Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Fuzzy Avatars Solved! Please re-upload your avatar if it was fuzzy!

Rift Hacked

FebleFeble Jamesville, NYPosts: 11Member

 


Anyone else got shafted?  Went on to play and I was naked as a jay bird.  I am baffled on how.  I never received any personal mail from Trion that might have not been theirs and the fake in-game emails i always clicked on the email icon "report spam."  I my personal opinion on this is that World of Warcraft went through some ruff times on this crap and came out successful with the authenticating device.  My questions to you readers is this- Wouldn't you think from the past experiences of the other MMOs that Trion would had at least came out with a built in authentication thing?  I am sure its not to far away it Trion respects us as a value players. 

Comments

  • bansanbansan blah city, MOPosts: 367Member

    Huh, looks like a lot of people got hacked.

  • LeetheLeethe Posts: 876Member Uncommon

    Originally posted by Feble

     


    Anyone else got shafted?  Went on to play and I was naked as a jay bird.  I am baffled on how.  I never received any personal mail from Trion that might have not been theirs and the fake in-game emails i always clicked on the email icon "report spam."  I my personal opinion on this is that World of Warcraft went through some ruff times on this crap and came out successful with the authenticating device.  My questions to you readers is this- Wouldn't you think from the past experiences of the other MMOs that Trion would had at least came out with a built in authentication thing?  I am sure its not to far away it Trion respects us as a value players. 

    How did you manage to miss the Devs post about:

    1. they know there's a problem.

    2. They are taking countermeasures that will effect the source(s) of the problem.

    3. They are designing/adapting and testing a new authenticator for players.

    There is NO miracle patch.

    95% of what you see in beta won't change by launch.

    Hope is not a stategy.
    ______________________________
    "This kind of topic is like one of those little cartoon boxes held up by a stick on a string, with a piece of meat under it. In other words, bait."

  • FebleFeble Jamesville, NYPosts: 11Member

    There has been and according to Trion they are aware of the situation.  8)

  • majimaji ColognePosts: 1,995Member Uncommon

    Assuming it's not just a bug that wipes the character clean, but actually someone having those guys account information: I'm wondering how they could acquire them. Are those keyloggers found on so many websites? Do the people give their account data to everyone? Or is some Rift website sending out addons, that claim to make you level 10 times as fast, and everyone is installing that?

    Let's play Fallen Earth (blind, 300 episodes)

    Let's play Guild Wars 2 (blind, 45 episodes)

  • shakermaker0shakermaker0 SheffieldPosts: 194Member

    Same thing happened to me, logged off in Stonefield, came back on a day later in the centre of the city naked with everything sold and taken. Some serious secruity issues.

  • EvasiaEvasia rotterdamPosts: 2,827Member

    Ain't this very sad that your playing game and some criminals hack your account, for some money realy realy sad these individuals.

    Games played:AC1-Darktide'99-2000-AC2-Darktide/dawnsong2003-2005,Lineage2-2005-2006 and now Darkfall-2009.....
    In between WoW few months AoC few months and some f2p also all very short few weeks.

  • kwaikwai frederikshavnPosts: 830Member

    And this is why i love my VPN, bank/military encryption, but then again if the security lies with Trion, then i guess its just a matter of time before i log in and find my lvl 50 naked n stripped, ofc i would demand everything reimbursed from Trion.

  • CantorageCantorage BodøPosts: 186Member

    Basically, to get "hacked" in an MMO you yourself are to blame and should follow the "idiot checklist."

     

    You have:

    -Registered on a "fansite" or Rift related non-Trion website with the same account info as you log in to the game with. (idiot)

    -Downloaded a 3rd party Rift related program from a non-trusted source. For example, guild-made DPS parsers and such. (idiot)

    -Ever bought gold from any gold selling service for any game (idiot)

    -Someone knows both your character's name and server and real life identity. (not so idiotic, but it does happen that trust is misplaced.)

    -Transmitted or received data from any web server hosted to fish your account info, like in step 1. (can't be helped sometimes except if you're really paranoid, which you should be)

    -Used the same password for the guild website you joined. (idiot, use different passwords everywhere!)

     

    I know, there are dozens of other reasons, but these are the most common. Xfire, MSN and Steam are also popular outlets for people with malicious intents to get your shit.

  • kwaikwai frederikshavnPosts: 830Member

    Originally posted by Mercantor

    Basically, to get "hacked" in an MMO you yourself are to blame and should follow the "idiot checklist."

     

    You have:

    -Registered on a "fansite" or Rift related non-Trion website with the same account info as you log in to the game with. (idiot)

    -Downloaded a 3rd party Rift related program from a non-trusted source. For example, guild-made DPS parsers and such. (idiot)

    -Ever bought gold from any gold selling service for any game (idiot)

    -Someone knows both your character's name and server and real life identity. (not so idiotic, but it does happen that trust is misplaced.)

