EVE Search - My account got hijacked - help me find the culprit.

All Channels

EVE General Discussion

My account got hijacked - help me find the culprit.

» Click here to find additional results for this topic using Google

Monitor this thread via RSS [?]

Pages: 1 [2] :: one page
Author	Thread Statistics \| Show CCP posts - 0 post(s)
Sieessenschwanz	Posted - 2009.01.12 19:36:00 - [31] Originally by: 3rr0rc0d3 That's where you messed up. Originally by: Sieessenschwanz I, stupidly, used my main EVE login/pass for it Originally by: 3rr0rc0d3 Anything else? Originally by: Sieessenschwanz help me find the culprit. Quoting phun!
Basil Yer Gallente Dark World Industries	Posted - 2009.01.12 20:31:00 - [32] Good luck with your investigation.
Sieessenschwanz	Posted - 2009.01.13 14:43:00 - [33] Originally by: Basil Yer Good luck with your investigation. Thanks!
Myrhial Arkenath Ghost Festival	Posted - 2009.01.13 14:55:00 - [34] http://www.eve-commander.com/? Apologies in advance to the owner of said website if this is not the one.
Sieessenschwanz	Posted - 2009.01.13 15:26:00 - [35] Originally by: Myrhial Arkenath http://www.eve-commander.com/? Apologies in advance to the owner of said website if this is not the one. I think that was it actually. Only non-official eve related site I signed up for that I wasn't the admin of.
Digital Solaris	Posted - 2009.01.13 15:51:00 - [36] Originally by: Sieessenschwanz Originally by: Myrhial Arkenath http://www.eve-commander.com/? Apologies in advance to the owner of said website if this is not the one. I think that was it actually. Only non-official eve related site I signed up for that I wasn't the admin of. But, if you signed up on eve-commnader.com or somewhere else, how did he, she or they get the details for your account when this site (and surely others) only needs your limited API-key unless you signed up on "random_site".com with the same name and password as you use for your EVE account. That is the only way I can see how this has happened. -god made me a cannibal to end problems like you-
Myrhial Arkenath Ghost Festival	Posted - 2009.01.13 16:00:00 - [37] Originally by: Digital Solaris Originally by: Sieessenschwanz Originally by: Myrhial Arkenath http://www.eve-commander.com/? Apologies in advance to the owner of said website if this is not the one. I think that was it actually. Only non-official eve related site I signed up for that I wasn't the admin of. But, if you signed up on eve-commnader.com or somewhere else, how did he, she or they get the details for your account when this site (and surely others) only needs your limited API-key unless you signed up on "random_site".com with the same name and password as you use for your EVE account. That is the only way I can see how this has happened. OP says that he signed up here, and used his EVE login / password for the account, together with his API key. Possibilities are that either someone behind the eve-commander website tried all login / password combo's to see if they would give access to game accounts. This is a bold accusation however. The other posibility is that a keylogger or packet sniffer got hold of the login procedure at said website and intercepted his account details like that. I am not sure what actions should be taken when an eve service website is suspected from stealing accounts. I would suggest that the OP puts this website in his petition so that the GM team can look into this. It always seemed like a very decent service to me. Diary of a pod pilot
Sieessenschwanz	Posted - 2009.01.13 16:01:00 - [38] Originally by: Digital Solaris Originally by: Sieessenschwanz Originally by: Myrhial Arkenath http://www.eve-commander.com/? Apologies in advance to the owner of said website if this is not the one. I think that was it actually. Only non-official eve related site I signed up for that I wasn't the admin of. But, if you signed up on eve-commnader.com or somewhere else, how did he, she or they get the details for your account when this site (and surely others) only needs your limited API-key unless you signed up on "random_site".com with the same name and password as you use for your EVE account. That is the only way I can see how this has happened. The site requires you create an account. Your API key is an attribute of that account. Also: Originally by: Sieessenschwanz I, stupidly, used my main EVE login/pass for it
Faife Federation of Freedom Fighters	Posted - 2009.01.13 16:42:00 - [39] hm. i had an account there, but with throwaway username/pass. i wonder if it's the owner or if the site had a vulnerability.
Digital Solaris	Posted - 2009.01.13 18:16:00 - [40] Edited by: Digital Solaris on 13/01/2009 18:22:33 Originally by: Sieessenschwanz I, stupidly, used my main EVE login/pass for it Yeah... I did pretty much skim through your post. Sorry 'bout that, but how does this turn into account theft when you practically gave the account away you silly muppet? edit: brutal statement
