Amount of compromised accounts

[Rayf 1]

Hi Elysium,

To start off, I recently started on your servers and I am utterly impressed with the quality compared to other private servers around. Very good job! and thank you :-)

I am concerned about your database integrity, the sheer amount of compromised accounts is disturbing.

Firstly, I highly doubt that the majority of these accounts are accessed by random keyloggers (That mainly target popular accounts like e-mail, game accounts [steam, origin etc] and the like.)

Secondly, I do not think the people who lose their gear and gold intentionally give away their stuff when they all and well know or atleast have the idea that server policy wont allow item restoration.

Thirdly, so many accounts cannot possibly have been accessed by brute force.

I totally understand and agree that all account holders have a responsability to secure their accounts, with 2Factor Authentication and anything else that applies, but something is fishy here.

This concern is not only about account compromised on elysium specifically, but anyone who uses the same credentials on other services also.

I hope someone can shed some light on this?

TIP# Enable the account authenticator as soon as possible.

Edited January 26, 2017 by Rayf

[Rumpelstiltskin 5]

3 minutes ago, Rayf said:

I am concerned about your database integrity, the sheer amount of compromised accounts is disturbing.

Just curious, how many accounts would you estimate is compromised?

[brunoviek 1]

15 minutes ago, Rayf said:

But then why is there no obvious announcement about not using the same credentials if a user previously played on another server

https://twitter.com/elysium_dev/status/814082578579881984

Edited January 26, 2017 by brunoviek

[Rayf 1]

20 minutes ago, brunoviek said:

https://twitter.com/elysium_dev/status/814082578579881984

Unfortunately thats a month ago, and it does not explain the people who does not have accounts on other private servers. This is a reason of course, but to me, it does not add up. Having to spam ingame that you need to change password often also seems fishy. There simply is missing account security features like automatic detection of suspecious access, like when you access acounts from a different country then normal. E-mail verification and the like.

29 minutes ago, Rumpelstiltskin said:

Just curious, how many accounts would you estimate is compromised?

No idea, but in the help forums on page 1, I count 13 threads regarding hacked accounts and lost items. That to me signals that something else is going on, more then another private server had issues.

 

Please note that I do think there is any conspiracy or the like, but simply a problem somewhere. For example, forums are often less secure (e.g. no 2factor) or run on widely available engines that from time to time has security problems. This could for instance be a reason, if people use the some credentials for forums as for game accounts. 

As Elysium staff stated there has been a compromise recently.

https://forum.elysium-project.org/topic/33744-addressing-recent-concerns-about-created-characters/

 

Edited January 26, 2017 by Rayf

[monmon 1]

Quote

But then why is there no obvious announcement about not using the same credentials if a user previously played on another server

Welcome from out under your rock... Sun is sure bright here.  Maybe if you ever read anything on the forums, and didn't just come here to whine you would have seen THIS?

What's next? You claim they never encouraged you to change password frequently or set up 2FA?   Can't tell if you trolling or just willfully ignorant tbh.

[smokeit 26]

* Elysium puts up 2FA

* Elysium spams to regularly change your password

> People still manage to get hacked heh

People that got managed to get hacker are simply lazy or stupid. You did not change your password often, for sure you didn't setup 2FA, you used login details used on other private servers or bought gold. Stop going after elysium.

[Rayf 1]

12 minutes ago, monmon said:

Welcome from out under your rock... Sun is sure bright here.  Maybe if you ever read anything on the forums, and didn't just come here to whine you would have seen THIS?

What's next? You claim they never encouraged you to change password frequently or set up 2FA?   Can't tell if you trolling or just willfully ignorant tbh.

Fixed. No reason to apply toxicity to your reply :-)

The concern is still valid, doubtfully that many compromised accounts solely from this. It does not explain people why people who did not play other servers got compromised.

Have a wonderful day sir.

Edited January 26, 2017 by Rayf

[Nokor 0]

13 minutes ago, Rayf said:

No idea, but in the help forums on page 1, I count 13 threads regarding hacked accounts and lost items. That to me signals that something else is going on, more then another private server had issues.

To be fair, it looks like they're all on Page 1 because of a certain user copying and pasting the same thing or variations of such messages on every single thread related to this.

Whilst I can't verify that there isn't or wasn't a problem, if you look through other pages, there aren't masses of the threads around.

And as with anything, one of the main reasons people use Forums is to complain or bitch about something, and those signed up for the forums or use them is a minority compared to the actual playerbase. This is the same for WoW Live, or anything else.

[monmon 1]

8 minutes ago, Rayf said:

 

As Elysium staff stated there has been a compromise recently.

https://forum.elysium-project.org/topic/33744-addressing-recent-concerns-about-created-characters/

 

So you deduce that 13 posts on first page.... Right....  have you looked at the dates they where created? NO ? Well some of them are from the beginning of the year!   yeah.. That's right, some tinfoil hat bumped EVERY post on the past 2-3 pages today.  Talk about slim basis for your deduction alrdy Mr.Holmes.

