Update on Hacked Accounts

[Geezette]

If your account is hacked, they just need to log into your account page, check your location and use a VPN near your location.

My location? All it says is my country, they MIGHT figure out my time zone somewhere but REALLY? Try again.

[Kerrik]

Well, since this just happened to me sometime between 6 hours ago and 10 minutes ago, I hope this change comes quickly.

I only hope my account can be rolled back.

And I am one of the ones who can answer "No" to every question -- No falling for phishing, No 3rd party software, No giving password out to friends, No using simple password, etc etc etc.

I have petitioned, but only a short while ago, so I don't expect any results yet hehe.

[Noaani]

This is an interesting idea, but it does have the potential to be ultimately pointless.

As Trion themselves have said, 80% if the "hacked" account complaints they have dealt with are a result of keyloggers (aka, the user screwed up and didn't keep his own system secure, and then *****es to Trion to fix it for them).

Now, with this system, all a hacker needs to do is wait until he has not only the game account password from the infected computer, but also the password for that e-mail account (though a person that was stupid enough to have a keylogger installed on their system probably has the same password).

So, all this does is mean the "hacker" needs to wait a little longer after installing the keylogger, and then they can log in to that persons e-mail account and get the Coin Lock code to unlock it all. It may take them a week or two to figure this out, but they will get there eventually.

If 80% of the "hacked" accounts are via keyloggers, then this will do nothing for that 80%.

[the_real_seebs]

I'm going to be mildly (but not totally) shocked if my account gets hit. I don't use a web browser on my PC to do ANYTHING but grab updated video drivers. I don't do anything on it but play games, using steam (unrelated account name and password), CoH (unrelated account name and password)...

Basically, it scans as clean and never does anything now but run the RIFT client.

[Smelly]

amazingly good decision. Good to see Trion is on top of this.

[Korereactor]

We are aware that there are still issues with some of you being hacked. This is a top priority for us here at Trion and the team has been working to address the situation. As we posted last week, there have already been a number of updates put in place. We are also introducing another function that should make it into the game early this week.

Coin Lock

Users will be coin locked if they log in from a significantly different location. When their account is coin locked, they will be sent an email to the address that they have on their account (their login email) with a code to enter into the game.

Users will see the Coin Locked icon in the spot where their tutorial button shows up. Deactivating the tutorial tips will not turn off the Coin Locked button.

While in a Coin Locked status, users will have the following limitations:
• No access to the auction house
• No ability to SEND mail. Users can still receive and view mail as well as remove items from mail
• No ability to SELL to vendors. Users can still purchase items from vendors
• No ability to salvage, runebreak or destroy items
• No ability to trade
• Users can continue to play and gain coin and items, but cannot get rid of them.

If you are Coin Locked, simply click on the Coin Locked icon and enter the code found in your email from Trion.

If you log in and your account is coin locked, check your email! Someone may have logged in from another location with your account.

If you do not receive the email, please click on the Coin Locked icon and click the “Resend” button to have the email resent to you.

If you cannot access your email or you are otherwise unable to change your Coin Locked status, please contact Customer Service.

We're also working on the addition of two-factor authentication at the login level, which will let you use an app or a cell phone as a way to ensure that you're the one logging on. (You may have heard of this in other products as a SecurID or an Authenticator.) We'll be sharing specifics on that as soon as we can as well.

If you have been hacked:

Contact Customer Support immediately. The CS Team is responding as quickly as possible to restore accounts for those who have been hit.

We assure you this matter is very important to us and we are doing everything we can to resolve your issues and safeguard your account.

Once again, you guys ROCK. Nice job Trion!!! WOOT!!

[JonathanTheBlack]

This won't matter because the hackers will just brute force the account name password as well, which happens to be the same damn email that the coin lock code will be sent to!

[the_real_seebs]

This won't matter because the hackers will just brute force the account name password as well, which happens to be the same damn email that the coin lock code will be sent to!

This is why I'm using an address which does not have any password or way to log in; it's just a forwarding address. There is no such account.

[Junkyard]

So, yesterday my Rift account was hacked sometime late Friday night / Early Saturday morning, i guess there is a first time for everything. The funny thing is, my WoW and EQ2 accounts are both untouched. What gives? scanned my computer using Malwarebytes and Windows Security Essentials (both with the most recent updated definitions), not surprised but they both turned up nothing. I submitted a ticket Saturday around 3pm, havent heard a single thing from Trion. I guess what my question is, is how did they manage to get the info for my Rift account and not get either of my other MMO's (as I have logged into both of them to check my toons there) and how long does it generally take to get a GM to respond? taking 36 hours so far and I have heard NOTHING, it would at least be nice to hear something like, sorry we are busy, average wait time is 5 hours or something along those lines, this is insane. I have changed my Email and password already. Has anyone else with subs to other games notice its just their Rift account? or were your other accounts compromised as well?

[the_real_seebs]

There is substantial evidence suggesting that whatever's going on, it doesn't seem like keylogging is all there is to it. Lots of people who can't find any evidence of a keylogger despite a lot of scanning.

It sorta looks almost like the attackers have a list of login names and are trying to brute force them or something.

[Astemus]

Well, I'm on day 4 waiting for a simple restore of my plat. It wasn't much, but it was a major hassle right before I was about to get my 40 mount. Had to stop and try to make money just because Trion is slow on doing this.

[Lemon_King]

This won't matter because the hackers will just brute force the account name password as well, which happens to be the same damn email that the coin lock code will be sent to!

Try to not have your game account password and e-mail password the same?
Also use another system to access your e-mail if your get compromised.

Very basic stuff.

[JonathanTheBlack]

Try to not have your game account password and e-mail password the same?
Also use another system to access your e-mail if your get compromised.

Very basic stuff.

I do use different passwords. I'm talking about our login for the game being the same email address that the coin lock removal code would be sent to.

[Kerrik]

I can't help but think there might be something tied in to the Auction House somehow -- specifically, I wasn't hacked until I purchased a bunch of crafting materials. A few of the names that I purchased from (who happened to have the best deals) were quite odd... things like Pfifgnqwks and the like. perhaps there is some exploit from there?

I don't know, I'm probably just paranoid.

[Carinvella]

Please disable chat usage as well, don't give them the satisfaction of gold spamming with our respectable names.

Absolutely great idea!

Perhaps they could include while on a "coin locked" account, character deletion is also prohibited. This would save the customer support / GMs some time they could spent otherwise to restore characters from a backup file, because the hackers deleted the character in utter frustration because they couldn't do anything for their "business".

Also, I'd like to know what a "significantly different location" means. Does this mean everything else but another country? Or anything else out of the IP range from your current ISP?
I second the suggestions to have the IP Adress listed in the mail sent to your inbox when unlocking your account.

Another addition... No /gremove or guild permissions changes of any kind please. I'd rather not lose my entire guild because an officers account got hacked and some farmer decides to go pompey.

Okay, please...

Make the login name not be the same as the email address on the account.

Obviously, lots of us don't have the same password on the email account as on our Trion account. But why make it easier for the attackers to use one to get information about the other? The email address should be treated the same way billing information is treated; you can't see it while maintaining the account. And of course, it shouldn't be the login name.

Seriously, give us 8-digit numbers, give us random names, anything but using the email address as the login name. I would rather log in as "seebssucks" than be using the account email as the login name.

^these

/10chars