| Mail |
You might also like: WoW Insider, Joystiq, and more

Reader Comments (15)

Posted: Feb 26th 2011 8:22PM Pingles said

  • 2 hearts
  • Report
The only reason I did not return to LOTRO when they added F2P was because my account was hacked a YEAR after I had quit. I got an email that there was activity on my account, figured it was a phishing scam so went straight to Turbine site and found my toons were all naked.

When I contacted them they said I must have a key logger on my PC. But I never had the game on the PC I was using when my account got hacked.

They have some kind of problem on their end.

Glad to see they are taking it more seriously.

Posted: Feb 27th 2011 12:41PM Nottom said

  • 2 hearts
  • Report
@Pingles

Agreed.

My PC was completely clean after my account was hacked so there's an issue somewhere on their end.

Sadly they implemented this new policy 2 weeks after they reimbursed me under the old policy. The thought of having to go back and replace all the crafting mats I had stockpiled to level my toons just turned me off completely, so I canceled my account.
Reply

Posted: Feb 27th 2011 10:28PM Icemasta said

  • 2 hearts
  • Report
@Pingles
I hate to break it to you, but if it was on their end, complete server populations would be devastated in minutes. It takes minutes for a bot to empty a character and does it 24 hours a day. It's nothing mythical like you see on movies where people will "hack" and only be able to retrieve a bunch of passwords. Passwords are stored on an encrypted drive, generally behind an additional layer of security, and hashed AND salted, yet all of this would store itself in less than a GB of data for all the current players. So if it's really server side, everyone's account should be empty right now, not just a couple.

Now, getting phished can compromise a very wide array of techniques, many undetectable such as the recent rise in flash keyloggers, which leaves no traces and are almost impossible to scan. Furthermore, people who hack have millions upon millions of replies.

Just to give you an example that I did 2 years ago when testing the common method of infiltration hackers used. I used a trial WoW account and a trial EQ2 account. I used the same password for both, then I went to a known phishing website. I did NOT enter any information, but just browsing the website activated the flash keylogger as I mentioned previously. I logged into WoW, played for an hour, logged off, and waited. Something like 2 months later, I get a nice e-mail telling me my subscription has been activated! I log into my account to see the few couple silvers I had are gone, with all characters now empty. 2 characters are now much higher level, probably used as bot. I obviously reported this and requested the game to be closed.

So from the time I was keylogged to the time I was hacked, it took 2 months. Now, I did mention EQ2 earlier, but I did not even log into the game once! How could they know?! Easy, they test the same account/password combination through a wide variety of games. It took 8 months, 6 months after WoW was hacked, my EQ2 account got activated. Same thing here, characters were created, probably used as bots.

From what I could gather, hackers/phishers/etc.. will collect heavy lists of passwords and test them through bots on various games until they get a match, after which either an automated bot or someone goes through your stuff and sells it. If I used that account/password combination today on some MMO, I am probably sure it would flag up somewhere eventually after bots run it through again.

I'd say in the majority of cases, the keylog did not happen within the same month that you were hacked.

Also, please, don't blame server sides. When server side does get pierced, you'll know it and you'll know it fast. Example: when FFXI servers were breached not too long ago. An entire server was emptied like 48 hours, they just forced a password reset on everyone and rollbacked the server.
Reply

Posted: Feb 26th 2011 8:56PM Aardvarkk said

  • 2 hearts
  • Report
Had my account hacked last year, and while Turbine was nice and quickly restored a fair amount of gold, it was still a pain getting back gear, food, banked crafting mats, etc.

This will be nice to anyone who's account gets hacked (and reports it within 7 days). Would be nice to see an authenticator like Blizzard's or something similar to help combat accounts being hacked in the first place.

Posted: Feb 26th 2011 11:09PM Darkdust said

  • 2 hearts
  • Report
You might want to run a spell checker on the article title.

Posted: Feb 26th 2011 11:38PM Nepentheia said

  • 2 hearts
  • Report
@Darkdust

LOL Geesh... yeah, no kidding!

"reiumbursement", not to be confused with "oeverepopuleatieon" x-D
Reply

Posted: Feb 26th 2011 11:51PM Pingles said

  • 2 hearts
  • Report
It's just a simple tyuwpo!

Posted: Feb 27th 2011 1:08AM (Unverified) said

  • 2 hearts
  • Report
Restoring back at least some items for hacked accounts is a step in the right direction. Giving some gold to people who lost legendary weapons that took several months to build up was just not right.

Hopefully Turbine can fix the lag that plagues the servers for more than a week now. The game is nearly unplayable now and people are canceling raids because of lag. Lag topic on the forums is 13 pages long. I know people in our kin are upset and Turbine will start loosing customers if they don't fix it soon.

Posted: Feb 27th 2011 4:45AM Seffrid said

  • 2 hearts
  • Report
I think Turbine were shamed into doing this in the light of Codemaster's superior way of handling hacked accounts. Turbine's approach was embarassing them.

Posted: Feb 27th 2011 5:28AM dudes said

  • 2 hearts
  • Report
I can't even get the client to install properly so if my account is hacked at least it will have some exercise..

Posted: Feb 27th 2011 9:32AM fodder650 said

  • 2 hearts
  • Report
My account was hacked on the 21st and I had heard the policy was just to get some gold back. I have 8 alts all loaded. I was surprised on the 24th when i got every item back except for my legendaries that werent equipped.

On the 23rd I was playing and my account got banned for suspicious activity. I had eight tickets open and no one seemed to have let those running the test know. But i called Turbine and they had it unbanned in less then an hour. Unlike Sony I was able to call Customer Service and get someone quickly.

Posted: Feb 27th 2011 12:37PM Nottom said

  • 2 hearts
  • Report
Well, when I canceled my account a few weeks ago I complained about their crappy reimbursement policy.

It would appear that I wasn't the only person.

Posted: Feb 27th 2011 2:24PM Aelon said

  • 2 hearts
  • Report
So why don't they restore everything again?

Posted: Feb 27th 2011 10:45PM Icemasta said

  • 2 hearts
  • Report
@Aelon
Short version: 'cause you pay for players who screw up.

They can't really use a rollback system because people who got hacked will QQ that they would lose the progress they made between the restoration date and the hacked date. Players like to have their cake, eat it and throw it at people too!

The 7 day margin is probably because they'll store character/account infos periodically and they'll restore items according to the last/best known record. They'll probably dump everything past the seventh day. The reason why this sucks for everyone else is that they have to create each item from ID, which can take a single person several hours. So for each person hacked, about 10-100$ will be wasted on restoration instead of development.

I've been hacked before and I decided to bite the bullet and forget restoration because it's a waste of everyone's cash. It's a harsh world, gotta learn to protect ourselves!
Reply

Posted: Feb 27th 2011 5:02PM Tovrin said

  • 2 hearts
  • Report
It's a start ... but I'd like to see an authenticator option.

Featured Stories

Engadget

Engadget

Joystiq

Joystiq

WoW Insider

WoW

TUAW

TUAW