You are not logged in.

WARNING! please be careful and please read

Applications: [GameMaster: OPEN] | [Volunteer Testers: OPEN]


This forum will be permanently shut down on Friday 13.07.2018
Please copy or save all important information from old forum before they will be deactivated
We have moved to new board. https://forum.runesofmagic.gameforge.com/Come join us.

Nerra1980

Trainee

Posts: 50

  • Send private message

121

Friday, March 23rd 2012, 8:29am

At least 3 characters have been hacked on Palenque, all of them high level and from well known guilds.

I would be interested in finding out what addons these hacked players have recently downloaded.

Darjtanian

Beginner

Posts: 22

Location: far far far awaayy

Occupation: studnt

  • Send private message

122

Friday, March 23rd 2012, 8:30am

pelenque too, a lot of inactive player been hacked too

Kefkai

Professional

Posts: 907

Location: Pulling my own puppet strings

Occupation: Jerk

  • Send private message

123

Friday, March 23rd 2012, 9:07am

Quoted from "peppermintjub;519350"

There has been three incidents on Palenque today as well. All high level players suddenly spamming World chat.


I'm curious though....perhaps it's time to look at what the hacked players DO have the same. The same spyware detection? The same add-ons? It may be possible that an add-on or an update to one is to blame here?


Anyways, hope it gets sussed out soon, and i'm sorry to those who have had their accounts taken over. :(


Alternatively, it may just be that people who have higher levels just have megaphones so they're noticed easier.

Correlation does not imply causation, and I believe there is a much higher incident rate of people being hacked than people are reporting. (most of the people who have been hacked have been gone for a while)

UncleMart

Intermediate

  • "UncleMart" has been banned
  • "UncleMart" started this thread

Posts: 291

  • Send private message

124

Friday, March 23rd 2012, 11:04am

Im so sorry to hear this went to other servers. Evidence is now starting to show signs that this is a security breach of a company and nothing to do with home computer security.

ray1981

Intermediate

Posts: 170

Location: Where ever the Army sends me

Occupation: US Army

  • Send private message

125

Friday, March 23rd 2012, 1:50pm

i hope my account gets hacked to i could stop paying for some ones car note every month.
Ayawisgi 72K/S/P Ragequit | Govinda, Unb Stam 23.5k, Unb PA 37k
Lilfeather (Retired) 62K/P Realmguardian, Tribe | Govinda
Tanking Guide:http://forum.us.runesofmagic.com/showthread.php?t=75770

Zarli

Beginner

Posts: 20

  • Send private message

126

Friday, March 23rd 2012, 1:54pm

http://forum.us.runesofmagic.com/showthread.php?t=70077
(from 'Changing your game account password' thread)

Nytefall reiterates that:'no data compromise has taken place'

It sure seems like it has to me.
[img][/img]




UncleMart

Intermediate

  • "UncleMart" has been banned
  • "UncleMart" started this thread

Posts: 291

  • Send private message

127

Friday, March 23rd 2012, 3:06pm

Quoted from "Zarli;519399"

http://forum.us.runesofmagic.com/showthread.php?t=70077
(from 'Changing your game account password' thread)

Nytefall reiterates that:'no data compromise has taken place'

It sure seems like it has to me.



Replied to that thread with

Quoted from "UncleMart;519417"

I think you mean "no data compromise has been found", you can't say it has, or it hasn't for sure. We're far from the point we can rule out either Frogster or its players still.


A GM account was compromised, which could potentially mean any access he had with Frogster websites/games could also be compromised.

TunaShake

Mentor

Posts: 262

Location: The Ocean?

  • Send private message

128

Friday, March 23rd 2012, 3:12pm

Quoted from "UncleMart;519420"

Replied to that thread with



A GM account was compromised, which could potentially mean any access he had with Frogster websites/games could also be compromised.


Actually to step on this one really quick.

The gold spammers didn't even know it was a GM account when they spammed. The access to Frogster website/games was removed a while ago. So Gm Aquila getting hacked is a coincidence. Just a clear thought for everyone when an account is hacked it can be played on any server. (If the character exists)

-TunaShake

UncleMart

Intermediate

  • "UncleMart" has been banned
  • "UncleMart" started this thread

Posts: 291

  • Send private message

129

Friday, March 23rd 2012, 3:25pm

Quoted from "TunaShake;519424"

Actually to step on this one really quick.

The gold spammers didn't even know it was a GM account when they spammed.

You nor I can say that, only the spammer.

Quoted from "TunaShake;519424"

The access to Frogster website/games was removed a while ago.


We also don't know how long the hacker has had Aquilas information. Appreciate you confirming that Aquila used to have access though. Thats pretty interesting.

maomiai

Trainee

Posts: 155

  • Send private message

130

Friday, March 23rd 2012, 3:27pm

Quoted from "TunaShake;519424"

Actually to step on this one really quick.

The gold spammers didn't even know it was a GM account when they spammed. The access to Frogster website/games was removed a while ago. So Gm Aquila getting hacked is a coincidence. Just a clear thought for everyone when an account is hacked it can be played on any server. (If the character exists)

-TunaShake


The hacker not knowing it was a GM account they hacked doesn't change the fact that a GM account was hacked, which leaves little comfort to the normal players.

UncleMart

Intermediate

  • "UncleMart" has been banned
  • "UncleMart" started this thread

Posts: 291

  • Send private message

131

Friday, March 23rd 2012, 3:29pm

Quoted from "maomiai;519427"

The hacker not knowing it was a GM account they hacked doesn't change the fact that a GM account was hackable, which leaves little comfort to the normal players.


