|
|||||||
| Notices |
 |
| Thread Tools |
03-17-2008, 08:02 PM
|
#1 |
|
Steam-monkey
Join Date: Jul 2007
Location: Ak'Anon
Posts: 1,007
|
Account theft isn't isolated only to those who choose to trade or share their station accounts. (which is ignoring the EULA!) As the internet and online gaming population grows, so does the cesspool of scammers. There are a variety of ways in which people will attempt to gain access to your account, and the list grows everyday. Fear not, there are simple tips to ensure that your account is protected. Keep in mind these worn-out (but useful!) words of wisdom: Sharing your account information is never a good idea.Gamers have heard the advice before, yet a lot of people still opt to share their account information with close friends. Having a guildmate complete a quest for you while you're sleeping may seem mostly harmless, but bad things can happen. While it doesn't always end in catastrophe, you could log back in with a new last name like "Lovetrollslongtime" or something slightly worse which might result in a banning. It's not always obvious, malicious attacks that cause good accounts to go bad! I'm sure we've all heard the fateful stories of guildbanks emptied and outfit members booted. Sadly, this is often a direct result of sharing account information. Not only do you run the risk of virtual strangers reeking havoc on all you've worked hard for, but you make it difficult for SOE's customer service staff to investigate and resolve issues.  What is a phishing site? Simply, it's usually a website created to mimic a well-known or frequently used site in an attempt to fraudulently gain sensitive account information. Gaming communities have been targeted in the past via email, spamming a link that takes the reader to a site that, upon first glance, appears to be legit. The imposter site may offer in-game items for completing surveys, or pose as a game representative, warning that your account is in limbo. Here at SOE we do not offer enticing ways to earn in-game money through email. We prefer the old fashioned way of logging in, killing mobs, completing quests, etc. Be extremely cautious when exposed to external sites through email, claiming to be affiliated with Sony Online. You will only be prompted to enter your password when logging into an SOE game, or when visiting an official Station site. 
If you find yourself a victim, not all is lost! CSR's may be able to offer a one-time only "character restoration." But first you must recover your account (details on doing this can be found here.) SOE strives to maintain an exciting and safe gaming environment. To make things more enjoyable for everyone, we offer basic advice on how to keep your account secure. Time Honored Tips:
Keep your credit card information safe too. Here is a handy place to get some good tips. |
|
|
|
03-18-2008, 12:57 AM
|
#2 |
|
Server: Venekor
Guild: Voices Within
Rank: Known Alts
Loremaster
Join Date: Jun 2006
Posts: 4
|
My girl friend has just had her account robbed - All gear deleted and coin gone. She has never shared account information with anyone. Also password in the Abc_123 format.It seems that we need to remove all personal information from our accounts to be safe, including Names, home address, credit card information. I see this as a huge security issue in the soe account security department.
|
|
|
|
|
03-18-2008, 01:08 AM
|
#3 |
|
Server: Venekor
Guild: Dark Vengeance
Rank: Member
Loremaster
Join Date: Oct 2006
Location: Connecticut
Posts: 4,262
|
Evilan@Venekor wrote:
My girl friend has just had her account robbed - All gear deleted and coin gone. She has never shared account information with anyone.There are two sides to every story. 90% of the "My account was hacked" stories always end in "Oops.."Sorry, not to say that your girlfriend isn't that small 10%.. but odds are at some point she compromised her account. Whenever somebody says they were hacked there is usually something more that they aren't sharing.Remember, don't use the same login info on 3rd part sites that you use for your login for your account. That is where most non-authorized access occurs.Hope your girlfriend gets it sorted out, but there are no "super hackers" out there that can just guess logins and passwords without hijacking an email account first. And, if that's the case, then the login and/or password on the email account was compromised, not the station account. |
|
|
|
|
03-18-2008, 04:23 PM
|
#4 |
|
Loremaster
Join Date: Nov 2004
Posts: 1,471
|
Spyderbite@Venekor wrote:
Evilan@Venekor wrote:My girl friend has just had her account robbed - All gear deleted and coin gone. She has never shared account information with anyone.There are two sides to every story. 90% of the "My account was hacked" stories always end in "Oops.."Sorry, not to say that your girlfriend isn't that small 10%.. but odds are at some point she compromised her account. Whenever somebody says they were hacked there is usually something more that they aren't sharing.Remember, don't use the same login info on 3rd part sites that you use for your login for your account. That is where most non-authorized access occurs.Hope your girlfriend gets it sorted out, but there are no "super hackers" out there that can just guess logins and passwords without hijacking an email account first. And, if that's the case, then the login and/or password on the email account was compromised, not the station account. 90% huh?
