Account Security on Elysium

[Alex149 2]

So apparently I was just hacked, even though I was using a PW I wasn't using anywhere else. It is stated on the news site that the Elysium Servers are pretty much hackproof, as long as a unique password is used.

However not too much was stolen, just a few gold and only on one of the characters. (Which seems a bit weird though.)

After the happening I'm using 2-Factor Authentification now, but it still makes me wonder how safe the servers are. How can something like this happen?

[Alex149 2]

6 minutes ago, Jorn Skyseer said:

Would you accept answer "totally unsafe, endangered, at the brink of extinction"? :)

Cross your fingers and pray for your new auth. In case it fails you'll be the first to know you're hacked again.

That's pretty alarming... Unfortunately I'm not an IT expert, hence the question: would it be that hard to establish a safe server database? I mean countless of websites also mange to. It's not like I have a keylogger on my PC.

[Cogfather 25]

As long as your password was changed after the incident, your account, especially with 2FA, should be quite safe. 

 

[Alex149 2]

5 hours ago, Cogfather said:

As long as your password was changed after the incident, your account, especially with 2FA, should be quite safe. 

 

Thanks for the reply, it's great to hear something from someone deeper involved than the most of us!

[Xerox 4]

Greetings!

GM @Cogfather is right.

However the cause of you loosing some gold, perhaps some minor items might be because of the server rollback.

Regards

GM Team

[Mike JezZ 0]

7 hours ago, Cogfather said:

As long as your password was changed after the incident, your account, especially with 2FA, should be quite safe. 

 

2FA doesn't change the security on game servers though?

[Kemmerah 0]

Greetings.

 

I just enabled 2FA and when I log in the site, it says that my Nostalrius transfer was succesful but I have no characters in the account:

Here

 

(Nothing happened to my chars. I am just wondering what is causing this)

[Alex149 2]

2 hours ago, Mike JezZ said:

2FA doesn't change the security on game servers though?

 

10 hours ago, Cogfather said:

As long as your password was changed after the incident, your account, especially with 2FA, should be quite safe. 

 

Thats also something I wondered - does 2FA really improve security on the game servers?

Lets say someone attempts to hack your Account: would he just try to Brute Force the password to login credentials on the Elysium Website or is there a possibility to do so Ingame?

I can imagine that hackers grab Login Names on the Forum and try out if they can use them in the Account Website while Brute-Forcing the PW. Either that or the Database is not encrypted/easy to access.

 

Can maybe someone with a bit more experience enlighten me regarding this issue?

 

Greetz,

Alex

[Baakeer 0]

1 minute ago, Alex149 said:

 

Thats also something I wondered - does 2FA really improve security on the game servers?

Lets say someone attempts to hack your Account: would he just try to Brute Force the password to login credentials on the Elysium Website or is there a possibility to do so Ingame?

I can imagine that hackers grab Login Names on the Forum and try out if they can use them in the Account Website while Brute-Forcing the PW. Either that or the Database is not encrypted/easy to access.

 

Can maybe someone with a bit more experience enlighten me regarding this issue?

 

Greetz,

Alex

 

 From a IT Standard point, I am whitehat. Mostly likely they use a username grabber in game by using the who command (I think it is) that will list players, then they most likely either a use a password list and try to bruteforce, or b they use a password database like website. reverse your username and enter all those previous passwords. 

 

To answer the question 2FA would enhance the security of not the database but your account, it would require uses to access it. 

[Alex149 2]

26 minutes ago, Baakeer said:

 From a IT Standard point, I am whitehat. Mostly likely they use a username grabber in game by using the who command (I think it is) that will list players, then they most likely either a use a password list and try to bruteforce, or b they use a password database like website. reverse your username and enter all those previous passwords. 

 

To answer the question 2FA would enhance the security of not the database but your account, it would require uses to access it. 

If they try to bruteforce in the gameclient no authorization is needed tho?

[Mike JezZ 0]

I know it might be complicated for the team to do, but it would be awesome to have some sort of game client authenticator. 2FA is good on the website, but I feel like my actual game account is more vulnerable than the one in here.

[Erjh8765 19]

1 hour ago, Mike JezZ said:

I know it might be complicated for the team to do, but it would be awesome to have some sort of game client authenticator. 2FA is good on the website, but I feel like my actual game account is more vulnerable than the one in here.

You don't understand how 2FA works.

If you log in the game by using the game client from a different IP address than the one that you normally use, then the WoW game client will pop up something like a small calculator which you will use to enter your six-digit code.

That's where "2FA" and "WoW game Client" meet.