Menu
What's New
By:
Filters

Dmatrix was hacked

A friend just mentioned that maybe rather the Virtual Tycoon app was involved.

This would explain some of the strange acting, in so far as in the app you cannot unequip attachments.

You use that app?
 
Dmatrix said:
Hey guys. Unfortunately my avatar "Dmatrix" was hacked last night. I did not have a gold card, i know im a dumb ass for that but if that is the only way to keep my account safe, why is that an option and not requirement when people create an account? I never really looked into it frankly because i didnt even know exactly what it does because it was never thrown in my face when i started the game like hey this game is NOT SAFE unless you have a gold card. Although according to their TOS you are still not 100% safe even with a gold card for those who are wondering, since i have read over that shit.

I had ALOT of shit stolen from me and likely TTed and then peds traded to another avatar, because some of my most prized posessions are all still on my account, likely because they are either attachments or had attachments so could not be sold to TT without removing things first. Such as my arson chip/mod evil/adjusted plates/couple of SS armor pieces. My AH is also still full of items. It is quiet obvious the hacker had zero knowledge of this game whatsoever. Most stuff that is gone are things from storage and easily TTable items, i also had a chat box open with a person i have never spoken with, with this in chat:
<removed>

Couple of very important things to keep in mind, especially for those of you guys who currently do not have gold cards:

Last night when i was in the MM instance with our team, i suddenly started to get multiple disconnects and when i was coming back online and in team i would often get kicked out of the team randomly and disconnected shortly after again. I then got replaced on the MM team, however i had many more disconnects over the next few hours and when i joined a team with another person i still kept randomly getting kicked out of the team and getting disconnected shortly after. The point of all this information is it seems very likely to me all these disconnects that were happening because someone else kept trying to log into my account. I have never had 20+ disconnects before in a period of only 3 hrs or so, i just tossed it up to shitty MAs servers or whatever. But before this occurance i would get a DC maybe 1-2 times in a full day of playing. So guys learn from my mistake and get a gold card but also if you see some weird shit happening like all of a sudden many disconnects and randomly getting kicked out of team alot, change your password, maybe it will save you from getting hacked.

Lastly, unless MA restores my items, though obviously i have high doubts about that, i may be selling out. Eventhough i have all my expensive items still, in my mind now this is NO LONGER a safe environment for my money even if i get a gold card, so there is no way i can bring myself to make a depo. And it is gonna be nearly impossible to do much in game with what few things i have on AH, most of my cyclable PEDs are gone.

Happy fucking new year to me i guess
Click to expand...


even world wide games like wow gets 4-5 times leaked all passwords fom game database and there is not gamer which not lost his password in wow or lineage games.

unique Entropia Universe NEVER got leacked or passwords hacked.
only one possible way was your pc trojan/virus , or tryed to use same password on "bad reputation" forums taht are same users and passwords you use on eu.


In this case really Mindark did not fault, andd did not done any action to make more easyer to hack your account.

Really 99% of players know about Gold Card and really hard to say why you was not informed about it if you play more than one month here.

Sorry to dissapoint you but "returning your items" would be like a REally nice action from Mindark , but not a duty .
 
ktpsmf said:
unique Entropia Universe NEVER got leacked or passwords hacked.
Click to expand...

That is a mighty big statement with absolutely nothing to back it up.

Hacking reveals come from the victim company coming forward (usually many months afterwards and probably at the requirement of various trade and stockholder regulations.) or from 3rd party security companies putting information out as advertisements or a show of power.

Entropia is not a publicly traded company and is know for being very secretive. It is also not big enough to be of any use to some 3rd party company.



Mind Ark could have very easily had a security breach and not even know about it.
 
OK so far 2 people got hacked, are any more hacked accounts known to the public yet ?

Just being curious, how manny letters had your password and was your account name matching your avatar or forum name ?

Only mindark can tell if the hackers use brute force to get loggin details or if they work with keylogger or trojans or whatever.

I feel sorry for your losses :( I hope mindark can restore some of the stuff that got tted
 
Svena said:
That is a mighty big statement with absolutely nothing to back it up.

Hacking reveals come from the victim company coming forward (usually many months afterwards and probably at the requirement of various trade and stockholder regulations.) or from 3rd party security companies putting information out as advertisements or a show of power.

Entropia is not a publicly traded company and is know for being very secretive. It is also not big enough to be of any use to some 3rd party company.



Mind Ark could have very easily had a security breach and not even know about it.
Click to expand...