Im pretty sure the spammer would have also noticed that he was level 200, in Frogster America guild, had a different color world chat and probably a ton of other ways. I don't think its likely he didn't know.

munro666

Beginner

Posts: 14

  • Send private message

132

Friday, March 23rd 2012, 3:32pm

Aquila did post in GM speak in wc 4 gabled letters the evening before the hackers started spamming. coincidence i think not they had access to that account for hours

maomiai

Trainee

Posts: 155

  • Send private message

133

Friday, March 23rd 2012, 3:32pm

I edited mine since 'hackable' is debatable lol

Drakkarsdad

Professional

Posts: 599

Location: In a house

Occupation: CSR

  • Send private message

134

Friday, March 23rd 2012, 4:23pm

So, I am now wondering if Frogster, Tunashake , Nytefall, et. al are ready to change their opinion as to whether this is a company compromise yet.

PostMortal

Beginner

Posts: 32

Location: New Jersey

Occupation: Maintenance/Coin Processor

  • Send private message

135

Friday, March 23rd 2012, 4:32pm

Come on everyone put two and two together!

Sales strategies have been bad(or not so good) lately so they must be losing some money from that.

Gold sellers seem to be selling like crazy, making people buy gold instead of diamonds. There's some more money loss. So this is what Frogster is doing.

They are OBVIOUSLY hacking these accounts themselves. They started with the GM to make it seem like they are being attacked also. They moved to some active and some inactive players to get the public worried. They own the gold website they are advertising, which has no gold to sell. So people see advertised gold, they buy it, Frogster makes money. Inactive accounts don't get recognized by the players who owned them so there are no worries there. Active players who were hacked will either continue to play and buy diamonds over again, more money for froster again. And those who decide to quit, Frogster made more money from this than they would from the quitting players.


See people! It's all Frogster! ut your conspiracy theory caps and think!

Just realized some people may take me serious.. Sooo..

/endsarcasm
Govinda
Wd/S/TBD


pazuzzu

Master Troll MD PhD

Posts: 596

  • Send private message

136

Friday, March 23rd 2012, 4:37pm

lmao ^^ x2

probably not a breach..i would imagine after the bazillion hours of work reversing the "newish" network protocol, packet structs, dealing with new encryption and new login routines, decrypting the db, avoiding detection etc etc all on a live" target they would have exploited their server-side success a bit more dramatically than whats been seen. bit more involved i would guess than learning from an emu.

considering the amount of vulnerabilities patched in the last couple months, and oddness of some of them M$soft targeted, it was probably just an xss/cookie steal or sql inject somewhere. not like you even have to open a browser to get a non patched hole nailed. especially when ppl <3 mobile surfing. grab a winblows XP disk, dont update a new install and do some safe surfing with IE and a stopwatch

the gold spammers have orders of magnitude more manpower, time and motivation than even blizzard can truly defend against. im sure they can afford core impact or some other funz tools to help supply their customers

TunaShake

Mentor

Posts: 262

Location: The Ocean?

  • Send private message

137

Friday, March 23rd 2012, 4:38pm

Quoted from "Drakkarsdad;519448"

So, I am now wondering if Frogster, Tunashake , Nytefall, et. al are ready to change their opinion as to whether this is a company compromise yet.


I do not need to change my opinion.

Committing a federal crime isn't worth it for such little gain.

If the guy is going to waste his time compromising a single server and will gain nothing from this act.

Customer Support is doing everything they can to recover people's accounts and I will say this again ... if you feel that your account is/might be compromised. Submit a support ticket, scan your computer, change your passwords.

-TunaShake

UncleMart

Intermediate

  • "UncleMart" has been banned
  • "UncleMart" started this thread

Posts: 291

  • Send private message

138

Friday, March 23rd 2012, 4:40pm

Quoted from "TunaShake;519460"


If the guy is going to waste his time compromising a single server and will gain nothing from this act.


Since last night its now affecting other servers.

UncleMart

Intermediate

  • "UncleMart" has been banned
  • "UncleMart" started this thread

Posts: 291

  • Send private message

139

Friday, March 23rd 2012, 4:44pm

Quoted from "pazuzzu;519459"

lmao ^^ x2

probably not a breach..i would imagine after the bazillion hours of work reversing the "newish" network protocol, packet structs, dealing with new encryption and new login routines, decrypting the db, avoiding detection etc etc all on a live" target they would have exploited their server-side success a bit more dramatically than whats been seen. bit more involved i would guess than learning from an emu.

considering the amount of vulnerabilities patched in the last couple months, and oddness of some of them M$soft targeted, it was probably just an xss/cookie steal or sql inject somewhere. not like you even have to open a browser to get a non patched hole nailed. especially when ppl <3 mobile surfing. grab a winblows XP disk, dont update a new install and do some safe surfing with IE and a stopwatch

the gold spammers have orders of magnitude more manpower, time and motivation than even blizzard can truly defend against. im sure they can afford core impact or some other funz tools to help supply their customers


Alas, only US servers are affected so far, which once again throws more indication that its not a trojan/player related security problem.

grimoru

Intermediate

Posts: 230

  • Send private message

140

Friday, March 23rd 2012, 4:53pm

Quoted from "UncleMart;519464"

Alas, only US servers are affected so far, which once again throws more indication that its not a trojan/player related security problem.


why so? downloading any number of items (Romeo, addons, private server client) has localisation for english. then if you have a list of accounts that you have the user /pass for and you use one at a time to spam WC - start at the top and work your way down. Start in the US because once you hit the EU servers Frogster will take it a little more seriously. There should be scrolling messages across the screens (like the don't buy gold ones) as a reminder to change your passwords. There should be a simlar msg sent out to everyone subscribed to the newletter who hasnt logged in while to do the same thing. This being reactive and not proactive by the company is nonsense.

I also imagine that the hackers are logging in from a common ip or range of ips? block it.
I miss the ant party