Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Quick Links
Suspicions about the "Hacked" accounts
Even during my first day, few days into early access, there were platinum and powerleveling spammers that would give me a tell, send in-game mail, etc. The original price was something like $3 for a plat and $50 or something for powerleveling from 1 - 10. These whispers/mail always included a web address that a person needed to go to. Having a great deal of experience with MMORPG's, I know that most of these websites contain the keyloggers, and I'm willing to bet that this is the primary source of the hacked accounts. Furthermore, I'm not sure how popular third-party addons are yet, but those should also be avoided since those sites and addons can be used to install keyloggers.
The simple truth of the matter is that these gold farmers are finding it easier to make money by acquiring information and stealing people's stuff rather than finding exploits in the game since Blizzard, Trion, etc can, and probably already have, installed information technology that alert them to when abnormally high amounts of in-game cash is being made. Don't be a victim, be smart and play the game the way it is meant to be played.
splat
Comments
I had my account hacked. One toon stripped naked and most stuff gone,left with 66 silver, other toon just had all but a few things taken.
Why didn't whoever stole it take everything ? I heard others who have been hacked were also left with around 1 gold.
Where were the toons at when the person logged in and found out that they were hacked. While typing this I just can't really remember, but I don't think my main was in, or near a city. Makes you think a bit.
70 monk eq1
80 bruiser eq2
43 druid wow
Currently playing : rift
9 out of 10 says that same people who got their accounts screwed with in RIFT are probably the same people who were stupid and got their accounts screwed with in WoW.
Always typically easier to blame the company but in reality. It's the client users own problem and fault if they didn't properly secure their investment. Again, use other forms of payment besides direct pay such as paypal. Change and update your account password if you feel you are at risk. Monitor your account to make sure everything is good and stable.
Companies have tutorials and support tickets as well so need help can also ask them. They get paid to help their customers.
When did you start playing "old school" MMO's. World Of Warcraft?
I was hacked last week, one of them was my main level 47, my alt was level 20, and one toon was just a bank it had ALL my crafting materials, and i mean bags and bags of materials.
They stripped my 47, left my alts alone. I dont use and gold spamming sites, and i copy and paste my password from a notepad into the client so i never type anything in so it wasnt a keylogger.
Hacking is annoying, getting hacked that is, but to be honest you get it all back so i dont really freak out as much, but people need to understand that it is a lot more then just people buying gold or using services.
a couple hundred people getting hacked, maybe gold buyers, powerlevel purchasers, third party programs with keyloggers hidden.
A COUPLE THOUSAND, all in the span of 2 or 3 days, that goes deeper, and people need to realize that. Sometimes a companys weak security is to blame and not the players. Its not that farfetched to think Trions database was comprimised.
There are so many holes in the log in process. First, when you log in to the patcher you are never logged out unless you close the patcher, Second when someonelogs into your account and you are in game it just boots you to char select, and you do the same to them, they never have to relog once they have your password so even if you change your password you cant stop them once they are in your account.
When you change your email for your account the confirmation email is sent to the NEW email address instead of the old one, so someone can steal your account change your email and you wouldnt be able to stop it because youd need their email to log in and change it back. Your email is your account name, so if someone gets your email they are halfway there.
When do you start blaming trion for half assing this? Ive seen free to play games that have had stricter log in procedures and safer account protection. I am a big fan of virtual keyboards, a big fan of random number ping codes in game, i am a big fan of in game log ins over the launcher login that way people get booted out to the login screen rather then the char select. And i am a big fan of how aion did it, when you DC your client shut down, that way if you do have a hack issue where you are playing tug of war, at least the other guy has to relaunch the client giving you time to boot him out.
Anyway, some people need to actually consider pointing the finger at trion, it is there fault as much as the players who are lax about their password protection.
Quotations Those Who make peaceful resolutions impossible, make violent resolutions inevitable. John F. Kennedy
Life... is the shit that happens while you wait for moments that never come - Lester Freeman
Lie to no one. If there 's somebody close to you, you'll ruin it with a lie. If they're a stranger, who the fuck are they you gotta lie to them? - Willy Nelson
I'm planning to start playing sometime this week, and it worries me with all this hacking I hear about. I read they just added this coin-lock system, but that doesn't sound very reassuing that accounts can still get hacked, although locked and nothing can be taken from them.
I tend not to visit suspicion websites, and have my PC well protected with AVG plus I use Firefox which helps some.
If you guys didn't know this already, the majority of the hackings are bruteforced.
This basically means that hacker gets a hold of your email from some means and then uses a program to run through massive amounts of password combinations per second until it gets the correct one.
I don't remember the exact numbers but a 7 character password with just numbers and letters takes something like just a few minutes to bruteforce. The more characters you add past 7 raises the time exponentially, though.
