Account hacked the day I registered on this forum.

[Rasputin 0]

I had a level 60 warrior, BiS+ geared, and logged on today to see him emptied out.  All of my lower lvl alts were raided as well.  After about 5 minutes of having a controlled "what the fuck" moment, I decided to power through and gear up again from nothing with what strings I can pull until a few things came to my attention. (you can check my acct info)

I started my forum account on mobile today to ask a question.  I get home after work - I play pretty much every day - and my account is raped.  No, I don't keep track of the bullshit surrounding this server when people talk about selling inside information, I've always done my best to be impartial.

Whoever it was had forum admin or database (server hard drives) access.  My emails for the forum and my account are the same.  Unfortunately so was the password because I associated the two.  Rookie move.  I've been forum admins on a few other sites, so I know the information they are privy to, mainly the IP address.  The emails generally aren't visible unless you host your own forum server and don't rent or freeload off someone else.  They tell us the passwords aren't either but anyone with a tech brain and database knowledge knows better.

It's a breach of trust and I really loved what Elysium was trying to do.  I am a Nostalrius veteran.

 

Goodbye.

[Hamblin 0]

2 Factor Authentication.

[mytchi3 1]

3 hours ago, Hamblin said:

2 Factor Authentication.

A server representative official answer...

[Firebrand 3]

On 4/15/2017 at 1:17 AM, Hamblin said:

2 Factor Authentication.

First answer best answer

[Whiskyjack666 2]

2 Factor Authentication.

Only really. If you don't have this.. and play everyday don't know what to say...

Just start over... play another toon bra! enjoy yourself

Cheers

[Aethelwulf 12]

Sadly this lines up with the shadier rumors (some of which seemed more or less confirmed) I've heard about the Elysium staff. Coupled with our GM's thoroughly uncaring response, it's safe to say Elysium just doesn't give a shit about these problems. Makes me glad about the steps I take to disassociate my forum account from my actual game account, but it saddens me with regards to Elysium's irresponsibility. I suppose I may as well abandon ship too then.

[Oakenlix 79]

If Elysium really did hack players' accounts based on their forum profiles, this would be so hilariously ridiculous that I wouldn't even get upset.

I'm sure they could get needes chars/items some simpler way, if they were indeed corrupt.

Sorry for your lost character though.

[Wrathran 4]

On 2017-04-15 at 6:11 AM, Rasputin said:

Unfortunately so was the password

So you are using the same password on a forum and game and YOU CHOOSE to not have 2 factor authentication.

Do you also leave the key on your car and get upset when someone steals it?

4 hours ago, Aethelwulf said:

Elysium just doesn't give a shit about these problems.

You're an IDIOT.

They have made a 2 factor authentication system for us. For free, easy to use, works perfect AND THEY FREAKING SPAM THE CHAT WITH RED SYSTEM MESSAGE TELLING EVERYONE TO USE IT!. It's also dumb to use the same password on 2 log-ins, and specially on a forum like this. That's common knowledge in 2017 unless your like 200y old.

[Roxy 8]

15 minutes ago, Wrathran said:

So you are using the same password on a forum and game and CHOOSE to not have 2 factor authentication.

Do you also leave the key on your car and get upset when someone steals it?

And blame the neighboor when he facepalmed at him and told him to keep his keys inside the house 

[Hamblin 0]

I haven't heard a single thing about any of our databases being compromised. If something like that would happen, we would most likely make password changes mandatory. We did announce a couple months back that private servers not associated to us have had their databases compromised, which is why we created the ability to have 2 factor authentication in the first place. 

Player security is up to the player. We are responsible for keeping your data safe, and I can guarantee you that there have been no intrusions into account information. The truth is is that normally in these situations, we would ban your account if it was compromised and literally force you to enable 2fa before unbanning.

Your account being compromised is no one's fault but your own, staff here can't babysit you. We can guarantee that your data you store here will remain confidential and safe. We also give you the ability to securely protect your account, but it is up to the player to take that step. There really isn't anything more we can do.

[Honos 0]

We all have a lot to learn from this event.

[riplip 2]

14 hours ago, Wrathran said:

So you are using the same password on a forum and game and YOU CHOOSE to not have 2 factor authentication.

Do you also leave the key on your car and get upset when someone steals it?

You're an IDIOT.

They have made a 2 factor authentication system for us. For free, easy to use, works perfect AND THEY FREAKING SPAM THE CHAT WITH RED SYSTEM MESSAGE TELLING EVERYONE TO USE IT!. It's also dumb to use the same password on 2 log-ins, and specially on a forum like this. That's common knowledge in 2017 unless your like 200y old.

man every post I see of yours is filled with hate or doesn't seem right for some reason. You sir, need to take a break. You're acting like a spastic cunt more and more each post of yours I see.

