-If you have no authenticators, then you were likely brute forced. Even huge, complex passwords can be brute forced relatively quickly these days. And Trion and Blizzard have no lock out timers on certain parts of their authentication (so, it might lock you out on the website, but if you use a game client to attempt login, it does not).
-In regards to virii, after the fact scanning is generally useless, most virus/malware/scamware actively hampers install and operation of any AV system. To stop virii, you need an active defense. Best "free" AV is defender, then MS Security Essentials (depending if your 7 or 8). You'll also want it to be set to quarantine or delete ANYTHING that is suspect. No human on this planet is fast enough to click the "quarantine" button before a virus installs itself. It is far easier to re-download something, than it is to rebuild your OS.
-Scam emails generally rip directly from the company being scammed. So, of course the images in phishing come from the real website. It is the ACTUAL links that matter (in most email clients you can hover over hyperlinks for the actual link to be exposed). And even then, unless you really know your interwebz, it can be difficult to differentiate between us1.battle.net and us1.battlenet.edy.com. In the end, just don't use email links.
OP is using email and passwords used at different places on teh interwebs - which nobody will ever admit to doing but that's how you get accounts hacked/stolen.
Originally posted by VicDynamo OP is using email and passwords used at different places on teh interwebs - which nobody will ever admit to doing but that's how you get accounts hacked/stolen.
dude stop with that.
Many people been hacked. Blizzard was hacked as well and that wasnt the players fault.
Trion world had an account issue when they first started with Rift. But I guess people forgot all about that...
If you had not played WoW in 2yrs, and your account was inactive, how the hell did they take your account? You get e-mail notifications if you change e-mails or if account was re-activated (or I always have anyways). That confuse's me a little, as with Trion games, these are free to play (F2P) and only notifications you get is whenever you make a purchase from them (or in your case they tried to), but this would also involve not just Archeage beta (don't take transactions for this game as of yet anyways) as I am also under the impression that once the beta's come to an end the servers will be wiped and primed ready for release (beta accounst will not exist), as some bugs and exploits would have hopefully been found and fixed. However if you had ever played Rift and Defiance then these 2 games would also have been compromised too.
I want to point out that I never had problems with Trion products before, but this does not mean that it wont start now.
Also, another thing of huge importance is how bad Blizzard's security is: the website passwords are not case sensitive . I have reported this to Blizzard several times and once I got a 72 hour ban for posting this issue on their form. Imagine how much easier is to crack passwords if they are not case sensitive
It may be a coincidence that you were hacked after installing Archeage; was there a Battle.net upgrade in this time frame as well?
Also like many others posted above, never trust links in emails when it comes to security notices; go to the browser and type in the URL and see what the deal is in account management page. It is also worthwhile checking the connection settings in Internet Explorer (or your preferred browser); I once got hacked through Yahoo Messenger and the malware installed a vb script that ran each time I opened a page (in IE and Mozilla).
As a Rift player at launch who saw the mass hacking of customer accounts at that time, it definitely seems to me that Trion servers are being hacked again. Many people with Archeum packs are having their characters hijacked, gold selling spam and botting are out of control on the alpha servers and once again all the smug players that haven't been affected are blaming the customers rather than Trion. Only those of us who remember what happened previously realise it's more likely the problem is with security being breached at Trion. A number of us have raised the possibility on the Archeage forums but it seems to fall on deaf ears. It took a customer to solve how the Rift servers were being hacked via a back door last time, I just hope there is someone equally knowledgable can work out what's going on now.
Just recently, reports are starting to come in from Rift customers too. The common link between the two games is the Glyph games launcher, which has only recently been introduced and which acts both as an account interface and games launcher. I suspect the hackers have found a way to bypass that in order to reach the account and game databases but that's just me. I have no expertise in this field.
The interesting thing I have noticed is that it seems all the hacked accounts are on the alpha servers. I've not seen people with beta only accounts complaining of being hacked. Not sure what the significance of that is?