__________________
|
|
|
|
|
03-18-2008, 05:18 PM
|
#5 |
|
Server: Unrest
Guild: Curmudgeons
Rank: Senior Officer
Loremaster
Join Date: Jan 2007
Posts: 3,710
|
Spyderbite@Venekor wrote:
Evilan@Venekor wrote:There has been an extremely large increase in compromised accounts. This post tells me it is as bad as it seemed to be. At this point my best guess is actually a problem at SoE that they will never admit too. Most likely having to do with LoN ... ok that is just because I hate LoNMy girl friend has just had her account robbed - All gear deleted and coin gone. She has never shared account information with anyone.There are two sides to every story. 90% of the "My account was hacked" stories always end in "Oops.."Sorry, not to say that your girlfriend isn't that small 10%.. but odds are at some point she compromised her account. Whenever somebody says they were hacked there is usually something more that they aren't sharing.Remember, don't use the same login info on 3rd part sites that you use for your login for your account. That is where most non-authorized access occurs.  .. The 3rd party thing is extremely good advice that I hope everyone already knows but I am sure most dont. However some people that have had their accounts compromised were using strong unique passwords so I doubt this was the case.
|
|
|
|
|
03-19-2008, 02:08 AM
|
#6 |
|
Loremaster
Join Date: Mar 2006
Posts: 247
|
So, proly posting in wrong thread or what not, but my question is this: Today, a wife's guildmate went LD...only to log back in a few minutes later (they were in VP). Only, heres the catch...the PLAYER gets on vent and says, "It isnt me"....Thats right, HACKED. The imposter took one look around at the assembled raid and high tailed it - straight to QH and began selling everything off. So, the /petition went out...and the GM responds that theres nothing they can do. Now, the whole guild is following this guy around watching him slowly get to the point of being naked. Then, a guildie goes to the house, sure enuff here comes mister jerkface...cleans it out. Finally, after several trips from bank to vendor...he logs... *whew* And logs in his alt, and the process starts over. I mean, what the heck....i am sure a GM coulda /boot or /make dead permanently. But to watch this happen with a whole guild following the guy around...very sad I assume after much hand wringing, and apologies that "they will look into the problem" he will get his stuff back...eventually. What kind of customer service is this exactly? signed, Confused |
|
|
|
|
03-19-2008, 02:55 AM
|
#7 |
|
Loremaster
Join Date: Dec 2004
Location: Los angeles
Posts: 103
|
Had this happen to our guild leader tongiht, We got lucky in it was a rarly used account that had the password changed fist and he got the email for it, He gave his cash on the toon he was playing and the other guild leaders kicked him to prevent the guild bank from being sold off and taken. We watched as each toon got logged in stripped of everything he had and sold. The WW channels all kind of blew up at the same time with this happening and it happend about 5 mins after CS closed for the night so you cant call them and the GMs cant do anything. We all got to stand around and watch this guy clean out the toons and nothing that could be done about it. What bothers me is with the reports of this happening quite often right now, that there was nothing told to the gms to boot/Kick/Suspend accounts. No network security people around to trace IPs. Im going to be as blunt as i can here. SOE, Your customers are being targeted, there accounts are being hacked. Where are you? why do you not have GMs in game on stand by waiting to help. Why is it even after following around these toons and making it obvious that we know that they are hacked accounts they have no fear and continue to do it. They know what time CS closes, They know that people cant get there accounts back. Why are you not protecting your customers! |
|
|
|
|
03-19-2008, 03:33 AM
|
#8 |
|
Loremaster
Join Date: Nov 2004
Location: Canada
Posts: 1,589
|
(( This is scary. I changed my password the other day too because I was getting worried. I just installed a brand new insanely-powerful firewall, internet security thingy and antivirus, and every single program is on lockdown, every incoming and outgoing connection is monitored and checked.(( just remember, if you are logging into the Station website, it's using your EQ2 information as well, so if your Browser is hijacked, You're screwed.Often the problem originates from your browser. If you have an old or outdated browser, or use IE, you're a big target. Even the latest updates to IE will still leave you vulnerable. Its scary, I know.
