Hacked Account

P

PaxRansom

New Member
So a bunch of you were on last night when I returned from work to find my toon standing naked in front of the General Goods guy in Sanctum. (Well, technically I had underwear. And frankly, I wish I had abs like that in real life.)

I'm hoping the GM's will do something, but I'm going to not try to restore things until I find out if they are willing to do a roll back. In the end, I don't even think the hack was effective because while they sold everything, they left me with 20+ plat. Perhaps because of the coin lock thing? Not sure. But in any case, it's a major hassle and very disappointing.

Anyway, the main reason I am posting is because I may have figured out how they are getting in, and wanted to caution folks. I am 99.9% sure this was a server side hack, or at least an intercept hack.

If you are in game and you are AFK too long, you will eventually pop out of the game and have a message that says you've been disconnected, would you like to reconnect. When you reconnect, you are not asked to re-enter your password. I believe that hackers are exploiting this security weakness and essentially intercepting this open opportunity to connect. Not sure exactly how the mechanics work, but I have some circumstantial evidence to suggest this is the issue.

1- Forums posts on the Rift site leave some clues about this
2- My son was playing a few days ago, had this happen to him. When he came back to the computer he hit the reconnect and said that it gave him a message that someone was already logged into his account. It then terminated that session and allowed him to reconnect. At the time, I didn't think anything of it, but in hindsight, I believe he was about to be hacked and probably came back just in time. BTW, I don't believe it's a password theft because his account has been fine since then and he never changed his password.
3- Monday night (before I was hacked), I was logged in, but tabbed out doing one of my weekly LOTRO raids. I am 99% certain that during one of the fights, I left Rift on and never came back to it. Thereby leaving my account open to the attack. I finished my LOTRO raid, and because it was late, I never came back to Rift. Then I log on Tuesday night and, poof, they steal the clothes off my back.

So I wanted to post this. Even though it's speculation I would advise people to be careful about this issue and not let the game auto-termnate your connection. I'm telling my son to make sure he always logs out of the game from now on.

I suspect that if this is truly the case, we will see this feature be changed soon and they will require you to re-enter your credentials to log back in.

Best to all
~ Pax
 
Last edited:
Thanks for this. Makes me feel a little better about the situation. Hopefully you will get your stuff back. I've got hacked playing WoW and it's not fun. I did get all my stuff back but they sent it in the mail and I was left trying to find space for all the junk I had.
 
I really hope it wasn't some sort of server credential grab. That would be scary because you really can't do anything about that.

If it is related to the client side I'd recommend trying the following if you aren't already doing it:

1. Never use Internet Explorer
3. Use another virus protection other than AVG (Microsoft Security Essentials is free)
4. No really, don't use Internet Explorer
 
Thanks Mirakle. I was wondering what happened to number 2.

I'm not sure what saved your Plat, Pax. The coin lock was supposed to prevent you from selling anything, as well (I think...)

It is interesting that the reconnect without entering credentials could be a potential source. I know from discussions with my wife (who is a web architect) that programmers have to be careful to not put sessionIDs someplace you can readily access them for the same reason... it would be easy to jump to another sessionID by running a bot program to look for an open, active ID.

I wonder if the same thing is happening here - some bot program that just pings active IDs until it gets an open one that allows an auto-reconnect and that the user is not actively logged in.
 
Durruck said:
I wonder if the same thing is happening here - some bot program that just pings active IDs until it gets an open one that allows an auto-reconnect and that the user is not actively logged in.
Click to expand...

This ^^^^

Exactly my suspicion. Again, unconfirmed and circumstantial, but I felt like I wanted to put it out there for peeps to be safe. Just in case.

As to the client side suggestions, I won't detail the things I do to keep my compter safe, but to suffice it to say, I don't even let anyone in my family touch my compuer because I am super-paranoid about security risks. I really don't think this was anything on my side. Also, if it was a keylogger, then they missed the motherlode. They should have hacked my LOTRO account and stolen all that stuff. I have 7 max level toons and more gold than I know what to do with. ;)
 
more gold than I know what to do with
Click to expand...

Transfer some of it to Landroval and pay my housing upkeep, buy a few Symbols of Celembor, and enough flakes to make crit 3/1 tools for all my toons. :p
 
Well you were right man! Trion just announced that the hacking was all due to a server side issue NOT a client side. Some player figured out the hack and in a 70+ page forum thread he got Trion to talk with him and he exposed the hack. Trion has since taken the servers down and fixed the hole so there should be no more hacked accounts from this particular issue.


http://forums.riftgame.com/showthre...y-Discussion&p=1749887&viewfull=1#post1749887

http://forums.riftgame.com/showthread.php?130521-Pre-Weekend-Coin-Lock-Update
 
Last edited:
It's a shame that someone found and abused the little nice things they add in (like being able to reconnect without queuing up again). I wonder if they'll re-add this feature after they add the 2-phase authentication.

Then again, if I time out due to inactivity, just kick me and let someone else take my place...
 
You must log in or register to reply here.
Back
Top