HELP! I've been hacked!: What can I do to protect myself?

[Lehman Russ 13]

I decided to write this article because I am still seeing people being hacked on a daily basis. At the time of writing this I am watching an unfortunate victim of a hack spam Trade chat in Orgimmar for a website where you can buy gold. (Buying gold will also earn you an instant ban if you are caught, and you WILL be caught)

Just yesterday a guildie of mine was hacked and logged in to their account naked and everything in their inventory had been sold. Gone. Everything they had worked to accomplish had been seemingly erased (At least they didn't destroy his mount, but it's beside the point). Disheartened and discouraged, this individual was strongly considering quitting the game, and frankly I can't blame him for feeling that way. Hell, I would have most likely reacted the same way under similar circumstances. So we pulled together as a guild to help this person out with re-gearing him, running him through dungeons just to get him back on his feet (Because we already know the stance Elysium has on hacked accounts: Albeit apologetic, they will do absolutely nothing for you).

So how do we prevent this thing from happening? How do I protect myself (and others) from becoming victims of malice and thievery from those who seek to destroy our economy and undermine what we have worked so hard to achieve?

No solution is 100% fool-proof, but I am going to give you some tips about how to protect yourself:

#1: Set up 2FA on your account using the Google Authenticator App. Use the following guide if you are unsure how to do it.

#2: Never use the same login credentials that you used on other private servers. Use a unique login and NEVER share the information with anyone.

#3: Change your password often. Although there is an option to do it ingame, I recommend you do it in your Control Panel instead. If you make a mistake and screw it up, you just advertised your account information to whatever chat channel you were previously locked on.

#4: VERY IMPORTANT: Avoid using passwords with common words found in dictionaries of whatever language you speak. Passwords such as Mydog123 and Grandmasboy88 are extremely weak and you should expect to be hacked VERY EASILY. The best passwords to use are completely random containing a combination of capital letters, numbers, and accepted symbols such as asterisks, underscores, ampersands, etc. The following is an example (DO NOT USE IT): bx&91*yx_T1L

If you have difficulty remembering these passwords, you can download a password manager that is free for personal use (non-commercial) such as KeePass. Keep in mind you MUST remember the password you use on KeePass, because if you forget it, you're screwed. KeePass Support WILL NOT crack it open/ hack it for you. There is also a app on Google Play if you prefer. You really should put this in practice with every account you have, even your email address.

#5: NEVER publicly post your login credentials ANYWHERE. EVER. This type of thing is most commonly found in the "I've been banned" threads.

 

This thing isn't going to go away until the community shakes off that "Every Man For Himself" attitude that is so prevalent in the community today and comes together to educate one another and help those who aren't as tech-savvy as many of us are. Yes, the responsibility falls upon each individual to secure their own accounts and information, but how do we know how and why we should do this if we are unaware that the threat exists?

Would there be a need for CompTIA A+ and Cisco CCNA if everyone that sat behind a computer could tear it down and put it back together with no experience?

Please share this article with the all of the "Plebs" out there so they can take the pro-active approach and prevent this before it happens to them. The longer this thing goes on, the stronger the degenerate gold sellers become, ultimately frustrating people to the point where they no longer wish to play and discourage friends from participating in the community.

Let me ask you one question: how much fun do you think Raiding/PvP is going to be when you have nobody to play with (or against) because people keep quitting because of this crap?

Edited February 7, 2017 by Lehman Russ

[smokeit 26]

Pretty sure 2FA is 100% hacker proof, the only way it can go bad is if you mess up with losing the authenticator or anything.

Awesome information btw, I hope people will read it.

[Lehman Russ 13]

2 minutes ago, smokeit said:

Pretty sure 2FA is 100% hacker proof, the only way it can go bad is if you mess up with losing the authenticator or anything.

Awesome information btw, I hope people will read it.

Thanks a lot mate. The only way we are going to stop this is by spreading awareness. Please share the guide with the noobs wherever you play.

[Erjh8765 19]

One of the first things you learn when you interact with people on a daily basis, is that most people are lazy and retarded.

I was watching Tyche, the Community Manager, saying to Alexensual yesterday on youtube that only 2% of active accounts have enabled 2FA.

98% haven't.

Your post will have no effect b/c of the average person's laziness and stupidity.