So, make sure your password is 8+ characters including upper and lower case letters, numbers and symbols.
Also make sure it's entirely different from any other game/website/anything and I would even recommend making a new email just for Rift and using that ONLY for Rift.
If Trion's database were hacked, you wouldn't see a couple thousand people lose their gold and items. You'd see a lot more. You would also see and hear about credit cards being charged.
Your login as your email address isn't a big deal in regards to security because they aren't looking for "your" account. They're looking for any account. Doesn't matter what the login is. Nobody uses Xde3t6$EwqP as their login so the difference between Lizardbones and Lizardbones@Lizardbones.Com is nothing to an automated system.
There is no team of hackers feverishly typing away at their keyboards trying to hack accounts. It is all automated systems. If you allow code, any code, to execute on your computer from an untrusted source, there is a chance that the untrusted source has something you don't want. It doesn't matter at all what kind of security Trion implements if your browser is an open door. It doesn't even matter what kind of anti-virus you have running. There are an order of magnitude more 'hackers' and 'script kiddies' out there than there are security researchers and they simply cannot keep ahead of the newest malware to come out. In fact, if the malware doesn't actually infect somebody's system, the Anti-Virus software won't even know it exists in the first place...you have to have an infection before you can have a solution.
Trion has a financial interest to protect the accounts on their servers from people who can't or won't protect themselves. It's not Trion's fault that people get hacked. It is their responsibility (if they want to continue making money) to do something about it. Which is what they're doing. They have reason to believe that locking accounts by geographic location will have an impact on the amount of in game money that's stolen. They wouldn't think that and put it in there if they didn't think it would have some impact.
I can not remember winning or losing a single debate on the internet.
My theory is they got a TONNNN of people several ways:
1. Video card driver updates not from the official sites
2. Beta key sites that were not Trion or a looked like a fake Trion site
3. They simply had your info from previous games. These guys do not delete their list.
4. You simply posted to much info on the internet so you could make connections. Like this
user name is the same as this guy who's personel info is this
5. Some guys on the Rift forums had their e-mail addresses as their user names to post on the
forums.
6. Some fake dps meters out there.
Now here is where it is blatantly Trions fault:
1. There is no lock-out of the account after 5 attempts as far as I know
2. Authenticators were not offered. Watch and see if GW2 or SWToR repeat this. It would be interesting to see.
Don't go to weird sites, don't use the same password/username as a forum/dont' download stuff from anyone you dont' know and can't go over their house and yell at them if you needed to, and you will be ok.
I've never been hacked and I don't use constant virus protection and have been playing online games since 2004.
The only time I was told I my account was compromised (by turbine) turned out to be nonsense as I had everything and my character wasn't even touched.
Godfred's Tomb Trailer: https://youtu.be/-nsXGddj_4w
Original Skyrim: https://www.nexusmods.com/skyrim/mods/109547
Serph toze kindly has started a walk-through. https://youtu.be/UIelCK-lldo
There needs to be a lockout for repeated attempts. They should also add a 1 or 2 second delay between attempts on the server side. The server side delay won't do much against commonly used words, but it would slow down a brute force attack that is just running through every possible combination of numbers and letters making it expensive to use time wise. There's not really anything you can do about commonly used passwords or words from the dictionary.
They are working on an authenticator to offer. I think they are going to have Android and iPad apps for it so the cost will be minimal. I don't have an Android or an iPad so hopefully there will be some alternative in addition to those two items. I didn't mind the $6 for my Blizzard authenticator and I wouldn't mind $6 for a Trion one.
It's kind of sad, but any popular game where selling gold is possible will have the same kinds of things happen and that extra security will be a mandatory basic feature instead of something that might be necessary.
I can not remember winning or losing a single debate on the internet.
I've never been hacked in any game ever except Rift. I don't buy gold or go to fishy looking websites. The only Rift related sites I've been to are the official forums & kfguides which explains the puzzles. I only had 15plat to my name & they left me with 22gold. A guildy of mine that I've been playing with for years got hackd last nite & he was also left with just 22gold but they stripped his 3 alts too. I've run multiple anti-virus, spyware & keylogger programs & come up with nothing so yeah, I do blame Trion at this point. Whether their database got hacked or they just have weak security idk but its out of my hands at this point.
I'm not angry about getting hacked cause 15plat is nothing & I'm pretty much just counting days til SW:ToR comes anyway but to those people who keep saying "Oh you got hacked? must be your fault" can go f*** themselves cause nothing could be further from the truth. 11 years of mmo's I've never been hacked but 2 weeks in to Rift & there's hordes of us getting hacked. Wake up.
Please do not create new threads regarding account security when there is a stickied thread at the top for these discussions and other open threads on the subject. We'd like to keep information centralized and not spread out over many threads.
To give feedback on moderation, contact mikeb@mmorpg.com