|
|
|
|
|
03-19-2008, 10:50 AM
|
#9 |
|
Loremaster
Join Date: Dec 2004
Posts: 32
|
Is there any other word from SOE other than Gnorbin's original post? Are they working on trying to help there customers with this recent spike? I'm not asking for details of what they are doing, but it would be nice to know that they are at least trying to help people and working on the situation. |
|
|
|
|
03-19-2008, 11:52 AM
|
#10 |
|
Server: Guk
Guild: Revelry and Honor
Rank: Officer
Loremaster
Join Date: Nov 2005
Location: Kelethin
Posts: 328
|
I just got to thinking, I wonder if running your browsers in a virtual machine would help... Microsoft has an ms virtual machine app (forget the name, but it cant be more then a simple search on ms's site away ) as a free download that basically creates a machine in a machine. If that gets compromised, in theroy you would just have to delete the virtual machine file and copy in a fresh one. It also keeps everything seperate from your main machine. I will have to check that out. I have seen several programs like this for windows, although it is much more common in linux / unix setups since its something that is done for high security setups and has been for quite a while.
__________________
|
|
|
|
|
03-19-2008, 02:12 PM
|
#11 |
|
Steam-monkey
Join Date: Jul 2007
Location: Ak'Anon
Posts: 1,007
|
FYI, this is a big issue, folks... Here's a couple recent news blurbs about this very thing. This isn't just a simple "keep your info safe", it's a matter of keeping your system safe too. PLEASE be sure to update everything you run on a regular basis, since this is that some of the more malicious folks use to get the information they need. It takes only minutes to ensure your system's safe, please take those few moments so that you are. ~Gnobrin! |
|
|
|
|
03-19-2008, 02:23 PM
|
#12 |
|
Loremaster
Join Date: Mar 2007
Posts: 238
|
My solution to this problem comes in four steps.1. Dual boot between Linux and XP2. Use Firefox exclusively in conjunction with a handy extension called NoScript.3. Use XP for gaming only. All general-purpose web browsing is done in Linux.4. Use unique username/password combinations for each on-line game.A little healthy paranoia has kept my Station account secure every day for the last year.
|
|
|
|
|
03-19-2008, 03:49 PM
|
#13 |
|
Loremaster
Join Date: Mar 2005
Posts: 3
|
What if SOE hired someone with strong ties to a plat selling service like IGE or something and he secretly obtained everyone's account info so he could have someone log them on, steal all their plats, and then resell the plats on IGE? Wow, that would work faster and cheaper than hiring korean plat farmers at .50 cents an hour. But who am I kidding, SOE would NEVER hire anyone from IGE. Would they? .......................OH WAIT! THEY DID! Of course this is just a conspiracy theory of mine.
__________________
|
|
|
|
|
03-19-2008, 04:00 PM
|
#14 |
|
Loremaster
Join Date: Nov 2004
Posts: 18
|
Daeva_1 wrote:
Too funny. But I do like the conspiracy theory. None of your platz are safe!!!! /em puts money in a coffee can in Neriak.
__________________
|
|
|
|
|
03-19-2008, 07:28 PM
|
#15 |
|
Lord
Join Date: Feb 2008
Posts: 119
|
Ekaunek@Lucan DLere wrote:
My solution to this problem comes in four steps.1. Dual boot between Linux and XP2. Use Firefox exclusively in conjunction with a handy extension called NoScript.3. Use XP for gaming only. All general-purpose web browsing is done in Linux.4. Use unique username/password combinations for each on-line game.A little healthy paranoia has kept my Station account secure every day for the last year.Or just run EQ2 in Linux with Wine... :phttp://appdb.winehq.org/appview.php?iVersionId=358Another suggestion, make a habit of clearing your private data from whichever browser you use. Firewalls are nice in that you can monitor traffic in and out and block IPs that are suspect, but not ideal for everyone's budget. Bare min. turn on auto-update on your browser and windows install, and make sure to never use your login/password from EQ2 for any other application, be it 3rd party or just your windows login.
__________________
|
|
|
|
|
03-19-2008, 08:11 PM
|
#16 |
|
Steam-monkey
Join Date: Jul 2007
Location: Ak'Anon
Posts: 1,007
|
Daeva_1 wrote:
Pth, if this was the issue then all our fellow MMO's across the board wouldn't be having the same issue, it'd just affect us. This isn't JUST an SOE issue, it's MANY MMOs. As stated on the ABC article: "If the code is successful, it then installs a password-stealing program on the victim's computer that looks for passwords for a number of online games, including the Lord of the Rings Online." Please all, just make sure you're up to date on your system so you can be ensured that you're safe. ~Gnobrin! |
|
|
|
|
03-19-2008, 09:00 PM
|
#17 |
|
Loremaster
Join Date: Dec 2004
Posts: 637
|
Here's some information on who is responsible for stealing the passwords: http://isc.sans.org/diary.html?storyid=4139 It covers how to protect yourself, your servers and how it was exploited. Good read... |
|
|
|
|
03-19-2008, 09:23 PM
|
#18 |
|
Loremaster
Join Date: Mar 2007
Posts: 238
|
And here we learn that not only is Internet Explorer garbage, so is IIS.