[Wrathran 4]

11 hours ago, riplip said:

man every post I see of yours is filled with hate or doesn't seem right for some reason. You sir, need to take a break. You're acting like a spastic cunt more and more each post of yours I see.

So to say that someone choose, in big letters, not to activate 2 factor authentication and to call someone a idiot, in big letters, for spreading false bullshit that Elysium doesn't care about security, is hate? Really? Hate? I mean harsh maybe, fine, I make harsh and sometimes sarcastic posts, just telling it honest without any pc. Is there something factual wrong in my post or is it the big letters that upsets you?

Do you have something factual to add to the topic or did you just wanna share your feelings?

[Stodola 26]

If you don't have 2FA on your account, despite all the ongoing system announcements, despite all the people who have been hacked and told to turn on 2FA, despite the fact that the very first time you log in to the control panel after setting up your account it's right in front of you, then there isn't really any more we can do.

I had a player yesterday complain they got hacked a second time, because they didn't change their password or enable 2FA after the first time they got hacked (which so far as I can tell was never reported to us or we would have banned and forced 2FA).

Their password (which they included in their ban appeal) was easily hackable123.

Seriously. We put in place multiple mitigation technologies - including automatic temporary bans, and second factor authentication - but your account security is up to you. If you don't enable 2FA and properly activate it, and you choose to share your password, or choose a bad password, or reuse your password, that is on your head.

It's heart breaking for me, every time I look at a nicely geared level 60 with a grand in the bank, and they don't have 2FA. 30 days or more played time, no 2FA. 

Seriously, if you don't have 2FA enabled and activated, go do it now. It will save you any risk of heartache down the road.

[Sabre 5]

On 4/18/2017 at 10:27 AM, Wrathran said:

So to say that someone choose, in big letters, not to activate 2 factor authentication and to call someone a idiot, in big letters, for spreading false bullshit that Elysium doesn't care about security, is hate? Really? Hate? I mean harsh maybe, fine, I make harsh and sometimes sarcastic posts, just telling it honest without any pc. Is there something factual wrong in my post or is it the big letters that upsets you?

Do you have something factual to add to the topic or did you just wanna share your feelings?

On to the ignore list

Activate 2F authentication, simple as that.

[Shayss 43]

On 17/04/2017 at 2:54 PM, riplip said:

man every post I see of yours is filled with hate or doesn't seem right for some reason. You sir, need to take a break. You're acting like a spastic cunt more and more each post of yours I see.

Is it hate when he is right? You can get 2 factor auth without even having a smartphone. Not using it is absolute retard mode and people who get hacked are stupid as fuck when tools like 2 factor auth are available (FOR FREE) to prevent it.

Take a step back and appreaciate a retard getting owned. Maybe we will read about you getting hacked soon ... or wait, do you have 2 factor auth?

kek!

[riplip 2]

Haha. chill.

[Grhamick 0]

As a former legit Blizzard GM, GM Specialist, and Account Investigator ... I think you're probably full of shit.  ;)

That's not a judgement upon your motivation, but rather your lack of critical thinking skills.  

When at Blizzard for two years want to know what the cause of about 95% of the hacking was?  Probably a good mix of giving your info to a leveling service and then not changing it after the services were rendered (moronic), and someone buying gold from China (they're almost always from China, anyway) and getting a key logger placed on your machine by visiting the website and not having any anti-virus software that would detect it.  

The other 5%, if anyone was wondering, was because they shared their information with someone they know and got fucked over.  Usually because of a breakup or a falling out.  One time I was investigating a reported "hacking" only to see the person arguing over guild chat about how the person who hacked the player was angry that the player who was hacked got the hacker's daughter pregnant.  All over guild chat.  For over 2 hours.  It was kind of amazing.  I banned the hacker (was an older woman) for hacking and the hacked for sharing account information (admitted it in chat).  

God, those were the days.

I also used to call the local police departments of players who threatened to kill themselves when chatting with me if I didn't give them their [item] that they wanted.  Sending out welfare checks to 14 year old player's houses at 2:30 in the morning resulted in some great follow up emails from their parents.

 

Shame the job went to shit after a while ...

