Lt. Commander
Join Date: Dec 2007
Posts: 120
# 11
01-19-2010, 08:28 AM
YAY my thread stays alive!
Lt. Commander
Join Date: Dec 2007
Posts: 120
# 12
01-19-2010, 08:31 AM
Aye, it will stay alive until someone of importance addresses this issue.

And it is a BIG issue, unaddressed that is.



OP, has yours changed again? Or was that the only time? It has happened to me 3 times now, might be 4 all the bugs run together after awhile. (Assuming it is a bug, and I have not been HACKED.)

That's right, our accounts could be getting HACKED!!

Has your password changed? Did you change it? Mine has changed 3 times now, I didn't change it! Is my account hacked? You be the judge consumers, you be the judge...

(I know marketing too, though I said hacked more than 3 times, it is now ingrained in your consumers. Better "deal" with this problem.)
Lt. Commander
Join Date: Dec 2007
Posts: 120
# 13
01-19-2010, 08:45 AM
Are accounts being hacked, and passwords comprimised?

I say, yes they are! Here is some proof, since the other side of this debate has yet to surface and provide ANY TYPE OF RESPONSE.

"However, I just got disconnected from server while trying to enter the Pico system. When I tried to relog it says invalid username/password.

I thought I would restart STO, now I am at the launcher trying to get back in, and still says invalid username/password."


Let's see how many users are affected there:
EmpireofPallando (OP)

But wait! There's more! That's right, even more people may be hacked!

"Just started getting this error. Closed STO, reopened it, the launcher appeared to update, I get the game to open, Server full msg, try to log in again, "Invalid username or password""


How many users from that thread are affected by this hacking?

mavgeek (OP)

Just one, most likely got tired of waiting for a response. I know you are busy, but c'mon this is HACKING we are talking about. This compromises EVERYONE, think they can get your credit card information! Now you will be paying for a lifetime sub for some crook! Gotta love account hackers.

"Ok problem gelöst.... bitte Löschen und Störung entschuldigen."
(Don't know what it says, but the title speaks volumes)

Be careful it appears accounts ARE BEING HACKED. Most likely due to the fact that they have the account names IN GAME. (Smart one there guys.)

Watch your passwords folks, and change them regularly. Since they won't tell us how we are being hacked, we will just have to make it a bit harder for the hackers. (A small small small small bit.)
Lt. Commander
Join Date: Dec 2007
Posts: 120
# 14
01-19-2010, 10:19 AM
Directly from Cryptic:

Originally Posted by coderanger
There are some timeouts between the shard login server and the account server that will result in this error being shown. This is done in order to "fail safe" and not reveal information that we can't be sure the user should know, such as if the account even exists. Account server performance is being worked on, and a new build of it is due to go live shortly. As for accusations of hacking, I don't know of a single case of that ever happening in an MMO. A full account brute force would take millions of years, and even if someone found a remote exploit on the server they wouldn't be able to recover passwords since we don't store them. We take any and all reports of security breaches seriously, but they are probably much less frequent than you think. As mentioned in this thread, the vast majority of security issues in MMOs stem from keyloggers and phishing attacks, neither of which we can do much about.
Lt. Commander
Join Date: Dec 2007
Posts: 120
# 15
01-19-2010, 01:07 PM
Ur remind me of Billy Mays. Or wait... maybe ur him... never heard of such marketing from any1 but him. Can I haz Jupiter Jack?
Lt. Commander
Join Date: Dec 2007
Posts: 120
# 16
01-19-2010, 01:17 PM
Originally Posted by adigregorio View Post
Be careful it appears accounts ARE BEING HACKED. Most likely due to the fact that they have the account names IN GAME. (Smart one there guys.)
Your @ name in-game is your forum handle. If your account name happens to be the same as your forum handle, then yes your account name is being shown.

But, nobody except you and Cryptic knows if your account name and forum handle are the same. In game I show up as @tritium4ever, but you have no idea if that's my account name or not. Furthermore, invalid login attempts get an error that says "invalid username or password" other words, the game won't reveal to you whether or not the account exists. So if somebody tries to brute-force hack your account, they can't even tell if the username they're trying to hack is correct or not.

So what's the problem?

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

All times are GMT -7. The time now is 04:23 AM.