Menu
What's New
By:
Filters

Dmatrix was hacked

Tepes said:
snip

But if this particular thing is connected to Virtual Tycoon, then MA should step up faster than usual and restore players property in the end. If words goes by that you can hack an account here and there and that by jumping peds through 100 alts will give you time to wreck the economy of the game until someone reacts few days later...
Click to expand...

I know its not "real" money but in WoW if you get hacked all your stuff is normally restored within 2 days and Blizzard seems to just not care about the hackers.

Here this is real money, MA should be doing everything here to calm the nerves of those who have been hacked, a simple reply like , "yes we are aware and working on this" would mean so much to those who are locked out or have been hacked. It takes like less than 2 mins to do this.
 
SoReal said:
I know its not "real" money but in WoW if you get hacked all your stuff is normally restored within 2 days and Blizzard seems to just not care about the hackers.

Here this is real money, MA should be doing everything here to calm the nerves of those who have been hacked, a simple reply like , "yes we are aware and working on this" would mean so much to those who are locked out or have been hacked. It takes like less than 2 mins to do this.
Click to expand...

As he told :wise:
 
I am really sorry this happened to you mate.. I hope it can still get sorted out somehow..

But, it's extremely scary to see how many people have no GC.. Like do you remember the bug where people with Gold Card could not login at all? One uber kept streaming his hunts (as you had to disconnect first in order to not being able to login back).. You would be fucking surprised how many high skilled avatars were logging in and out, meaning no gold cards.. I was shocked..
 
If it was a brute force attack it's quite ridicolous, it shouldn't be possible to have more than 3 attempts to login without a protection built in the app, GC increase the secutiry but still getting a password of an accound should be made a very difficult operation.

And since when you lose money from your bank account because the credit card was hacked you will be paidback from the bank, EU shouldn't be different, expecially when payback means just to take back few ped TT of virtual items that MA can have back from the account where the peds was moved to, account previously locked of course.

Players shouldn't have the fear to lose so much valued items by account hack, MA have to solve this forever and share measures publicly, nothing more nothing less. :wise:
 
Last edited:
giuly_adm said:
If it was a brute force attack it's quite ridicolous, it shouldn't be possible to have more than 3 attempts to login without a protection built in the app, GC increase the secutiry but still getting a password of an accound should be made a very difficult operation.

And since when you lose money from your bank account because the credit card was hacked you will be paidback from the bank, EU shouldn't be different, expecially when payback means just to take back few ped TT of virtual items that MA can have back from the account where the peds was moved to, account previously locked of course.

Players shouldn't have the fear to lose so much valued items by account hack, MA have to solve this forever and share measures publicly, nothing more nothing less. :wise:
Click to expand...

Bruteforce would be crazy.. would take years, unless password is 1234. Hacker needs to have username also.
It is not system password that can be brutoforced, but it is on server and it takes some time to check it.. bruteforcing would either be very very long process (we are talking about hundreds of years) or if they find a way to check it faster it would definetaly crash MA servers.
 
giuly_adm said:
If it was a brute force attack it's quite ridicolous, it shouldn't be possible to have more than 3 attempts to login without a protection built in the app, GC increase the secutiry but still getting a password of an accound should be made a very difficult operation.

And since when you lose money from your bank account because the credit card was hacked you will be paidback from the bank, EU shouldn't be different, expecially when payback means just to take back few ped TT of virtual items that MA can have back from the account where the peds was moved to, account previously locked of course.

Players shouldn't have the fear to lose so much valued items by account hack, MA have to solve this forever and share measures publicly, nothing more nothing less. :wise:
Click to expand...

I think if you fail to login 3 times in a row there is a cooldown of 30 mins before you can try again. That stops brute force attacks (but allows you to login when you've turned the CAPS LOCK off ;) ).

As to MA having to solve anything, they've had the Gold Card system since before I played in 2006, and if you deposited enough they even used to give it away for free (I dont know if that offer still exists, but if it does, and you qualify, I'd get one immediately).

Quite honestly, if your account is worth over 1000 Ped I'd get one immediately anyway.
 
Looking through some old threads (like this one) confirms that after 3 wrong passwords, your EU account is locked for 30min.
Wouldn't that make any 'brute force' hack extraordinarily slow?
And surely you'd notice and query the lock message if you tried to log in yourself during that period.

If however the hack has been via password acquisition from Virtual Tycoon, I'm curious as to what other EU related apps that the two people who have reported being hacked here have in common.
 
GradenFoss said:
A friend just mentioned that maybe rather the Virtual Tycoon app was involved.

This would explain some of the strange acting, in so far as in the app you cannot unequip attachments.

You use that app?
Click to expand...

Cant be. VIrtual Tycoon doesnt allow PM´ing. And you cant trade ohter players. So its not Virtual Tycoon directly.. Maybe someone aqcuired the password from your phone while you used virtual tycoon, but after that computer was used.
 
Sorry for your loss. As many others already expressed it is highly interesting to find out how this happened.
 
I have a Gold Card from 2007 and I agree everybody should have one.

I am not an hacker and don't know how it works but if items with attachments wasn't lost there might be a reason, I understood it was using Virtual Tycoon, maybe not...

About the measures MA should take, the restore of the account imho should be done related to the nature of the loss and the effort needed to solve it.
 
Serica said:
Looking through some old threads (like this one) confirms that after 3 wrong passwords, your EU account is locked for 30min.
Wouldn't that make any 'brute force' hack extraordinarily slow?
And surely you'd notice and query the lock message if you tried to log in yourself during that period.

If however the hack has been via password acquisition from Virtual Tycoon, I'm curious as to what other EU related apps that the two people who have reported being hacked here have in common.
Click to expand...

