| Mail |
You might also like: WoW Insider, Joystiq, and more

Reader Comments (42)

Posted: Jan 21st 2011 8:02PM kpaq00 said

  • 2.5 hearts
  • Report
I got nailed in September; ironically shortly after F2P went live. Didn't have a single problem since launch, then boom.
I was left with the clothes on my back, and nothing else. Not even travelling rations were saved. Vaults were wiped out too where they could get to them. Didn't help i had the majority of my crafting mats in shared storage. Between gold, mats, and consumables, I probably lost over 300G. (not to mention 2 symbols of cele that I was saving) In return, they offered 10G to get back on my feet. From lifetime founder to never logging on again.
I accept my part of the responsibility for what happened, but still... I have 2 anti-viruses, 2 malewares, and a spyblocker running at all times. And nothing flagged any malicious threats. And I run full checks weekly, and had nothing come back after the hack.
I know they claim deniability, but there's gotta be something wrong with their end if they're having this many problems since the F2P launch and forum login change.

Posted: Jan 21st 2011 8:16PM Ryn said

  • 2.5 hearts
  • Report
@kpaq00 i am sorry to hear that, and this is what I wrote about in my post, was simply restoring the player to what they had before they were hacked. Sorry for your loss, i don't blame you for not playing now.

All game developers should pay attention to your post and learn from it.
Reply

Posted: Jan 21st 2011 8:23PM aurickle said

  • 2 hearts
  • Report
@kpaq00
I would NOT recommend two antivirus software programs running. These do have a habit of conflicting with each other, which can actually leave you even more vulnerable rather than less. Just pick one good antivirus app and use that. (However, you can "keep it honest" by periodically doing a system scan with one of the various online scanners that's available. Since these don't install to your system, they don't conflict.)

Personally, I use Avast (the free version) and have had very good results with it. It was recommended to me by a few IT professionals because of the fact that it's far less invasive than Norton, yet very solid.

Also, I strongly recommend a router, even if you don't have a network and usually just plug your modem directly into your computer. A router serves as a hardware firewall, which works far better than software firewalls at preventing attacks from outside. ALL the outside world can see is the router. They cannot get past it unless a path has first been opened from inside. (Which is why you need to have antivirus software and common sense, so that malware doesn't get installed on your system and call out.)
Reply

Posted: Jan 21st 2011 8:33PM DeadlyAccurate said

  • 2 hearts
  • Report
@kpaq00 Same story. They gave me back 15 gold on one toon and 2 gold each on the others. I simply couldn't understand why they wouldn't roll back to the pre-theft state. It was a month before I felt any desire to play. Even now, all I've done is run a couple of skirmishes and do some of the festival events. My desire to play was seriously diminished, not so much by the theft as by Turbine's response to it.
Reply

Posted: Jan 21st 2011 9:18PM JoeH42 said

  • 2 hearts
  • Report
@Tempes Magus I totally agree about Avast. I've been using it for years and the only time I've gotten a virus was when I was using torrents or doing things that are risky. Also if you do get a Malware virus I recommend Malware Bytez.
Reply

Posted: Jan 21st 2011 10:34PM kpaq00 said

  • 2 hearts
  • Report
@aurickle
I have Avast, as well as the norton that comcast offers for free. I've had instances were both have picked up things the other didn't, but Avast is fairly good at catching most things. Also, I do use a router/firewall. I may know about Internet security, but the rest of my family doesn't. Heh
Reply

Posted: Jan 23rd 2011 10:56AM Aardvarkk said

  • 2 hearts
  • Report
@kpaq00
They got me too, back in November, completely wiped out my characters on my Brandywine account. I had stacks of mats my main had saved up for all my crafting alts, everything was gone.

I checked for keylogging software, malware, etc but my system was clean, I have no idea how they got into my account.

I will say, logging in to a blank inventory/vault is the worst feeling. Turbine was good about restoring some gold, but when everything that isn't bound to you is gone, it's disheartening.
Reply

Posted: Jan 21st 2011 8:13PM Nandini said

  • 2 hearts
  • Report
Kudos for having the fortitude to bring these issues up so directly and prominently.

