Menu
What's New
By:
Filters

Account Being Stolen

Cleetus

Cleetus

Prowler
Joined
Dec 4, 2005
Posts
1,252
Location
Canada
Society
Victory
Avatar Name
Gordan Cleetus Freeman
My fiancee avatar is online right now...she is here with me and not online...i saw avatar log on while i was online so it is not just a bug...i sent a support to MA...im not sure whats a faster way to get in touch with MA so they can lock the account...she does not have a goldcard...yes i know...her name is Rhea Thunderstorm Rain...if anyone has a quicker way i can come in contact with them please let me know any help is appreciated.
 
I think you can try to login to the eu site with her username and a bad password until it locks the account out.
 
the avatar logged off and i was able to get back online...but the avatar logged on while i was on so some1 knows the password or has a keylogger on my comp...im buying a gold card right now...i can also say this is a bit of MA fault making us type the damn log in name every time we log...thats not extra security...it allows more chances for the key strokes to be picked up and account getting stolen
 
A Gold Card is good alright, but you still need to have a good antivirus program and firewall installed and updated!
 
hey mate

If you see her avatar offline - do a few wrong password log-ins to lock the account. Or try the same on the EU main website, as someone else mentioned just to lock the account down.
Hope things work out Cleetus.:(
Norb
 
im on account now...getting all her stuff off there and then i will do that to lock account until i get my goldcard...thanks all
 
After VU, me and my socmates could see one of our other socmates log on and off now and then without him actually doing it. Could be some bug.
 
Cleetus said:
i can also say this is a bit of MA fault making us type the damn log in name every time we log...thats not extra security...it allows more chances for the key strokes to be picked up and account getting stolen
Click to expand...

its ALOT better then the old system.. with the old system i could easy with my computer go in to an other computer on the network and see what username and password they had when they where online, didnt matter if the client loader was up or not as long as they pressed the launch button.
 
Cleetus said:
the avatar logged off and i was able to get back online...but the avatar logged on while i was on so some1 knows the password or has a keylogger on my comp...im buying a gold card right now...i can also say this is a bit of MA fault making us type the damn log in name every time we log...thats not extra security...it allows more chances for the key strokes to be picked up and account getting stolen
Click to expand...

Yeah, my comp has a fingerprint scammer and i mapped the username and password to that so a keyogger couldn't work, but then they killed that by moving the login screen into the game!
 
Cleetus said:
the avatar logged off and i was able to get back online...but the avatar logged on while i was on so some1 knows the password or has a keylogger on my comp...im buying a gold card right now...i can also say this is a bit of MA fault making us type the damn log in name every time we log...thats not extra security...it allows more chances for the key strokes to be picked up and account getting stolen
Click to expand...
Call MA by phone when they open (~8 MA time I think) and have them close both your accounts ASAP!

It's not MA's fault your computer is not secure.
 
I wouldn't say it would be clever to tell MA you have 2 accounts since that is forbidden in the Eula. :confused:
 
Install ESET av or ESS(eset smart security) and OA(online armor) and you will never have to worry anymore about anything;)
 
Vedder said:
It's not MA's fault your computer is not secure.
Click to expand...

indeed and might i add all the gold card does is make it harder to get hacked but nothing is imposible, todos dont only suply MA with cards and readers.
with this in mind i'd check my pc every week for shit like keyloggers.

also change the pw for the accound as well as the pw on the e-mail account to were MA send info conserning that accont ( ie news , new passwords ect.)
keyloggers dont account for most of the hackings. some people are verry cleaver and resourcefull when it comes to stealing ofther people's property.
 
considering i dont have 2 accounts i wont worry about that but thanks...this is my fiancee avatar we are talking about...i do have a goldcard for my account but have not gotten around to getting one for hers yet...which i just did now...and i realize its not MA fault...but making us type account and password every log in allows for keystrokes to be picked up easier i think...
 
Yes Cleetus. That makes it your responsibility to be diligent about computer security on the device you own.

Banks, paypal, and oh so many other online payment methods use the same methodology for account authentication. It's tried and proven, providing the users system is secure.

Sure getting the gold card will help you secure the Entropia account, but make sure you're not leaving an open door for other accounts she may have to be hacked.

Is your antivirus stuff up to date, and on all other PCs that your fiancee plays on? firewall on? Service packs up to date?
 
Cleetus said:
...this is my fiancee avatar we are talking about...
Click to expand...

Sorry to hear that boss. Hope it gets resolved. Didnt know Jess is ur fiance now tho o_0
 
Last edited:
Kpeters said:
I wouldn't say it would be clever to tell MA you have 2 accounts since that is forbidden in the Eula. :confused:
Click to expand...

He is not breaking the EULA?

Its his fiances account, if your son or your wife would play, do YOU have 2 accounts then?
no ;)
 
Cleetus, as someone else mentioned, I too have seen phantom avatars login and out. This has happened with socmates and half of us who have the person on FL will see the login notification the other half won't. So you might be seeing the same thing happen... I'm positive I've seen a couple ghost logins this VU though. So this may not be a hacking attempt but nonetheless having a GC is worth it just in case.

