Pages: [1] 2 3 4 :: one page |
|
Author |
Thread Statistics | Show CCP posts - 2 post(s) |
Righteous Fury
|
Posted - 2006.01.07 16:35:00 -
[1]
Edited by: Righteous Fury on 07/01/2006 16:36:10 Just figured I'd make a public thread about it, because I'm sure we're not the only ones.
I had 250 million ISK transferred from my alt to a character known as Thom Merrilin (Setenta Corp) at 7:00 this morning. In addition, Arkanis had 405 million ISK sent to the same character, two hours later. Oddly enough, both characters were directors in our corp, yet our corp wallet hasn't been emptied.
The odd thing about this is that neither of us were logged in when this happened, and both of us had apparently been undocked even though we logged off in station. As per the CCP emails, both of us had changed our passwords early yesterday.
As you can see in these screenshots, wallet history tells all - whoever did it wasn't really too sneaky about where they were sending the ISK. Ignore the 60 million left in my wallet, apparently my Dark Blood PDU sold this morning .
My wallet screen: Linkage
Arkanis' wallet: Linkage
Anything going to be done?
|
CaptainCrunch
|
Posted - 2006.01.07 16:40:00 -
[2]
hmm this was this morning, AFTER they re-did the pw's :|
Makes me feel warm and secure that my 26hrs waiting for my mains pw whilst missing out 25hrs on a skill has been worth it!
|
Embattle
|
Posted - 2006.01.07 16:41:00 -
[3]
Originally by: Righteous Fury Edited by: Righteous Fury on 07/01/2006 16:36:10 Just figured I'd make a public thread about it, because I'm sure we're not the only ones.
I had 250 million ISK transferred from my alt to a character known as Thom Merrilin (Setenta Corp) at 7:00 this morning. In addition, Arkanis had 405 million ISK sent to the same character, two hours later. Oddly enough, both characters were directors in our corp, yet our corp wallet hasn't been emptied.
The odd thing about this is that neither of us were logged in when this happened, and both of us had apparently been undocked even though we logged off in station. As per the CCP emails, both of us had changed our passwords early yesterday.
As you can see in these screenshots, wallet history tells all - whoever did it wasn't really too sneaky about where they were sending the ISK. Ignore the 60 million left in my wallet, apparently my Dark Blood PDU sold this morning .
My wallet screen: Linkage
Arkanis' wallet: Linkage
Anything going to be done?
1. Thanks for sharing but there is already another thread on this area. 2. Yeah something will be done about it, although you'll have to petition it and wait. ----------- STFU Macromoaners |
Rohann
|
Posted - 2006.01.07 16:41:00 -
[4]
I am sure you will get reimbursed for this. I hope they find the ass who is doing this and ban him/her forever. Ban his cc too. We dont need players like this in eve.
|
HippoKing
|
Posted - 2006.01.07 16:41:00 -
[5]
that character doesn't semt to exist anymore
|
Righteous Fury
|
Posted - 2006.01.07 17:02:00 -
[6]
I just spoke with Thom ingame, apparently he had 2 billion transferring into his account and then transferred back out to a noob character.
|
Emsigma
|
Posted - 2006.01.07 17:13:00 -
[7]
How handy.... ----------
// emsigma |
ToxicFire
|
Posted - 2006.01.07 17:16:00 -
[8]
Does anyone want to go out on a limb and say some macro miner may have stepped up his operations in response to all the anti macro movement of late?
|
Maya Rkell
|
Posted - 2006.01.07 17:18:00 -
[9]
Originally by: CaptainCrunch hmm this was this morning, AFTER they re-did the pw's :|
Then sent FULL LOGIN DETAILS out in PLAIN TEXT.
What the heck do you think was going to happen
Warning: above post may contain traces of sarcasm. "Corpse cannot be fitted onto ship. Only hardware modules can be fitted." |
Star Commander
|
Posted - 2006.01.07 17:21:00 -
[10]
I'm sorry for what is happinging to not just yourselves but everone who appears to have problems with Eve at the moment.
Prior to leaving work yesterday i wos frantic before i got home, hoping my account wos safe
As it turns it, all wos ok, had to change my PW as per e-mail advice from CCP, but i hope everything works out for all you peeps out there, this has been a serious breach of everyones security on this game and for all i wish well.
In the almost 2 years i've been playing Eve, this has NEVER happened, and it's a shame that these things have happened. TBH, there's a lot of evil peeps out there who take delight in this, may they burn in hell, scumbags
|
|
Jowen Datloran
|
Posted - 2006.01.07 17:24:00 -
[11]
Originally by: Rohann I am sure you will get reimbursed for this. I hope they find the ass who is doing this and ban him/her forever. Ban his cc too. We dont need players like this in eve.
Banning? I think it's a bit too serious for that. I'm sure legal authorities already have been informed. Can half a year of prison be enough?