[Sesshomaru 1]

On 15/4/2017 at 4:35 AM, mytchi3 said:

A server representative official answer...

a CORRECT answer

[Aethelwulf 12]

Well, current responses are somewhat more encouraging than what I initially saw. It's worth noting that while passwords can indeed be pilfered from the forum database, the average GM should not have access to the DB proper (I should hope). Although given enough control over the forum layout, it might be possible to embed a keylogging script to steal account names and passwords. If the OP is around it'd be curious to know what kind of Elysium (or Nostalrius, if he kept the same password there) affiliated services he used, if any. Unlike WoW proper, I would think that even if he had malware on his own computer they would not be interested in private server login data, but that cannot be strictly ruled out, given the presence of goldfarmers and the tendency of malware groups to pursue any data that can result in financial gain. The most likely scenario in my mind however remains that his account data was pilfered through some Elysium-related service, so the forum really cannot be ruled out as the largest and most convenient vector, particularly given Elysium's prior lapses in vetting staff members. If he used a power-leveling service however, that would also make sense.

On 17/04/2017 at 1:10 AM, Wrathran said:

You're an IDIOT.

They have made a 2 factor authentication system for us. For free, easy to use, works perfect AND THEY FREAKING SPAM THE CHAT WITH RED SYSTEM MESSAGE TELLING EVERYONE TO USE IT!. It's also dumb to use the same password on 2 log-ins, and specially on a forum like this. That's common knowledge in 2017 unless your like 200y old.

Temper, lad. Two-factor authentication is not some magic spell either. It's an encouraging security measure (albeit somewhat of a nuisance), but it doesn't absolve an organization of the need to keep its users' data safe. The question of how this happened remains a pertinent one. And at the very least it would be worthwhile for Elysium to look through the login history on his compromised account and see if the IPs match against any users of the game or forum, as well as noting where the items disappeared to, if possible. Identifying the culprit is still very much a worthwhile pursuit as opposed to making excuses or giving apathetic responses.

[Ragingducks 9]

I have enabled 2FA after seeing how many people are getting hacked day and day out here.

Yes, it does increase security, but some investigation should be put in place to see if the hacks have the same source.

[whatisgoingon 0]

Can someone please elaborate in short what happens when one activates the 2step autenticator?

How is it done (what does it involve)?

[Hudson 16]

1 hour ago, whatisgoingon said:

Can someone please elaborate in short what happens when one activates the 2step autenticator?

How is it done (what does it involve)?

You will receive an email with a QR code that is specific to your account. You can then use a third-party authenticator app (I use the Google one) to scan the code. Now, the app will generate a random 6 digit PIN every 10 seconds or so that is specific to your account.

When you click the button in your email to enable 2FA, you will then be prompted to enter a 6-digit PIN every time you log in (or from a new IP, depending on your setting). You get this PIN from your authenticator app on your phone. Do NOT delete your email with the QR code, because that is what you will need to get a PIN if you ever lose your phone or reinstall your apps, etc.

[TTL 6]

On 4/19/2017 at 10:32 AM, Sesshomaru said:

a CORRECT answer

Not quite, from reading the OP statement. He is directly accusing Elysium of having a corrupt staff member hacking accounts who use the same info here on the forums on the game or their forums database being hacked.

While he should have had 2 step and used different info for both that is besides the point, ignoring the allegations and giving a response like that would only give him more reason to quit.

 

[sphare 0]

On 19.4.2017 at 11:33 AM, Grhamick said:

As a former legit Blizzard GM, GM Specialist, and Account Investigator ... I think you're probably full of shit.  ;)

That's not a judgement upon your motivation, but rather your lack of critical thinking skills.  

When at Blizzard for two years want to know what the cause of about 95% of the hacking was?  Probably a good mix of giving your info to a leveling service and then not changing it after the services were rendered (moronic), and someone buying gold from China (they're almost always from China, anyway) and getting a key logger placed on your machine by visiting the website and not having any anti-virus software that would detect it.  

The other 5%, if anyone was wondering, was because they shared their information with someone they know and got fucked over.  Usually because of a breakup or a falling out.  One time I was investigating a reported "hacking" only to see the person arguing over guild chat about how the person who hacked the player was angry that the player who was hacked got the hacker's daughter pregnant.  All over guild chat.  For over 2 hours.  It was kind of amazing.  I banned the hacker (was an older woman) for hacking and the hacked for sharing account information (admitted it in chat).  

God, those were the days.

I also used to call the local police departments of players who threatened to kill themselves when chatting with me if I didn't give them their [item] that they wanted.  Sending out welfare checks to 14 year old player's houses at 2:30 in the morning resulted in some great follow up emails from their parents.

 

Shame the job went to shit after a while ...

holy shit i would literally pay some good cash just to hear some more storys lol