I certainly have no recollection of any player ever posting that their gold card protected account - and those are the accounts that ktpsmf is referring to - had been hacked.
Have you?
 
Dmatrix said:
Eventhough i have all my expensive items still, in my mind now this is NO LONGER a safe environment for my money even if i get a gold card, so there is no way i can bring myself to make a depo.
Click to expand...

First, I want to say that I'm really sorry that this has happened to you. It sucks.

I wanted to comment on what I quoted above. I think that its important to remember that nothing anywhere is ever 100% safe. Even if you put your money in an armored truck, filled with US Marines, surrounded by tanks, with F-22 Raptors flying over head, your money still is not 100% safe.

We do not live in a world of absolute certainties. Because of that, no doubt the legal team at MA who drew up the ToS and EULA decided that even with a gold card, MindArk couldn't possibly guarantee anything. Plus if they did, that guarantee would easily be exploitable.

With that said, if you use a Gold Card, even if someone does manage to obtain your username and password, its not possible for them to log onto your EU account.

Over my time in EU, I've taken many scammers, exploiters, and hackers head on and run them out of this game... in one case one of those scammers paid a hacker/exploiter 10,000 PED to clear my EU account and then shut it down. That attempt failed. Even if he was able to get my User/Pass he would not have been able to access my EU account.

With a Gold Card, your EU account is safe, as long as no one in real life is able to obtain the Gold Card from your possession.
 
Serica said:
I certainly have no recollection of any player ever posting that their gold card protected account - and those are the accounts that ktpsmf is referring to - had been hacked.
Have you?
Click to expand...

Actually I think the claim that was being made and questioned had to do with whether MA has ever been hacked on their side, losing usernames/passwords from their servers/databases directly. Nothing to do with Gold Card protection or not....
 
Serica said:
I certainly have no recollection of any player ever posting that their gold card protected account - and those are the accounts that ktpsmf is referring to - had been hacked.
Have you?
Click to expand...
Iirc, there was a thread in 2006 or so that claimed just this. It turned out later that they got an email from "MA" stating their account was involved in something nefarious, and they needed them to provide three gold card readings and not log in for one day. :rolleyes:

For those that don't know, MA will never ask you to reveal your password or gold card numbers. They will simply lock your account and make you wait it out until they have done their investigations.

This happened a few times. :yup:
 
Serica said:
I certainly have no recollection of any player ever posting that their gold card protected account - and those are the accounts that ktpsmf is referring to - had been hacked.
Have you?
Click to expand...

I don't believe that is what he was referring to in that portion of the post. He is talking about how many organizations have had data breaches that leaked user names and passwords (i.e. Sony leaks.) Hes saying that Dmatrix's username/password (if thats what they did use) did not come from MA but from some breach of Dmatrix's system (malware or trojan probably.)


Considering the valve of many Entropia accounts and MA's less than stellar coding I would not put a data breach of MA's servers out of the question. Especially since they seem to have been targeted by gold scammers and other ilk recently.


If that's not what you meant ktpsmf then sorry for putting words in your mouth :ahh:
 
What were told between Dmatrix and that hacker in PM is those 2 words:

' shiwo '
' ren ne '

There is no Norwegian word at all in this.
Some in soc say it could be Chinese.

Copying the text from a soc mate:
Shì wǒ rén ne (是 我 人呢) "means" "My people do"

If mods have anything against those words being put here, bang your head on the nearest wall you see next to you.
 
TheRock said:
What were told between Dmatrix and that hacker in PM is those 2 words:

' shiwo '
' ren ne '

There is no Norwegian word at all in this.
Some in soc say it could be Chinese.

Copying the text from a soc mate:
Shì wǒ rén ne (是 我 人呢) "means" "My people do"

If mods have anything against those words being put here, bang your head on the nearest wall you see next to you.
Click to expand...

Yea...I also agree with what your soc mate says. Its highly possible that its chinese hanyu pinyin.

Shì wǒ (是我) - Its me

Rén ne (人呢) - Where's the person? But can also mean where are you?

Depending on context used...

I think its possible he's talking to the person whom he's pming...asking where he is...in order to perform a pvp trade.

In other words: Hacker took hold of Dmatrix's account and pmed his accomplice asking where he is in order to trade Dmatrix's stuff to his accomplice.
 
Last edited:
Sunsout Gunsout said:
To Mods:

Think you could make an exception when the PM he revealed had IMPORTANT SHIT IN IT THAT COULD OUT A HACKER NEXT TIME HE TRIES IT WITH SOMEONE ELSE.???