---------------- Main as main can be |
Basileus
|
Posted - 2006.01.07 17:27:00 -
[12]
Originally by: Jowen Datloran
Originally by: Rohann I am sure you will get reimbursed for this. I hope they find the ass who is doing this and ban him/her forever. Ban his cc too. We dont need players like this in eve.
Banning? I think it's a bit too serious for that. I'm sure legal authorities already have been informed. Can half a year of prison be enough?
I'm sure that those responsible will never face justice. They probabely hide in some 3rd world country, just like all the spammers do. The blessings of the internet.
|
Oi Poloi
|
Posted - 2006.01.07 18:14:00 -
[13]
this is worrying
----- DJ 4tw |
Malken
|
Posted - 2006.01.07 18:18:00 -
[14]
Originally by: Basileus They probabely hide in some 3rd world country, just like all the spammers do. The blessings of the internet.
actually some of the biggest spammers in the world lives in the US.
|
M3ta7h3ad
|
Posted - 2006.01.07 18:26:00 -
[15]
Originally by: Maya Rkell
Originally by: CaptainCrunch hmm this was this morning, AFTER they re-did the pw's :|
Then sent FULL LOGIN DETAILS out in PLAIN TEXT.
What the heck do you think was going to happen
Email is a plain text affair.
Unless you use a 3rd party program then it will always be unencrypted, and they wont start using pgp or similar due to the fact that if they require everyone to use it to read their emails from CCP then they will have to support the use of it to a certain extent.
However.. likelyhood of your entire email being sniffed out of network traffic on the way to your inbox, is extremely slim. Sort of along the same chances of being struck by lightning whilst walking through a mountain and then seeing a dodo perched on the end of a bedpost watching an orgy involving the female cast members of The OC.
Why? Due to the nature of the internet. Lovely packets mean that they are sent in lots and lots of chunks, and via different routes.
How would you suggest they send out login details to you in future? Memorable Quotes <Jarltan Dimtras> OH MY GOD MY GF IS A DUDE |
Rod Blaine
|
Posted - 2006.01.07 18:29:00 -
[16]
Originally by: Maya Rkell
Originally by: CaptainCrunch hmm this was this morning, AFTER they re-did the pw's :|
Then sent FULL LOGIN DETAILS out in PLAIN TEXT.
What exactly do you mean ?
My pw reset email was in plain text yes, and had the account name as well as the password in it, something that initially didn't disturb me but on second thought (considering the circumstances and the current security issues with windows) came across as something CCP should porbably not have done. Just the new password would have sufficed, wihtout taking any chance of leaks on the customers side.
But, the main thing is that I assume these two changed their passwords quite soon after getting said mail. If they did and their accounts still got accessed, then there's a coninuiing security leak at CCP. Even if they did not, it would be quite the coincidence that security on their side was compromised at exactly this time would it not ?
All in all, this thread deserves some attention, like, right now. _______________________________________________
Power to the players !
|
Maya Rkell
|
Posted - 2006.01.07 18:39:00 -
[17]
Then = They. Dyslexia4tw.
There seems to be, well, multiple MO's at work here. Some accoutns are getting ISK sent, soke ar getting cleaned out.
Righteous Fury dosn't mention any details about if they had emails sent out, but they had not been ready by the characters owners before this happened. Which would indicate the email was intercepted (I can conclusively verify this in at least one case) or if there IS some klind of ongoing breach.
Warning: above post may contain traces of sarcasm. "Corpse cannot be fitted onto ship. Only hardware modules can be fitted." |
Senator Palpatine
|
Posted - 2006.01.07 18:52:00 -
[18]
Originally by: Maya Rkell
Originally by: CaptainCrunch hmm this was this morning, AFTER they re-did the pw's :|
Then sent FULL LOGIN DETAILS out in PLAIN TEXT.
What the heck do you think was going to happen
Wait? they send me my info in text??? I was hoping they'd send it to me in triple-encrypted Aramaic and can only be decyphered by the Dead Sea scrolls. . . . .
|
Maya Rkell
|
Posted - 2006.01.07 18:56:00 -
[19]
Edited by: Maya Rkell on 07/01/2006 18:56:05
They did NOT need to send your username.
And double-confirmation would of been nice.
Warning: above post may contain traces of sarcasm. "Corpse cannot be fitted onto ship. Only hardware modules can be fitted." |
|
Eris Discordia
|
Posted - 2006.01.07 18:58:00 -
[20]
It is recommended to use a different password then the password you used previously. If a different password has been selected yet accounts still were used by someone else then please scan your computer for any trojans or other nasty files. Just to eliminate that probability.
I'm sure that everything will be restored by teh gm's, but sadly it will take time because they are very very busy.
Legal action will be taken against those responsible for these problems btw.
My broken heart leaves my mind in pieces, temptation wins in the end |
|
|
Kasibee'an
|
Posted - 2006.01.07 19:08:00 -
[21]
Originally by: M3ta7h3ad Sort of along the same chances of being struck by lightning whilst walking through a mountain and then seeing a dodo perched on the end of a bedpost watching an orgy involving the female cast members of The OC.
