The Hacker and You: How gilsellers steal your account and advertise in your name.

Well if he ever walk on a street and get shot dead, I should reply with his theory ^^

Great OP! (It's computer (in)security, plain and simple)

This is what I would do to prevent this:

Secure your browser/computer first. (Uninstall Java if you don't need it, update flash/browsers/programs/Windows, run as limited user, stop using IE, ad/javascript blockers)

I also would strongly recommend using a secure password generator, like one built into a secure password manager. (And change them if you think that they are at risk of being compromised)

I would also strongly recommend using 2 factor authentication (software/hardware tokens) on your email addresses/other game accounts if at all possible. (Google makes one for Apple devices and Android devices called Google Authenticator, Microsoft makes one for Windows Phone).

But yeah, one last thing.... If you think your computer is infected, DON'T TRY TO LOG IN! (Disinfect that sucker!)

Stay secure guys!

Edit: Didn't realize someone already talked about all of this in a previous post...

Quote:

---

Originally Posted by GomE

I checked his profile and he's a 10 PUG with 16Miner.

---

Coincidentally my main char in ARR is 12 ARC with 18 BTN. Made a promise with my other half to not level without her. So I'm stuck in Gridania without leves... At least I got all the woods!

</derail>

Account stealing is serious business. Give 'em hell!

Quote:

---

Originally Posted by ShinrinCole

There are plenty of stuff you can do to keep hackers out of your account... SNIP.

---

And everything u just posted is already confirmed to have absolutely no help in protecting accounts against the Game Clients security hole.

And what is up with a known memory leak (since Phase 3 and still persistent) coming from the server client to all local clients

I know that's why I use the keyword "suspect" lol :) No offence though

Yeah, they do need to fix that exploit sometime soon!

Don't forget that you can go to a completely legitimate 3rd party site and get a keylogger. You don't have to go to a RMT site at all. It's very easy to pick up a keylogger from an ad on pretty much any website. Most websites sell that ad space to large advertising clearinghouses, and those services may not actually vet the ads they put up in their stream. Mouse over a compromised ad on an unsecured computer, and you probably have a keylogger.

A variance in a username is important too. Use an unique Username if possible too.