If you had not played WoW in 2yrs, and your account was inactive, how the hell did they take your account? You get e-mail notifications if you change e-mails or if account was re-activated (or I always have anyways). That confuse's me a little, as with Trion games, these are free to play (F2P) and only notifications you get is whenever you make a purchase from them (or in your case they tried to), but this would also involve not just Archeage beta (don't take transactions for this game as of yet anyways) as I am also under the impression that once the beta's come to an end the servers will be wiped and primed ready for release (beta accounst will not exist), as some bugs and exploits would have hopefully been found and fixed. However if you had ever played Rift and Defiance then these 2 games would also have been compromised too.
When you susbscribe to a Trion game, you are invited to associate a payment method with your account. As he has referenced a credit card that ran out in 2012 he must have bought something in the past, probably something related to Rift. The Archeage beta will normally be associated with that account whether or not he has actually needed to pay for anything yet.
They probably bought your email adress and masses of others that were acquired from websites regarding games and sent phishing mails to everybody on those lists. So that you got those mails doesn't mean that necessarily you got hacked, or ArcheAge or WoW. It just means that gaming websites you are a member of got hacked and their email data stolen, or that they sold said data for some extra cash.
Now, I haven't played World of Warcraft in about two years. Friday Night though, I got an email from a friend who still plays telling me she thinks my account was hacked. So, I check battle.net and sure enough my characters are all nekid (gear all sold off) and 2 characters have been transferred with 2 more in Q. So I have Blizzard call me via support request. Took about 5 mins for the call back and Justin (Bliz rep) had my account restored in about 15 more minutes. and He was kind enough to let me log in for the day to sort everything out. ( get everything out of the mail ect)
So today, I get an email from Trion saying that a "Gift" Founders pack purchase for Archeage could not be completed. Twice! So I login to my Trion account and thank goodness my credit card on file expired in 2012. I tried to contact Trion but since I haven't made any recent purchases I wasnt eligible for live chat. (which I think is pretty bogus) So Ill await the email reply.
The odd thing (to me at least) is I just downloaded and installed Archeage this past Thursday. Two days later my WoW account is compromised, and then My Trion account?
Now, before you say, well maybe you have a virus?!?! Im an IT Systems administrator. Now does that mean Im "too great" to have a virus, no not at all. The fact is You cant have a cure till you have a disease.
And for the record, I did my due diligence. I ran Super Anti Spyware, Malwarebytes, Housecall, ad-aware and Avast. Also ran a boot time scan of avast. You know what they turned up? 35 Tracking cookies. Thats it.
My guess is the archage/glyph application has some vulnerability. Anyone else have a similar issue?
Hmm.. both companies provide mobile app authenticators for their games, which could have prevented all of this. You may be a systems administrator, but your security protocols are lacking.
Hmm.. both companies provide mobile app authenticators for their games, which could have prevented all of this. You may be a systems administrator, but your security protocols are lacking.
I have the authenticators now. Made sure of that now after this mess. As far as lacking in the security protocols, I hear ya. But when I work 50 hours a week, and raise two kids, sometimes stuff slips my mind. :-)
Yeah. I have authenticators on every game that offers. Google app covers a few alone..then separate ones for the rest. Haven't had problems since I started using them. I've only ever had 2 cases..Guild Wars II..which was their fault despite what they tried to tell everyone. I mean...hundreds ..if not thousands of compromised accounts all at once can't all be user error. Especially since they had just announced that their security was compromised right after it launched.
Then SOE EQ2 account . Fortunately I had no credit card info saved and nothing missing. Plus I got some free shop coins from the idiot..$40 bucks worth. I only used the acct briefly 2 years prior and no other SOE games played for about the same time.
Gave EQ2 another chance & I'm finding it really entertaining (despite the poorly thought out cpu hungry engine) but dead on my server.
Hmm.. both companies provide mobile app authenticators for their games, which could have prevented all of this. You may be a systems administrator, but your security protocols are lacking.
I have the authenticators now. Made sure of that now after this mess. As far as lacking in the security protocols, I hear ya. But when I work 50 hours a week, and raise two kids, sometimes stuff slips my mind. :-)
There appears to have been a huge increase in the number of people having their accounts hacked in the past 24 hours. There are pages of reports on Archeage's forums from people who have had money taken from their accounts, mostly PayPal it seems without authorisation
As usual, Trion are denying their servers have been hacked and are blaming the customers but at least they have announced they are instroducing an IP check from Thursday this week. Everyone's IP will be logged and if any attempt is made to log in from a different one, an email will be sent to their registered address to get approval.