[Lehman Russ 13]

1 minute ago, Erjh8765 said:

Your post will have no effect b/c of the average person's laziness and stupidity.

That's what I hope to change. People that are pissed off and raging because their accounts were hacked will be coming to the forum looking for answers. The first thing they will see is this if we keep bumping it and discussing it. Yeah there's a lot of stupid and ignorant idiots out there, but this is why I'm taking it upon myself to try to make change.

Because the bottom line is how fun do you think BGs will be when there are no noobs to smash and wreck because they rage quit due to hacked accounts. This thing is getting worse every day, and the only ones that win are those who want to destroy our community.

[Lehman Russ 13]

My 2FA guide didn't get stickied as I requested, but I am hoping that maybe this one will.

[SaintPaul 1]

2FA is a pain in the ass. If you have a unique username and password that you have never used anywhere else and don't share with anyone else that should be enough to keep your account safe.

The problem here is the gold sellers and people stealing these accounts are getting away with it, When you see the same high level character spamming trade with gold selling sites for 6 hours it's very obvious that account is compromised yet nobody is doing anything about it.

Instead of inconveniencing the majority of innocent players the dev team need to stop the criminals. Without proper human policing on each server this problem is only going to get worse.

You don;t need to be a developer to solve this, recruiting GMs who are willing to help combat the problem and giving them tools to do so would put a swift end to it.

[Erjh8765 19]

34 minutes ago, Lehman Russ said:

That's what I hope to change. People that are pissed off and raging because their accounts were hacked will be coming to the forum looking for answers. The first thing they will see is this if we keep bumping it and discussing it. Yeah there's a lot of stupid and ignorant idiots out there, but this is why I'm taking it upon myself to try to make change.

Because the bottom line is how fun do you think BGs will be when there are no noobs to smash and wreck because they rage quit due to hacked accounts. This thing is getting worse every day, and the only ones that win are those who want to destroy our community.

You are forgetting that there is a message being spammed EVERY FUCKING DAY and EVERY FIVE MINUTES OF THE FUCKING HOUR in the live game telling people to enable 2FA, and nothing happens.

You think the same people who get bombarded every day they play every 5 minutes with messages to enable 2FA will enable 2FA just b/c you wrote a thread on the subject?

No man, you can't fix stupid. This is a miracle only God can perform and he can't be bothered.

[Gehere 8]

14 minutes ago, PeterGriffen said:

2FA is a pain in the ass.

Based on..   being lazy?

Quote

If you have a unique username and password that you have never used anywhere else and don't share with anyone else that should be enough to keep your account safe.

Because we are too lazy to take the required measurements to secure ourselves?

Quote

Instead of inconveniencing the majority of innocent players the dev team need to stop the criminals.

Again..   WHY are we too lazy to do this ourselves?   You have the tool.  Apply it.  There, problem solved.

[Storfan 24]

50 minutes ago, Erjh8765 said:

One of the first things you learn when you interact with people on a daily basis, is that most people are lazy and retarded.

I was watching Tyche, the Community Manager, saying to Alexensual yesterday on youtube that only 2% of active accounts have enabled 2FA.

98% haven't.

Your post will have no effect b/c of the average person's laziness and stupidity.

Agreed. People are the worst!

And to repeat for all the plebs: 2FA, it WILL make you IMPOSSIBLE TO HACK. (probably).

[SaintPaul 1]

3 minutes ago, Gehere said:

Based on..   being lazy?

Because we are too lazy to take the required measurements to secure ourselves?

Again..   WHY are we too lazy to do this ourselves?   You have the tool.  Apply it.  There, problem solved.

2FA protects one account.  It does nothing to stop the gold sellers, spamming, or people who don't have 2FA enabled.

Instead recruit some GMs for each server who are willing to monitor trade/chat and give them the ability to silence accounts (not characters) from all chat for 1 week as punishment for gold spam. Repeated offences result in a permement silence.

As a gold seller this kills you dead. There's no point stealing accounts and all the gold if you can't then advertise to sell it.

[Gehere 8]

Basically - you could have a public password, made in neon letters, if you install 2FA.

It is literally impossible to hack, unless they gain access to your personal computer.

And that is a REAL crime.

[Erjh8765 19]

The good thing is that, because of #HACKSFORHARAMBE, there are much less gold-byers and therefore an oversupply of gold.

