| Pages: [1] :: one page |
| Author |
Thread Statistics | Show CCP posts - 0 post(s) |
hangovur
   |
Posted - 2006.01.29 07:24:00 -
[1]
so, this is a bit of a warning to everyone to change their account info because my account was hacked last night at about this time and all my isk stolen. no ships or corp assets were taken, only the isk from my wallet.
the other part of my post is to give props to the GM who helped me. he was polite (cant go into detail but he could have easily been a jerk) and very fast. within 15 minutes of me filing the petition it was fixed and all back to normal. i would give him props personally, but im not sure im allowed.
i hope they are able to find the ***** whos doing this and get some criminal charges on his arse.
 |
Corp Scammer
|
Posted - 2006.01.29 08:06:00 -
[2]
so how the heck is everyone being hacked surley they have to have access to the password database - that suggests an inside job or a mass attack on CCP database - common CCP cough up hows it happening - is there anything an end user can do
|
Rabbitgod
|
Posted - 2006.01.29 08:41:00 -
[3]
Me wonders... how many people had the same username/password for eve-online and eve-i or other eve fan sites?
I know if I had to pick between hacking CCP and hacking a phpBB forum I would pick the phpBB in a heart beat.
Here these will help |
HippoKing
|
Posted - 2006.01.29 08:46:00 -
[4]
 Originally by: Rabbitgod
Me wonders... how many people had the same username/password for eve-online and eve-i or other eve fan sites?
I know if I had to pick between hacking CCP and hacking a phpBB forum I would pick the phpBB in a heart beat.
yup - i use different passwords to my account for all eve-related sites (other forums, t2 sellers etc). it seems common sense to me to do that - and i haven't had a problem. it could be unrelated though....
|
Kuiper
|
Posted - 2006.01.29 08:53:00 -
[5]
Just my personal voice on all this so called hacking stuff going on .. My personal belief is that the person or persons who is getting all the peoples info are not getting it from hacking your comp but I feel that the account info is being attained via the Eve website seeing it is very unsecure and that CCP doesnt host it themselves. Its alot easier to ***** a website then a server but thats just my personal opinion on the matter. There is some simple things you can do to prevent alot of this instead of actualy typing your login and password why not copy and paste it from a saved note pad file?
|
Corp Scammer
|
Posted - 2006.01.29 08:59:00 -
[6]
well someone has hacked CCP its such a large scale hack - they havent said a word as to the cause so no doubt if it was a phishing thing like several months back they would be issuing warnigns the fact that they havetn points to a possible inside job - i hope they skin em alive
|
Mira deVorsha
|
Posted - 2006.01.29 09:56:00 -
[7]
Edited by: Mira deVorsha on 29/01/2006 09:56:59
Edited by: Mira deVorsha on 29/01/2006 09:56:32
Originally by: Corp Scammer
so how the heck is everyone being hacked
There are a large number of ways. Many don't require serious hacking.
1. Same username as your account. Always a bad thing to do.
2. Using same password on another fan site.
3. Sharing your account. Even if the person sharing doesn't hack your account it makes them open to exploit.
4. Answering hotmail questions correctly. Well known scam in other MMORPG (in neocron a nearly a whole clan of 30+ people was hit in 1 go). Someone would join a group get people to list off thier mothers maiden name or pets name, etc and then use the forgot password option in hotmail. Once in hotmail they would use forgot password in the game, get the password or get it reset then loot.
To avoid this put a stupid answer into the hotmail question system. Eg "What if your favorite color" = "ten house bricks"
5. (Note I have not and will not test this.) Again during the Neocron days where the above exploit worked some people did tests on thier server and found that you could effectively brute force attack an account(NC have since fixed this). Now its unlikely CCP allow this but if your password is less then 8 characters without numerics, special characters in it then it is easy to hack. If it l33tsp33k with common terms it is easy to hack through a brute force.
6. Trojan software/keyloggers.
7. Phish attack
...