I would not be so happy about expired credit card. Most of billing companies can bill using old credit card info because there is built in continuity to a new issued credit card (unless you changed a bank or something like that)
"What happened in the last few hours is sadly nothing new: every day, bots obtain user credentials from various unprotected sites around the Internet, build lists of login and passwords, and try them on Trion's servers (along with many other sites). If players consistently use simple or repeated passwords across different online services, these bots may get access to their accounts. Because of the current momentum around ArcheAge, hundreds of millions of such attempts were made from well over a million different IP addresses in the last few weeks, only a fraction of which ended up being successful today."
If thats the case (im not leaning one way or another) I wish there was a way to find out which site were hacked. Then I could take measure's. (I may have used the same UID / PW combo and dont remember doing it. Could be something from years ago) Like I said though, I dont think thats the case for me, but I have been wrong before lol
"What happened in the last few hours is sadly nothing new: every day, bots obtain user credentials from various unprotected sites around the Internet, build lists of login and passwords, and try them on Trion's servers (along with many other sites). If players consistently use simple or repeated passwords across different online services, these bots may get access to their accounts. Because of the current momentum around ArcheAge, hundreds of millions of such attempts were made from well over a million different IP addresses in the last few weeks, only a fraction of which ended up being successful today."
If thats the case (im not leaning one way or another) I wish there was a way to find out which site were hacked. Then I could take measure's. (I may have used the same UID / PW combo and dont remember doing it. Could be something from years ago) Like I said though, I dont think thats the case for me, but I have been wrong before lol
I shutter to think of how many fansites I have usernames and passwords with. I've taken to create unique passwords that are ONLY used with specific games. I've run fansites before and I've refused to maintain a userbase or email list for that very reason - hackers are just too savvy these days and protecting users info is next to impossible.
Looks like there has been a lot more hacking reported. Trion has finally made a statement..
"What happened in the last few hours is sadly nothing new: every day, bots obtain user credentials from various unprotected sites around the Internet, build lists of login and passwords, and try them on Trion's servers (along with many other sites). If players consistently use simple or repeated passwords across different online services, these bots may get access to their accounts. Because of the current momentum around ArcheAge, hundreds of millions of such attempts were made from well over a million different IP addresses in the last few weeks, only a fraction of which ended up being successful today."
- hackers are just too savvy these days and protecting users info is next to impossible.
The part I highlighted in blue is incorrect. The part I highlighted in red is Trion's complete failure (probably due to apathy) to ensure that their users were protected.
It is NOT DIFFICULT TO PREVENT massive brute force password retries. There are several different highly effective ways to limit "hundreds of millions of such attempts" from "well over a million different IP addresses".
Failure to implement ANY method of limiting brute force login cracks is entirely Trion's fault.
Sounds like the russian gang that accumulated that list of 1.2 billion stolen username/password combinations have started monetizing their "product".
Archeage is currently high on the goldsellers popularity charts, because it represents a significant opportunity to make money, given that it will soon be launching in the NA/EU market. Due to the game design, it is also more tedious for the goldsellers to amass vast amounts of gold quickly, so they will naturally target Patron accounts to get access to any Cash Shop credits on the accounts. Those stolen credits can then be used to buy CS items to resell on the AH for... "AA Goldz" !!
Looks like there has been a lot more hacking reported. Trion has finally made a statement..
"What happened in the last few hours is sadly nothing new: every day, bots obtain user credentials from various unprotected sites around the Internet, build lists of login and passwords, and try them on Trion's servers (along with many other sites). If players consistently use simple or repeated passwords across different online services, these bots may get access to their accounts. Because of the current momentum around ArcheAge, hundreds of millions of such attempts were made from well over a million different IP addresses in the last few weeks, only a fraction of which ended up being successful today."
- hackers are just too savvy these days and protecting users info is next to impossible.