Sieessenschwanz	Posted - 2009.01.13 18:37:00 - [41] Originally by: Digital Solaris Edited by: Digital Solaris on 13/01/2009 18:22:33 Originally by: Sieessenschwanz I, stupidly, used my main EVE login/pass for it Yeah... I did pretty much skim through your post. Sorry 'bout that, but how does this turn into account theft when you practically gave the account away you silly muppet? edit: brutal statement I knew when I signed up that was a pretty bad idea, but due to modern libraries it's often as easy to perform user authentication (without actually storing the password) as it is to store plain text. And more secure. I just figured that's what was being done. It seems that was not the case.
Myrhial Arkenath Ghost Festival	Posted - 2009.01.13 22:18:00 - [42] I really suggest you petition the website, if only to find out if said website is to be trusted or not. I know I'm finding it rather doubtful now, but it is listed on a sticky post. It can't be that CCP will not do anything about it if they are stealing account info through a service. Diary of a pod pilot
C601	Posted - 2009.01.13 22:41:00 - [43] From that website above or enter the Full Access API Key for complete access to your character data including skills, transactions, assets and market orders. If flashing red lights don't go off..... ╦ ╦╔╗ ╔╗ ╦╔╗╔╗╔╗ ║ ║╚╗ ╠╣ ║╠╣╠╣╠╝ ╩ ║╚╝ ║║ ║║╚║║║
Lar'san	Posted - 2009.01.14 04:12:00 - [44] Edited by: Lar''san on 14/01/2009 04:14:02 Originally by: 3rr0rc0d3 Originally by: Sieessenschwanz w o r d s That's where you messed up. Anything else? Reading this thread would have been a total waste of time if it weren't for your wealth of knowledge. I'm so relieved that I took the time to find this little gem you have chosen to share. OP , good luck but your labor will likely bare little fruit. You gotta give it a shot though. EDIT : Spelling, ugh
AkRoYeR Amarr	Posted - 2009.01.14 04:21:00 - [45] Sounds like a clear case of "I sold my account and now I want it back" to me. Don't sell your accounts, keep them because eventually you will come back. kthx.
Jaina Proudmoar Caldari School of Applied Knowledge	Posted - 2009.01.14 04:45:00 - [46] You haven't lost SP. You have lost ~half a billion in assets. Buy a 60 day GTC, sell for ~660 million. Damage undone. Yes, it sucks you lost your stuff, but tbh, it's small change.
Destoya	Posted - 2009.01.14 05:33:00 - [47] Originally by: Jaina Proudmoar You haven't lost SP. You have lost ~half a billion in assets. Buy a 60 day GTC, sell for ~660 million. Damage undone. Yes, it sucks you lost your stuff, but tbh, it's small change. This. Just put in an hour or two of overtime in RL, and you will have all your stuff back
Xiao Endo Caldari Strix Armaments and Defence	Posted - 2009.01.14 05:56:00 - [48] Quote: Also, I'm a big fan of justice. This is why I'm not helping you. Even if I knew who did it (and I don't), I would not help you. Being stolen from like this is a valuable lesson for you. I suggest that you learn it. Finding the culprit and getting compensated/revenge teaches you a bad thing: it teaches you that there is a way to even the scales in a situation such as this. There is not, so forget about it. Do not focus on revenge or compensation. Instead, learn the initial lesson you were taught by the theft - account security, don't double up your passwords, common sense. Now you won't make this mistake in a place where it actually MATTERS and can HURT you - for instance, internet banking, or your credit card. You should be grateful and thankful, and happy that this theft happened in a virtual world (that you weren't even actively participating in!) instead of the real world. Other fools are not so lucky as you.

Pages: 1 [2] :: one page
First page \| Previous page \| Next page \| Last page

COPYRIGHT NOTICE
EVE Online, the EVE logo, EVE and all associated logos and designs are the intellectual property of CCP hf. All artwork, screenshots, characters, vehicles, storylines, world facts or other recognizable features of the intellectual property relating to these trademarks are likewise the intellectual property of CCP hf. EVE Online and the EVE logo are the registered trademarks of CCP hf. All rights are reserved worldwide. All other trademarks are the property of their respective owners. CCP hf. has granted permission to EVE-Search.com to use EVE Online and all associated logos and designs for promotional and information purposes on its website but does not endorse, and is not in any way affiliated with, EVE-Search.com. CCP is in no way responsible for the content on or functioning of this website, nor can it be liable for any damage arising from the use of this website.