brogo216 0 Report post Posted February 21, 2017 Hello, I am playing on elysium pvp, lvl 51 warrior. I have had the 2 factor authentication on my account for some time now with no problems. however, the other day I Logged on to find all of my gear gone along with my gold. I'm not really sure how this happened with the authenticator on and everything. I have not shared my account or any account details with anyone and I only play on one computer from my house. I can send proof that my account has had the authenticator for a while if necessary. I have a ticket opened in game (it's been open for about 2 days now) and have not heard back from any GM's. Posted about it in Discord Help and Support and the CM told me that a GM would be getting in contact with me soon but that was over 24 hours ago. I'm not sure what to do at this point so any help is appreciated. 0 Share this post Link to post Share on other sites
Bocephus 1 Report post Posted February 21, 2017 It sounds like you've followed all the right steps in getting in touch with a CM via Discord (probably the fastest method). They normally recommend waiting about 24-48 hours before any action or contact is made. If it gets longer than 2 days I would recommend contacting them again via Discord. 0 Share this post Link to post Share on other sites
Erjh8765 19 Report post Posted February 21, 2017 Can you explain to us how it is possible to get hacked with 2FA on? The hacker must have physically obtained your smartphone, then bypass your smartphone's security features (password and print recognition) in order to hack you. As for the so-called proof, you might have enabled 2FA AFTER you got hacked just to be able to claim that you have done everything possible to secure your account and thus it's not your responsibility thus so coercing the admins into restoring your shit. BS IMO. 0 Share this post Link to post Share on other sites
Bocephus 1 Report post Posted February 21, 2017 8 minutes ago, Erjh8765 said: Can you explain to us how it is possible to get hacked with 2FA on? The hacker must have physically obtained your smartphone, then bypass your smartphone's security features (password and print recognition) in order to hack you. As for the so-called proof, you might have enabled 2FA AFTER you got hacked just to be able to claim that you have done everything possible to secure your account and thus it's not your responsibility thus so coercing the admins into restoring your shit. BS IMO. I'd have to agree with him - you'd have to either hand over your Authenticator or you didn't have one installed until after the hack. 0 Share this post Link to post Share on other sites
brogo216 0 Report post Posted February 21, 2017 25 minutes ago, Erjh8765 said: Can you explain to us how it is possible to get hacked with 2FA on? The hacker must have physically obtained your smartphone, then bypass your smartphone's security features (password and print recognition) in order to hack you. As for the so-called proof, you might have enabled 2FA AFTER you got hacked just to be able to claim that you have done everything possible to secure your account and thus it's not your responsibility thus so coercing the admins into restoring your shit. BS IMO. Believe what you would like, I'm just trying to figure out what happened. Now it's possible I signed up for the authenticator and never actually finished the setup or something (while believing that i did finish the setup). All I know is I got the IP authenticaor a while back and its been fine ever since, no issues or hacks or anything until this. I'm not lying in the sense that I believe that I did everything correctly, I could have messed up somewhere and not actually activated it, If that's the case i'd like to know as well. Appreciate any input, thanks 0 Share this post Link to post Share on other sites
Koiraa 0 Report post Posted February 21, 2017 I had the same problem. I setup 2FA on IP lock at the start of the year when they added 2FA. I chose IP lock so I wouldn't have to get my phone out every time I login. I went through setup to the point where Elysium had requested a number from the authenticator upon logging in. The control panel page under 2FA said I had IP lock enabled with the option to change my 2FA method. Sometime in the past 3 days my account was hacked and my character was naked. I checked the control panel and it no longer said I had IP lock enabled (it was still present in Google Authenticator though). I'm not sure how it happened, but I myself did not disable it. I just switched 2FA to ask every time now. 0 Share this post Link to post Share on other sites
brogo216 0 Report post Posted February 21, 2017 1 minute ago, Koiraa said: I had the same problem. I setup 2FA on IP lock at the start of the year when they added 2FA. I chose IP lock so I wouldn't have to get my phone out every time I login. I went through setup to the point where Elysium had requested a number from the authenticator upon logging in. The control panel page under 2FA said I had IP lock enabled with the option to change my 2FA method. Sometime in the past 3 days my account was hacked and my character was naked. I checked the control panel and it no longer said I had IP lock enabled (it was still present in Google Authenticator though). I'm not sure how it happened, but I myself did not disable it. I just switched 2FA to ask every time now. Any response from Elysium about it? or they just said tough luck 0 Share this post Link to post Share on other sites
Koiraa 0 Report post Posted February 21, 2017 1 hour ago, brogo216 said: Any response from Elysium about it? or they just said tough luck I just found out this morning so no contact yet. It doesn't seem to be a known issue, and while I believe I completed the 2FA setup, that was almost two months ago so I don't have details remembered, and there's no real proof of anything since I don't screenshot it. Either way I don't expect them to help in this situation. Generally your account is your own responsibility. There are certain things you might get back (e.g. Onyxia attunement neck) but even then it takes a long time based on what I've read. 0 Share this post Link to post Share on other sites
monmon 1 Report post Posted February 21, 2017 1 hour ago, Erjh8765 said: Can you explain to us how it is possible to get hacked with 2FA on? The hacker must have physically obtained your smartphone, then bypass your smartphone's security features (password and print recognition) in order to hack you. As for the so-called proof, you might have enabled 2FA AFTER you got hacked just to be able to claim that you have done everything possible to secure your account and thus it's not your responsibility thus so coercing the admins into restoring your shit. BS IMO. Or just his email basically. Step1 Have kronos (other compromised database) account with username: [email protected] Step2 Use same password for kronos account and your email account: asdf1234 Step3 Hacker can now locate your authentication email and QR code and attach HIS device to YOUR account. Step4 Providing you still use SAME accountname and password for Elysium... ...................................................in which case the, hands down - no contest - award winner for worst account security this century is found It is possible for them to hack your email (if they have that information from the kronos/other leaks/sale) to gain access to the QR/verification code. From there it's pretty easy to obtain your password habbit and other information that can help you with targeted guessing / bruteforce. Or like stated above, you are like 99% of the population that use the same password / wordpass for everything. Not that hard actually, but still your responsebility to prevent. 0 Share this post Link to post Share on other sites