|
|
|
|
|
03-19-2008, 09:42 PM
|
#19 |
|
Loremaster
Join Date: Nov 2004
Location: Dutchieland
Posts: 355
|
Ekaunek@Lucan DLere wrote:
And here we learn that not only is Internet Explorer garbage, so is IIS.It's actually the application running on IIS which is bad, not IIS itself. Though it appears that a number of web-applications has this problem, not just those running on IIS.
__________________
|
|
|
|
|
03-19-2008, 09:46 PM
|
#20 |
|
Loremaster
Join Date: Dec 2004
Posts: 637
|
Nah, it's the fault of the administrators that are no proactive about security. Apache has it's share of problems as well. IIS works fine and is secure enough as long as you are responsible with your servers and proactive about security. Simple tools like MSBSA and IIS Lockdown tool in addition to URLScan and a good firewall with updated IDS signatures will keep you pretty good. I've been hosting sites on IIS for 8 years now and not once been compromised. The same can be said about Apache, if you set it up and maintain it correctly you shouldn't have a problem. |
|
|
|
|
03-19-2008, 11:17 PM
|
#21 |
|
Loremaster
Join Date: Nov 2004
Location: Canada
Posts: 1,589
|
(( Awesomes. My new firewall just detected and removed something called Save Key 6.0 lol. It said it was a High risk item hehe, I'll say!Time to change all my passwords and and lock things down even better now! l
(it must have got in last night while I was installing a new firewall service I might have been unprotected ><
|
|
|
|
|
03-19-2008, 11:45 PM
|
#22 |
|
Loremaster
Join Date: Jul 2006
Location: San Diego, CA
Posts: 2,610
|
Jesdyr@Unrest wrote:
The 3rd party thing is extremely good advice that I hope everyone already knows but I am sure most dont. However some people that have had their accounts compromised were using strong unique passwords so I doubt this was the case.Actually it's fairly easy. Set your account up with a strong password. Go to somewhere with free WiFi that doesn't take care of security on their equipment or network. Sit down and log into the forums to check posts. Oops, your password's just been scooped up by the transparent-proxy software one of the bad guys installed on the Windows-based machine the place uses to handle it's Internet connection. Or you borrowed a friend's malware-infested computer to check the forums or EQ2Players or something.A few rules:
|
|
|
|
|
03-20-2008, 04:32 AM
|
#23 |
|
Loremaster
Join Date: Nov 2004
Location: Suhr / Schweiz
Posts: 1,864
|
Shut down your paranoia about IE and Windows. As said in every articel so far: "A properly-patched system should not be at-risk from this attack." Just be sure that your have the windows update active in automatic mode and you're fine and have a look for updates regulary for the applications you use. And of course the regular tips are still valid, don't install software you don't know. Don't surf on porno sites, don't open emails from people you don't know. And of course use a firewall/antivirus that is up to date.
__________________
|
|
|
|
|
03-20-2008, 09:16 AM
|
#24 |
|
General
Join Date: Apr 2005
Location: Oxford
Posts: 718
|
Bakual wrote:
[Removed for Content] that.
__________________
|
|
|
|
|
03-20-2008, 12:36 PM
|
#25 |
|
Journeyman
Join Date: Mar 2008
Posts: 6
|
Garthan@Kithicor wrote:
Hey guys, if this thing only pulls passwords from IE post requests, it can't be getting passwords from launching EQ? Or does the launcher use IE? |
|
|
|
|
03-20-2008, 12:53 PM
|
#26 |
|
Loremaster
Join Date: Dec 2004
Location: right behind you
Posts: 1,802
|
Vrelkyn@Venekor wrote:
Garthan@Kithicor wrote:the launcher does use IE and so does the Account managment site if you launch it through the launchpad.I'm not saying gnobrin's tip's where bad, but in my opinion they dont go far enough, so heres my list:10 Step Guide to be safe: 1. Never let anyone irl touch your computer, i.e. dont allow your better half nor your brother, kids or Housemate access to your computer. 2. Use different Usernames and Passwords everywhere. 3. Type in Links manually or use bookmarks and never click on a link before right clicking and checking what url it leads to.4. Windows, Antivirus and Firewall need to be up to date.5. Never use Outlook or similar stuff, you dont want those spam emails anywhere near your computer, use web based email services only where potentially damaging code stays on the server of someone else. 6. Never ever even open a email from someone you dont know, also never click on links in emails.7. Never write down Passwords.8. Never give them to anyone.9. Pick security Questions for Password recovery not even family members or close friends can answer. 10. Don't use Internet Explorer, its the most common browser still, so most malicious code is compatible with it, also, make sure you run tight security settings, disable easy exploitable stuff like Activex.Hey guys, if this thing only pulls passwords from IE post requests, it can't be getting passwords from launching EQ? Or does the launcher use IE?
