Early morning I received an email saying:
Hello,
We have received a request from you to change your account's registered email address. A confirmation email has been sent to your new email address for verification.
If you did not request your email address to be changed, please contact our customer support department immediately.
http://support.perfectworld.com/
I did not recieve any email saying that some new browser or game client wanted authenticating.
So somehow they got past account guard, reset my pass, and then stole my stuff and deleted my characters.
They didnt change my pwe account pass so I got back into the account and took back control.
They didnt leave any trail of account guard browsers or game clients.
I dont know how they got my pwe username as its not advertised anywhere, or how they got through my randomly generated password.
I doubt they had access to my email account to delete any account guard mails that would have been made, as my email addy is different to my pwe username and my email pass is different from my pwe pass.
I am worried that account guard is not doing its job!
I emailed pwe support to see if they can get my character back, has anyone gotten a deleted char back by speaking to support?
Comments
Not everything you see on the internet is true - Abraham Lincoln
Occidere populo et effercio confractus
didnt the email have a code?
im guessing they had your email address and password..
a life lesson.. on games like this, make its own email address that you never use for anything else.. and make the password different from the game password.
[12:44] Vessel One of Two Unimatrix 01 deals 1019527 (1157678) Kinetic Damage to you with Plasma Energy Bolt Explosion.
Are you talking about characters from Holodeck or from Tribble?
If you're talking about Tribble, Cryptic did a character wipe of all tribble characters.
If you're talking about on holodeck then I hope you saved the e-mail address that the person changed it to.
Yeah the unfortunate part is if your email is compromised account guard isnt worth ****.
Not everything you see on the internet is true - Abraham Lincoln
Occidere populo et effercio confractus
It makes me wonder if there is some other security breach somewhere, be it with PWE, or something else.
It also has me worried how big of an issue this is going to end up being. Because if someone gets into your email, the account guard won't mean jack. Useful for if your email is ok, but if the email is breached...well...this happens.
Not everything you see on the internet is true - Abraham Lincoln
Occidere populo et effercio confractus
I did not receive a mail from account guard saying a new browser wants to be used.
I just got a mail saying:
Hello,
We have received a request from you to change your account's registered email address. A confirmation email has been sent to your new email address for verification.
If you did not request your email address to be changed, please contact our customer support department immediately.
http://support.perfectworld.com/
Some how they got past the account guard feature, they knew my sto username and pass and then took all my stuff and deleted characters.
So cryptics account guard has a flaw!
Has anyone been able to get a character back after a hack? Do they backup characters?
Or they deleted the email with the onetime code. Either way they still needed your sto login.
Not everything you see on the internet is true - Abraham Lincoln
Occidere populo et effercio confractus
Still how they got my pwe username is worrying. I hope they reply to my support request.
If you dont slick the box to save the browser its automaticaly deleted.
Not everything you see on the internet is true - Abraham Lincoln
Occidere populo et effercio confractus
1) With the availability of free email addresses don't be afraid to have more than one. Having 3 separate e-mail addresses may seem like an annoyance, but it will allow you to designate activities as low, medium, and high security usages.
2) Never store your credit card information. No matter how much security something is supposed to have, there's always someone that can get through it and with alarming ease.
3) Make sure you have reliable anti-virus software with identity protection built in. Personally I use AVG as I've found it to be the most reliable and affordable. There is also a free edition, and they also have a mobile edition for smartphones and tablets.
4) Never repeat passwords. It doesn't matter if you need an entire notebook to write down your password information. This will greatly help to prevent multiple security breaches.
5) Usernames-a-plenty. We all know how infuriating it can get trying to find an available username and when we do manage to create a unique enough one that it is available in multiple areas we tend to want to use it as much as possible. Create a unique username every time, or at the very least create variations of a username.
6) Passwords. Never use sex, god, love, birth dates, important dates, pet names, or names of people you know. The longer the password and the more variation in it the better. Again if you need to write them down in a notebook, but NEVER store them on your computer.
7) Cookies and other "Sneak Attacks": routinely clear your cookies, cache, and all other browser data. Also be sure to verify the location or file name before clicking a link or opening any type of picture or files. Yes I DID say to check pictures, most people don't realize this but a picture is computer code just like everything else and they CAN contain viruses. If you hover your mouse over a link in the lower left hand corner of just about every browser it will display where the link
actually goes to and what the actual file name is.
8) Forums. Make sure your forum names never hint at what your e-mail address or your username is. We are creatures of convenience and often times forget to fight against the natural instinct to keep things as simple as possible.