That'd be cool though.
|
ElCoCo
|
Posted - 2006.01.07 19:15:00 -
[22]
Originally by: M3ta7h3ad However.. likelyhood of your entire email being sniffed out of network traffic on the way to your inbox, is extremely slim. Sort of along the same chances of being struck by lightning whilst walking through a mountain and then seeing a dodo perched on the end of a bedpost watching an orgy involving the female cast members of The OC.
Er... if you have already selected your "targets" for "hacking" it realy isn't that hard... sadly
Take it from a person that has dealed with quite a lot of similar bank-related issues.
|
Roke E'raith
|
Posted - 2006.01.07 19:17:00 -
[23]
This is for all, if you have a keylogger on your comp, you are screwed anyway. If they just sniff your traffic, the password is sent in plain text...
But a suggestion to the devs: Encrypt the client password traffic. All traffic to the site is encrypted when sending passwords, why not the client?
(I hope this has changed, I haven't checked my traffic for a while, but the last time I noticed that the communication with the game was in plain text, including the password). If I am wrong I am happy, if not, it need to be fixed...
/Roke
|
Nightblade
|
Posted - 2006.01.07 19:18:00 -
[24]
Originally by: M3ta7h3ad However.. likelyhood of your entire email being sniffed out of network traffic on the way to your inbox, is extremely slim. Sort of along the same chances of being struck by lightning whilst walking through a mountain and then seeing a dodo perched on the end of a bedpost watching an orgy involving the female cast members of The OC.
Why? Due to the nature of the internet. Lovely packets mean that they are sent in lots and lots of chunks, and via different routes.
How would you suggest they send out login details to you in future?
Unless, of course, the reason accounts were hacked is that someone was capturing network traffic very close to where the CCP servers are. The passwords were plaintext before, and now they got another batch when the mails were sent.
Not saying this is what happened, but it's not outside the realm of possibility.
|
Justus Imperius
|
Posted - 2006.01.07 19:19:00 -
[25]
Originally by: Eris Discordia
Legal action will be taken against those responsible for these problems btw.
Publicity :)
|
Malthros Zenobia
|
Posted - 2006.01.07 19:22:00 -
[26]
Originally by: Jowen Datloran
Originally by: Rohann I am sure you will get reimbursed for this. I hope they find the ass who is doing this and ban him/her forever. Ban his cc too. We dont need players like this in eve.
Banning? I think it's a bit too serious for that. I'm sure legal authorities already have been informed. Can half a year of prison be enough?
No, most places give a hell of alot more prison time for such things. Half a year would be like watching a murderer get only 2-3 years and then patrolled (yes I know it happens alot, that's beside the point).
|
Steven Dynahir
|
Posted - 2006.01.07 19:24:00 -
[27]
Yup, one caught spammer (in US) got 1.1 billion (milliard in real world) charges.. lol
--- Home, sweet home. |
M3ta7h3ad
|
Posted - 2006.01.07 19:24:00 -
[28]
Granted.. Providing you have either a computer on the local network between the CCP MTA and its connection to the internet.... or...
You have a computer between the clients ISP and its connection to the internet...
or...
You have a computer between the clients computer and their connection to the internet...
or...
You are on the clients local network and can do whats called "arp cache poisoning" (google for the info if you really need to know)
Probably some other methods as well, however they would all be along the same lines.
All of the above methods rely on being either part of the "only route" possible between CCP and the client. Or... fooling the network into forwarding packets destined for another machine to yours. It is highly unlikely such an error would occur on CCP's end purely because this is what datacentres do... they protect data from these sort of exploits, and as for local network risks well thats down to maya ryell's friends and family if there is anyone sharing the internet with him/her. Memorable Quotes <Jarltan Dimtras> OH MY GOD MY GF IS A DUDE |
Malthros Zenobia
|
Posted - 2006.01.07 19:25:00 -
[29]
Originally by: Eris Discordia
Legal action will be taken against those responsible for these problems btw.
Can we bypass legal action and take the old 50s casino route and simply tie their hands down and smash the bones with hammers instead? Hard for someone to hack or spam if they can never more their fingers ever again.
|
M3ta7h3ad
|
Posted - 2006.01.07 19:26:00 -
[30]
Originally by: Maya Rkell Edited by: Maya Rkell on 07/01/2006 18:56:05
They did NOT need to send your username.
And double-confirmation would of been nice.
Some people have multiple accounts, this is why usernames are sent.
Double confirmation?? explain.
They should have asked you to change the password from the one given to you as soon as possible anyhows (negating the minimal security risk in sending plain text emails even further), having not had my account reset I havent recieved an email. Perhaps you could confirm or deny this for me? Memorable Quotes <Jarltan Dimtras> OH MY GOD MY GF IS A DUDE |
|
|
|
|
Pages: [1] 2 3 4 :: one page |
First page | Previous page | Next page | Last page |