts.
    • NEVER visit sites advertising gold for sale in our games

    Cheers,

    Brandon =/\=
  • ironmakoironmako Member Posts: 770 Arc User
    edited May 2013
    nyxadrill wrote: »
    I read this interesting article the other day about passwords.

    Made me think about the ones I use.

    http://www.pcworld.com/article/2038067/passwords-youre-doing-it-wrong-heres-how-to-make-them-uncrackable-.html
    threat21 wrote: »
    the sad thing here is if cryptic has been compromised, passwords may not even be a security factor here. I'm not trying to cause a panic but the amount of reported hacks is cause for concern. Granted we have no hard evidence to know what extent any breach, if it has occurred, has compromised account security. But its obvious there is a flaw somewhere and I hope that it is addressed and quickly before more accounts get compromised.

    THis is a valid point, and could be feasible. I mean, If it could happen to X Box Live, It could happen to Cryptic, and with their dedicated attention focused on the new game content launch, it gives the perfect opportunity for any hackers to strike.
  • thecosmic1thecosmic1 Member Posts: 9,365 Arc User
    edited May 2013
    Hi Captains,

    We take these situations very seriously. If you have received a notification that the email address on your PWE account was changed, and you were not the one who initiated the change, please take these steps to secure your account:
    1. Log into your account and change the email address back to something that you control.
    2. Change the password to something that is strong and unique.
    • The password should be between 6 and 14 characters.
    • A mixture of lowercase letters, uppercase letters, and numbers is recommended.
    • The password should NOT be the same as one you have used in the past or used on
    another account you have.
    3. Contact Customer Support if you need further assistance by sending an email directly to customerservice@perfectworld.com.
    • The subject line should read "Compromised Account".
    • Please include your PWE account name, in-game @Handle name, and original email address that was used when registering the account so we can quickly identify you.
    • Please send only one (1) ticket about this and avoid submitting duplicates.
    General guidelines to keep your account as secure as possible:
    • NEVER share your user name or password with anyone else.
    • NEVER use the same user name or password on multiple accounts.
    • NEVER visit sites advertising gold for sale in our games

    Cheers,

    Brandon =/\=
    Brandon, at this stage I think Cryptic needs to put notices on their Launchers telling people to come to the forum and change their passwords. Whether the system was compromised during the various down-times over the last couple of week or not, it's clear that hackers have gotten a lot of people's information somehow - possibly even from all the gold-seller PMs with the links to buy ECs.

    Most of your fan-base doesn't come to the forum regularly and so might not have any idea - nor any idea they should ever change their passwords. A proactive broad notification would probably be better then the singular posts telling people what to do if it happens.
    STO is about my Liberated Borg Federation Captain with his Breen 1st Officer, Jem'Hadar Tactical Officer, Liberated Borg Engineering Officer, Android Ops Officer, Photonic Science Officer, Gorn Science Officer, and Reman Medical Officer jumping into their Jem'Hadar Carrier and flying off to do missions for the new Romulan Empire. But for some players allowing a T5 Connie to be used breaks the canon in the game.
  • nyxadrillnyxadrill Member Posts: 1,242 Arc User
    edited May 2013
    thecosmic1 wrote: »
    Brandon, at this stage I think Cryptic needs to put notices on their Launchers telling people to come to the forum and change their passwords. Whether the system was compromised during the various down-times over the last couple of week or not, it's clear that hackers have gotten a lot of people's information somehow - possibly even from all the gold-seller PMs with the links to buy ECs.

    Most of your fan-base doesn't come to the forum regularly and so might not have any idea - nor any idea they should ever change their passwords. A proactive broad notification would probably be better then the singular posts telling people what to do if it happens.

    I'd second this. Better to be proactive than reactive, and often less costly!
    server_hamster6.png
  • kirkson2kirkson2 Member Posts: 161 Arc User
    edited May 2013
    Could it be that he biught gold and they TRIBBLE him this way? I would get rid of all the good sellers then... Just saying
    Klingons smell worse than wookies:D
Sign In or Register to comment.