    -Transmitted or received data from any web server hosted to fish your account info, like in step 1. (can't be helped sometimes except if you're really paranoid, which you should be)

    -Used the same password for the guild website you joined. (idiot, use different passwords everywhere!)

     

    I know, there are dozens of other reasons, but these are the most common. Xfire, MSN and Steam are also popular outlets for people with malicious intents to get your shit.

     

    Those are decent rules of a thumb to follow, but sometimes its also the company ( Trion ) who has some fuckedup security problems, because i know people that are just as paranoid as me kinda when it comes to encrypting their internet traffic and what not, i dont use the same username / password or email for alot of my accounts.

     

    hell all my 4 eve online accounts have 4 different passwords, account names that dont mean jackshit except to my self , ofc they have never been compromised , and neither have my Rift.............yet, and lets hope it stays that way.

  • CantorageCantorage BodøPosts: 186Member

    I play Rift as of now, and although I don't think anyone will run into problems unless accidentally compromising themselves, Trion's security could be better. They used to have an Account name/ e-mail/ password system, but a few months ago removed the account name - now you log in using your e-mail. So as it stands, all someone needs to do to figure out your log in is to find out your password (if they know your e-mail)

     

    And to be honest, just a password isn't good enough, as any password can be cracked, especially someone who knows a bit about you.

     

    2 people in my guild got hacked so far, both of whom bought gold on WoW in the past. (And were hacked in WoW as well) - I just don't understand that level of stupidity, but oh well. Trion have been really good at restoring characters though with roll backs. I've seen many people get their stuff back from CSR's within 45 minutes of filing a ticket.

  • lekizlekiz Omaha, NEPosts: 171Member

    Yeah, too bad you can't use special characters in your password. It would help.

  • erictlewiserictlewis Cottondale, ALPosts: 3,026Member Uncommon

    Back during beta before beta 6 we could use special characters.  During beta 6 trion backed down whatever kind of authentication system they were using and it would not recognize special characters.  I was locked out of m account at that point as In order to change my password i needed to key in the original one.  That was a pain.  After trying to resolve that with their customer service I decided that was enough.

    I'm just saying they did have a stronger authentication system. 

  • KalimniKalimni Klamath Falls, ORPosts: 69Member

    After talking with some guildies that play, and looking at the posts on the forums, it looks like the common denominator is the Zam website. Most people are of the opinion that there is a keylogger or some such imbeded into an add on the site. IIRC, curse had a similar problem a few years ago.

     

    And FYI, all the poeple I know that have been hacked have used all the usual tools to check for viruses and such and are coming up empty. One of our resident tech guys thinks the bug is keyed to the rift patcher, copies and sends your info, and then deletes it self.

  • mindspatmindspat seattle, WAPosts: 1,367Member
    Originally posted by Kalimni

    After talking with some guildies that play, and looking at the posts on the forums, it looks like the common denominator is the Zam website. Most people are of the opinion that there is a keylogger or some such imbeded into an add on the site. IIRC, curse had a similar problem a few years ago.
     
    And FYI, all the poeple I know that have been hacked have used all the usual tools to check for viruses and such and are coming up empty. One of our resident tech guys thinks the bug is keyed to the rift patcher, copies and sends your info, and then deletes it self.

     

    It's sounding like the culprit. I use an alpha/numeric password of 12 digits including special characters and have NEVER done anything questionable yet my account was also "hacked" over the weekend. The *only* thing I had done, out of a check list of possiilities, was visit the website that was housing the character builder, think it's the Zam website; visited once about 2 weeks ago. Some people in my guild (all over 25 years of age and most commonly in their 30's and 40's) said they hadn't even gone to the Zam website and still had their accounts compromised.
  • regentwillregentwill Roseville, CAPosts: 14Member

    [quote]

    You have:

    -Registered on a "fansite" or Rift related non-Trion website with the same account info as you log in to the game with. (idiot)

    -Downloaded a 3rd party Rift related program from a non-trusted source. For example, guild-made DPS parsers and such. (idiot)

    -Ever bought gold from any gold selling service for any game (idiot)

    -Someone knows both your character's name and server and real life identity. (not so idiotic, but it does happen that trust is misplaced.)

    -Transmitted or received data from any web server hosted to fish your account info, like in step 1. (can't be helped sometimes except if you're really paranoid, which you should be)

    -Used the same password for the guild website you joined. (idiot, use different passwords everywhere!) [/quote]

     

    While these will help, saying the only way to get hacked is if you are an idiot is a blanket statement. It's simply not true.

    It's not always the players fault. Giving away your information does make it your fault, that much I can agree with. However, I played World of Warcraft for almost six years authenticator free and I was never hacked. Not once. I only bought an authenticator for the Core hound and figured I might as well use it in the last few months.

