Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Fuzzy Avatars Solved! Please re-upload your avatar if it was fuzzy!

I almost got hacked, but I use the built in anti-hack feature

I am also very careful and never fall for phishing scams, but I got a message from SE stating that they noticed a strange computer/location trying to login or change password on my account.

At that time I was in game. I made sure it was a legit e-mail and confirmed it came from SE.

So, it said my account will be frozen until I click their link to update my account info(password). I logged out of the game and tried to login, sure enough wouldn't work. So that also confirmed they froze my account until I did what they said.

I went to the link provided in the e-mail, changed my password and logged back in and nothing bad happened to my account in the end.

Why? I use the one-time password and that stopped the hacking attempt.

 

USE ONE OF THESE IN EVERY MMO YOU PLAY AND YOU WILL NEVER BE HACKED!!!!

 

You can even use them through your cell phone for most games.

 

It is 2013, get with the times and use the features provided by the game makers to protect your account. They put them there just for this reason.

GAME TIL YOU DIE!!!!

«1

Comments

  • David_LopanDavid_Lopan Madison, WIPosts: 808Member Uncommon
    Very good advice. Now if only players would stop buying GOLD, we won't have to deal with much of this hacking garbage.
  • YamotaYamota LondonPosts: 6,620Member
  • khameleonkhameleon Miami, FLPosts: 372Member
    Originally posted by David_Lopan
    Very good advice. Now if only players would stop buying GOLD, we won't have to deal with much of this hacking garbage.

    Yea... its a shame people buy gold and support these lowlifes.

    That is why the accounts get banned, the hackers take over the hacked account and use it to spam world chat with gold buying links and info, etc.

    So, the people complaining have to understand the bans of the account is actually SE support doing its work. 

    They are just slow at fixing the account back up for the original owner i guess.... that sucks, but like I said if they had used the on-time password feature they wouldn't be in this situation.

     

    GAME TIL YOU DIE!!!!

  • DMKanoDMKano Gamercentral, AKPosts: 8,559Member Uncommon
    Originally posted by khameleon

    I am also very careful and never fall for phishing scams, but I got a message from SE stating that they noticed a strange computer/location trying to login or change password on my account.

    At that time I was in game. I made sure it was a legit e-mail and confirmed it came from SE.

    So, it said my account will be frozen until I click their link to update my account info(password). I logged out of the game and tried to login, sure enough wouldn't work. So that also confirmed they froze my account until I did what they said.

    I went to the link provided in the e-mail, changed my password and logged back in and nothing bad happened to my account in the end.

    Why? I use the one-time password and that stopped the hacking attempt.

     

    USE ONE OF THESE IN EVERY MMO YOU PLAY AND YOU WILL NEVER BE HACKED!!!!

     

    You can even use them through your cell phone for most games.

    [mod edit]

    That means that you use the same username for multiple games, otherwise the hackers wouldn't know your username.

     

  • khameleonkhameleon Miami, FLPosts: 372Member
    Originally posted by DMKano
    Originally posted by khameleon

    I am also very careful and never fall for phishing scams, but I got a message from SE stating that they noticed a strange computer/location trying to login or change password on my account.

    At that time I was in game. I made sure it was a legit e-mail and confirmed it came from SE.

    So, it said my account will be frozen until I click their link to update my account info(password). I logged out of the game and tried to login, sure enough wouldn't work. So that also confirmed they froze my account until I did what they said.

    I went to the link provided in the e-mail, changed my password and logged back in and nothing bad happened to my account in the end.

    Why? I use the one-time password and that stopped the hacking attempt.

     

    USE ONE OF THESE IN EVERY MMO YOU PLAY AND YOU WILL NEVER BE HACKED!!!!

     

    You can even use them through your cell phone for most games.

    [mod edit]

    That means that you use the same username for multiple games, otherwise the hackers wouldn't know your username.

     

    I don't think you even read my post, this is about how to stop hackers no matter if they have your username or not. 