__________________
Whiskers without loosing Eyes in '08! 
|
|
|
|
|
03-20-2008, 01:05 PM
|
#27 |
|
Journeyman
Join Date: Mar 2008
Posts: 6
|
Killerbee3000 wrote:
Vrelkyn@Venekor wrote:Well if the launcher uses IE, then there really isn't anything that can be done. That's too bad. There will always be a lag between exploit and patch. As evidenced by the fact that some of this is based off vulnerabities going back at least two years. Only a matter of time before it happens again. Glad I have a mac ;PI don't think Gnobrins tips address the actual issue, like yours. ThanksGarthan@Kithicor wrote:the launcher does use IE and so does the Account managment site if you launch it through the launchpad.I'm not saying gnobrin's tip's where bad, but in my opinion they dont go far enough, so heres my list:Hey guys, if this thing only pulls passwords from IE post requests, it can't be getting passwords from launching EQ? Or does the launcher use IE? |
|
|
|
|
03-20-2008, 01:07 PM
|
#28 |
|
Loremaster
Join Date: Dec 2004
Posts: 637
|
Vrelkyn@Venekor wrote:
Garthan@Kithicor wrote:Hey guys, if this thing only pulls passwords from IE post requests, it can't be getting passwords from launching EQ? Or does the launcher use IE? Only a portion of the launcher is IE, and that's the part that displays info *AFTER* you log in. The launcher isn't going to compromise you, UNLESS you have a keylogger on your system, then it's not the launcher it's your system. A keylogger runs in the background and records every keypress and mouse click you do and what application it was done in. Then it transmits the data to the site that it was programmed to send your data to. Basically for the moment if you block the IP listed in the SANS article your system will not transmit the data if it is infected with the virus. You will still need to confirm that you system is clean if you have doubts. Spybot Search and Destroy, Norton Antivirus or similar virus software will help you determine if you have an issue. Just becareful when using Spybot to ensure you don't mess up your machine. Always use caution when using programs like Spybot because there is the potential of doing damage if you don't know what you are doing. If you have any questions about Spybot you can post on their forums. The latest versions of Norton also have a spyware/web surfing protection plug in (at least the corporate edition). Either way, as long as you have your Windows Update configured to update everyday as well as your antivirus software you can avoid things like this. IE, is fine to use. Firefox has it's own security holes as well, no browser is 100% safe. Opera, Safari, Firefox, they all have holes and they all get patches pushed out for them. As long as you are responsible in your surfing you will be ok. IE 7 will warn you when sites try to run active content (ActiveX etc) for the most part. Using high security settings is always recommended for any browser. Using MSBSA to scan your system for vulnerabilities every once in a while is a good thing as well. |
|
|
|
|
03-20-2008, 01:10 PM
|
#29 |
|
Loremaster
Join Date: Dec 2004
Posts: 637
|
Vrelkyn@Venekor wrote:
Killerbee3000 wrote:Believe it or not Macs get viruses tooVrelkyn@Venekor wrote:Well if the launcher uses IE, then there really isn't anything that can be done. That's too bad. There will always be a lag between exploit and patch. As evidenced by the fact that some of this is based off vulnerabities going back at least two years. Only a matter of time before it happens again. Glad I have a mac ;PI don't think Gnobrins tips address the actual issue, like yours. ThanksGarthan@Kithicor wrote:the launcher does use IE and so does the Account managment site if you launch it through the launchpad.I'm not saying gnobrin's tip's where bad, but in my opinion they dont go far enough, so heres my list:Hey guys, if this thing only pulls passwords from IE post requests, it can't be getting passwords from launching EQ? Or does the launcher use IE? 
|
|
|
|
Not in email. Not in-game. Not on the phone. Never! We have ample ways to access your account; the only thing we require from you is patience and a Station name. If you suspect that someone is impersonating a CSR in-game, use the /report feature and again, do not divulge your account password.
Account security is the responsibility of the account owner. This includes password protection, running virus checks, disabling file sharing, or any other means of checking that the owner's account has not been stolen or compromised.
" />