Even if that where the case, you pull out of your ass that they are genuine and not just retards attempt to con gold for mounts?  Yeah... There where a post not long ago on one of the notorious "wowhack" sites. That you could get items restored just by asking. 

You also assume that neither one of them used their login information here, on one of the sites that where compromised.

That is ALLOT of pulling shit straight out of your ass to be honest, far too much to take serious.

And did you read let alone comprehend the content of your own link?  The account database was never compromised, nor was it in any danger.  They managed to gain access to a GM account.

Guess that puts away any doubt I had about you in my previous reply. Willfully ignorant it is....

[Rayf 1]

2 minutes ago, smokeit said:

* Elysium puts up 2FA

* Elysium spams to regularly change your password

> People still manage to get hacked heh

People that got managed to get hacker are simply lazy or stupid. You did not change your password often, for sure you didn't setup 2FA, you used login details used on other private servers or bought gold. Stop going after elysium.

This is not going after elysium. Plenty of high secure services has been access by hackers, Elysium nor anyone is exempt from this.

I simply cannot be the only one who is concerned about the amount of threads about this? Simply, this cannot be from a compromised server in October only.

[brunoviek 1]

22 minutes ago, Rayf said:

There simply is missing account security features like automatic detection of suspecious access, like when you access acounts from a different country then normal. E-mail verification and the like.

This requries time and effort to do this.

Most elysium admin probably have a real job since this is a non-profit project.

Server release 1 month ago, give them some time.

[Rayf 1]

2 minutes ago, Nokor said:

To be fair, it looks like they're all on Page 1 because of a certain user copying and pasting the same thing or variations of such messages on every single thread related to this.

Whilst I can't verify that there isn't or wasn't a problem, if you look through other pages, there aren't masses of the threads around.

And as with anything, one of the main reasons people use Forums is to complain or bitch about something, and those signed up for the forums or use them is a minority compared to the actual playerbase. This is the same for WoW Live, or anything else.

I just see a disturbing amount of threads compared to other popular private servers help forum. Why I cannot explain, why I posted.

I totally agree that what the majority of people do.

This was not to go after elysium or anyone, this was just a hope to potential clear the concerns with any logical reasoning there is.

[Rayf 1]

3 minutes ago, brunoviek said:

This requries time and effort to do this.

Most elysium admin probably have a real job since this is a non-profit project.

Server release 1 month ago, give them some time.

Yes, you are right. They surely require time and ressources, no doubt and I do appreciate everything they do plenty :-)

[Rumpelstiltskin 5]

4 minutes ago, Rayf said:

No idea, but in the help forums on page 1, I count 13 threads regarding hacked accounts and lost items.

So, let's say that we have three unique players in each thread claiming they have been hacked, and one extra to get up to 40 over the past X days. One reason for some of these posts being on page 1 is most likely due to the actions of a strange creature, the troll sheep.

Some of the players that got hacked also posted account information (thereby giving away their email address) in the forums when posting their ban appeal in the wrong place (that action in itself gives you an idea on how careless people are). When I see things like that I usually copy the address and run a check on https://www.hacked-db.com/checkAccount.php and in several cases there has been a match (the ones I've seen has been leaked in 2015 and early 2016). You can speculate that since these users were careless enough to publicly post the email address associated to their account, they might not even be aware of that their email address and probably credentials were leaked from elsewhere a long time ago, and that they haven't changed their password in ages.

 

[Rayf 1]

1 minute ago, Rumpelstiltskin said:

So, let's say that we have three unique players in each thread claiming they have been hacked, and one extra to get up to 40 over the past X days. One reason for some of these posts being on page 1 is most likely due to the actions of a strange creature, the troll sheep.

Some of the players that got hacked also posted account information (thereby giving away their email address) in the forums when posting their ban appeal in the wrong place (that action in itself gives you an idea on how careless people are). When I see things like that I usually copy the address and run a check on https://www.hacked-db.com/checkAccount.php and in several cases there has been a match (the ones I've seen has been leaked in 2015 and early 2016). You can speculate that since these users were careless enough to publicly post the email address associated to their account, they might not even be aware of that their email address and probably credentials were leaked from elsewhere a long time ago, and that they haven't changed their password in ages.

 

I get your reasoning behind it, but should this not be the case with other very popular private servers also? This might certinaly be the similar case, but it just is not the trend I see. Granted not many servers if any is of course just as popular as this.

[monmon 1]

8 minutes ago, Rayf said:

I get your reasoning behind it, but should this not be the case with other very popular private servers also? This might certinaly be the similar case, but it just is not the trend I see. Granted not many servers if any is of course just as popular as this.

What other very popular server? Kronos? They definately where one of the leaked/sold ones for sure!  Who is to say that the hacked players here, have even discovered they where hacked on other realms? 

