|
Author |
Thread Statistics | Show CCP posts - 28 post(s) |
|
Oveur
|
Posted - 2006.01.06 14:31:00 -
[1]
From: http://myeve.eve-online.com/news.asp?a=single&nid=1046&tid=1
Important Announcement This morning we have been investigating a number of account hack attempts. 57 accounts were compromised and as a result, we started full investigation and lockdown procedures. This culminated in the lockdown of Tranquility during downtime until we had finished our investigation.
As a preventive measure, to ensure account security, we have reset passwords and will send out an email to selected accounts and ask them to change their passwords. At the same time, we would like to remind all our customers to never give out their passwords and regularly change them in account management. Remember, we will never ask you for your password.
We want to emphasize that we do not store billing information, the only risk was concerning password usage and subsequent abuse of the accounts in question.
We thank you for your patience in this matter and deeply apologize for the inconvenience this has caused.
Note: If your password has been reset and your email hasn't arrived yet, you can manually reset your password again through account management. Please allow up to an hour before the new password is sent due to the added load. Senior Producer EVE Online
|
|
|
Oveur
|
Posted - 2006.01.06 14:37:00 -
[2]
Originally by: zepter if i can't login with my account anymore should i reset my password or wait for the mail???
The emails started rolling out some time ago, I would suggest you wait for that. Senior Producer EVE Online
|
|
|
Oveur
|
Posted - 2006.01.06 14:37:00 -
[3]
Originally by: Thomus
Originally by: WiZZyWiGG Ok so what happens if my second accounts password has been reset buit the email on the account is no longer active (which I fear it is but cant check as i cant log in!)?
How can I ever get into that account again?
why would you have subcriptions to things with an Inactive email? isn't part of most agreements that you have an active email account for just this kind of problem? serves you right lol
It's the same procedure which is used if you forgot your password. If you have an inactive email on your account, you would be in the same situation. You should contact support if you are in that position but I understandably they might be quite loaded at the moment. Senior Producer EVE Online
|
|
|
Oveur
|
Posted - 2006.01.06 16:45:00 -
[4]
Originally by: Nics Be patient guys, CCP is fixing it.
But would be cool Oveur to have some news about why the mails take long to arrive.
SMTP Queue ? Another problem ? Fixing something about security preventing mail departures ?
...
It's our SMTP queue, a lot of people are requesting new passwords and of course we're not equipped to spam a lot on such short notice
Senior Producer EVE Online
|
|
|
Oveur
|
Posted - 2006.01.06 16:50:00 -
[5]
Originally by: End Yourself just to clear some things up that are pretty obvious i think
not ALL accounts having their passwords reset were "hacked"
it has not been said by CCP that it was hacked client pcs at all
and also my 0.02 isk on client security regarding windows:
1. do NOT use admin or poweruser rights for daily work, user rights suffice and least priviledges is the key to a secure pc
2. do NOT use internet explorer or outlook(express)
3. shut down all unnecessary services(refer to http://www.ntsvcfg.de/ntsvcfg_eng.html or http://www.dingens.org/index.html.en for details)
4. do NOT use a personal firewall, they are crap and shutting down all the services is all you need, use a router to connect to the internet by any means if possible
5. keep windows and userspace programs(web browser, mail client, instant messenger, media player....) up to date
6. use ONE good automagically updating virus scanner. but don't feel like beeing on the safe side, those companies can never act, all they do is react and then it can allready be too late for you, only run programs you get from a trusted source -> refer to point 7
7. last but not least USE YOUR BRAIN!
and if your pc got compromised, be aware that you can't trust anything anymore, "cleaning" with whatever tool someone wants to sell you will NOT work -> REINSTALL
You are correct, far from all the accounts we reset were compromised. The resetting of the other accounts was the preventive measure taken. Senior Producer EVE Online
|
|
|
Oveur
|
Posted - 2006.01.06 17:07:00 -
[6]
Originally by: Exploding Legs
Originally by: Halada I will rephrase what happened here...
Because 57 idiots somehow gave out their password, 10 000 and more players were locked for 4 hours (and still going) instead of the usual one...
What makes it more frustrating is that more idiots are spamming the frickin forum with questions which are ALREADY ANSWERED IN THE STICKIES...