This has caused gold prices to take a nose dive, as the goldseller bot just informed me via whispering a few seconds ago. 100g is now just $3 on Anathema. Looks like the Chinese will soon shove their supply of gold up their asses.

Thanks to #HACKSFORHARAMBE.

[Calla 0]

Great post, people should really read this and take actions to avoid any trouble.

 

I am using 2FA and you should all use it !

[Nahaz 5]

2 hours ago, Erjh8765 said:

100g is now just $3 on Anathema

Time to buy some gold :)

[smokeit 26]

I laugh at people getting hacked who are too lazy to use 2FA.

[SaintPaul 1]

6 minutes ago, smokeit said:

I laugh at people getting hacked who are too lazy to use 2FA.

Never used it.  How's it work anyway?  does the code come via email or do you need one of those authenticator doo-dads?

 

 

[Castrum 2]

you just have to download the google authenticator app on your smartphone.

Then you log into your account on the Elysium hompage and enable the two-factor authenticator there.

You just have to scan the QR-Code with the authenticator app that you get per email and done!

From this moment you account is locked to your IP only.

YOU ONLY HAVE TO ENTER THE AUTHENTICATOR CODE WHEN YOUR IP CHANGES... NOT EVERYTIME

Edited February 7, 2017 by Castrum

[SaintPaul 1]

17 minutes ago, Castrum said:

you just have to download the google authenticator app on your smartphone.

Then you log into your account on the Elysium hompage and enable the two-factor authenticator there.

You just have to scan the QR-Code with the authenticator app that you get per email and done!

From this moment you account is locked to your IP only.

YOU ONLY HAVE TO ENTER THE AUTHENTICATOR CODE WHEN YOUR IP CHANGES... NOT EVERYTIME

Thanks for the info.  No situation where emails are not delivered though?  Last week it took me 4 days to create a second account (for trade only) because the confirmation email wasn't delivered.  Problem was here, I was getting email from elsewhere fine.

Edited February 7, 2017 by PeterGriffen

[Lehman Russ 13]

4 hours ago, Castrum said:

YOU ONLY HAVE TO ENTER THE AUTHENTICATOR CODE WHEN YOUR IP CHANGES... NOT EVERYTIME

3 hours ago, PeterGriffen said:

Thanks for the info.  No situation where emails are not delivered though?  Last week it took me 4 days to create a second account (for trade only) because the confirmation email wasn't delivered.  Problem was here, I was getting email from elsewhere fine.

Did you check your Junk folders?

Edited February 7, 2017 by Lehman Russ

[Lehman Russ 13]

Going to keep bumping this until it gets stickied.

[Storfan 24]

On 2017-02-07 at 4:09 PM, PeterGriffen said:

Thanks for the info.  No situation where emails are not delivered though?  Last week it took me 4 days to create a second account (for trade only) because the confirmation email wasn't delivered.  Problem was here, I was getting email from elsewhere fine.

When Nost re-opened there was a problem of googles mailservers identifying all mails sent from elysium as SPAM due to the MASSIVE volumes of mails in a short time frame. Basically, it could be your [INSERT MAIL PROVIDER] filtering them as spam, which elysium really cant do anything about.

[Lehman Russ 13]

Bump

[monmon 1]

On 7/2/2017 at 9:56 AM, smokeit said:

Pretty sure 2FA is 100% hacker proof, the only way it can go bad is if you mess up with losing the authenticator or anything.

Awesome information btw, I hope people will read it.

Pretty sure all it takes is to hack your google account for google authenticator to transfer it to another machine, or to hack your google account and back up your apps along with DUO to another device, gain access to your email (if not also gmail) for scanning the QR code and bob's your uncle.

But hey.. maybe i'm wrong  ;)  and maybe there IS such a thing as hacker proof.

[smokeit 26]

9 hours ago, monmon said:

Pretty sure all it takes is to hack your google account for google authenticator to transfer it to another machine, or to hack your google account and back up your apps along with DUO to another device, gain access to your email (if not also gmail) for scanning the QR code and bob's your uncle.

But hey.. maybe i'm wrong  ;)  and maybe there IS such a thing as hacker proof.

My google account has an authenticator on it too. They really need to have my phone to hack my shit.