Hacked Accounts

"

Selanmer wrote:

Wont be strong enough. It's not just about the length. It's much easier to crack a password that has only letters.. or worse.. real words.

if you use 4 randomly! selected word from a big word list
(in english there are lists with 50000-100000 words easily available on some systems already pre installed)
50000^4 = 6250000000000000000 possible combinations
i assume a password you can type can contain something like 80 different chars
80^9 = 134217728000000000 possible combinations
9 randomly! selected characters are ~200 times worse than 4 randomly! selected words (out of a 50000 word list)
but i have to admit i don't know many people that choose random passwords

hacks like last.fm and other created a huge database of frequently used replacement patterns (a -> 4,... ), word combination (name_number_service) and other "tricks"
for me that lead to the 2 conclusions:
1) create random passwords no "it looks random"-passwords
2) length=security if 1) is used

Passwords are irrelevant to getting your account hacked.

The main reason why your accounts get hacked is because someone already knew your game accounts email address.

You change your games email address to something new, tough and unique, and NEVER use this email address for any other site or write it anywhere on the internet and you are guaranteed to never get hacked.

So simple, so true, yet no one will bother doing it and continue blaming GGG when their game account gets hacked when its using a 10-15 year old email adress that's already been used on hundreds of websites.

Also try making email accounts / passwords with foreign words, caps, numbers, symbols. Even try combining words from different languages that you can remember.

Also try adding strings of random memorable numbers. One easy way to do this is by using PC component chip names, e.g. I73770K somewhere within your password with your two memorable words.


E.g. Password - I7.HerpyDerpy-3770-paSSw0rd.k

If I hadn't written that pssword here, I could have actually used it on something and never ever gotten hacked.

"

bhavv wrote:

So simple, so true, yet no one will bother doing it and continue blaming GGG when their game account gets hacked when its using a 10-15 year old email adress that's already been used on hundreds of websites.

Since I suspect that's a shot at me, particularly given the age of the email listed there, I'm going to ask you a simple question.

Do you honestly believe gaming companies, (you know; the ones with the ToA and ToS that say they won't sell your information to 3rd parties), are out there selling my email to chinese farming sites? Realistically, is that's what's happening there? Or maybe the one site I signed up with it, zoosk or whatever it was, for the f2p, they sold it, even though their ToA also says they won't sell your information?


You understand what I meant by "only for gaming" right? I have multiple emails. One for spam, with no forwarding. One for gaming, with forwarding. And one for family/friends, that receives forwarding.


Naturally, I'm doubting anyone sold my information to a 3rd party that just happened to figure out it was used on this game. That good sir, is quite a stretch. As a matter of fact, let's say Sony, Bioware, Blizard, Steam, or any other large company decided to sell my information to a 3rd party site; they just happen to not only check it on this game, but also correctly guess the password and log on using an IP that's from Topeka Ks to get around the lockout associated with using a different IP?

Give me a break. There's some truths not being told here.

"

bhavv wrote:

[...]you are guaranteed to never get hacked.[...] never ever gotten hacked.

Kinda proves you don't know much about security, thanks for playing. It's not a matter of if, it's a matter of when. you are NEVER guaranteed anything if you are plugged into the internet, or have any outside contact (USB drives / CD-roms / ect) to another computer.

"

steven_mcburn wrote:

"

bhavv wrote:

So simple, so true, yet no one will bother doing it and continue blaming GGG when their game account gets hacked when its using a 10-15 year old email adress that's already been used on hundreds of websites.

Since I suspect that's a shot at me, particularly given the age of the email listed there, I'm going to ask you a simple question.

Do you honestly believe gaming companies, (you know; the ones with the ToA and ToS that say they won't sell your information to 3rd parties), are out there selling my email to chinese farming sites? Realistically, is that's what's happening there? Or maybe the one site I signed up with it, zoosk or whatever it was, for the f2p, they sold it, even though their ToA also says they won't sell your information?


You understand what I meant by "only for gaming" right? I have multiple emails. One for spam, with no forwarding. One for gaming, with forwarding. And one for family/friends, that receives forwarding.


Naturally, I'm doubting anyone sold my information to a 3rd party that just happened to figure out it was used on this game. That good sir, is quite a stretch. As a matter of fact, let's say Sony, Bioware, Blizard, Steam, or any other large company decided to sell my information to a 3rd party site; they just happen to not only check it on this game, but also correctly guess the password and log on using an IP that's from Topeka Ks to get around the lockout associated with using a different IP?

Give me a break. There's some truths not being told here.

No I don't believe at all that the companies are selling your email addresses because I've never had a single spam mail nor any of my gaming email addresses compromised.