    Some time earlier this week on Rift I was hacked. After, what? Two weeks?

    Let me tell you, my WoW character is a far better choice for hacking. But I was careful, I didn't do any of those previous things you mentioned. I bought a physical copy, never from online retailers or digital downloads.

    I thinki it is safe to assume there is a problem. I understand they are working on it, and I appreciate it, but I do not appreciate being called an idiot.

  • rhinokrhinok Anonymous, UTPosts: 1,798Member

    Originally posted by Mercantor

    Basically, to get "hacked" in an MMO you yourself are to blame and should follow the "idiot checklist."

     

    You have:

    -Registered on a "fansite" or Rift related non-Trion website with the same account info as you log in to the game with. (idiot)

    -Downloaded a 3rd party Rift related program from a non-trusted source. For example, guild-made DPS parsers and such. (idiot)

    -Ever bought gold from any gold selling service for any game (idiot)

    -Someone knows both your character's name and server and real life identity. (not so idiotic, but it does happen that trust is misplaced.)

    -Transmitted or received data from any web server hosted to fish your account info, like in step 1. (can't be helped sometimes except if you're really paranoid, which you should be)

    -Used the same password for the guild website you joined. (idiot, use different passwords everywhere!)

     

    I know, there are dozens of other reasons, but these are the most common. Xfire, MSN and Steam are also popular outlets for people with malicious intents to get your shit.

    While there are many ways a player can get "hacked" through his or her own fault, there are also ways that really aren't the player's fault.  As an example, digital photo frames that came with game stealing trojans installed (http://www.engadget.com/2008/02/15/insignia-photo-frame-virus-much-nastier-than-originally-thought/)

    So, yes, players should be smart about securing their accounts, but it ain't always their fault.

    ~Ripper

  • BarbarbarBarbarbar Posts: 263Member Uncommon

    Originally posted by Feble

     


    Anyone else got shafted?  Went on to play and I was naked as a jay bird.  I am baffled on how.  I never received any personal mail from Trion that might have not been theirs and the fake in-game emails i always clicked on the email icon "report spam."  I my personal opinion on this is that World of Warcraft went through some ruff times on this crap and came out successful with the authenticating device.  My questions to you readers is this- Wouldn't you think from the past experiences of the other MMOs that Trion would had at least came out with a built in authentication thing?  I am sure its not to far away it Trion respects us as a value players. 

    What you are doing here is basically telling everyone that you use the same password to your game as you do to some RIFT oriented forum.

    Next time don't do this, and you won't go around being baffled by other peoples abuse of your naivity.

  • BarbarbarBarbarbar Posts: 263Member Uncommon

    Originally posted by Kalimni

    After talking with some guildies that play, and looking at the posts on the forums, it looks like the common denominator is the Zam website. Most people are of the opinion that there is a keylogger or some such imbeded into an add on the site. IIRC, curse had a similar problem a few years ago.

     

    And FYI, all the poeple I know that have been hacked have used all the usual tools to check for viruses and such and are coming up empty. One of our resident tech guys thinks the bug is keyed to the rift patcher, copies and sends your info, and then deletes it self.

    You don't get it, they don't hack you, they hack the forum site. They gain access, and copy the whole userbase, the users email and their passwords to the forum. They leave without doing harm and forum admins prolly never knew they were there. Then they try and lock into RIFT with this information.

     

    And all the people who use the same password for both forum and game will find their account stolen.

     

    The least you have to do is make a special game password you use, even if it's just something simple like repeating the forum password twice, or adding 123 even.

  • Loke666Loke666 MalmöPosts: 17,949Member Uncommon

    Originally posted by Feble

     


    Anyone else got shafted?  Went on to play and I was naked as a jay bird.  I am baffled on how.  I never received any personal mail from Trion that might have not been theirs and the fake in-game emails i always clicked on the email icon "report spam."  I my personal opinion on this is that World of Warcraft went through some ruff times on this crap and came out successful with the authenticating device.  My questions to you readers is this- Wouldn't you think from the past experiences of the other MMOs that Trion would had at least came out with a built in authentication thing?  I am sure its not to far away it Trion respects us as a value players. 

    Wow, that is fast. Usually it takes months after release before they start hijacking accounts.

    My guess is that you have a keylogger or similar malware on your computer. 

  • Binny45Binny45 St John''s, NFPosts: 478Member Uncommon

    Yeah, I wouldn't be too hard on people getting their accounts hacked.

    I can't speak for RIFT, but NCSoft (Aion) was BRUTAL!

    I hadn't bought Aion, but I did beta test it.  Didn't like it and simply didn't log in.  Three months later I get a string of emails telling me that my account password has been changed, that I've suddenly bought Aion and that I've subscribed for six months.....ON MY CREDIT CARD INFO!!!! (I had paid and played Tabula Rasa, gotta love those general accounts).