Maybe ask MA in the support ticket if the IP that logged in is the same as your fiancee's? Or even if they show any IP associated with the login? Regardless, I hope you are only seeing ghost logins as opposed the the other possibility... :mad:
 
I may be mistaken, but didn't you have this problem with your account once, Cleetus?
 
Norbert said:
hey mate

If you see her avatar offline - do a few wrong password log-ins to lock the account. Or try the same on the EU main website, as someone else mentioned just to lock the account down.
Hope things work out Cleetus.:(
Norb
Click to expand...

this is only a temp lock we tried that with our soc mate who had the same problem, best thing you can do is login and STAY logged in (not easy this VU lol)

if you need to go get an autoclicker and set it to click something every 5mins (im sure support would understand this!)
 
I reapet : GOLD CARD HAS TO BE BOUGHT AS SOON AS U CREATE AN ACCOUNT, INSTEAD OF WAITING THAT AVATAR AQUIRES VALUE....
 
How to avoid keylogging software:

Cut and Paste your password. In chunks. eg say my password is "CPfreak" I would cut/paste some portion of the p/word as in the bolded letters in this post. Whenever I am typing a p/word in such as for bank account or other important, regardless of computer, I use 'antikeylog strategies'. If you never actually type your password, you can't be keylogged, can you?
 
Immortal said:
How to avoid keylogging software:

Cut and Paste your password. In chunks. eg say my password is "CPfreak" I would cut/paste some portion of the p/word as in the bolded letters in this post. Whenever I am typing a p/word in such as for bank account or other important, regardless of computer, I use 'antikeylog strategies'. If you never actually type your password, you can't be keylogged, can you?
Click to expand...

New Login system doesn't allow cut and paste anymore.

I never type in password to any account, I always cut and paste password. Another method I use is the On-screen keyboard that is built into all windows OS.

Neither one is possible to use with the new EU login system. :(
 
Elford said:
New Login system doesn't allow cut and paste anymore.

I never type in password to any account, I always cut and paste password. Another method I use is the On-screen keyboard that is built into all windows OS.

Neither one is possible to use with the new EU login system. :(
Click to expand...

i was afraid that might be the case :( I hadn't tested it yet...

Maybe some playing around i will see if I can find a way around the Ctrl-V prob.

Alternatively... instead of cut pasting, you can chunk your p/word
fakerCP and then manually rearrange the letters... unless Ctrl-V is completely diabled, which would make sense if i require Winamp9 and have 11.6 :rolleyes:

My theory is that it is designed to prevent server spam, hence any mis-logs of a p/word are easily identifiable and resolvable by MA to block any offending IP. I could be way off, ofc
 
Cleetus said:
but making us type account and password every log in allows for keystrokes to be picked up easier i think...
Click to expand...

I think 5 seconds of vulnerability is much preferable to the previous system that left your password visible in memory for as long as you were connected.

At least, I am assuming that this change to the login system has fixed the memory vulnerability.
 
Actualy "memory vulnerability" (as you named it) is better than having to type something. "memory" password hack have to be aimed towards EU, while global keybord hook can see anything typed (or pasted to those guys pasting their passwords).

current system is better only in being somewhat custom (not using pre-made editbox with ES_PASSWORD style), so keylogger can't know if information typed is important.
 
Immortal said:
... If you never actually type your password, you can't be keylogged, can you?
Click to expand...
Yes, you can.

Depends what kind of 'hacker tool' has been installed on your computer, but reading the clipboard values is very simple to do.
 
There is a bug which makes some accounts seemed logged in - even though they are not. I had this happened with the priest at one point (though he has a GC) - so maybe you should not worrie. IF your fiances stuff is still on the avatar, it seems it might be the bug. Getting a GoldCard IS the best solution though - and I can't recommand it too often ...

Good luck
 
-=rAndom=- said:
"memory" password hack have to be aimed towards EU,
Click to expand...

Not really. The memory vulnerability became known through an unrelated program crashing on someone's computer and the crash report that was automatically produced included the person's EU username and password in plain text in addition to the crash data.

If a crash report could pull those types of details out of memory as plain text without even trying to, it would only be a matter of time before someone fell victim to this security flaw. Hopefully this new system has removed that problem.
 
I'm not quite sure how cut/paste gets around the keylogger issue. In order to Cut in the first place, it has to be typed. Everytime you reboot, the clipboard gets cleared, so you'd have to re-type it somewhere in order to get it back on the clipboard. And if you've got your passwords stored in a text file for this purpose, it kind of defeats the purpose of a password in the first place. Also, as someone already said, its very easy to monitor clipboard activities and keylog those too when you paste something.

The new login procedure is nice, but it doesn't eliminate the keylogger threat, it only eliminates your login credentials being sent in cleartext to MA's servers and to be honest, it may still do that.

Nothing says F$%* Off to a hacker better than vigilance and a gold card.
 
You must log in or register to reply here.
Back
Top