I don't know what was in it, and heard second hand it was a string of weird characters...why is that confidential? We need to know what it was. You obviously don't care about us...you would rather protect the "law" than to help us identify a hacker. Jesus.

Even the strictest cops bend the rules sometimes when the greater good is served.

Remove the name, but let us see the writing in the pm ffs.
Click to expand...

AGREED.

What the hell is wrong with these forums lately ? It's censorship central to the point of being creepy. This is not right or acceptable ! STOP CENSORING EVERYTHING !!


Dmatrix I am so sorry to hear about this :(
 
Last edited:
Dmatrix said:
...

Last night when i was in the MM instance with our team, i suddenly started to get multiple disconnects and when i was coming back online and in team i would often get kicked out of the team randomly and disconnected shortly after again. I then got replaced on the MM team, however i had many more disconnects over the next few hours and when i joined a team with another person i still kept randomly getting kicked out of the team and getting disconnected shortly after. The point of all this information is it seems very likely to me all these disconnects that were happening because someone else kept trying to log into my account. I have never had 20+ disconnects before in a period of only 3 hrs or so, i just tossed it up to shitty MAs servers or whatever. But before this occurance i would get a DC maybe 1-2 times in a full day of playing. So guys learn from my mistake and get a gold card but also if you see some weird shit happening like all of a sudden many disconnects and randomly getting kicked out of team alot, change your password, maybe it will save you from getting hacked.

...
Click to expand...

According to your description...could be that somehow they've gotten ahold of your "login" and then was doing "brute-force attack" on it? (Does MA protect against such an attack?)

Did you leave your "login" anywhere visible? (I sometimes hate how some forums openly uses the same username as your "forum name" as well as your "login" for the forum account. Furthermore, its inadvisable to be using the same "login" for your "gaming account".)

Next, is your chosen "password", alphanumeric...with random caps as well as of a decent length? So much so that a brute-force attack would take "quite a while" to succeed?

Also...what other suspicious stuff occurred to you prior to your account being hacked? Just wondering...


PS: I do know its useless to be talking about this after such a thing, but it might be useful for us to know a little so that others could "borrow" the incident and prevent such a thing from happening again. (And yea...the gold card...)
 
Mack said:
Actually I think the claim that was being made and questioned had to do with whether MA has ever been hacked on their side, losing usernames/passwords from their servers/databases directly. Nothing to do with Gold Card protection or not....
Click to expand...

Fair enough, maybe I picked up an ambiguity there.

The point I was trying to make though remains:
- MindArk provide the option for account security through a Gold Card. Noone who has one has ever been hacked (provided they've kept it physically secure and don't give out the next GC code to someone else ofc :eyecrazy:) that I've heard of.

Even if you don't go for the Free Offer, they're dead cheap at the price (200ped for the kit containing both GC and reader, most of which is probably just the packaging and postage cost).
If you don't want the protection offered by that, that's your choice, but the consequence is that there's a higher risk involved in your account being less secure. If you can carry about a smartphone (and who doesn't these days :) ), how much harder can it be to slip your GC into the phonecase or something? I drilled a little hole into the non-chip end of mine so I can attach a lanyard for when I go to RL meets etc.

If there was a data breach on MA's side, I'd be expecting to see more than a couple of players posting about being hacked over the holidays.
As far as a 'brute-force attack' - well, I know if you get your Gold Card code wrong three times, the account is automatically locked until you re-synchronise it. I don't recall how many password attempts are permitted, but I seem to recall that after a particular number, the account is temp-locked for a time (30min?), before you can try again.

If there's a common thread between these two cases, I hope MindArk can find it and track down all the people and accounts involved. They are, after all, the only ones with access to the logs of exactly what happened when these account holders weren't in control of their avatars.

In the meantime, I don't think it's appropriate for members here to go down the vigilante path, throwing around accusations and smears against other players. Nor do the forum rules encourage this.
 
It surelly is a sad thing to happen, tho the warning and risk was completly yours,
In the end feel happy, from what you said, it could've been far much worse if you also lost your gear.

What i dont fucking get tho. is why When there's problems with system/whatever, people with gold cards cant login and people without can log.

Atm im trying to log in, I get the "An internal error has occured. labla bla bla bla " message.

While i asked a friend without GC To log and test it out (because i had that feeling it'd happen again) and guess what, my friend can log in.

So in the end you pay for safety on your account and also to be hold back from logging in? :scratch2:
I sent a support ticket either way
 
The Gold Card is certainly an extra layer of protection. But there are other methods of extra protection that MA could easily implement.

