test content
Logo
What is the Arc Client?
Install Arc
h.acked arc *not* secure
admiralm0tt
Member Posts: 53 Arc User
removed
Post edited by admiralm0tt on
0
Comments
No answer at that number. Dialed the extension for operator...just rings with no answer. Thanks though.
I think I need more info, though. ARC is privileged. Web access isn't. The game can't be accessed without your account name and a password one hopes wasn't the same one you use for e-mail. Unless there's a way to sell off or e-mail game items and currency outside of the game, what do we think happened here? (Maybe there is a way--I've never seen it.)
If someone changed your password, how did you log in to your account? Aren't those ideas mutually exclusive?
I'm not sure HOW they did it, but they did. I went to log in and my password didn't work. I thought I was having a geriatric moment. I tried multiple times thinking I was typing too fast. NOPE. My password didn't work. Clicked the forgot password link and went through the steps to reset. When I reset my password, it did allow me to log in.
When the character select screen loaded, all my alts were out of order. The toons I used most were towards the bottoms of the list, while toons I rarely use were towards the top of the list. Strange. When my main finished loading, I went to my inventory to find everything moved around - and TONS missing. That's when I figured it out. I immediately went to the account bank and saw everything cleared out .. 500,000,000 from the account bank; 200,000,000 from this toon, several hundred Million more EC from other toons, lockbox items, ship boxes. This person hit the jackpot.
I resent the undertone. I did not 'buy items or currency from an outside party' - but DID buy zen on 5/1 through ARC. I was using NO third party program other than Chrome and NVidida control panel running in the background while playing last. They did access my account and DID change the password. They initiated a trade apparently as my inventory had junk commodities which I didn't have before. Apparently they didn't know you can initiate a trade without actually trading off anything. Their character name, ISP, and location were logged I'm sure. I hope to hell someone gets a lifetime BAN when support reviews what happened.
That would be ideal as I haven't played since 5/3 or 5/4.
They did it for me. I can't see why they wouldn't do it for you.
Thank you so much for giving me this information. I wish the chat rep would have said this so I didn't blow my top. If they can restore everything that would be great.
They tend not to tell people that they can do it. My ticket got bounced from person to person a few times before one of the responders told me that was an option. They probably keep it a secret to prevent people from using it as an exploit by, say, doing to themselves what was done to you, getting the rollback, and then sending themselves their stuff back.
removed
I did no unsafe thing. WIFI is secure (has to be for work).
As far as the hacker...well I don't know where/how he/she got the info...but they did. My username is NOT my email (nothing close to my email), and passwords for windows/arc/email are all different. I have since changed ALL my passwords, changed the email on the account, ran a virus scan (nothing), checked the email that was associated with the account at the time it was TRIBBLE to see if anything was out of the ordinary...nothing.
Because my email, personal computer, and cell phone weren't compromised, the last method was ARC. Process of elimination.
Anytime you want to admit you're wrong, feel free..
The so called "haters" are being rather logical about the potential causes for this breach, and you're biting their heads off. No one is accusing you of anything. No one is demonizing you for anything. All they are doing is providing insight into what COULD have happened, and pointing things out.
Is it possible they got into your e-mail, and made sure to cover their tracks? Yes.
Is it possible they logged in directly to STO bypassing Arc? With access to the connected E-mail account yes.
The fact is there are two alternate means of logging into STO without Arc. The stand alone launcher and a Steam copy. Both those do NOT use your Arc info, but a manual input password and account name. Arc just fills those in automatically for you. So honestly saying immediately that Arc is the problem is jumping the gun a bit.
I myself don't even log in via Arc. I run on Steam. *shrug* While some people do use Arc, others use Steam or the stand alone launcher as a preference.
No one is denying you were hit. We're just trying to figure out the cause. Its possible that it was just something innocent that lead up to the breach. People like that can be tricky.
normal text = me speaking as fellow formite
colored text = mod mode
It's frustrating when you're the victim of crime to be told in any way "it's probably your fault". No, it's not my fault some waste of space committed theft. The undertones of the previous comments were "you bought gold/items from gold sellers", "you had an easy password...your fault", "you had been on questionable websites", "you had malware on your computer", etc. Those are accusatory...
Plain and simple; my account was TRIBBLE. I use ARC to login due to it's supposed security. TRUE, someone may have gotten into the email account formerly associated with the account and then covered their tracks... TRUE, someone may have logged into STO bypassing ARC. It goes back to the fact that the email notifying me of a change to my password wasn't sent. Even if they managed to delete it - it still would have come to my phone and would show up in the 'deleted' folder as my phone syncs separate from the online mailboxes.
I've lost several hundred dollars worth of items/dilithium/energy credits/etc. If someone took several hundred dollars worth of CASH from your BANK ACCOUNT... would you tolerate hearing "your PIN was easy to guess", or "you obviously left your checkbook lying around"?
I'm mad. I'm disappointed. I'm worried. I've removed my previous comments in favor of this post. This is all I have to say. My hope is support restores my account. If not, well, I will pursue other legal options...
Whoops!
It looks like there may be a problem with your account. It is possible you have been banned or you are attempting to log in from an unsupported region. If you believe this is an error, please contact support.
WTF????
Chill out, dude. This is probably a *good* thing, as it would seem they have acknowledged your account has been compromised, and have frozen it, pending investigation/action; and to prevent further abuse of it.
Also, you lost a bit of sympathy when you starting saying Arc was unsafe; whereas, in fact, YOU are unsafe. Seriously, you allowed your computer to be compromized. I agree with coldnapalm, here. And. what's worse, you are STILL compromized, until you find the source of the vulnerabilty; being in denial, saying you have a secure wifi connection, does not help you one bit. In fact, if I were Cryptic support, I'd demand you find the cause yourself first; or at least take severe measures to ensure the safety of your computer, before I'd restore anything for you. Otherwise, what's to say the same thing won't happen again to you next week?!
Subscriptions
Subscribed For: 2392 Days
Subscription Status: Active
I will take it as a good thing. Not looking for sympathy. Not going to explain anything more. Not arguing with anyone on this board anymore. Will update when I hear something from support.
Views and Opinions May Not Reflect the Views and Opinions of Gearbox/Cryptic
Moderation Problems/Issues? Please contact the Community Manager
Terms of Service / Community Rules and Policies / FCT
Facebook / Twitter / Twitch
Two co-workers over the last year have had their work email accounts "h ackbar'd" but in fact our server was NOT messed with. In both cases the co-worker used their email address and the same password on other sites that were compromised. One was DropBox, one we're not sure about.
If you use "bunnyH0p!q92030foo" on 20 sites, only one of them needs to be compromised and the other 19 could then be opened wide.
Most people don't realize this, this needs to be on billboards around the world.
I won't engage in arguing with you. Because of my line of work my phone requires a certain level of encryption. I work 13 hour shifts and connect to the work WIFI which is behind some heavy-duty security due to the nature of our work (government regulation- I know - I'm not running for president of the US though). Because work emails come to my personal cell, it has to meet the strict security requirements put forth (same as the internet at work which blocks facebook, games, etc).
I don't open attachments in email and always delete anything I'm not familiar with without opening the actual email. My computer is used solely for Netflix and occasionally STO. Are you suggesting that someone TRIBBLE my Netflix in order to plant phishing software on my computer? I mean really..