    Luckily for me, the arsehole who got into my account, I had since changed credit cards, so their purchases would be no good.  I contacted NCSoft, letting them know that I was not impressed with their security measures and that I wanted the account shut down IMMEDIATELY.

    It took a month to do so.  I had to go back and forth many times, and finally ended up threatening to sue them for not protecting my personal information before they finally shut the account down.

    I was lucky, I'm sure there are others that are not.  PayPal should be the MMO standard, at least it's a third party that can protect your interests.

    As far as account security goes for your characters, I'd give Trion a chance.  I mean ANY game can be hacked.  Sometimes it's a simple glitch, sometimes it's a coordinated heavy handed black hat effort.  The former is easy to keep out, the later really, REALLY takes work.  It would behoove the MMO community to work together to come up with a central resource that could regulate said activity. I'm quite confident that the people that are hacking RIFT accounts are the same ones hacking Aion and other games as well.  I think the industry owes it to the players, their lifeblood, to protect their investment and personal information.

    image

  • Loke666Loke666 MalmöPosts: 17,949Member Uncommon

    Originally posted by Binny45

    As far as account security goes for your characters, I'd give Trion a chance.  I mean ANY game can be hacked.  Sometimes it's a simple glitch, sometimes it's a coordinated heavy handed black hat effort.  The former is easy to keep out, the later really, REALLY takes work.  It would behoove the MMO community to work together to come up with a central resource that could regulate said activity. I'm quite confident that the people that are hacking RIFT accounts are the same ones hacking Aion and other games as well.  I think the industry owes it to the players, their lifeblood, to protect their investment and personal information.

    Agreed. And it is far from unlikely that it actually is something on your own computer behind it (well, not in your case since you hadn't logged in but it often is).

    Even Guildwars got a few accounts hacked before ANET heard of it and added that you now must name one of your characters as well. It seemd to have worked, I have not heard anyone having problem since then.

    And all this is BTW the fault of people who buy gold online. You (the people who buy gold, not Binny ;) are the reason they do this, they steal peoples accounts and sell their stuff to you. Never buy gold.

  • WalterWhiteWalterWhite CardiffPosts: 394Member Uncommon

    I was in RIFT beta and never bought the game but I am getting 'buy gold in Rift' e-mails which is odd considering the only website I ever used for RIFT was Trion's and never bought gold as I only played beta.

    As for sites like Allakhazam ect, I never use those either so the only place these people could have got my e-mail from was Trion.

    image

  • MatheodamonMatheodamon dwewrwfe4wq, KSPosts: 26Member

    I wanna play this game... It was highest rank on the site... it's my first time here.. :D

    Hope I can find the game as my type .. and hopes that the community is good also... 

  • RumplyRumply Here, VAPosts: 1Member

    Here's the issue, and what makes me think that the Rift hack is internal, or at least related to Trion itself.

     

    When we created our rift accounts, I created a brand new email account for my wife. I created a 13 digit password for her for her email as well as a different one for her game account to use that wasn't a dictionary word, had never been used before, and didn't spell anything in l33t. The email address hasn't been used anywhere else... just to register for Trion, play a bit in Beta and into head start.

    We played, no problem. Last thursday, I put together a brand new computer... fresh OS, fresh HD... she logged in we both marvelled at Rift with a decent card... then she started playing Dragon Age 2.

    She logged in last night for the first time since then to find every character she had stripped naked and 2 silver to her account. The hack happened sometime between that thursday and now. Her account was hacked, mine (which I also logged into from her computer) was not.

    Her information was completely isolated to Trion. Email... Password... everything. So to get that information... to even know the email address to log in to would require getting the information either from my ISP, or from Trion's server. So what is more likely here... Trion leaked the information either through an inside person or through being hacked/exploited, or someone intent on getting money to sell on Rift hacked Verizon, got all our email addresses... cycled through till one was a legit login, then started banging away till they got the password right... 13 digits alpha/numeric/special.

    Trion got hacked... and lets just hope they know how and aren't just stabbing in the dark.

     

    Oh yes... as to Trion's responce... they are saying after an investigation, they will either give her money that was taken or just roll her account back to before it was hacked. Depending on how often they backup, in her case it may mean they can reasonably return her acocunt to a point just prior to the hack. So... assumingly weekly backups, if not nightly backups, she shouldn't lose too much.

  • AmanaAmana New York, NYPosts: 2,538Moderator Uncommon

    There is a stickied thread at the top for these discussions and other open threads on the subject. We'd like to keep information centralized and not spread out over many threads.

    To give feedback on moderation, contact community@mmorpg.com

This discussion has been closed.