1 - Like other companies, fail to enter correct password three times and your locked out for period of time or need to contact company to verify identity,

2 - Most financial institutions and many other companies have three or more security questions. Get them wrong 3 times and your locked out for a period of time or need MA to unlock with proper identity

3 - After entering your user name, a new computer generated password is text or e-mailed to use to log in. This is used by a few Banks here in the states and is gaining popularity.

4 - Optional Gold Card

Of course, a solid password to begin with also helps

Each of the above methods can deter hackers from their quick hit on an account and your account will be safely locked for a while. I'm not convinced that just by having a Gold Card your completely protected. Log-in info can be hacked directly from MA, think Sony, a technology company, severely hacked, Target and Home Depot just to name a few.

There are countless stories over the last decade of employees having their laptops stolen with sensitive customer information on it. Even employees stealing customer info. to sell to criminals. Cyber crime is rising faster than can be imagined. At some point we may all be victims of it.

My concern is, if my Gold Card protected account is still hacked, what will MA do then? Make me pay 1K ped to retrieve items after their lengthy investigation? Reimburse my account with the stolen items or the ped value? I have a feeling MA is more concerned about protecting themselves than their customers. But other companies take responsibility for their customers security and seldom hold you responsible if account was legitimately hacked even if they offer some optional electronic log-in device, I believe most will make your account good. BTW, I don't do business with every company in the world, but I'm not aware of other companies offering a Gold Card type device for extra security. There may be, I'm just not aware of them.

It's too bad that the recent hacked ava's will probably never feel the same about EU. I know I won't. Cyber criminals are more sophisticated then when MA started EU, but isn't their account security protocols the same? Better for MA to be proactive instead of reactive with account security and deliver POM (peace of mind) to their customers.

Just my .02pec
 
billairboy said:
I wonder if they could make some apps for Iphone and Android that could work as "virtual Gold Cards" and be used instead of the Card readers. Some banks offers that solution.
Click to expand...

Blizzard use a mobile app authenticator. Works like a charm! :wise:
 
Fender said:
Blizzard use a mobile app authenticator. Works like a charm! :wise:
Click to expand...

Ah yeah... like a charm..
http://venturebeat.com/2012/08/09/blizzard-hacked/

Nothing that is connected to Network or can be accessed without phisically being close to it, is not as safe as our current gold cards.

And from forums:
http://us.battle.net/wow/en/forum/topic/9363116537

This is not some free gold game, it is game with real cash economy.. and you shouldnt risk your stuff on some piece of software on device that any hacker with over 1 year experience can hack.


Yes this could be extra protection.. but not an alternative.
 
Did you by any chance fall for the too good to be true offer and bought PED outside the game?
 
i somehow believe that you tryed to buy that peds from fake website and they leaked your password.

if yes, you need to change all passowrds including paypal, bank accounts, and ask pc specialists to resintall your computer.
 
OK, it seems we have 2 recent cases with the exact same characteristics.

Items with attachments were safe.

From the Virtual Tycoon app, you cant remove attachments.

If you login with wrong password 3 times in EU client, you get a temp lock.

Can someone verify the same goes for the Tycoon app? , otherwise this could be a brute force attack through Virtual Tycoon.
 
whiteknut said:
Ah yeah... like a charm..
http://venturebeat.com/2012/08/09/blizzard-hacked/

Nothing that is connected to Network or can be accessed without phisically being close to it, is not as safe as our current gold cards.

And from forums:
http://us.battle.net/wow/en/forum/topic/9363116537

This is not some free gold game, it is game with real cash economy.. and you shouldnt risk your stuff on some piece of software on device that any hacker with over 1 year experience can hack.


Yes this could be extra protection.. but not an alternative.
Click to expand...

A mobile based token generator like MobilePass (as an alternative) will improve a LOT the security. All those gathering IP's or hacking emails or PC's will have a tougher time.

If I'm not mistaken, the gold card codes also have to be authenticated somewhere, no? If MA (or their providers, I remember the gold card authentication was down some time ago and involved a 3rd party) get that machine compromised as Blizzard did, will be the same situation. The only added protection compared with the mobile solution is that it cannot be taken over like a mobile can if you install all kind of crap on it.
 
Tepes said:
A mobile based token generator like MobilePass (as an alternative) will improve a LOT the security. All those gathering IP's or hacking emails or PC's will have a tougher time.