The part I highlighted in blue is incorrect. The part I highlighted in red is Trion's complete failure (probably due to apathy) to ensure that their users were protected.
It is NOT DIFFICULT TO PREVENT massive brute force password retries. There are several different highly effective ways to limit "hundreds of millions of such attempts" from "well over a million different IP addresses".
Failure to implement ANY method of limiting brute force login cracks is entirely Trion's fault.
^ This. Their comments suggest this was a brute force attack. Not a virus, hack, scam etc. My guess is with the new Glpyh launcher they failed to implement brute force password attempt prevention. Assumingly Trion's fault, probably just coincidence the OP's WoW account had also been stolen.
"They essentially want to say 'Correlation proves Causation' when it's just not true." - Sovrath
Looks like there has been a lot more hacking reported. Trion has finally made a statement..
"What happened in the last few hours is sadly nothing new: every day, bots obtain user credentials from various unprotected sites around the Internet, build lists of login and passwords, and try them on Trion's servers (along with many other sites). If players consistently use simple or repeated passwords across different online services, these bots may get access to their accounts. Because of the current momentum around ArcheAge, hundreds of millions of such attempts were made from well over a million different IP addresses in the last few weeks, only a fraction of which ended up being successful today."
- hackers are just too savvy these days and protecting users info is next to impossible.
The part I highlighted in blue is incorrect. The part I highlighted in red is Trion's complete failure (probably due to apathy) to ensure that their users were protected.
It is NOT DIFFICULT TO PREVENT massive brute force password retries. There are several different highly effective ways to limit "hundreds of millions of such attempts" from "well over a million different IP addresses".
Failure to implement ANY method of limiting brute force login cracks is entirely Trion's fault.
^ This. Their comments suggest this was a brute force attack. Not a virus, hack, scam etc. My guess is with the new Glpyh launcher they failed to implement brute force password attempt prevention. Assumingly Trion's fault, probably just coincidence the OP's WoW account had also been stolen.
Worse, to me, is that their comments just stink of apathy. "What happened is sadly nothing new" == 'sucks to be you, not our fault, the internet is unsafe, cry me a river".
I don't think I will ever enter any pay details in any Trion game now, ever. Congrats on not getting any money from me ever now, Trion!
So let's clear this up... you got infected by a keylogger because you used a non-legit copy of windows?
Sorry if I don't feel just a bit sorry for you...
As I said, the very vast majority of hacking cases are the fault of the user.
I'm not the one that opened the thread, but agree 100% with you. Like in my case he may be missing something, but is every time a user's fault.
Is it the users fault that the developer requires an email address as the login ID? Probably one of the worst choices for a secure login that you can ever use. That's not the user's fault, that's the developers. Heaven forbid someone want to use the same email address for something else. Oh the horror. That man should be flogged. Who doesn't have 150 unique email addresses? It's 2014 for gods sake.
Comments
Couple of things:
-If you have no authenticators, then you were likely brute forced. Even huge, complex passwords can be brute forced relatively quickly these days. And Trion and Blizzard have no lock out timers on certain parts of their authentication (so, it might lock you out on the website, but if you use a game client to attempt login, it does not).
-In regards to virii, after the fact scanning is generally useless, most virus/malware/scamware actively hampers install and operation of any AV system. To stop virii, you need an active defense. Best "free" AV is defender, then MS Security Essentials (depending if your 7 or 8). You'll also want it to be set to quarantine or delete ANYTHING that is suspect. No human on this planet is fast enough to click the "quarantine" button before a virus installs itself. It is far easier to re-download something, than it is to rebuild your OS.
-Scam emails generally rip directly from the company being scammed. So, of course the images in phishing come from the real website. It is the ACTUAL links that matter (in most email clients you can hover over hyperlinks for the actual link to be exposed). And even then, unless you really know your interwebz, it can be difficult to differentiate between us1.battle.net and us1.battlenet.edy.com. In the end, just don't use email links.
Why when we have discussions like this we always attack the person who was hacked and not the big companies?
did people forget that both Trion and Blizzard were hacked in the last 2 years?