Posted: Jan 21st 2011 8:14PM Ryn said

  • 2 hearts
  • Report
Account security is a double sided sword for developers. I say they need to take it way more seriously than they do. I know if I got hacked and all my stuff taken, and then a token of what I had came back to me, I would seriously consider not playing the game ever again. I see no harm in restoring a player that has been hacked back to where they were before the hack. I have a friend that got hacked in WOW (no authenticator) twice, and it took forever to get his stuff back (more than a month) let alone be able to log into his account. In the end both times, he was not full restored. I'm not calling out Blizzard, I'm just using that as an example in saying players that are hacked should be fully compensated and returned to their original status.

Not doing so in my opinion will only drive players away from the game. Developers need to take a vested interest in account security going forward if they want to stay in business. It's just that simple. Whether it be authenticators, a password of a certain strength, on screen keyboard to log in from, ect . Game companies have been too far behind this issue since forever.

Gamers also need to have good virus protection and use strong passwords. But in the end, I don't believe that it's in developers interest to not address this issue more than they are. If they don't, customers will only get fed up and walk away.

For the record, I have never been hacked. But with my luck or lack there of, since i responded to this I will probably be hacked. Wish me luck!

Hopefully I get all my stuff back!

Posted: Jan 21st 2011 11:33PM Jade Effect said

  • 2 hearts
  • Report
@Ryn

How is Turbine or any MMO company to know you really got hacked, or if you gave everything away, make up some story about getting hacked and want a free "reimbursement"? It's just screaming for abuse.

"Ahhh, I got hacked again for the 45th time! Please Turbine gimme 250 gold and all those stuff that somehow got sent to my guild members and everyone in my friend list!"
Reply

Posted: Jan 22nd 2011 6:02AM Dril said

  • 2 hearts
  • Report
@Jade Effect

Because the IT staff at Developer HQ are a lot smarter than that. They know what IP you logged in from, all of your chat log history etc etc.

Wouldn't work, and doesn't in every other game.
Reply

Posted: Jan 22nd 2011 8:37AM pid said

  • 2 hearts
  • Report
@Dril So what are they supposed to do with an IP?
I can walk down to the next Internet Cafe and log in from there. No way you could tell this was *NOT* me.
Many problems come from UI mods where you have to run a 40 MB installer to get a tiny program that tells you next to useless info about something in-game. This is kind of an auto-hack.
Reply

Posted: Jan 21st 2011 8:48PM Nottom said

  • 2 hearts
  • Report
I was hacked and cleaned out almost 2 weeks ago. I was in-game at the time and got kicked out as described in the article. No word from the GM's yet but if they think that paying me a few gold is sufficient compensation they are dead wrong. The last time I log in will be to blast them in a petition.

I've never had an account in any game hacked before. I take all the recommended precautions. No keyloggers or anything else on my PC.

This sounds an awful lot like a breach on their end.

Posted: Jan 21st 2011 8:50PM DataShade said

  • 2 hearts
  • Report
There was an article recently about how in 2009 PDF exploits jumped to something like 6% of all attack vectors; for 2009, JavaScript exploits accounted for 7%. Neither are typically caught by standard anti-virus programs.

Posted: Jan 22nd 2011 12:02PM Icemasta said

  • 2 hearts
  • Report
@DataShade
I am pretty sure Javascript exploits and Adobe flashplayer are under-reported, because from what I could gather from people who got hacked, those are the 2 main sources. Seriously, half the people I know (including myself) got hacked by just checking out what a phishing website was without entering any information. By browsing an untrusted website without using Adblock/Flashblock and Noscript, you run the very real risk of getting hacked. The worst part of it all? Adobe Flashplayer exploit installs itself in memory, keylogs everything, and then sends everything it gathered when you shutdown and then there are no traces of it since memory is practically erased(Technically, it's possible to view what was in the memory using a memory reader, but that's overcomplicated).

MMO-champion and Guildwarsguru were both victim of Adsense exploit and keyloggers were installed as invisible flash without their knowledge. Took 3 months for someone to figure it out on guildwarsguru and 2 weeks on MMO-champion. Basically, the only way to spot those would be reading the source code daily to be sure no new flash thingy was added.

Also, a tip for passwords: Use an algorithm! Been using that for the last couple of months and it's a pretty great idea for passwords.