    If you use the one-time password feature, the only way to login is to use a piece of hardware to login. You press a button either on the digipass or your phone and it creates an instantaneous combo of numbers that allows you to login. You have username, pasword, and the numbers. Nobody else in the world has your phone or the digipass linked to your account.

    So, if they had my username or not I don't care, my account is protected and cannot be hacked.

    GAME TIL YOU DIE!!!!

  • ElboneElbone Chambly, QCPosts: 60Member Uncommon

    Really, this should be implemented in ALL MMOs for FREE, looking at you greedy blizzard. I mean offering security for your customer shouldnt come with a price tag.

    How mch is the authenticator for WoW, 15$ I think?

  • Sircampsalot08Sircampsalot08 el segundo, CAPosts: 20Member
    Originally posted by khameleon

    Why? I use the one-time password and that stopped the hacking attempt.

     

    USE ONE OF THESE IN EVERY MMO YOU PLAY AND YOU WILL NEVER BE HACKED!!!!

    Your account can still be compromised but it will be that much more difficult to compromise with the security token in place that it's a less desirable target for hackers.  There were some cases of players in FFXIV 1.0 that had their account comprised after they received a phishing email that asked them to put in their token code.  Hackers then had a small window of opportunity to hack your account because the token code is actually "live" for a set period of time and that's where the vulnerability of the token lies.

    SirCampsalot

  • DMKanoDMKano Gamercentral, AKPosts: 8,559Member Uncommon
    Originally posted by khameleon
    Originally posted by DMKano
    Originally posted by khameleon

    I am also very careful and never fall for phishing scams, but I got a message from SE stating that they noticed a strange computer/location trying to login or change password on my account.

    At that time I was in game. I made sure it was a legit e-mail and confirmed it came from SE.

    So, it said my account will be frozen until I click their link to update my account info(password). I logged out of the game and tried to login, sure enough wouldn't work. So that also confirmed they froze my account until I did what they said.

    I went to the link provided in the e-mail, changed my password and logged back in and nothing bad happened to my account in the end.

    Why? I use the one-time password and that stopped the hacking attempt.

     

    USE ONE OF THESE IN EVERY MMO YOU PLAY AND YOU WILL NEVER BE HACKED!!!!

     

    You can even use them through your cell phone for most games.

    [mod edit]

    That means that you use the same username for multiple games, otherwise the hackers wouldn't know your username.

     

    I don't think you even read my post, this is about how to stop hackers no matter if they have your username or not. 

    If you use the one-time password feature, the only way to login is to use a piece of hardware to login. You press a button either on the digipass or your phone and it creates an instantaneous combo of numbers that allows you to login. You have username, pasword, and the numbers. Nobody else in the world has your phone or the digipass linked to your account.

    So, if they had my username or not I don't care, my account is protected and cannot be hacked.

    I understand perfectly clear how two factor auth works, I've been using 2factor auth for years both the FOBs and soft tokens (app on smart phones).

    I was just simply pointing out one thing - the hackers were attempting to log into your account from (China most likely) - which means they must have known your username.

    That is all I am saying - how did they know your username?

    I understand that it doesn't matter as far as being able to log in - they can't, I am just pointing out that since they know your username you've probably used it in another game.

    Best security practice is to always have unique usernames and passwords for all online accounts and use 2 step verification if available!

    Also gmail supports 2factor auth - use it there too.

     

     

  • RusqueRusque Las Vegas, NVPosts: 2,229Member Uncommon
    Originally posted by Elbone

    Really, this should be implemented in ALL MMOs for FREE, looking at you greedy blizzard. I mean offering security for your customer shouldnt come with a price tag.

    How mch is the authenticator for WoW, 15$ I think?

    $6.50 shipping included.

     

    On topic:

    Every time a new MMO comes out we have these magical claims from people who "got hacked" and they "never fall for phishing schemes" or "never bought gold/powerleveling services" but yet, virtual currency selling is a billion dollar a year industry.

    Why are there no customers for this virtual currency, while so much "hacking" is taking place? Kinda weird right? Someone is buying virtual currency from these currency farmers, otherwise they'd go out of business and stop farming because it's a waste of time.