So before you get all worried about some phantom hacker the majority of hacked accounts are normally done by someone they know and in most cases have shared the account with (there was a report on various MMORPGs before on this).
|
Saatar Fora
|
Posted - 2006.01.29 10:16:00 -
[8]
Originally by: Corp Scammer
well someone has hacked CCP its such a large scale hack - they havent said a word as to the cause so no doubt if it was a phishing thing like several months back they would be issuing warnigns the fact that they havetn points to a possible inside job - i hope they skin em alive
There. Is. No. Inside. Job.
This is a very simple matter. The only people who have access to the account information in any meaningful way are the same people who have access to the tools which can spawn any item and presumably any amount of isk in the game. Why the hell bother with hacking?
I know one person who has been hacked got a message that his account was locked due to 1500 login attempts in an hour, so it seems more likely someone got access to the account user names and is brute forcing the pws. A number of people have also been hacked when they changed their PW back to an old one, indicating someone may have gotten their hands on the actual PW list which contains old passwords.
-------
"wheat barley kill anything? are you oats of your mind? I corn belive you just said that, rice I'm off to bed now!" - Draximus Cane |
Sage Fire
|
Posted - 2006.01.29 10:16:00 -
[9]
A phpBB forum could easily be the cause, I've experienced one dude who got banned from a MMO because he got PW's from a phpBB forum and hacked two other accounts and stole all the stuff.
Just ensure that you use multiple passwords and that your forums password doesn't match your game password.
If you have a forum password that currently matches your game password, best you change one of the PW's, if not both.
|
Telemicus Thrace
|
Posted - 2006.01.29 10:28:00 -
[10]
Originally by: hangovur
so, this is a bit of a warning to everyone to change their account info because my account was hacked last night at about this time and all my isk stolen. no ships or corp assets were taken, only the isk from my wallet.
the other part of my post is to give props to the GM who helped me. he was polite (cant go into detail but he could have easily been a jerk) and very fast. within 15 minutes of me filing the petition it was fixed and all back to normal. i would give him props personally, but im not sure im allowed.
i hope they are able to find the ***** whos doing this and get some criminal charges on his arse.
In an attempt to guage my own security, did you change your password since the first hacks began? If not then maybe they got a password list. If you did they might just be brute forcing the passwords (as another post here indicates).
I remember a few months back some folk (myself included) couldn't get into Eve due to an ISP router problem. Some got around the problem by signing up for a free remote proxy. There was a lot of talk about how that proxy could easily sniff usernames / passwords but a lot of folk did it. Have any of the folks affected used a free 3rd party proxy (aside from their ISP)?
"I cannot hear what you say for the thunder of what you are." - Zulu proverb. |
Dave Day
|
Posted - 2006.01.29 18:54:00 -
[11]
Originally by: Saatar Fora
There. Is. No. Inside. Job.
This is a very simple matter. The only people who have access to the account information in any meaningful way are the same people who have access to the tools which can spawn any item and presumably any amount of isk in the game. Why the hell bother with hacking?
Maybe they don't work there anymore? Just a thought, I'm not trying to run down the good folk at CCP in any way shape or form but we all employ the occasional bad apple. Wouldn't be the first time someone got fired and walked out with sensitive information from their Employer, would it?
At the end of the day, it was older accounts that were targetted and it was those that CCP reset the PW on. Many people posted on these forums that their newer accounts were untouched.
So the ''hacker'' had log in names, PW's and presumably creation dates of accounts. If i were a betting man my money would be on a disgruntled ex employee, the cleaner or whatever rather than a hack.
Just my guess...
|
StinkFinger
|
Posted - 2006.01.29 19:01:00 -
[12]
Buy a macro program for eve from ebay and a few weeks later your account will be hacked.
--
|
HippoKing
|
Posted - 2006.01.29 19:06:00 -
[13]
Originally by: StinkFinger
Buy a macro program for eve from ebay and a few weeks later your account will be hacked.
experience 4tw?
|
Maltrox
|
Posted - 2006.01.30 08:29:00 -
[14]
Very bluntly:
Would you have sex without a condom, with a total stranger?
If you answered "yes", then you will lose your information (and virtual properties) one way or another. Mira deVorsha posted an EXCELLENT summary of the various methods passwords and accounts are "hacked".