Lemme give you an example:
Let's make an algorithm using your nickname, the thing you are registering to, the amount of letters in your nickname and the amount of letters to the thing you are registering to.

So we have DataShade(9), registered on Joystiq(7).
Let's take every 2 letters of your name, for 4 letters.
DtSh
Then the number of letters in your name
09
then number of letters in joystiq
07
Then the last 4 letters of the website you're registering to
stiq
And thus you have the unique password DtSh0907stiq ,very hard to guess, yet very easy to remember and use! And if someone hacks one of your account? The password is at least partially different because of different website names, account names and length.
Reply

Posted: Jan 22nd 2011 12:04PM Icemasta said

  • 2 hearts
  • Report
@Icemasta
Edit: Should ready DtSa lol
Reply

Posted: Jan 21st 2011 9:34PM JoeH42 said

  • 2 hearts
  • Report
One other thing that bears mentioning: one of the biggest mistakes people make is always using the same username and/or password. If you're using the same username for two dozen websites and your account, all it takes is one of those websites having poor security (or being an outright plant) and you're in trouble.
XKCD even did a very accurate comic about it a little while ago. Just go onto the website and look at comic 792. As they point out "Set up a web service to do something relatively simple like image hosting or tweet syndication, [or guild websites] so a few million people set up free accounts. Bam you've got a few million e-mails, default usernames, and passwords..."
Which is why I use a different name and password for each MMO, and use a default "junk" name for websites like this one (no offense massively!) and just keep it all on a 5 x 9 card in my wallet written in a personal code. Never had any problems.

Posted: Jan 21st 2011 9:34PM DemonXaphan said

  • 2 hearts
  • Report
Sorry to hear you got hacked but in any MMO most people do get it. I've been hacked twice in different MMO's myself and it does leave one with a sense of dread to even go back to play if the customer support is notoriously bad in restoring your stuff.

Like others have said in above posts, use a router, good AV and firewall and routinely do scans. Also use hard to crack passwords.

Best thing these companies can do is use pin entry or Blizzards authenticator system to stop these types of attacks.

Posted: Jan 21st 2011 10:49PM kjhasdfjkhk said

  • 2 hearts
  • Report
I was hacked once in WoW a few years ago but got my account back and everything was fine. Other than that, never had a problem. My girlfriend at the time, however, was also hacked a few months before that, and she lost everything. She was given a "free character" back which was the same level, class and race as her main, as well as a fancy new mount and a ton of gold, so I guess it wasn't all bad. Gear was a little sucky though. We actually were contacted by the hacked through her email (he sounded like a 10 year old kid, which he probably was) laughing at her for getting her account hacked, which just proves how stupid and immature most hackers are. I understand some reasons for hacking, but what I don't get is hacking/transmitting viruses just for the sake of making people suffer and inconveniencing them. Serious sociopathic behaviour right there. I wonder what that 10 year old kid is going to grow up to be.

Posted: Jan 22nd 2011 12:52AM MrsAngelD said

  • 2 hearts
  • Report
The icing on the cake for all these hacking issues, is codemasters changing their policy and doing rollbacks for hacked LOTRO accounts, while turbine is content to rest on their laurels and only give victims of hacking a few measly gold.

In LOTRO if you have a level 65 character that you have played a while I can guarantee your toon has a lot of stuff that you can't just buy back on the AH. Legendary weapons are not easy to come by & require lot's of time & patience to get right. If you loose it your going to have to start from scratch and that could mean a few months(depending on how many hours a day you play) spent just looking for a good weapon that has decent legacies, not to mention the time required to level it and get it in good condition. Then there are the BOA & BOE items which can only be gained through special events, instances, or the store.

From what I've seen in the forums, turbines actions only serve to further victimize people who feel they have already been victimized. It's bad customer service and the policy could really use some change.

Featured Stories

The Think Tank: Thoughts on PAX East 2014

Posted on Apr 17th 2014 8:00PM

The full scoop on Marvel Heroes' team-ups

Posted on Apr 17th 2014 4:30PM

Hands-on with Hearthstone for iPad

Posted on Apr 17th 2014 3:30PM

Engadget

Engadget

Joystiq

Joystiq

WoW Insider

WoW

TUAW

TUAW