    It would only make sense that people who have their accounts compromised are likely customers, or they are more gullible and are phished. It's really odd that so many innocent, often InfoSec IT professionals who have brand new computers with fresh OS installs, authenticators AND 78 character long passwords are the ones getting hacked.

  • Hitman211Hitman211 bannedville, IDPosts: 52Member

    I really don't get why they don't just lock accounts on an IP change.

     

    Im not talking about how some games do it where if you run CCleaner it doesn't recognize you.  Just log the IP's accessing the account on their side.

     

    Hell I bet if they only locked your account if an IP registered outside your region was trying to log on...it would stop 99% of these issues without additional steps needed by the players.

    Additionally, when you tried to log on and your account is frozen, it would be smart to give an in game pop up window with a short code, and then state that only the email with this code is the legit one.  Only give this code when the original IP trys to access the game.

     

    Im not some tech guru so it might not be possible.  I just think that while getting a code thing is good, ive heard of people getting hacked when using them, all the hacker has to do is register another device to the account...think I heard it happened in FFXI a bunch.

     

    This would inconvenience people who travel and play or whatever, perhaps an option to turn it off or whatever.

     

    I remember when rift went though the same thing, they coin locked accounts.  You could log in, but you couldn't trade, mail money, or do anything other than play basically...

    I wouldn't mind this, but theirs was annoying since any time I ran CCleaner if locked my account, and then I have to go to email and fix it...and going to an email is always a risk.

  • ShadowlandersShadowlanders Fallbrook, CAPosts: 1Member
    Got same thing a few days ago  I dont even have a game but got a message for suspicious activity on my account ect. havnt used it since first ff mmo release  lol
  • evianwaterevianwater New Braunfels, TXPosts: 308Member
    Originally posted by khameleon
    Originally posted by David_Lopan
    Very good advice. Now if only players would stop buying GOLD, we won't have to deal with much of this hacking garbage.

    Yea... its a shame people buy gold and support these lowlifes.

    That is why the accounts get banned, the hackers take over the hacked account and use it to spam world chat with gold buying links and info, etc.

    So, the people complaining have to understand the bans of the account is actually SE support doing its work. 

    They are just slow at fixing the account back up for the original owner i guess.... that sucks, but like I said if they had used the on-time password feature they wouldn't be in this situation.

     

    You know those "lowlifes" are people trying desperately to make a living right ? working under terrible conditions. Realize the world isn't so centric around you and it becomes a much darker place.

  • DMKanoDMKano Gamercentral, AKPosts: 8,559Member Uncommon
    Originally posted by evianwater
    Originally posted by khameleon
    Originally posted by David_Lopan
    Very good advice. Now if only players would stop buying GOLD, we won't have to deal with much of this hacking garbage.

    Yea... its a shame people buy gold and support these lowlifes.

    That is why the accounts get banned, the hackers take over the hacked account and use it to spam world chat with gold buying links and info, etc.

    So, the people complaining have to understand the bans of the account is actually SE support doing its work. 

    They are just slow at fixing the account back up for the original owner i guess.... that sucks, but like I said if they had used the on-time password feature they wouldn't be in this situation.

     

    You know those "lowlifes" are people trying desperately to make a living right ? working under terrible conditions. Realize the world isn't so centric around you and it becomes a much darker place.

    Stealing accounts for the purpose of spamming goldselling sites in game is pretty lowlife imo.

    I understand folks needing to make a living, but when it involves hurting other people in the process - that's not ok.

     

  • SpottyGekkoSpottyGekko RotterdamPosts: 3,845Member Uncommon
    Originally posted by evianwater
    Originally posted by khameleon
    Originally posted by David_Lopan
    Very good advice. Now if only players would stop buying GOLD, we won't have to deal with much of this hacking garbage.

    Yea... its a shame people buy gold and support these lowlifes.

    That is why the accounts get banned, the hackers take over the hacked account and use it to spam world chat with gold buying links and info, etc.

    So, the people complaining have to understand the bans of the account is actually SE support doing its work. 