These are just some of the basic things to remember and they really are simple things to do.
If anything is ever compromised despite these steps at least the damage will be minimized. It's also important to remember to retain as much fraudulent information as possible. For example if an account for a facebook is TRIBBLE and the hacker changed the e-mail address and password on your account having a record of that information can greatly help to catch the hacker.
Pwe username different from my email address.
Pwe username different from forum display name
Pwe pass different from email pass.
Personal mail password changed regular
My machine was off during the hack so they didn't remote in to use my client.
What's odd is that after they got in my pwe account they did not change my password.
If they got into my mail they did not change my pass.
But they did ensure their browser and game client,was not saved to the account guard.
So they were,competant but they missed a chance to totally cover their tracks by locking me out of the account too.
they do. If you try to access you account from a different computer it demands a code.
Not everything you see on the internet is true - Abraham Lincoln
Occidere populo et effercio confractus
Probably just interested in your stuff and nothing else, Or this was something they got from a security leak elsewhere.
Not everything you see on the internet is true - Abraham Lincoln
Occidere populo et effercio confractus
Sounds like they logged into the sto website and then changed the registered email from here. The problem is Account guard should have sent the confirmation e-mail to the old e-mail address, not to the new one.
In the past when dealing with TRIBBLE accounts cryptic has been able to restore a backup of TRIBBLE accounts. It might be a slightly older backup meaning you might lose whatever you had done in the past few days/week or two, but it can be done. However, if you are in a fleet and high enough ranking to have a lot of access in the fleet Cryptic is unable to restore any damage done to a fleet.
otherwise i lost 2 characters, fleet ambassador, heavy escourt carrier, regent, vesta, andorian escourt, 65mil ec, 500000 di, 2500 zen, 150000 fleet marks and all my ships running all mk xii purple consoles.
Not sure i want to spend another year trying to get back to that level of kit.
Just hope they didn't strip your account or at least that you had all of that whenever the last backup was made.
They know my email address and pass.
They know my pwe name and pass (different from mail username/pass)
They log into pwe web site, it emails a code to me.
They access my mail and get the code, delete the code and remove it from deleted items folder.
They log into pwe site and change my email address.
They open a game client and it emails them a code.
They use the code and log into the game.
Steal all my stuff, delete the characters.
Back to the pwe site, account guard, delete the web browser and game client they used to cover their tracks.
Now thats a load of effort to just get EC and dilithium, and requires them to know 2 sets of logins and passwords.
The alternitive is that there is a back door somewhere letting people get pwe usernames and password, plus a way to bypass account guard.
Either way its worrying.
Actually another person back on page 1 said they also got TRIBBLE and yet another on page 1 said their friend got TRIBBLE as well.
As I said in my first post, the hacker changed my email to:
wmchmjuy129@hotmail.com
Can the OP confirm its the same guy?
But its possible its just a bot creating mail accounts and then some back door to the PWE systems letting them access peoples accounts.
ok so something is going on today, can you log a support request to pwe so we can show them something is up!
Nepht and Dr Deflecto on primus
But wonder what Cryptic will do about this problems with TRIBBLE accounts, because what i hear from my brother that its be popular lately as many people said about it at ESD too yesterday at night.
I am tempted to say security leak considering how awful the servers have been lately. It would only need someone to break into the already failing account server.
if only you knew the extent of how far hackers go. they can get your details very easily and plastered it on a well hidden forum. the silly thing is that no matter what security protection you got or how many safe guards you have, a hacker from a laptop on linux with a few files could monitor your computer like a remote access and intercept packets of information contained within is your password and email or username or any other details you have, i wouldnt be surprised the encrypted data is easy to break as its being sent. the various tools a causual hacker could have could be anything, one moment you type in an email address to something you want to, heck the next moment you realize your in a virtual computer and that person has put a silly picture up.
Dont kid yourself, nothing is safe after witnessing first hand as a witness as to how easy it is to break into someone elses life and steal their stuff, this is why i keep out of social networking sites as its a unprotected gold mine of information on a persons life.
in the end cryptic can do nothing about it except to dig into the database and restore your toons with no guarantee the toons have their stuff or how far back the roll was, no game company can keep information safe, i doubt even law enforcement can protect anyone either from cyber attacks. the only thing that is for sure is that you attempt to change your passwords regularly, dont post stuff about yourself if it can be helped, otherwise there is nothing more you can do about it.
Been around since Dec 2010 on STO and bought LTS in Apr 2013 for STO.