"

TheHeffNerr_ wrote:

"

bhavv wrote:

[...]you are guaranteed to never get hacked.[...] never ever gotten hacked.

Kinda proves you don't know much about security, thanks for playing. It's not a matter of if, it's a matter of when. you are NEVER guaranteed anything if you are plugged into the internet, or have any outside contact (USB drives / CD-roms / ect) to another computer.

Did I also need to mention the obvious that you don't visit dodgy sites, don't click on phising links, don't provide your details anywhere online etc etc?

The fact that I've never been hacked depite using the internet almost everyday says that I know enough about internet security.

I don't see how they could access an email that I haven't had access to in over a year, like I said, it's 15 complete random numbers/letters that just forwards emails to my real email. I never enter a password for my real email, it's accessed through my phone. Unless verizon is giving that data out I'm not sure how careless you guys think I am :-/


I understand I'm to blame for not changing my password after I unlocked it, I forgot. That most likely would've solved the whole thing. But it doesn't change my suspicions that after 15 years all of the sudden my email is floating around some third party site after signing up for your game. I don't mean to be offensive or anything, it just smells ultra fishy to me. I don't want to call you a liar or something, you've just got to understand that I've been doing what I've been doing a really long time and I've never had a single issue like this come up before.

And as far as I know, using a hidden partition D:\ for a second boot of windows and only running the game there means I wasn't keylogged. I'm not a programmer by any means, but unless they've become extraordinarily complex I don't see how that's happening. (Not to mention SB S&D, AVG, CC Cleaner, all run as scheduled tasks at 3, 4, and 5 am respectively. And if that windows isn't booted up during that time, I'll run them when I log on and do errands.)

I get it, it was most likely 100% my fault, and maybe they got my email when Sony got hacked awhile back, but it just seems pretty fishy to me as someone who's been this careful for this long to suddenly lose time to something so trivial.


At least you guys are doing a gaming model that I agree with, and maybe when time passes and I forgot how stupidly lame it is to lose a hundred or so hours of work I'll come back and remake a character or something. But still, as someone who was saving and rarely using currency (spent a load I suppose to craft my claw/chest piece), all I can say is use it as often as possible because this clearly isn't limited to just people who are using obvious scams.

my password was pretty simple before but all these posts are scaring me and my password is now over 35 characters long.

I think a better unlock feature than email would be a code text to your mobile phone to unlock the account (which could also act as your new temporary password). This will help people whose email is also compromised. Better yet, a mobile authenticator app similar to battle.net's, I would gladly donate/pay for one.

The main issue I see with account locks being only based by IP is that hackers can spoof their IP address to make it look like they are logging in from the same city as you are. I think that is the next step for all the hackers over in China, maybe they are already working on doing that. Is GGG able to detect spoofed location IPs?

I am not exactly sure how Steam's system works but Steam locks your account simply if you log on from a different computer (which could be in the same city) with a message like "We do not recognize the computer you are logging in from, a verification code has been emailed to you." and that computer gets added to the trusted computer list. Does the current protection in place prevent other people from the 'same city' from logging in?

"

steven_mcburn wrote:

%

as i'm quite sorry this happened to you this gives a perfect example of how careless people got due to their actions. This goes to all people now.
Blizzard has made it a standard that you don't have to "fear" any consequences when you fail in account security. that's why so many here cry for restoration of their items.
Even with the new messures in place people are stupid (sorry but i have no other word for it) enough to get hacked 'cause they just don't care or are so self confident they realy think they are the master of internet security.
As they think this way it is perfectly clear for them they are not to blame but the company is and they come up with ridiculous suggestions what could have happend on the companys side and even try to convince others to help support their bullshit.

As it seems natural for todays society always the "others" are to blame. And this may even fit for some retard companys/sites that still store passwords in plain text.
But GGG did a real great job on talking to their players and informing whats going on. They have been honest all time long since i play and before (as i read).

So please don't come here and talk shit how secure your PC is and how super safe your password is and how unique (i wonder what people think this word means) it is and what not.
For some this might even be true but then you just got phished and this means you haven't even noticed! Those sites/e-mails realy improved over the last years so to be 100% sure you have to actualy type that adress and not click links!

The problem is that you need to login everywhere nowadays even win8 requires you to create an microsoft account to get the full usability out of it and i see there is no way some1 could remember 10+ e-mail adresses plus even more passwords for games, social networks, forums, etc.

There are so many ways your infos could have been stolen there is no way for you to even tell how it happened (other than its obvious).

And that all is exactly why i support GGGs idea of not restoring any lost items! People need to be made aware again that it is bad to lose ones information and that it has consequences!