account – Page 2 – MMO Fallout

Kakao Discovers List of Compromised Accounts, Locks Them

If your Black Desert account has been locked, there is good reason. Kakao this week reported that they discovered a list of compromised account information and have taken steps to lock the accounts to prevent any further damage. The leak, according to Kakao, was not associated with any of Kakao services and may not include all accounts affected by breach of a third party service.

Those with locked accounts are encouraged to contact Kakao customer support with the following details.

You must contact us from the new email address you created.
State the email address your account is currently associated with.
A photo of your photo ID card, taken in front of today’s physical newspaper clearly showing the date, or over your screen showing your open ticket needs to be added as an attachment to the ticket. Please understand we will have to delete the tickets with the incorrectly added pictures, which may slow down the process for you.
Please obscure the identity number and pass photo before you send or scan us a copy of your ID.

Source: Black Desert

PSA: Marvel Heroes Omega Bans For Account Shuffling (Xbox)

As a public service announcement, MMO Fallout wants to warn Xbox players against playing Marvel Heroes Omega on someone else’s system. Following an influx of reports of people stating that their accounts have been locked, Gazillion posted the following message. If you end up playing on a system whose primary account owns content that you don’t, when you go back to your primary Xbox the account will be banned.

Please note: if you log into your account from a system that has entitlements you did not purchase, then log back into your account from your primary console, the system will automatically lock your account due to these entitlements being on your game account but not present on your console. We do not recommend using this system to access entitlements that you did not purchase. If your account becomes locked in this manner, you will need to contact customer support to discuss having the lock on your game account removed.

As stated in the above paragraph, you’ll need to get in contact with support in order to have your account released.

(Source: Marvel Heroes)

Mail.ru Punishes 57,955 Accounts

Mail.ru has announced that nearly fifty eight thousand accounts have been punished for destructive behavior on ArcheAge Russia, for activity including spamming and using bot programs. In addition, the publisher noted that two thousand accounts had been banned for taking advantage of exploits, with the players in the first category receiving chat blocks.

Among the list of exploits that were patched and banned include “counterfeiting of information transmitted from the client to the server,” packet spoofing to obtain items that players should not have access to, exploiting a bug to increase the maximum amount of potions one can carry, killing bosses via packet spoofing, and more. Mail.ru asks players to submit any bugs or exploits that they find.

(Source: ArcheAge)

Support Email: Guilty Until Proven Innocent

If I had a dollar for every email I receive from Jagex telling me that my account is under investigation for suspected gold farming, I could afford to buy the internet. Look at the release of any big name MMO, update, or expansion, and you are bound to see a surge of account theft. Since anti-virus programs have come such a long way over the years, thieves have turned to the next, and arguably more reliable method of stealing your information: Tricking you into voluntarily handing it over. After all, writing viruses is at least somewhat difficult and involves a delivery method and the potential that anti-virus software will quickly swoop in and render your work useless. I know what it’s like to be lazy, occasionally I just hold my hand out and hope that a cup of coffee will magically appear. So think of account phishing as the Keurig machine of account theft…or something.

One of the most common methods I have seen over the years is the “your account has been banned” email, where the player is notified that their account has been disabled for one reason or another, and they need to log in and submit an appeal or process something. While some will still attempt at installing a virus, most will take the safe route by simply creating an exact copy of the official site with a slightly misspelled URL. The user enters their login details and sends them straight to the thief. The idea in this case is to scare the user, and the hope is that they will throw out rational thought and log in without thinking.

As with all methods, this has evolved over the years to become more subtle and cunning. When service providers initiated a process of locking accounts that were suspected of being stolen, emails began targeting users with “your account may have been stolen. Please log in to confirm your ownership.” Others masquerade as beta invitations, or promotional emails, other times just harmless “hey check us out,” etc. The idea with most of these is that the player does not log into the game first to check the status of their account and reveal the scam, and some ban emails will actually state “do not attempt to log into your account via the game client or your appeal may be denied.”

With this in mind, your best bet is to assume that any email you receive is fake until proven otherwise. If you do receive a notice that your account has been banned, do not click on the link in the email under any circumstance. Either log in with the game client or log into the game’s official website to confirm. In the case of beta invitations, if possible always check the developer’s website first. Often times they will have instructions on how to accept the invitation that does not involve the email link, and may even have warnings posted about fake emails with screenshots of said forgeries.

As for “please log in to confirm your ownership,” I can say with 99% confidence that game developers don’t send these out. If your account has been stolen, sending an email (which has likely also been stolen) to ask you to log in with the same credentials that have been stolen is pointless, it’s like a police officer asking you to prove that your driver’s license isn’t fake and accepting that same license as proof.

NCsoft Confirms “Character Hack” Via Packet Manipulation.

The saga of NCsoft account security continues with the confirmation that an existent exploit in NCsoft’s systems. Not too long ago, I reported on Scayth, an Aion player whose account was compromised while it was inactive. The account was looted, and one or more of the characters may have been used for gold farming purposes.

Thanks to Scayth’s ongoing updates over at Aionsource, he was able to procure a reply (finally) from NCsoft over the account issues. The full image is below, but I will summarize:

The majority of accounts compromised have been through social engineering, viruses, fansites, and keyloggers.
The account was never hacked, the individual characters were. The account itself was not in any danger.
The hacker was able to use packet manipulation to access different characters at whim. The process is “very complicated” and did not give them full access.
Few characters can be accessed in this fashion, Scayth just happened to be one of the unlucky few, among 10 others who were also restored.
The process tricked the system into believing that the character belonged to that account.
The servers were hotfixed to prevent this that same day.

What will come next in the NCsoft security saga? MMO Fallout will certainly be here to cover the events.

Spread It:

Spread It:

Spread It:

Spread It:

Spread It: