Menu
What's New
By:
Filters

FYI: Another account hacked

True Juan

True Juan

Marauder
Joined
Oct 6, 2006
Posts
6,174
Location
Slovakia
Society
Cz-Sk Crows
Avatar Name
True TJ Juan
Hi guys,

I know there are 2 other threads, but I am creating another one, because its a new case. Socmate of mine (fairly new) was hacked today. It was only around 300-400 peds, but since he was a fairly new, it was a lot for him.

Ofcourse he has no gold card because he didnt want to spend so much of his cash on it.

Watch out people, these guys will keep on going. MA should start doing something about this... :rolleyes:

Regards,
True :bandit:

P.S. Just to add: No he did not visit the SPAM webs, and/or did not talk to these folks. Socmate plays Online MMOs almost 15 years and he knows how this spam works.
 
Last edited:
Players could also help, don't pay for peds or other stuff with real money outside the game, that way it will be much harder for them to earn anything from the hacks.
 
MA should start to ban the people that buys PED from that avatars.
 
Sorry to hear of another :(

I'm interested to you know if be bought anything from Eu's webstore?
 
Paranoia mode activated: 20+ characters password it is.
Hacked accounts really isn't helping new player retention...

Hint: easy way to chance password is to say you've forgotten it (make sure it's the right email address though)
 
T79x said:
and outcome ...
my disciple got hacked TODAY
so another +-200 peds for those:censored:
Click to expand...
Do you know is that same person or we have one more? :(
 
Ok, I understand that some people have an idiosyncrasy for the gold card (no, honestly I don't...) but how is it hard to use a randomly generated password like rGu3wr2JpqNt? No even need for it to be too long as even a 10 chars long string won't yield to any kind of exhaustive search in any reasonable timeframe.
 
i wonder is webstore a common denominator in all of these hacks
 
jqkill said:
i wonder is webstore a common denominator in all of these hacks
Click to expand...

Doubt they would go for accounts instead of bank cards imho in that case
 
jqkill said:
i wonder is webstore a common denominator in all of these hacks
Click to expand...


That's what I was thinking.

The client loader links open in IE. That makes me suspect the hacked persons pc has some spyware/malware.
 
Logging in a compromised browser could be the issue with both login and password set to remember password.
I am just speculating, could be weak password aswell but it is highly unlikely it was brute forced in my opinion.

I am sure there is a site to check password strength. Most new signups I have tried in the past shows your password strength during creation and require atleast capitalized letter and a number which often are poorly weak.

These incidents also has lead me to believe that the introduction of webshop may have contribution to this. I am purely speculating but I don't see much explanation is to how they can obtain login information.
 
I think it might have something to do with the webstore...
But what is interesting, that there are parts of the website where you can login without the need of the gold card number (this I dislike).
 
Svarog said:
Ok, I understand that some people have an idiosyncrasy for the gold card (no, honestly I don't...) but how is it hard to use a randomly generated password like rGu3wr2JpqNt? No even need for it to be too long as even a 10 chars long string won't yield to any kind of exhaustive search in any reasonable timeframe.
Click to expand...

Damn it Svarog, how could you possibly found out my password?
 
Svarog said:
Ok, I understand that some people have an idiosyncrasy for the gold card (no, honestly I don't...) but how is it hard to use a randomly generated password like rGu3wr2JpqNt? No even need for it to be too long as even a 10 chars long string won't yield to any kind of exhaustive search in any reasonable timeframe.
Click to expand...

I use a random password, once you've typed it in a few times you'd be surprised at how easy it is to remember.

Angel said:
Logging in a compromised browser could be the issue with both login and password set to remember password.
I am just speculating, could be weak password aswell but it is highly unlikely it was brute forced in my opinion.
Click to expand...

IE was terrible for this, plenty of tools to extract passwords for websites. Best option is to not save passwords at all in a browser.

As Angel said there are websites out there than can tell you how secure your password is but wouldn't it be nice if MA implemented it and possibly checked it against it's current user base and told those with weak passwords to change them as they logged in or sent them an email.

I'm betting there are plenty using qwerty123.

One suggestion I read, if you much use the same password for every site try adding the site's name to the front. It's not perfect but better than having every site you use being compromised.
 
Last edited:
SpikeBlack said:
... but wouldn't it be nice if MA implemented it and possibly checked it against it's current user base and told those with weak passwords to change them as they logged in or sent them an email.

I'm betting there are plenty using qwerty123.
Click to expand...
That's impossible.

To do that they need to use brute-force against their own users passwords DB.
No one in their right mind will hold plain passwords in DB (unless that's Sony, of course ;) ). Passwords shouldn't be stored as plaintext, instead KDF should be used or at least they should be salted (but that's way less secure even with current GPU performance).
 
True Juan said:
Watch out people, these guys will keep on going. MA should start doing something about this... :rolleyes:
Click to expand...

They have, it's called a Gold Card ... when someone who has a Gold Card gets hacked, that's when MA need to spend valuable time and resource on ths stuff ... until then, use the safe option already provided!
 