Thats an intelligent reply. My main is compromised and i have never ever given the account details to anyone. So zip it.
I know 4 other ppl in my mains corp that are compromised too. Maybe even more. Maybe some ppl dont like us :/ Tho on 2 of the persons compromised it was their alt chars.
Still no mail tho. But good work trying to clear this up.
Like I replied earlier, the fact that your password was reset does not mean you were compromised, it was a preventive measure. Senior Producer EVE Online
|
|
|
Oveur
|
Posted - 2006.01.06 17:07:00 -
[7]
Originally by: The Enlightened Why was the decision made to reset somany accounts? It was quite forseeable that the mailserver would crap out in some apocalyptic way when every EVE player and their uncle and cousin would start spamming the 'forgot your password' button wasn't it?
How is the mailserver doing btw? Is it making any weird noises? Hold your ear upto it does it whisper 'kill...meee'?
Should we be worried about not making a 135487 character 'common' (ie easy to remember) password now? Has the threat been evaded now?
Finally: When does the public castration of the purp take place?
Because when you are dealing with account compromise you take the safer route and reset far more than you have to, just to be sure. A customer having to wait for some hours to recieve his email is a far better fate than seeing his account abused when he logs in one fine day.
No strange whispers yet from the server but it is breathing quite a lot of hot air.
You should not be worried, but easy passwords are easily hackable password, whether you use them for EVE or for your bank account. Senior Producer EVE Online
|
|
|
Oveur
|
Posted - 2006.01.06 19:46:00 -
[8]
We're still here, going over the situation. Some of the emails are still going out. If you still haven't recieved your email, do a forgot password request on account management.
If you have tried that and waited 4 hours like me, send a petition through the billing queue. Senior Producer EVE Online
|
|
|
Oveur
|
Posted - 2006.01.06 19:54:00 -
[9]
Originally by: Mr Feltcher Oveur what to do if the website says your email addy/username is not recognised??? sent petitions allready BUT nothing so far...
A few words of help would go a long a way for a PANICKING account holder
Petitions take a long time to be replied to at the moment. If it says it doesn't recognize your email, it because the email you enter does not match the email which is assoicated with your account. Senior Producer EVE Online
|
|
|
Oveur
|
Posted - 2006.01.07 12:04:00 -
[10]
Originally by: Lustralis
Well I'm starting to get a big hacked off already. I haven't been able to access my main since yesterday before DT and he has important business to attend to! How can I petition in his name if I can't log in to the website?
You do not need to log to submit petitions, you can do it right there:
<- Ask a Question Senior Producer EVE Online
|
|
|
|
Oveur
|
Posted - 2006.01.07 12:09:00 -
[11]
Originally by: Dudley Beekle Edited by: Dudley Beekle on 07/01/2006 11:12:46
Originally by: Bess Tower I was all set to go ballistic at CCP but... it's not their problem. I'm willing to bet that in almost all cases the problem is that your mail provider has classed it as spam. I requested new PWs last night about 10 times and first thing this morning - just checked the spam folder - almost all of the emails were sent out immediately.
So check your mail before you go off on one at CCP
It certainly is their problem in some cases. I run my own mail server and looking at the emails I recieved the first time the connection to my server was directly from their machine to mine. My email server is up and running atm so the only reason for me not getting the email is a delay at CCP's end.
Even if my server logged the mail as spam the delivery would have been logged and the server logs show no contact from CPC servers for over 15 hours now.
Such is life :-/
Besides the spam filters, only about 75% of the emails on the accounts are actually correct or useable
If you are certain that you have the right email address linked to the account, which can be confirmed by doing a manual password reset because it matches both the username and the email registered on the account and you are positive that you haven't recieved the email, then petition it. The GM's are working overtime to respond to them all. Senior Producer EVE Online
|
|
|
Oveur
|
Posted - 2006.01.07 12:12:00 -
[12]
Originally by: Soul Redemption well i still cant even log with 5th password
game still says incorrect password/user name
Could you elaborate on that, did you do 5 password resets or is that 5 including the email we sent out initially? Senior Producer EVE Online
|
|
|
Oveur
|
Posted - 2006.01.07 12:22:00 -
[13]
Originally by: Hiten oveur
any chance of getting some info on what is happening for those accounts where the correct e-mail address is not being recognised when u request a password via account management.
i have submitted an incident but that is now 24 hours of not being able to access my main account and i'm starting to get worried that someone has been able to change the e-mail on it and the account is now in jeopardy.
how do we find out if our account was one of "the 57" or has just been locked as a precaution by u guys?