Philosophy of MMO Game Design
dude stop with that.
Many people been hacked. Blizzard was hacked as well and that wasnt the players fault.
Trion world had an account issue when they first started with Rift. But I guess people forgot all about that...
Philosophy of MMO Game Design
because VAST majority of the time its the individual who didn't follow safe internet practices.
"I'll never grow up, never grow up, never grow up! Not me!"
Given the amount of people who have accounts, I wouldn't say it is the VAST majority, a good percentage maybe.
Some just can't be bothered though. Mine gets checked whenever i'm not using it lol
1 question here that I would like to ask.
If you had not played WoW in 2yrs, and your account was inactive, how the hell did they take your account? You get e-mail notifications if you change e-mails or if account was re-activated (or I always have anyways). That confuse's me a little, as with Trion games, these are free to play (F2P) and only notifications you get is whenever you make a purchase from them (or in your case they tried to), but this would also involve not just Archeage beta (don't take transactions for this game as of yet anyways) as I am also under the impression that once the beta's come to an end the servers will be wiped and primed ready for release (beta accounst will not exist), as some bugs and exploits would have hopefully been found and fixed. However if you had ever played Rift and Defiance then these 2 games would also have been compromised too.
I want to point out that I never had problems with Trion products before, but this does not mean that it wont start now.
Also, another thing of huge importance is how bad Blizzard's security is: the website passwords are not case sensitive
. I have reported this to Blizzard several times and once I got a 72 hour ban for posting this issue on their form. Imagine how much easier is to crack passwords if they are not case sensitive 
It may be a coincidence that you were hacked after installing Archeage; was there a Battle.net upgrade in this time frame as well?
Also like many others posted above, never trust links in emails when it comes to security notices; go to the browser and type in the URL and see what the deal is in account management page. It is also worthwhile checking the connection settings in Internet Explorer (or your preferred browser); I once got hacked through Yahoo Messenger and the malware installed a vb script that ran each time I opened a page (in IE and Mozilla).
Happy malware hunting!.
As a Rift player at launch who saw the mass hacking of customer accounts at that time, it definitely seems to me that Trion servers are being hacked again. Many people with Archeum packs are having their characters hijacked, gold selling spam and botting are out of control on the alpha servers and once again all the smug players that haven't been affected are blaming the customers rather than Trion. Only those of us who remember what happened previously realise it's more likely the problem is with security being breached at Trion. A number of us have raised the possibility on the Archeage forums but it seems to fall on deaf ears. It took a customer to solve how the Rift servers were being hacked via a back door last time, I just hope there is someone equally knowledgable can work out what's going on now.
Just recently, reports are starting to come in from Rift customers too. The common link between the two games is the Glyph games launcher, which has only recently been introduced and which acts both as an account interface and games launcher. I suspect the hackers have found a way to bypass that in order to reach the account and game databases but that's just me. I have no expertise in this field.
The interesting thing I have noticed is that it seems all the hacked accounts are on the alpha servers. I've not seen people with beta only accounts complaining of being hacked. Not sure what the significance of that is?
When you susbscribe to a Trion game, you are invited to associate a payment method with your account. As he has referenced a credit card that ran out in 2012 he must have bought something in the past, probably something related to Rift. The Archeage beta will normally be associated with that account whether or not he has actually needed to pay for anything yet.
They probably bought your email adress and masses of others that were acquired from websites regarding games and sent phishing mails to everybody on those lists. So that you got those mails doesn't mean that necessarily you got hacked, or ArcheAge or WoW. It just means that gaming websites you are a member of got hacked and their email data stolen, or that they sold said data for some extra cash.
Let's play Fallen Earth (blind, 300 episodes)
Let's play Guild Wars 2 (blind, 45 episodes)
Hmm.. both companies provide mobile app authenticators for their games, which could have prevented all of this. You may be a systems administrator, but your security protocols are lacking.