The question was if wrong password entry is handled in a different way if you type wrong password 3 times in Virtual Tycoon.

A brute force can also be spiced with a wordlist, with some salt.

Lets say i have the username, and virtual tycoon dont have block if 3 wrong passwords, and a standard dict file with some salt number.

password_strength.png
 
I guess we need someone to test if there's a difference in the 30min lock after 3 incorrect passwords between logging in via mobile vs PC then.

I don't have installed Virtual Tycoon installed on my phone though, and I'm not volunteering to :)
 
giuly_adm said:
...

I am not an hacker and don't know how it works but if items with attachments wasn't lost there might be a reason, I understood it was using Virtual Tycoon, maybe not...

...
Click to expand...

Yea...that's something I don't quite understand as well. Are items with attachments unable to be TTed until its unattached?

With the pming and stuff...I would also feel that they have access to and are using the EU client to perform the deed. However, that raises the question of whether they're "that" illiterate to the game to the point of not being able to unattach stuff and yet know how to access the storage as well as TTing stuff?

There must be a "missing link" somewhere...

How were they able to gain access to their accounts and why them and not others?

Just curious...
 
Last edited:
Serica said:
I guess we need someone to test if there's a difference in the 30min lock after 3 incorrect passwords between logging in via mobile vs PC then.

I don't have installed Virtual Tycoon installed on my phone though, and I'm not volunteering to :)
Click to expand...

I will do it later on. When i get near my home WIFI.
 
Dmatrix said:
I did not have a gold card, i know im a dumb ass for that but if that is the only way to keep my account safe, why is that an option and not requirement when people create an account?
Click to expand...

Not sure if this was a serious question or not, but it is not compulsory because then it would cost 20 dollars to make an account which would be very bad for business. Alternatively Mindark would have to give away gold cards for every account made including all the scammer alts (obviously worse for business).
 
Just noticed from fred's thread that he doesn't use Virtual Tycoon.

So while (conceivably) VT was used to run a brute force hack (if it doesn't have 30min lockout after 3 wrong attempts) and then log in to the account via PC (because Dmatrix's avatar sent a pm, and you cant do that on VT), it's not likely to be a dodgy 3rdparty app on a phone that's been used to steal the login info then.
 
Why did MA remove the offer to buy gold cards through PEDs in TT machine?

But Freds post states

"Also I do not use Virtual Tycoon" So hack is not through Tycoon is bet.

So seems to be some sort of keylogger, phishing mail or re-directed to a fake login site for Entropia. (google ads is full of malware sites)

Would type inn "msconfig" in run @ windows and check what kinds of programs are listed under startup. Usually find some stuff in there.
 
One more thing to raise...

Do the two of you use or tried any "external" sites that pays "PEDs"? And do you by any chance use the same login and password for them? (Don't think you guys would do that...but I'm just asking of course.)
 
My ticket was updated, there is no security breach on the Tycoon app. Keep calm.

MA is monitoring both threads by the way, and are working on it right now.
 
sawachika said:
One more thing to raise...

Do the two of you use or tried any "external" sites that pays "PEDs"? And do you by any chance use the same login and password for them? (Don't think you guys would do that...but I'm just asking of course.)
Click to expand...

That is something i have done myself, (used same combination on every single site i used, and once i was targeted and many account hijacked, after that i have never used the same password again on all the sites)
It could also be some regional EU forum, trade calculator etc etc.. Just dont use same passwords ingame and on forums and other 3rd party sites.
 
When I need a password I generally also use something like this :
https://strongpasswordgenerator.com/

so my password is something like :
2k(r0,Mi^}W}69V

impossible to guess and also remember and not based on a dictionary word or combination.
 
Really sorry to hear about you getting hacked, I hope it can be resolved and you don't feel the need to leave eu.

Ofc all names and screenies of the chats have already been removed from this forum by the time I got a chance to see it.

Can I get a copy of the screenies and names from someone in a pm?
 
SoReal said:
When I need a password I generally also use something like this :
https://strongpasswordgenerator.com/

so my password is something like :
2k(r0,Mi^}W}69V

impossible to guess and also remember and not based on a dictionary word or combination.
Click to expand...

impossible for a human but a computer dont see it the same way.

and also.

How do you know the web page you use for generating your pw doesent save all pw´s generated and give the owner a huge list to play with?

If i wanted to know how people think regarding their passwords i would setup a "test your password strength" site and save all queries :)
 
K tried out Virtual Tycoon, 6 times wrong password after that right one, and boom i am in :)

UPDATE: IT does lock, just tested again it took 5-10 attempts to get locked. For 1 hour.
 
Last edited:
interesting , but the game login will lock you wont it after 3 missed passwords ?
 
whiteknut said:
K tried out Virtual Tycoon, 6 times wrong password after that right one, and boom i am in :)
Click to expand...

Are you for real saying MA have no lockout on password attempts via Virtual Tycoon?

These guys handle real life cash, this is wrong in so many ways....
 
ermik said:
Are you for real saying MA have no lockout on password attempts via Virtual Tycoon?

These guys handle real life cash, this is wrong in so many ways....
Click to expand...

Virtual Tycoon does lock your account if too many times wrong password.
 
whiteknut said:
looks like that.. can try again if you want :) Typing total bs and trying 10 attempts.
Click to expand...

SORRY MY BAD, it is like 5 attempts or 10 to get it locked :D i am locked now (for 1h) :)(My gf is tbh)

So it is offical IT WAS NOT Bruteforce entry! It was just stolen password, so noone to blame (except OP carefulness)
 
You must log in or register to reply here.
Back
Top