Spammer/Hacker logged into my account and created a character to gold sell?

[Riko_113]

They are hacking your account because you were stupid enough to visit their website and/or buy their gil. It's how their system works. Hack the buyers' accounts to sirculate the gil/gold = less work for them. All profit, zero loss. Been like that since i first saw them appearing back in 1999.

There's no rule saying you can't use your brains and stop to think for a second. Hindsight won't help you anyways.

In conclusion. There's no protection from stupidity.

Um, I have never bought gold in my life and never go to those sites. I've had both my Blizzard and NCSoft accounts hacked years ago. That may be one method they get account info but is clearly not the only way.

One bonus of the CE for this game was the included Token which i should probably activate soon(this thread is making me scared).

People, even after they get hit with facts, scream out in denial "I DID NOT DO EET!". It's a human error. It's coded into our DNA, to deny everything even when faced with facts. Some are just a bit more in denial than others, sadly.

I've never trusted anyone who says their account has been hacked. It's a sure sign of a person who's been in contact with their websites and/or used their services.

Oh i agree about the denial part. You're so full of BS that when someone pops a hole in your little idea you start throwing around accusations rather than admit you're wrong. There's other ways to get hacked than your idea. They've been mentioned in this thread alone. I work in IT and I'm working on my degree in Network Security at the moment. Perhaps you should do some research.

[Disa]

I usually change my passwords on a weekly basis. But for added security, I want to use a security token. My question is; does the token from the 1.0 CE addition still work?

Yes, I use the one SE started selling a few years back for FFXI.

[Facespasm]

What a short-sighted and foolish assumption.

This is no assumption, bud. You haven't been around playing mmorpgs for very long have you...?

You need to get out of your pink bubble of denial, and wake up to the facts.

Here. Let me educate you a bit.

1: Gold/gil/whateversellers doesn't care about non-customers. Why? It's POINTLESS.
2: The reason they target buyers specifically is because they ALREADY HAVE BEEN INFECTED WITH A KEYLOGGER.
3: These guys practically live and breathe for the motto "Time is Money". Which is why they won't waste any time trying to brute force or "guess" passwords by forum crawling.

(Fourth time i try to enter this reply. Here's hoping i won't see another "Database Error" on this forum"..

[Fulrem]

Not entirely true, rainbow tables have every possible compilation, even a very complex password that is not more then 10 characters can easily be hacked. ...<snip>

Almost true, they don't have every possible compilation but rather all the "common" passwords which a lot still seem pretty odd like "zaq1xsw2" (swipe up the keyboard in 2 lines . Its still not plausible without a copy of the salted hash + know salt, a single login attempt takes far too long on a live system. Time delay is one of the big things people like Bruce Schneier advocates when considering hash algorithm design. There is the chance of a fan site being hacked & same password being used (i.e. providing the salt+hash to run against rainbow tables), but in most incidents I've come across its malware on the system.

Like Noata mentioned, make sure your AV has heuristics/HIPS ability & that they're enabled. UAC turned on will help if you're computer account isn't local admin, though I find most people at home (guilty here myself) just do everything as local admin.

[Kahlane]

Thank you Disa. Adding it now

[bpphantom]

And therin lies the rub as it were. SE doesn't allow strong passwords. 16+ characters, both uppercase and lowercase letters, numbers, and symbols (including spaces).

[Facespasm]

Um, I have never bought gold in my life and never go to those sites. I've had both my Blizzard and NCSoft accounts hacked years ago.

It is the most commonly used way for them to circulate the currency they sell.

I've played wow since the beta and i've never changed my PW. For 6 years i didn't even use a security token. Why didn't i get hacked? I never visited their websites, i never used their services. That's why.

People, even after they get hit with facts, scream out in denial "I DID NOT DO EET!". It's a human error. It's coded into our DNA, to deny everything even when faced with facts. Some are just a bit more in denial than others, sadly.

I've never trusted anyone who says their account has been hacked. It's a sure sign of a person who's been in contact with their websites and/or used their services.

[Veillette]

I thought they have the "you logged in from a different IP" protection? Check your neighbours out, maybe one of them is playing your character.

[rabbitzero]

I thought they have the "you logged in from a different IP" protection? Check your neighbours out, maybe one of them is playing your character.

If they do i don't see it. I switched from DSL to cable a couple days ago, and i assume that should change my IP, though i could be wrong.

It's funny with people talking about brute forcing or buying gil, the most common method is them getting in at the source, and then having access to all the accounts or many. Even Blizzard got hit this way, and i've lost count of how many corporations got hit and had to send out "change your password because we've had a breach" type things. Also don't discount those emails with phishing sites, user error and social engineering are much easier than many methods.

I will say, by making gil so hard to earn once you are done with crafts, it's just make the gil sellers power all the more, they can make bots and new characters all day, making as much as they like. :P

[AridElf]

Is this really the time for that petty crap? Of the issue being talked about in this thread, *this* is what you decide to comment on? Get that out of here.

Given the likelihood that the OP visited a gil seller's website I think it's pretty fair. One does not simply guess random people's account names and passwords out of the blue. If the OP did visit a suspicious site then I say they deserve it. If they did not and are innocent, then I wish you good luck in getting your security back, OP.