If I'm not mistaken, the gold card codes also have to be authenticated somewhere, no? If MA (or their providers, I remember the gold card authentication was down some time ago and involved a 3rd party) get that machine compromised as Blizzard did, will be the same situation. The only added protection compared with the mobile solution is that it cannot be taken over like a mobile can if you install all kind of crap on it.
Click to expand...

Which has never happened to MA so far. Blizzard has had several cases so far, and also the mobiile operating systems have been breached several times (if you read WOW forums).

I am not denying it could be additional feature, but so far MA authentication system has worked very nicely and we shouldnt have doubts in it. Sure safe password also helps you a lot and computer with strong malware protection.
 
sawachika said:
Yea...I also agree with what your soc mate says. Its highly possible that its chinese hanyu pinyin.

Shì wǒ (是我) - Its me

Rén ne (人呢) - Where's the person? But can also mean where are you?

Depending on context used...

I think its possible he's talking to the person whom he's pming...asking where he is...in order to perform a pvp trade.

In other words: Hacker took hold of Dmatrix's account and pmed his accomplice asking where he is in order to trade Dmatrix's stuff to his accomplice.
Click to expand...

If this is the case the mods here could at least allow or name the ava PM'd as could get people locked if trades with them via auction or pvp. I never call out mods on here but in this case releasing name the scam ava PM'd to could save people locks on account and maybe slow selling of stolen items.

Sorry to hear this :/, hope you get some (or all) of your stuff back.
 
Best metod is after tree try the should block the IP of that PC and contact them or get notification by mobile which is the only safer way to go after 3 attemp and fail to log in we should get a a message from a phone :wise:
Or every log in we should get a message on our mobile
Sometime like
You have signin to entropia :yay:
 
ermik said:
OK, it seems we have 2 recent cases with the exact same characteristics.

Items with attachments were safe.

From the Virtual Tycoon app, you cant remove attachments.

If you login with wrong password 3 times in EU client, you get a temp lock.

Can someone verify the same goes for the Tycoon app? , otherwise this could be a brute force attack through Virtual Tycoon.
Click to expand...

Is the 3 time strike, temp ban really true for someone without the Gold Card?
 
ermik said:
OK, it seems we have 2 recent cases with the exact same characteristics.

Items with attachments were safe.

From the Virtual Tycoon app, you cant remove attachments.

If you login with wrong password 3 times in EU client, you get a temp lock.

Can someone verify the same goes for the Tycoon app? , otherwise this could be a brute force attack through Virtual Tycoon.
Click to expand...

This makes perfect sense to me, I think the vulnerability could be in the Tycoon app. Why on earth wouldn't they just remove attachments, its a 2-clicks thing ingame.

That useless app... :woot:

PS: Can you do trades when logged on tycoon app?
 
Last edited:
whiteknut said:
Which has never happened to MA so far.
Click to expand...

True. Have in mind that MA is basically a family business. Blizzard has thousands of employees plus the ones from companies working with them - the weakest link on security systems are humans, aka employees. I have plenty of passwords on various systems that I can give to a 3rd party and no one will ever know that the "hack" was just a security leak.

But if this particular thing is connected to Virtual Tycoon, then MA should step up faster than usual and restore players property in the end. If words goes by that you can hack an account here and there and that by jumping peds through 100 alts will give you time to wreck the economy of the game until someone reacts few days later...
 
Tepes said:
True. Have in mind that MA is basically a family business. Blizzard has thousands of employees plus the ones from companies working with them - the weakest link on security systems are humans, aka employees. I have plenty of passwords on various systems that I can give to a 3rd party and no one will ever know that the "hack" was just a security leak.

But if this particular thing is connected to Virtual Tycoon, then MA should step up faster than usual and restore players property in the end. If words goes by that you can hack an account here and there and that by jumping peds through 100 alts will give you time to wreck the economy of the game until someone reacts few days later...
Click to expand...

Not MA´s fault that someone install 3rd party software which leads to account overtake. I am using Virtual Tycoon myself, maybe OP has rooted device and many notsafe apps installed? We dont know, but i am sure the OP is the one who is to blame and not MA, MA has done very much to provide us with safe system. If we dont want to use it.. who can we blame?
 
Angel O2 Mercer said:
This makes perfect sense to me, I think the vulnerability could be in the Tycoon app. Why on earth wouldn't they just remove attachments, its a 2-clicks thing ingame.

That useless app... :woot:
Click to expand...

If this is true - can i have an option that my account should NEVER be loged in with Virtual Tycoon? I never used or plan on using it anyway.

Falagor
:bandit:
 
You must log in or register to reply here.
Back
Top