Ironheart said:
They have, it's called a Gold Card ... when someone who has a Gold Card gets hacked, that's when MA need to spend valuable time and resource on ths stuff ... until then, use the safe option already provided!
Click to expand...

Dude you dont have to tell me, I have a gold card and I recommend anyone with at least 1K peds in game. But this guy was fairly new, and did not know if he would play or not, and had 300-400 peds ingame. Would you use up all your money for a gold card and have nothing to play with? It takes a lot of time for a nondepositor to get to that amount...
 
Today it sounds like the hackers somehow got access to accounts due to poor security at the account.entropiauniverse.com site.

Regardless, if you still have contact with this person who was fairly new.
Please ask which entropia related sites he has signed up for?
Since this player was fairly new I assume it shouldn't be that hard to pinpoint.
Maybe it will be possible to cross-check it with the others affected...

You can also ask the person to see if his gmail is available in this directory of compromised emails.
http://securityalert.knowem.com/
Information about this site can also be found here, http://lifehacker.com/5-million-gmail-passwords-leaked-check-yours-now-1632983265

Bringing this one up since it was suggested in some of the hacked account threads.
 
It could all just be signing in at a wrong website. Always check if you are in fact at the correct entropiauniverse.com
 
I read in Dmatrix thread about the attacks on Mindark, no were does it say anything about poor security, just that they were beeing attacked and i doubt that is the first or last time that will happen.

Amber Knightley said:
Today it sounds like the hackers somehow got access to accounts due to poor security at the account.entropiauniverse.com site.

Regardless, if you still have contact with this person who was fairly new.
Please ask which entropia related sites he has signed up for?
Since this player was fairly new I assume it shouldn't be that hard to pinpoint.
Maybe it will be possible to cross-check it with the others affected...

You can also ask the person to see if his gmail is available in this directory of compromised emails.
http://securityalert.knowem.com/
Information about this site can also be found here, http://lifehacker.com/5-million-gmail-passwords-leaked-check-yours-now-1632983265

Bringing this one up since it was suggested in some of the hacked account threads.
Click to expand...
 
toad said:
I read in Dmatrix thread about the attacks on Mindark, no were does it say anything about poor security, just that they were beeing attacked and i doubt that is the first or last time that will happen.
Click to expand...

Well it does say that they have made changes in order to improve...
Maybe that information is in Freds thread, can't keep these apart really.
Still happy about the progress made, hope they do something about the further investigation as well!
 
Amber Knightley said:
Today it sounds like the hackers somehow got access to accounts due to poor security at the account.entropiauniverse.com site.

Regardless, if you still have contact with this person who was fairly new.
Please ask which entropia related sites he has signed up for?
Since this player was fairly new I assume it shouldn't be that hard to pinpoint.
Maybe it will be possible to cross-check it with the others affected...

You can also ask the person to see if his gmail is available in this directory of compromised emails.
http://securityalert.knowem.com/
Information about this site can also be found here, http://lifehacker.com/5-million-gmail-passwords-leaked-check-yours-now-1632983265

Bringing this one up since it was suggested in some of the hacked account threads.
Click to expand...

From the responses from the others we can rule out that they've used this list of potential gmail passwords.
That is at least not the thing these hacks have in common...
 
the hackers will give up in time

the hackers will find it very difficult to make it worth their while hacking into entropia accounts , it is lot harder than say doing the same at WOW

in order for them to get the ped out they face considerable problems :-

1. they will have to register a legit bank account ( hackers wont want to do that )
2. it takes a month or so to get any ped out of entropia
3. as soon as anyone finds their account has been hacked and report it to MA that account and any item trading to other accounts will be locked .
4. all items are unique in entropia and can be traced
5. transfering items between avatars ( in order to not leave trail ) is not easy due to (3.)
6. MA will not hesitate in locking any account that it implicated
7. perhaps the most importantly it is much easier to hacking into WOW or SECOND LIFE accounts and much easier to make money ( one way or another than from entropia )

every now and then the hackers have ago at entropia but due to problems , they will move on in the end they just want the money , and it is not so easy
 
nostradarmas said:
the hackers will find it very difficult to make it worth their while hacking into entropia accounts , it is lot harder than say doing the same at WOW

in order for them to get the ped out they face considerable problems :-

1. they will have to register a legit bank account ( hackers wont want to do that )
2. it takes a month or so to get any ped out of entropia
3. as soon as anyone finds their account has been hacked and report it to MA that account and any item trading to other accounts will be locked .
4. all items are unique in entropia and can be traced
5. transfering items between avatars ( in order to not leave trail ) is not easy due to (3.)
6. MA will not hesitate in locking any account that it implicated
7. perhaps the most importantly it is much easier to hacking into WOW or SECOND LIFE accounts and much easier to make money ( one way or another than from entropia )

every now and then the hackers have ago at entropia but due to problems , they will move on in the end they just want the money , and it is not so easy
Click to expand...

thing is if the hackers are those assholes on that website they dont care about getting the peds out of game.
They are selling peds out of game for dollar amounts and do not care if the accounts envolved get locked . They just hack and move onto the next account.
 
You must log in or register to reply here.
Back
Top