I have the authenticators now. Made sure of that now after this mess. As far as lacking in the security protocols, I hear ya. But when I work 50 hours a week, and raise two kids, sometimes stuff slips my mind. :-)
Yeah. I have authenticators on every game that offers. Google app covers a few alone..then separate ones for the rest. Haven't had problems since I started using them. I've only ever had 2 cases..Guild Wars II..which was their fault despite what they tried to tell everyone. I mean...hundreds ..if not thousands of compromised accounts all at once can't all be user error. Especially since they had just announced that their security was compromised right after it launched.
Then SOE EQ2 account . Fortunately I had no credit card info saved and nothing missing. Plus I got some free shop coins from the idiot..$40 bucks worth. I only used the acct briefly 2 years prior and no other SOE games played for about the same time.
Gave EQ2 another chance & I'm finding it really entertaining (despite the poorly thought out cpu hungry engine) but dead on my server.
I imagine that is very hectic lol.
There appears to have been a huge increase in the number of people having their accounts hacked in the past 24 hours. There are pages of reports on Archeage's forums from people who have had money taken from their accounts, mostly PayPal it seems without authorisation
As usual, Trion are denying their servers have been hacked and are blaming the customers but at least they have announced they are instroducing an IP check from Thursday this week. Everyone's IP will be logged and if any attempt is made to log in from a different one, an email will be sent to their registered address to get approval.
Looks like there has been a lot more hacking reported. Trion has finally made a statement..
http://forums.archeagegame.com/showthread.php?32346-Regarding-Reports-of-Unauthorized-Transactions about unauthorized transactions
"What happened in the last few hours is sadly nothing new: every day, bots obtain user credentials from various unprotected sites around the Internet, build lists of login and passwords, and try them on Trion's servers (along with many other sites). If players consistently use simple or repeated passwords across different online services, these bots may get access to their accounts. Because of the current momentum around ArcheAge, hundreds of millions of such attempts were made from well over a million different IP addresses in the last few weeks, only a fraction of which ended up being successful today."
If thats the case (im not leaning one way or another) I wish there was a way to find out which site were hacked. Then I could take measure's. (I may have used the same UID / PW combo and dont remember doing it. Could be something from years ago) Like I said though, I dont think thats the case for me, but I have been wrong before lol
I shutter to think of how many fansites I have usernames and passwords with. I've taken to create unique passwords that are ONLY used with specific games. I've run fansites before and I've refused to maintain a userbase or email list for that very reason - hackers are just too savvy these days and protecting users info is next to impossible.
The part I highlighted in blue is incorrect. The part I highlighted in red is Trion's complete failure (probably due to apathy) to ensure that their users were protected.
It is NOT DIFFICULT TO PREVENT massive brute force password retries. There are several different highly effective ways to limit "hundreds of millions of such attempts" from "well over a million different IP addresses".
Failure to implement ANY method of limiting brute force login cracks is entirely Trion's fault.
Sounds like the russian gang that accumulated that list of 1.2 billion stolen username/password combinations have started monetizing their "product".
Archeage is currently high on the goldsellers popularity charts, because it represents a significant opportunity to make money, given that it will soon be launching in the NA/EU market. Due to the game design, it is also more tedious for the goldsellers to amass vast amounts of gold quickly, so they will naturally target Patron accounts to get access to any Cash Shop credits on the accounts. Those stolen credits can then be used to buy CS items to resell on the AH for... "AA Goldz" !!
^ This. Their comments suggest this was a brute force attack. Not a virus, hack, scam etc. My guess is with the new Glpyh launcher they failed to implement brute force password attempt prevention. Assumingly Trion's fault, probably just coincidence the OP's WoW account had also been stolen.
"They essentially want to say 'Correlation proves Causation' when it's just not true." - Sovrath
Worse, to me, is that their comments just stink of apathy. "What happened is sadly nothing new" == 'sucks to be you, not our fault, the internet is unsafe, cry me a river".
I don't think I will ever enter any pay details in any Trion game now, ever. Congrats on not getting any money from me ever now, Trion!
Is it the users fault that the developer requires an email address as the login ID? Probably one of the worst choices for a secure login that you can ever use. That's not the user's fault, that's the developers. Heaven forbid someone want to use the same email address for something else. Oh the horror. That man should be flogged. Who doesn't have 150 unique email addresses? It's 2014 for gods sake.