You should be getting a reply to your incident shortly, the GM's are working on this as fast as they can. If your account was one of the 57 you would see a donation out of your wallet to a person you don't know. You should also see a reversal of that donation. Senior Producer EVE Online
|
|
|
Oveur
|
Posted - 2006.01.07 12:24:00 -
[14]
Originally by: John McCreedy On one of my accounts, it appears I've forgotten the e-mail. How do I get a new password when I need a password to get in to change my e-mail address so they can change my password?
Oh and I'm getting a little frustriated with all of this as well...
I'd suggest you submit a petition to the gm's, like it says in the news:
http://myeve.eve-online.com/news.asp?a=single&nid=1046&tid=1
"Petition Note: If you have an inactive email on your account, contact Customer Support under the billing category." Senior Producer EVE Online
|
|
|
Oveur
|
Posted - 2006.01.07 12:36:00 -
[15]
Originally by: Hakera perhaps it would be an idea to implement password expiry on eve and maybe even use a drop down menu box like online banking and ask for certain characters of your password only to be selected (avoiding keylogging) and also prevent the password from being stored in the cache file where it can be read perhaps.
Yes, we're looking into stricter password regimes after this incident. Senior Producer EVE Online
|
|
|
Oveur
|
Posted - 2006.01.07 12:37:00 -
[16]
Originally by: UGWidowmaker is this being reported to the police ? as a hacker atempt how many are involved and what can the punish be beside from banned acounts ofc..
Yes, of course. Senior Producer EVE Online
|
|
|
Oveur
|
Posted - 2006.01.07 12:38:00 -
[17]
Originally by: Crazeh
Originally by: Crazeh Edited by: Crazeh on 07/01/2006 12:08:14 Oveur is there any chance of an update to the smtp having a crazy swollen throat and still taking hours to get mails going out?
I asked for a pw on my main a couple of hours ago again because i ctd and lost the window with pw before i could save or change it.., it took 9-10hrs the first time so, its a bit frustrating :(
Please with sugar ?
We're working on decreasing the mailing queues considerably, 10 hours is completely unacceptable. Senior Producer EVE Online
|
|
|
Oveur
|
Posted - 2006.01.07 12:38:00 -
[18]
Originally by: Mrs Yutty Well im still waiting 24 hours later. Ive petitioned both of my accounts and not a jot. You cant beat paying for a none existing service. I will be expecting a refund of some sort.
You should all be getting a mass reply shortly regarding the action taken. Senior Producer EVE Online
|
|
|
Eris Discordia
|
Posted - 2006.01.07 12:56:00 -
[19]
Originally by: Lorr'is WTF. They have reset my other account, and its an old email registered to it. I CANT EVEN PETIYION... Fatal error: Call to undefined function: print_charset() in /cgi-bin/eve_online.cfg/scripts/enduser/acct_new_mb.php on line 21
Have you tried filing a petition "here under the billing category?
My broken heart leaves my mind in pieces, temptation wins in the end |
|
|
Eris Discordia
|
Posted - 2006.01.07 13:54:00 -
[20]
Originally by: Sereti Well for the record, I can not access my two other EVE accounts. The first one, EVE sent 2 password change url, which did not work, but still has correct e-mail address, so I have hope that it will sort out. But my other account has disappeared. I can not access my account. I tried password retrieval process and it has no record of my e-mail. And I have yet to receive password reset e-mail :(
If this is the case then you need to file a petition through EVE Support here you can file it under the category billing information. You will be asked a series of questions and when you answer them you will get a new password.
Please use an active e-mail address when they ask for it
My broken heart leaves my mind in pieces, temptation wins in the end |
|
|
|
Eris Discordia
|
Posted - 2006.01.07 15:34:00 -
[21]
Originally by: Cherry Moon Yep, I am still waiting to get into my main account. Would be nice to be able to play...
