Spammer/Hacker logged into my account and created a character to gold sell?

[Facespasm]

Thanks for the reply i set up the one time password I hope you are right that this will disconnect them

These hackers are extremely aggressive though it is no wonder they can get into accounts easily because of the lack of human check for the login. There is no stopping hackers if they want to brute force simple passwords. I should have realized how aggressive they are.

They are hacking your account because you were stupid enough to visit their website and/or buy their gil. It's how their system works. Hack the buyers' accounts to sirculate the gil/gold = less work for them. All profit, zero loss. Been like that since i first saw them appearing back in 1999.

There's no rule saying you can't use your brains and stop to think for a second. Hindsight won't help you anyways.

In conclusion. There's no protection from stupidity.

[Dozer]

Try canceling your service account and wait a few hours - it will eventually kick the account offline. I don't think this is a keylogger and it is just a brute force attack. This just happened to a friend of mine over the weekend and he didn't have the one-time password, and his normal password was crazy weak.

He was lucky I was online, happened to wander into the zone his character was shouting, and then was able to get a hold of him (he was on a cruise with his wife and kids). Who knew you could text someone on a cruise? Hope he wasn't roaming. haha

In the end, they didn't take anything from his character - no gil, no items, nothing. Granted, he didn't have much but it makes me think this whole account snatching operation is just automated.

[Dozer]

They are hacking your account because you were stupid enough to visit their website and/or buy their gil. It's how their system works.

What a short-sighted and foolish assumption. Keyloggers on sites is certainly one way but not the only way. If someone has a dumb password, and no one-time password, all someone has to do is brute force it.

Some people here probably use the same forum name as their login so all they have to do is crawl this forum for user names, then try to brute force the login. This isn't rocket science. They have been doing this crap for years.

[Sove92]

Have fun trying to brute-force a randomly typed password when there are billions of other possible passwords. Brute-force really only works for weak password, otherwise you need to extract the hashes from SE's servers

[Facespasm]

Have fun trying to brute-force a randomly typed password when there are billions of other possible passwords. Brute-force really only works for weak password, otherwise you need to extract the hashes from SE's servers

Exactly this.

People deny everything when confronted with the truth though. Even more so on the internet.

[Noata]

Have fun trying to brute-force a randomly typed password when there are billions of other possible passwords. Brute-force really only works for weak password, otherwise you need to extract the hashes from SE's servers

Not entirely true, rainbow tables have every possible compilation, even a very complex password that is not more then 10 characters can easily be hacked. often times though the use of malware is involved, usually they attack fan sites that are poorly defended from intrusion and work toward stealing account info. this has proven to be a reliable source for password comparison. An average person might be content with using the same password and username for everything they do with a particular MMO.

I would more likely bet a fan site than anything else. a brute force attack only works best when you have confirmed information. keyloggers and other malware tend to not have the functionality necessary on a PC with default User Access Control *UAC*. Also some anti-virus run heuristic scanning, which would stop applications executing a certain type of behavior.

[kazaran]

Tips:

Do not deal with RMT:

* Many have been caught signing up for power level services. They require log in info and at that point use your account to advertise as they do it.

* Never give your info out.
* Rotate main password.
* Use a security Token or App
* don't go to RMT websites. A majority trigger upper security programs and are marked unsafe.
* add RMT sites to unsafe reports for security programs.

Add your security Key now. It will cause a relog. Contact SE if your accoutnt is comprimissed, note they will do a full check. At times they leave it active to trace log linked accounts and trade to track others.

RMT gold is not worth it. It seems they advertise at 10.00 per 100k on average. That's 100.00 USD for 1mil. Not worth account hijacking and being banned.

[cooler989]

I had same issue I'm now able to log into my account and I created a ticket to perform the rollback. What I want to know is if I can play now and not lose any new data I want to do the seasonal event...

[Dozer]

Brute-force really only works for weak password, otherwise you need to extract the hashes from SE's servers

I've constantly been saying "weak passwords", which is exactly why brute force works. My friend got nailed because his password was incredibly weak.

Harvest all the usernames off this forum. Use them in combination with a dictionary of commonly used words set into common password patterns and you will get some hits. Not all brute force methods are completely random attempts at guesses and no hacker of gaming sites/games is going to spend time trying to crack a single user's randomly typed password unless it is for a very specific purpose. For cases like these, they are going to go for the low hanging fruit and the people who are silly enough to give them hits with weak passwords.

My point is, going off on the OP saying they are a gil buyer is short sighted. People are out there with weak-sauce passwords just asking to be hacked.

[Kahlane]

I usually change my passwords on a weekly basis. But for added security, I want to use a security token. My question is; does the token from the 1.0 CE addition still work?