Lt. Commander
Join Date: Dec 2007
Posts: 120
# 1 Accounts getting HACKED?
01-19-2010, 09:15 AM
UPDATE**
Quote:
There are some timeouts between the shard login server and the account server that will result in this error being shown. This is done in order to "fail safe" and not reveal information that we can't be sure the user should know, such as if the account even exists. Account server performance is being worked on, and a new build of it is due to go live shortly. As for accusations of hacking, I don't know of a single case of that ever happening in an MMO. A full account brute force would take millions of years, and even if someone found a remote exploit on the server they wouldn't be able to recover passwords since we don't store them. We take any and all reports of security breaches seriously, but they are probably much less frequent than you think. As mentioned in this thread, the vast majority of security issues in MMOs stem from keyloggers and phishing attacks, neither of which we can do much about.
__________________
Cryptic Studios
Infrastructure Programmer
Hacked accounts already? It seems that this is the case, and cryptic has been their namesake in responding to the accusations. Actually, that is not fair, they have NOT RESPONDED AT ALL.

Well, I am not going to just make some outlandish claim without some evidence. So, let's begin with threads that have the "invalid username/password" issue.

http://forums.startrekonline.com/sho...valid+password
http://forums.startrekonline.com/sho...valid+password
http://forums.startrekonline.com/sho...valid+password
http://forums.startrekonline.com/sho...valid+password
http://forums.startrekonline.com/sho...valid+password
http://forums.startrekonline.com/sho...valid+password
http://forums.startrekonline.com/sho...valid+password
http://forums.startrekonline.com/sho...valid+password
http://forums.startrekonline.com/sho...valid+password
http://forums.startrekonline.com/sho...valid+password
http://forums.startrekonline.com/sho...valid+password

Before I get to the "meat" of those threads, let's make a list of the ones that a DEV posted in.

...

That's right folks, not one person has addressed this issue. And this is a BIG ISSUE, hacking is bad for everyone (except the hacker.)

Anyway, to the meats. Since there are so many threads, I will not be quoting tons. And I am a "noob" to these forums, so I am unsure of the coding involved. So for any "visual" errors in my first posts, apologies.

Quote:
When I loging succesfully into the launcher and then get the server busy message, when I try to log in again I get Invalid Username or Password. Any help?
http://forums.startrekonline.com/sho...valid+password

This is the most recent of the threads, also the first thread I joined. Of course due to the lack of interest, here we are now. And since that is a password thread, and this be a hacking thread, redundancy be not an issue.

From what I have gathered from the OP in that thread, his issue was fixed by him. Much like my issues have been "fixed" by me. (Changing your password over and over again, is not really "fixed", is it?)

So, my account is hacked (on multiple occasions) and my password is changed. I want to know how they got into the account in the first place? How did they get my first password? Why did they change the password? Why didn't you send me an e-mail letting me know my password was changed? Anyway, back to those threads:

Quote:
Just started getting this error. Closed STO, reopened it, the launcher appeared to update, I get the game to open, Server full msg, try to log in again, "Invalid username or password"
http://forums.startrekonline.com/sho...valid+password

Here we are at number two, sorry Riker. And again, same mysterious issue. Of course, this one stops after the OP, and judging from the reply to the thread his was the "caps locks" problem. (Honestly, a password that is case sensitive? What is this the 80's???) So it looks like the OP there is safe from hackers, for now...


Quote:
Ok problem gelöst.... bitte Löschen und Störung entschuldigen.
http://forums.startrekonline.com/sho...valid+password

At first glance I think "What??" But then I read the title of the thread, and the hacking truth comes to fruition:

Quote:
Invalid password or Account?!?!?!?
My fingers are getting tired. Do I need to continue? Why have you not told us we have been getting our passwords changed? Are you folks doing it, or are there hackers afoot? If it happens after launch, will I get a refund for days that my password has changed and I was unable to play?

I refuse to enter the game until A) This is resolved (or) B) It goes live. (Not going to be a martyr.) I will NOT spend another cent until this is dealt with. I will also make damn sure that these boards are covered in warnings, I don't want to see people lose their important information like Credit Card numbers. (If they can change a password, they can charge your card.)

My personal experience, my password keeps changing by itself. It has happened 3 times now, and has nothing to do with my caps lock. As evident I am fairly adept at using a keyboard, and do not like being talked to as if I were a grandma using a computer. For instance, when I mention that my password keeps changing and that requesting a new one is no longer working, here is what I am told:

Quote:
Greetings!

Thank you for contacting Cryptic Studios Billing Support.

Make sure the requested password change email is not marked as spam by your
email box.

Regards,

Cryptic Studios Billing Support
I am not 3, and I know how to click the "junk folder" to make sure it wasn't accidentally put there. Please, how about some real support, perhaps an underwire?
Lt. Commander
Join Date: Dec 2007
Posts: 120
# 2
01-19-2010, 09:28 AM
Accounts do not ever get hacked. You basically give them yoru info, eitehr through a phishing site, or a keylogger.


