GridStream Productions

[Regidoc]

I'm sure a lot of you have noticed as of late a lot of high end players accounts that had been accessed in some illegal way and their stuff taken, deleted and various other things. Mine was one of those accounts. It doesn't take much for people to try and get into your account. Not every hacker uses some application or uses viruses and trojans to get your information. Some just sit there for a bit and try different combinations of things to try and gain access. Seems mine was a little too easy to guess. So I've changed it. Please people, with this sudden flash of people trying to guess people's usernames and passwords, try to make them as complicated as possible. I don't know why these people do this crap. Luckily for me, all this person did was delete my nodrops, mind you they were my harder to get nodrops so that's what makes me thing this was a personal attack, and give my stuff away to people. I've got a lot of it back so far, but there's still a bunch I haven't gotten yet. My post is on Life on Atlantean for people that wish to read it. The support I've gotten from the AO community for this tragedy is awesome, with people offering to help me get my stuff back offering me items and credits to make up for what I've lost.

[Ashval]

A very wise head's up. Thanks, Regi!

[Tarryk]

Ouch, indeed a good heads-up, that's nasty business.

Thank you, Regidoc.

[Innari]

After more recent events, I am encouraging EVERYONE to change your passwords. A regular password change is healthy. And as of late, now would be a good time.

[Decavolt]

An added note: changing your password from "kitten" to "puppy" is freakin pointless. Please, for the love of all that is unholy, use strong passwords. This stuff should be common knowledge but it isn't, and 80% of you have weak-as-hell passwords.

For example, never ever EVER (ever) use single plain-english words. You're begging to be hacked.

- Use special characters, mixed case and numbers.
- Use multiple words or word parts
- Use non-english words
- Use random letter combinations

Bad: monkey
Bad: monkey1
Bad: your birthday
Bad: your pet's name
...you get the idea.

Good: m0nk3yF@c3
Good: bestia47oris
Good: tR5fiU90

And don't cry about them being hard to remember. Once you use a new password 4 or 5 times, it'll be a snap.
You should change your passwords, especially on anything even remotely financially sensitive, once every month at the very least. You may think that's excessive until the first time your account gets hijacked.

[Vallikat]

All good advice. I have this one really bad password habit in that I choose my passwords systematically. I think I've just been convinced to break that habit. Of course in my case the most a theif would come away with is a really tasty muffin. But still!!

Sorry this happened to you, Regi.

[Regidoc]

another update on this...the guy hacked my account again, disbanded VE, took all my stuff, used all my RPs and used most of my IP in stuff like map nav which can't be reset. So, it looks like I'm fucked Not sure what I'm going to do now if FC can't do anything....I've never ever thought about leaving AO but this is strong incentive.

[Tarryk]

JEEZus, he did it TWICE? How the hell...?

I'm sorry to hear this, Regi.

It sounds like you've got a password trojan or something!

[Jactin]

I'd like to add a nice little tip to the password changing thing.

NEVER EVER store your password!!! That tempting little check box that says "Save password" on your client is an absolute buffet to the people with the right knowledge about how to steal them. You may want convenience, but security is far more important.

[Regidoc]

JEEZus, he did it TWICE? How the hell...?

I'm sorry to hear this, Regi.

It sounds like you've got a password trojan or something!

Before this had all started, I went on the anarchy account login page sometime last week. I really don't want to think of it like this way but if this person got my information from there and FC isn't going to do anything about it because it's on their side and not mine, I AM going to leave. The first time wasn't that bad, seems like the guy just went in and left his signiture to say he was there. I chalked it up as a learning experience, changed my password and proceeded to get all my stuff back. Then I see all this stuff on my org bot and the forums, try to log in (he changed my password to vincevega), did a password request, logged in and saw what happened. Because of everything this asshole did, I don't know what I'm going to do now if FC can't restore my character or something. They SHOULD have a backup from 24 hours ago. maybe I can delete and they restore that backup or something.

[Ceryn]

First off, I am sorry to hear about what is going on, however, this problem does seem to be generating a lot of hate towards Funcom in general, over incidents that they do not have control over.

The second incident of 'hacking' that resulted in VE being disbanded (a great loss and one that I hope will be fixed quickly) did occur at the time of day when there are few to no GM's avaliable that are able to deal with this incident, as I believe a number of people were told last night, Funcom would be looking into this as soon as they got into the office in the morning. There is not much that they can do from home.