    They are just slow at fixing the account back up for the original owner i guess.... that sucks, but like I said if they had used the on-time password feature they wouldn't be in this situation.

     

    You know those "lowlifes" are people trying desperately to make a living right ? working under terrible conditions. Realize the world isn't so centric around you and it becomes a much darker place.

    "Spare a thought for the poor criminals ?"

    If you honestly believe that people do crime only because they're desperate and can find NO other way to earn a living, then you have a lot to learn about the world. The executives of Enron are a fine example of "desperate criminals", no ?

     

    This is not a case of a starving man snatching an apple off a market stall. These gold seller syndicates consist of organised groups of quite intelligent people who use their cyber skills for criminal purposes, often with absolutely no fear of prosecution.

  • drbaltazardrbaltazar drummondville, QCPosts: 7,987Member
    I use two step on a lot of stuff I use!there are drawback .people that don't use 2 step know those drawback.but you are right this is the best compromise.
  • psiicpsiic Tampa, FLPosts: 943Member Uncommon
    Originally posted by David_Lopan
    Very good advice. Now if only players would stop buying GOLD, we won't have to deal with much of this hacking garbage.

     

    Finger to nose...

  • psiicpsiic Tampa, FLPosts: 943Member Uncommon
    Originally posted by DMKano
    Originally posted by evianwater
    Originally posted by khameleon
    Originally posted by David_Lopan
    Very good advice. Now if only players would stop buying GOLD, we won't have to deal with much of this hacking garbage.

    Yea... its a shame people buy gold and support these lowlifes.

    That is why the accounts get banned, the hackers take over the hacked account and use it to spam world chat with gold buying links and info, etc.

    So, the people complaining have to understand the bans of the account is actually SE support doing its work. 

    They are just slow at fixing the account back up for the original owner i guess.... that sucks, but like I said if they had used the on-time password feature they wouldn't be in this situation.

     

    You know those "lowlifes" are people trying desperately to make a living right ? working under terrible conditions. Realize the world isn't so centric around you and it becomes a much darker place.

    Stealing accounts for the purpose of spamming goldselling sites in game is pretty lowlife imo.

    I understand folks needing to make a living, but when it involves hurting other people in the process - that's not ok.

     

    lol they are only stealing from the people who went to their website to buy gold in the first place. 

  • JeroKaneJeroKane OsloPosts: 5,353Member Uncommon
    Originally posted by Sircampsalot08
    Originally posted by khameleon

    Why? I use the one-time password and that stopped the hacking attempt.

     

    USE ONE OF THESE IN EVERY MMO YOU PLAY AND YOU WILL NEVER BE HACKED!!!!

    Your account can still be compromised but it will be that much more difficult to compromise with the security token in place that it's a less desirable target for hackers.  There were some cases of players in FFXIV 1.0 that had their account comprised after they received a phishing email that asked them to put in their token code.  Hackers then had a small window of opportunity to hack your account because the token code is actually "live" for a set period of time and that's where the vulnerability of the token lies.

    SirCampsalot

    There is basically no Security messure against stupid people that fall for phising emails! Sorry, but there isn´t.

    I can understand old People from the older generation falling for these. Hence, why banks stopped using TAN code sheets and switched to SMS / Hardware token only.... as too many stupid and old People were handing out their TAN codes to phising sites.

    But People playing Online games should know better by now. /shrug

     

  • JustsomenoobJustsomenoob lexington, KYPosts: 871Member
    Originally posted by Hitman211

    I really don't get why they don't just lock accounts on an IP change.

     

    Im not talking about how some games do it where if you run CCleaner it doesn't recognize you.  Just log the IP's accessing the account on their side.

     

    Hell I bet if they only locked your account if an IP registered outside your region was trying to log on...it would stop 99% of these issues without additional steps needed by the players.

    Additionally, when you tried to log on and your account is frozen, it would be smart to give an in game pop up window with a short code, and then state that only the email with this code is the legit one.  Only give this code when the original IP trys to access the game.

     

    Im not some tech guru so it might not be possible.  I just think that while getting a code thing is good, ive heard of people getting hacked when using them, all the hacker has to do is register another device to the account...think I heard it happened in FFXI a bunch.