I have peitioned, emailed. Nothing. No answer, nothing and I still cannot login.
Im to say the least a little agrevated.
The GM's have loads and loads of petitions to sort through. Please give it time
My broken heart leaves my mind in pieces, temptation wins in the end |
|
|
Eris Discordia
|
Posted - 2006.01.07 16:11:00 -
[22]
Originally by: Thomas Torquemada
Originally by: zepter
Originally by: Sharcy Edited by: Sharcy on 06/01/2006 14:35:21
Oveur, I realize you won't go into too much specifics for obvious reasons, but can you tell us if these accounts were forced-hacked or if stolen pw's were used?
i'm guessing forced-hacked because i use the same password on both my accounts and only one was affected.
then how were the usernames obtained, i have 2 accounts, and 1 has gone **** up, reset password doesnt work etc, so if 1 account was hacked, how was the other not?
its not like i used simple account names or passwords, passwords i can understand being guessed/forced, but hoe were our login names obtained?
Just because your password was reset doesn't mean you were hacked. It was only an extra security measure but CCp does recommend it to change the passwords on other accounts as well.
My broken heart leaves my mind in pieces, temptation wins in the end |
|
|
Eris Discordia
|
Posted - 2006.01.07 16:20:00 -
[23]
Originally by: UGWidowmaker have ccp called in extra menn/woman to do the jobs recovering passwords or is it 2 persons or sumething ?
The entire GM is working on this issue and it is top priority ( together with other important issues). But with the amount of petitions and requests for assistence it will take some time to sort everything.
My broken heart leaves my mind in pieces, temptation wins in the end |
|
|
Eris Discordia
|
Posted - 2006.01.07 19:17:00 -
[24]
Originally by: Oi Poloi they should use the mail server used to send out forum warnings/bans cause my warning arrived just 30 seconds after posting ....
Thats because moderators are very fast and it's a different server, although I'm sure it will slow down if it needs to send out the same amouny of e-mails the password server has to do now.
My broken heart leaves my mind in pieces, temptation wins in the end |
|
|
Eris Discordia
|
Posted - 2006.01.08 16:11:00 -
[25]
Originally by: F4ze A friend of mine has received multiple emails to change his password with those https://secure.eve-online.com/rp/?xxxxxxxxxxxxxxxx links in them, but everytime the link does not work.
He also hasn't gotten in for 2 days.
Your friend probably requested a new password several time, when you do that it cancels the password that was being sent to you in the first place. That or the link sent timed out
My broken heart leaves my mind in pieces, temptation wins in the end |
|
|
Eris Discordia
|
Posted - 2006.01.08 18:00:00 -
[26]
Originally by: Sam Spacey Some CCP responce to people like me that cannot remember their email from years ago would be nice!
Support, Ask A Question, file it under billing & accounts.
My broken heart leaves my mind in pieces, temptation wins in the end |
|
|
Eris Discordia
|
Posted - 2006.01.08 18:25:00 -
[27]
Originally by: Sam Spacey
Quote: Support, Ask A Question, file it under billing & accounts.
Yep done that well over a day ago, still waiting? Any other ideas?
Wait longer, some people have been waiting for 48 hours. It may help if you double check it that your mail server doesn't block the e-mails from ccp. (like the person a few posts below yours)
My broken heart leaves my mind in pieces, temptation wins in the end |
|
|
Eris Discordia
|
Posted - 2006.01.08 22:23:00 -
[28]
Originally by: Xuxiang Just out of curiosity, has anyone here had the "inactive email address" problem, sent CCP the info requested, and had the issue resolved yet?
I understand there's a large volume, but I was curious if it was a 12x5 operation or 12x7 (meaning they'd be able to verify acct information over the weekend).
Just curious where they were and what was going on...and if anyone had been successful thus far (discluding anything that might have been resolved on Friday).
Yes the GM's work during the weekend and there are day and night shifts. Yes some peoples problems were solved yesterday and today. Your problems will be addressed as well but you have to be patient.
My broken heart leaves my mind in pieces, temptation wins in the end |
|
|
|
|