The more I read about what has been happening, the more I am wondering, if it was somebody using brute-force cracking techniques, these attempts would have been much more sporadic, and in your case Regi, the chances of somebody being able to do that twice in a matter of days, are as close to zero as you can possibly get. What it does sound more like, is that there is a leak, at one end or another. You will find, ultimately, that the balance of probability will lead to the leak being soemthing on your own computer, and less likely to be Funcom's end. I am not trying to say that you did anything wrong, it is just plain probability. Password security is only as good as the security of the data connection that is transmitting the passwords, now, I am assuming that like most half-decent systems, your password is never transmitted to the login servers, but is compared with the remote copy based on a nice little crypt function. So, the most likely thing, is a keylogger, I notice from the main player forums that you say that you never saved your password, but type it in each time.. has this always been the case? I am sure that funcom will be able to help, just give them time to trace what has been happening, after all, this is a legal matter now also.

My recommendations. Make sure you do a thorough virus scan, spyware scans, everything.. make sure that you check all running programs, services, just to be sure that there isn't something there that shouldn't be.

[Tarryk]

I just received word from Funcom after making an official inquiry.

Officially: AO account passwords and systems with password storage have never been comprimised in any manner whatsoever.

So for those worried that this was on Funcom's side, rest assured that it was not. This was a case of a password being discovered in another manner.

It again it comes with the fair warning that everyone should ALWAYS use high-security passwords, scan regularly for viruses & trojans, work behind a decent security (software firewalls are a good thing), and never EVER share your password or let it be known to anyone for any reason.

Obviously I'm not saying Regidoc did or didn't do any of these things, I'm just saying: if anyone out there currently neglects any of these things, it's never too late to start raising that bar of personal security.

Good luck in getting your account in order, Regi.

[Regidoc]

guess I'll have to do the whole scanning thing later when I get home. thing is, if the scan doesn't know what to look for, it won't look for it...I'll try Nex's link in that thread about Suue as well. hopefully I can get this all straighted out but as it is now, I can't trust me pay account and I may end up having to delete it....as a little bit of added security, I'm going to try and change my password on another computer then just never log in until I finish stuff on my computer

[Myz_Lilith]

Don't know if it's connected, but people on a selling site I'm a member of were reporting lots of problems with eBay accounts being hacked a couple of months back. There was confusion then as well as to whether the problem could be at eBay's end.

In a similar case, people who had had their accounts hacked once were recovering them only to have them hacked again, and as far as I recall it did indeed turn out to be a keystroke logging trojan. Meaning as soon as they typed in their nice new password, the hacker already knew it.

What someone suggested there was that if you think this might be happening to you, as well as doing all the sensible stuff like updating virus definitions, running full system scans on both virus and spyware checkers etc, was to reset your password using the following method: Go to a website, and select a completely unrelated word on there at random (so if you're going to the funcom website, don't pick the word "funcom") and copy and paste it into the reset password box. That way you can change the password without any keystrokes to give it away. You could even copy 2 or 3 letters or numbers from different sites to make up a more secure combo.

I don't know if you techie types can see any obvious flaws with this, but to me it seemed a pretty logical way to reset a password if think you might be at risk of that sort of trojan.

[dpalpha]

Hopefully this website can help you on getting rid of malware; http://wiki.castlecops.com/Malware_Remo ... :_Overview

[Vallikat]

If it is a keylogger, here is a program that will help you determine that:

http://dewasoft.com/privacy/kldetector.htm

[Regidoc]

i never thought of this at the time but it does seem relevent now. Yesterday, not sure on time as I wasn't exactly watching that, I found all my forum stuff logged out. Meaning, I had to log in to see some of the pages that I usually just have to go to and I'm auto-logged in. This means that this person also has my forum account passwords as well, which i will also have to change. That includes yahoo, here at GSP, VE forums, AO forums, forums for the alliance I'm a member of. Luckily the only time I've been to my banking web site to check my balances was here at work in the last few days so they don't have that information. If this person is using a keylogger to record my keystrokes like people are saying, then this person will be logging onto various forums and saying things that I usually would not say. I'm also the admin on 2 forums and a moderator for the doctor profession boards. if someone could contact someone on the AO forums like Silli or someone to get my moderator privileges revoked until I get my passwords changed (internet restrictions here so I can't even view most websites) I would appreciate it.

[Vallikat]

Regi, this really sounds like a personal attack. I hope you have some legal recourse and I hope that the individual responsible for this is prosecuted. I can't do much else to help, but I am in a position to comply with your last request. Consider it done.

[Regidoc]

one problem I have right now though is that I can't change my yahoo password here at work so if the person has that one and does a password request for all of these changes....he can just get them again. Stupid net restrictions at work.

[Myz_Lilith]

Is there anyone you can (temporarily) trust with your Yahoo password that you could email\text with your Yahoo login details, and ask them to go in and secure it for you?