     

    This would inconvenience people who travel and play or whatever, perhaps an option to turn it off or whatever.

     

    I remember when rift went though the same thing, they coin locked accounts.  You could log in, but you couldn't trade, mail money, or do anything other than play basically...

    I wouldn't mind this, but theirs was annoying since any time I ran CCleaner if locked my account, and then I have to go to email and fix it...and going to an email is always a risk.

     

    GW2 does something similar.  If you attempt to login from an IP that has never accessed the account before, it says so and you have to do an email confirmation.    Once you do so successfully you have the option of adding it to the list of allowed IPs on the account so the message won't come up again (or you can just play and not allow it, which means it'll ask again next time, good if you're traveling on hotel wifi or something)

  • angerbeaverangerbeaver Dorval, QCPosts: 871Member Uncommon
    Originally posted by Hitman211

    I really don't get why they don't just lock accounts on an IP change.

    Hell I bet if they only locked your account if an IP registered outside your region was trying to log on...it would stop 99% of these issues without additional steps needed by the players.

    DHCP. Some countries actually have their IPs change at specific times so it could change while they play. This is a feature used in Path Of Exile and it did not go over well with European Players because of this.

    Edit: Not from Europe myself so the explanation may be off but that's how I understood it working for some countries. In most areas DHCP will change your IP but I believe only after a ip renewal/drop or reboot etc...

  • theAsnatheAsna AsnatownPosts: 321Member

     

    I dunno what people are doing to get hacked. Up to today I never needed security tokens and similar things to keep my accounts safe.

     

    So again. What are you guys doing? Are you opening every eMail you get? Are you installing all kind of 3rd party software you find on the internet? Are you playing in an internet cafe? Do you play using some public WLAN?

  • DeserttFoxxDeserttFoxx North York, ONPosts: 2,360Member Uncommon
    Originally posted by Elbone

    Really, this should be implemented in ALL MMOs for FREE, looking at you greedy blizzard. I mean offering security for your customer shouldnt come with a price tag.

    How mch is the authenticator for WoW, 15$ I think?

    It is free, the physical one cost money but thats because youre paying for the device to be made.Whohonestly doesnt have a smart phone these days?

    Quotations Those Who make peaceful resolutions impossible, make violent resolutions inevitable. John F. Kennedy

    Life... is the shit that happens while you wait for moments that never come - Lester Freeman

    Lie to no one. If there 's somebody close to you, you'll ruin it with a lie. If they're a stranger, who the fuck are they you gotta lie to them? - Willy Nelson

  • PhryPhry HampshirePosts: 6,296Member Uncommon
    Originally posted by DeserttFoxx
    Originally posted by Elbone

    Really, this should be implemented in ALL MMOs for FREE, looking at you greedy blizzard. I mean offering security for your customer shouldnt come with a price tag.

    How mch is the authenticator for WoW, 15$ I think?

    It is free, the physical one cost money but thats because youre paying for the device to be made.Whohonestly doesnt have a smart phone these days?

    i don't have a smart phone.. or any type of mobile phone tbh, which is why i have the 'key fob'  security code tokens, do i begrudge paying a few quid for them, hell no!  Of course the fact mobile phones don't really work where i live is kind of an added disincentive to actually owning one :D

  • SuniojSunioj Saratoga, NYPosts: 261Member

    Use an e-mail account that is only for MMO's and games.  Set a very good password for it.

     

    For your account names and passwords have a different good password.

     

    If anyone goes to the PCtools website you can use a free tool that creates random passwords if you are no good at making your own.  Generate some, save it to a txt file and put it in a secure spot.  That should help.

     

    Momo sucks, I have proof.

  • Br3akingDawnBr3akingDawn a City, CAPosts: 1,357Member Uncommon
    Seriously people need to stop falling for create a account on this and that ffxivarr site and putting in the SAME email and passwords for their game. Its amzing how many joined Free Company sites and use the same email/password they do for the game. who hacked u? ask your Free Company.

    image

«1
Sign In or Register to comment.