test content
Logo
What is the Arc Client?
Install Arc
A *HUNDRED* Account Hijack Attempts In The Past Hour!
mhirtesc
Member Posts: 581 Arc User
Tried to send a trouble ticket to Cryptic they last time they pulled this a few weeks ago. All got was a "DUH-UHHHHH! We see no hijack attempts! DERRRRRRP!", yet I get my email inbox flooded with over a 100 attempts per hour this weekend.
Seems that trying to level a new account is so hard & nasty now that stealing another players' STO account is a more viable option. Good going, Cryptic!
Seems that trying to level a new account is so hard & nasty now that stealing another players' STO account is a more viable option. Good going, Cryptic!
Post edited by mhirtesc on
0
This discussion has been closed.
Comments
And what proof would satisfy you, troll?
Well, for a start you can post some screenshots. With your confidential information censored out, of course.
At that level of access attempts I rather doubt somebody's trying to break into your account to steal ur stuffz. I suspect they want to turn it into a spambot.
— Sabaton, "Great War"
Check out https://unitedfederationofpla.net/s/
Here's one recent sampling (like Hell I'm going to retain the whole bunch of them, so please don't pull any of that "well that's not a hundred. snivelsnivelsnivel" garbage).
http://oi59.tinypic.com/2zyhsbc.jpg
Yeah, I am apparently in the wrong for suggesting you back up your claim of 100 attempts. I apologize for not taking your statement at face value. I forget that we operate on the honor system on the STO forums. Silly me.
Alright, now we're getting somewhere. Now how about your e-mail(s) from Perfect World stating that they detected no hijacking attempts on your account? Again, with your confidential information censored, of course.
Dude, you aren't my keeper. I do not need to run around doing stuff to appease YOU. I did more than I needed to just to provide you with a screencap and now you want to make me run around some more. Go foul up some other thread.
So, you are not willing to back up your claims that you state have happened?
I ended up changing my password and other credentials too, to be on the safe side. The main defense against this sort of thing is a good solid set of credentials imo.
No. I just refuse to be your dancing monkey.
Then I refer you to my first response to your thread.
Sounds legit.
Fine. Don't believe it then. As others have mentioned, they're getting it too. That's a lot of "sounds legit".
Well, the forum mods can close the thread.
We can ask them to do so...we just can't make a petition asking them to do so. :P
The plural of anecdote is not data.
anyways yea this sort of thing happens mostly when you register at fishy sites for 3rd party tools etc.
def happens if you do the other nasty thing we cant talk about but is the reason they want your account to do their work with.
im leaning towards the first you registered for a 3rd party tool such as a keybind maker or some such.
I would say that at this point in time there is nothing Cryptic can do for you. How another person got your email address is a different issue though. Why can't tech support see that there have been hijack attempts I cannot say. Perhaps they simply said, "Nah... there have been no attempts" and proceeded to go back reading their comic book.
I believe the only thing you can do is simply change the e-mail associated with your account. It might be easier said than done since I have not attempted to change my e-mail yet. I have only changed my password.
Even if tech support can see that there have been hijack attempts on your account, there is nothing they can do about it. They can technically attempt to trace the IP address of the individual attempted to hack your password, that takes time and a lot of effort. I am pretty sure they are not capable of doing that effectively. They would need to hire an outside security firm to do the monitor and tracing. Doing this is going to be pretty expensive; far too much money for a MMO company. Also, any smart hacker would be hiding behind a VPN which basically makes them anonymous and only increases the complexity of tracking the perpetrator.
Wouldn't some overzealous mod probably come along and, at best, just delete any such communications even if he does post them?
What bugs me is that there doesn't seem to be a system to flag these efforts (multiple attempts per period of time) that precludes sending further messages.
I have received Amazon account mails and some bills of mobile phone companys I have never been customer to.
Shady companys somehow can mimic near perfect Email adresses of big companies to trick customers into following a link, where you need to put your infos into.
I also received such mails in a hundred when I played Orccraft for some days and also SWTOR.
Fake Orccraft mails made me close my old main Email adress because Hotmail blocked me already because of all these junk mails.
I think you can only see the difference between real and fake email adresses when you check their ID under properties or so.
Possibly. But if one wants some type of resolution or to make accusations, then a presentation of evidence is necessary.
Otherwise it is just hearsay. At the very least, if someone closed the thread they could forward the aforementioned evidence to those who handle that type of thing.
Which is not a guarantee of anything in of itself, but it has higher odds of resulting in a concession made in the OP's favor than simply making claims without evidence.
To take it one step further. Even the closing of the thread could be used as ammunition against PWE, since evidence of questionable ethical integrity would be silenced. Which would make the OP's point even more valid.
However, without the presentation of evidence, the thread would be closed because OP decided that hearsay on the STO forums was a productive use of their time and energy. Which paints that commentary and accusation in an extremely different light as opposed to commentary and accusations with more evidence to back up one's claim.
This week, I've received 2-3 mail about password reset request or username request. I made none of them.
It's kinda scary, but on the bright side, if it was a hacker, I would have been TRIBBLE right away, and no mail would have been sent.
I don't understand.
I just checked, and I can't find where to request my username. I can request my password on arc, but no mail is received. Not the first time I had a problem with my password, and no mail was sent.
I really don't understand.
I'm really not seeing what exactly you're upset about. The verification system worked as designed; the bot was unable to hack your account. PWE isn't seeing anything, because as far as their system is concerned, nothing happened. Other than a user attempting to change their password, of course, which probably happens a couple thousand times a day across all PW games.
So, you've now proved Account Verification is indeed a secure system. Thanks!
If a bot try a hundred time to reset your password, you'll receive a hundred mail. Can you see the problem ?
Again, these are emails proving that your account is secure, so long as you don't say "okay" to any of the password-change requests. What exactly is the issue?