Let's take a look at the word "hacked":
v. hacked, hack+ing, hacks
1. Informal. To alter (a computer program): hacked her text editor to read HTML.
2. To gain access to (a computer file or network) illegally or without authorization: hacked the firm's personnel database.
v. intr.
1. To write or refine computer programs skillfully.
2. To use one's skill in computer programming to gain illegal or unauthorized access to a file or network: hacked into the company's intranet.
So to say "I was hacked" means "One has used skill to gain unauthorized access to a file or network".
Where does that leave you, dear user? Without options and your own control over who really has acess to information. Yes, it is possible CCP was "hacked" and data retrieved this way. Is it realistic? Not really.
Most "hackers" don't bother with small time stuff like Eve, or the questionable pictures on your computer. They go after big name companies like Google and Microsoft... stealing corporate secrets, shutting down servers with denial of service attacks, or spreading viruses to compromise data integrity.
The solution? Put on the condom!
1. DO get a firewall
1a. DO learn how to USE a firewall PROPERLY
2. DO your software updates
3. DO protect your password (this means not sharing it on webblogs like you do your daily life)
4. DO change your password often
5. DO have a minimum of eight characters, one being a capital letter and at least one number.
6. DO get an anti-virus and learn to use it.
7. DON'T download/install questionable software
8. DON'T reply to "suspicious" emails (not even to those "unsubscribe" links in spam emails)
9. DON'T click on Instant-Messenger links that say stupid stuff like "Hhahaha funny picture click here"
10. DON'T open attachments. Have your party tell you FIRST what they are sending...
and finally...
11. DO get some common sense. You wouldn't have sex without protection; what are you doing online without the same mantra?
|
Sonorra Baki
|
Posted - 2006.01.30 09:13:00 -
[15]
Edited by: Sonorra Baki on 30/01/2006 09:13:42
2x post
|
Sonorra Baki
|
Posted - 2006.01.30 09:13:00 -
[16]
Originally by: Maltrox
Very bluntly:
Would you have sex without a condom, with a total stranger?
I was once visiting Hamburg, and ran into this model chick from Australia, and we sorta connected pretty well... so ... well hmm by your logic I should now be starring at an empty wallet and a shuttle 
|
Ithildin
|
Posted - 2006.01.30 09:17:00 -
[17]
This thred will probably be locked, but suffice to say that the general operandus of these thefts seem to be to only take ISK, never corp ISK and never items and seldom all ISK. It's odd to say the least.
WTB: Gall/Amarr faction BS (Hint: no such thing)
Visit the MC |
Brisi
|
Posted - 2006.01.30 09:29:00 -
[18]
Originally by: Ithildin
This thred will probably be locked, but suffice to say that the general operandus of these thefts seem to be to only take ISK, never corp ISK and never items and seldom all ISK. It's odd to say the least.
It's very weird indeed. What's stopping these guys from emptying corp wallets worth billions upon billions of isk? Why don't they check the little tab called "Corporation Wallet," or even check assets?
This just goes beyond my wits. But it's good in a sense, since losing my isk wouldn't mean the world to me, but if they deleted my character, I would be seriously ****ed off. (Even though I know I can get it back )
|
Teles666
|
Posted - 2006.01.30 09:33:00 -
[19]
No one has all the answers, CCP may know a bit more than we do but do they know if someone has used a particular site or app?
The only thing CCP can and imo should do is lock accounts after x failed attempts. Thats the account, not just the character, same applies to account management on my-eve.
It is way open to abuse if people use the same account name as character name though - something I suspect many people do. I know it's their own fault and they should use random everything, change pw's every month etc but most people aren't like that (I'm not even like that at home and it's my job!).
should CCP take up the mantle of improving security? Maybe contact people using account name = char name and give them a once only offer to change their account name for security? Maybe force it on them? How about enforcing mixed case alpha numberic passwords of at least 8 characters?
All these things are good but they annoy customers, you annoy your paying customers at your peril (unless your a bank or insurance company of course).
|
| |
|
| Pages: [1] :: one page |
| First page | Previous page | Next page | Last page |