I see what you are getting at, but there is simply not enough to form a conspiracy theory on, that can't be beaten down in 2-3 rational thoughts.

 

[monmon 1]

1 hour ago, Rayf said:

Fixed. No reason to apply toxicity to your reply :-)

The concern is still valid, doubtfully that many compromised accounts solely from this. It does not explain people why people who did not play other servers got compromised.

Have a wonderful day sir.

Derptiherp I replied b4 you fixed, and you add your own splash of toxicity by reprimanding me for stating the bloody obvious?  10/10 nimwitt confirmed.

What people who didn't play other servers? Do you know for a fact that some  didn't  and not just saying they didn't to not look like morons?  Do you have any tangible evidence that the amount of said players is large? And large by what standard? 

So far you have done absolutely nothing but pull one asinine assumption out of you ass after the other, and parade it as common sense. 

[panortious 0]

It worries me that 7127 people have applied for Ban Appeals, that's one heck of a lot of cheaters, and apparently im one of them.

Like i posted on another thread thats almost 50% of the 'current' playing community. Which would equate to 1/3 people that have been banned.

You could argue that not all 7127 are 1st time appeals or that say 1000 have actually cheated, but i dont believe 1/3 people cheat knowing they could get banned.

Would be nice to know how many have been 'un-banned'

 

[Rayf 1]

2 minutes ago, panortious said:

It worries me that 7127 people have applied for Ban Appeals, that's one heck of a lot of cheaters, and apparently im one of them.

Like i posted on another thread thats almost 50% of the 'current' playing community. Which would equate to 1/3 people that have been banned.

You could argue that not all 7127 are 1st time appeals or that say 1000 have actually cheated, but i dont believe 1/3 people cheat knowing they could get banned.

Would be nice to know how many have been 'un-banned'

 

Yes, that surely seems out of proportations. Especially when a lot of cheaters most likely would not even bother with a post, because they are aware of their actions and simply just accept it.

 

Some people think this is a conspiracy theory. It is not, I am simply looking for some justification that cannot be argued against, the fact is that its hard to know exactly what is going on. If it simply is effect os leaked data from another server is hard to know. Regardless I appreciate the polite and discussion most people offer.

[Erjh8765 19]

59 minutes ago, panortious said:

It worries me that 7127 people have applied for Ban Appeals, that's one heck of a lot of cheaters, and apparently im one of them.

Like i posted on another thread thats almost 50% of the 'current' playing community. Which would equate to 1/3 people that have been banned.

You could argue that not all 7127 are 1st time appeals or that say 1000 have actually cheated, but i dont believe 1/3 people cheat knowing they could get banned.

Would be nice to know how many have been 'un-banned'

 

 

Exactly 2090 players have requested a ban appeal, over four servers, since the project went online.

You are yet another moron with a tinfoil hat.

It is a wonder that you are intelligent enough to use a PC.

[monmon 1]

1 hour ago, panortious said:

It worries me that 7127 people have applied for Ban Appeals, that's one heck of a lot of cheaters, and apparently im one of them.

Like i posted on another thread thats almost 50% of the 'current' playing community. Which would equate to 1/3 people that have been banned.

You could argue that not all 7127 are 1st time appeals or that say 1000 have actually cheated, but i dont believe 1/3 people cheat knowing they could get banned.

Would be nice to know how many have been 'un-banned'

 

Where did you pull that number? Your ass? 

[panortious 0]

4 hours ago, monmon said:

Where did you pull that number? Your ass? 

 

5 hours ago, Erjh8765 said:

 

Exactly 2090 players have requested a ban appeal, over four servers, since the project went online.

You are yet another moron with a tinfoil hat.

It is a wonder that you are intelligent enough to use a PC.

Um....Within the ban appeals section... Nice try trolls

[aerius 0]

I'm in the same category. Unique account name and password for everything I use (even outside of WoW servers). Never been hacked over 16 years of online gaming, but happens within 1 month on Elysium. I doubt it's a database breach but I'm unsure how people are being hacked so easily.

 

5 hours ago, Erjh8765 said:

Exactly 2090 players have requested a ban appeal, over four servers, since the project went online.

You are yet another moron with a tinfoil hat.

It is a wonder that you are intelligent enough to use a PC.

 

Even by those numbers, 2090 potentially hacked accounts in a month?

[piggywig 4]

Nobody finds it fishy that some "white-hat hacker" manages to compromise the server, Elysium hires them and suddenly there's an influx of compromised accounts?

Because I'm sure this person pinky-promised-with-sprinkles-on-top to not ever use their skills against the dev team! (Not.)

[monmon 1]

11 hours ago, aerius said:

Even by those numbers, 2090 potentially hacked accounts in a month?

You don't think Ban appeals also covers gold buyers, botters, scammers, greifers, and all sorts of people violating the TOU? You honestly think that those 2090 are ALL hacked accounts, even though people rarely get banned for having their shit stolen.

Cmon, how high are you?