I'm willing to bet that Almost all the people saying they were hacked, simply made the mistake of not realizing that usernames and passwords in this game are case sensitive. This is not wow where usernames and paswords are very easy to get.

Once they realize their mistake, they either try to hide face by saying they were hacked, or they simply dont post again, because theyre afraid of being called stupid.


Again, nobody has been hacked and if you had been, it is 100% YOUR fault.

As for a refund, why would they lose money by giving it back to you, purely for something that was 100% your fault.
In short, go back to wow, or actually learn soemthing about computer security.
Lt. Commander
Join Date: Dec 2007
Posts: 120
# 3
01-19-2010, 09:30 AM
Quote:
Originally Posted by tedgp123 View Post
Accounts do not ever get hacked. You basically give them yoru info, eitehr through a phishing site, or a keylogger.


I'm willing to bet that Almost all the people saying they were hacked, simply made the mistake of not realizing that usernames and passwords in this game are case sensitive. This is not wow where usernames and paswords are very easy to get.

Once they realize their mistake, they either try to hide face by saying they were hacked, or they simply dont post again, because theyre afraid of being called stupid.


Again, nobody has been hacked and if you had been, it is 100% YOUR fault.
I guess you didn't see the part where it WAS NOT THE CAPS LOCK!

And using the bare assertion fallacy proves nothing, other than you can make bare assertions.

Are you "in the know", or are you just like me? A regular old player?

You are not the only one who knows how to use the "caps lock", sorry to burst that bubble.
Lt. Commander
Join Date: Dec 2007
Posts: 120
# 4
01-19-2010, 09:32 AM
/facepalm

Are you serious? These people probably just typed something wrong. Their account hasn't been hacked because they were able to log in here, with the same account, to moan about it.
Lt. Commander
Join Date: Dec 2007
Posts: 120
# 5
01-19-2010, 09:34 AM
Quote:
Originally Posted by Smuggo View Post
/facepalm

Are you serious? These people probably just typed something wrong. Their account hasn't been hacked because they were able to log in here, with the same account, to moan about it.
And you missed the part where I GOT A NEW PASSWORD

Please, read the whole post before smacking yourself. Maybe then you will make a "informed post" instead of a foolish one.
Lt. Commander
Join Date: Dec 2007
Posts: 120
# 6
01-19-2010, 09:36 AM
Okay, [edit] confirmed.
Lt. Commander
Join Date: Dec 2007
Posts: 120
# 7
01-19-2010, 09:36 AM
Quote:
Originally Posted by adigregorio View Post
I guess you didn't see the part where it WAS NOT THE CAPS LOCK!

And using the bare assertion fallacy proves nothing, other than you can make bare assertions.

Are you "in the know", or are you just like me? A regular old player?

You are not the only one who knows how to use the "caps lock", sorry to burst that bubble.
I take it you're just [edit]. thats ok.

I also bet you had your WoW accoutnt hacked and blamed blizzard. Oh wait, you're probably goign to deny you even played that game.

As for caps, that means it's emphasising a point. I guess you're just really clueless towards computer security.

MMO's are required to have an extremely strong Security system, especially triple A MMO's. If they ever got hacked, even if a hacker didnt steal anything whatsoever, the developer and publisher are required BY LAW, to make a full public announcement immediatly, outlining what happened, and what steps are being taken to resolve it.


keep on trying to say i'm wrong though, but remember, shifting blame never absolves you of it.
Lt. Commander
Join Date: Dec 2007
Posts: 120
# 8
01-19-2010, 09:37 AM
Quote:
Originally Posted by Smuggo View Post
Okay, nutter confirmed.
So now ad-hominem attacks too! Great, does it make you feel like a "big kid" when you insult others?

(See I can be ad-hominemistic as well Let's attack the debate and not the debater...mm'kay.)
Lt. Commander
Join Date: Dec 2007
Posts: 120
# 9
01-19-2010, 09:37 AM
Quote:
Originally Posted by adigregorio View Post
And you missed the part where I GOT A NEW PASSWORD

Please, read the whole post before smacking yourself. Maybe then you will make a "informed post" instead of a foolish one.
And most likely, no, most CERTAINLY, you have a keylogger on your system or someone else has access to your computer. Keep on trying to blame everyone but yourself though.
Lt. Commander
Join Date: Dec 2007
Posts: 120
# 10
01-19-2010, 09:37 AM
Quote:
Originally Posted by adigregorio View Post
So now ad-hominem attacks too! Great, does it make you feel like a "big kid" when you insult others?

(See I can be ad-hominemistic as well Let's attack the debate and not the debater...mm'kay.)
Well, all I've got is your word for it, and you seem quite paranoid, so I'm not gonna believe it.
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


All times are GMT -7. The time now is 08:59 AM.