Account hacked

[Ard]

So, that warning they have on the lotro launcher and main page about compromised accounts?  Take that crap seriously.  My account got hacked and locked by fraud protection, but not before they stripped pretty much everything from value from my account. 

I'm pretty paranoid about this sort of stuff on the net, and I don't actually have any clue how they managed to get into my account, especially without it sending any emails to my email account about the fact that they changed my email account or password.  Nothing showed up in a virus scan, and I'm going to have to go digging a bit deeper tonight, but it makes me worry that the breach was on Turbine's side.

Anyhow, not pointing fingers, just take that warning really seriously, and go change your passwords.

[Cheddar]

So, that warning they have on the lotro launcher and main page about compromised accounts?  Take that crap seriously.  My account got hacked and locked by fraud protection, but not before they stripped pretty much everything from value from my account. 

I'm pretty paranoid about this sort of stuff on the net, and I don't actually have any clue how they managed to get into my account, especially without it sending any emails to my email account about the fact that they changed my email account or password.  Nothing showed up in a virus scan, and I'm going to have to go digging a bit deeper tonight, but it makes me worry that the breach was on Turbine's side.

Anyhow, not pointing fingers, just take that warning really seriously, and go change your passwords.

Damn.  If there is anything we can do to help let us know!

[Arthur_Parker]

How many characters were there in your password out of interest?

[Soln]

very sorry to hear that man


I also thought that warning was from Turbine's side too.  I mean, the same login server for their forums and the launcher?...

[ghost]

Hopefully the hackers can pre-screen my account and see that there isn't anything there worth taking.  I dont' think I have a single item that you can't buy from a vendor or cheap on the AH.

[Ard]

I'm not pointing fingers at Turbine, but at the same time, I can't think of any sites other than my an email account that used a similar username/password combo.  And if they hacked my email, I have WAY more problems than just my lotro account to worry about.  I suspect some random mmo/gaming site I probably signed up for in the past for a beta or something might have gotten dinged, because those are numerous and I generally use a different login/password combo that I don't really use for anything secure for those.  Time to start digging through.

I mostly posted this as a warning to change your passwords since I disregarded it when I read it thinking I didn't have anything to worry about a few days back, and now I feel dumb.


Cheddar:  Not much you guys can do to help me.  All my characters were on windfola and not brandywine.  Although if they can't roll my characters back, might be time to switch, if I keep playing at all.  I had a bit too much hard or nearly impossible to replace stuff on those characters.

Arthur:  Not enough, but it's gibberish and not a word.  It was a weak password, though, and for that I might be to blame.

ghost:  They took all my crafting mats and money even off my lowbies, and for some reason moved my lowbie hunter to combe, which he'd never been to, after having been standing near or in the Bree bank and mail box.  It made no sense when I logged him in to check.

[Yegolev]

Reading this gave me that little push I needed to generate a stronger password for LotRO.  I am very glad that I discovered Keepass a few months ago.  Furthermore I have decided to use Backblaze to back up my stuff since if I were to lose the Keepass DB I would not have any fucking clue what my password is.

[Ard]

Yeah, Turbine finally got back to me yesterday regarding my characters.  I got gold, not items, not anywhere worth the value of the items lost on those characters.  More or less useless to me, especially since they decided to destroy pretty much anything that was bound on my characters also, including my crafting tools.  Fantastic. 

On the upside, they apparently completely screwed up on the gold handout though, and the one character, a level 15 hunter, I reported strictly for weird behavior (being logged out in combe, which has no bank, and which he's never been to, when he was previously in bree near the bank and mailbox) got 30 gold, after I even reported in the ticket that I don't think he lost anything.  So I have no clue what happened there.

All I can say is this pretty much turned me from praising Turbine to having no faith in them.  Way to go team.


Also, the more I dug into my own computer, the more I'm sure it wasn't a keylogger.  I've run it through a half dozen different scanners and rootkit tests.  Absolutely nothing has come up.  Makes me wonder who actually got hacked.

[Arthur_Parker]

From memory, the guy who cracked the goonfleet forums could crack any password of 8 standard characters (lowercase letters/numbers) or less, in a fairly reasonable period of time.  They eventually gave up banning him from the forums and just fined the people he cracked instead.

Just to be clear, I still think Turbine is at fault here, as they allow the players to make weak 6 character passwords.  If somehow they believe weak passwords aid player retention, then at the very least they should make the extra effort involved in sorting out a decent account restore process and not try to pass the blame onto the players.

[Pendan]

A difference between cracking a forum password and cracking a LotRO password is you also need the account name for LotRO. Something to note with future games is don't sign up with a very simple account name. Make sure it is different from your forum name and throw it some numbers.

[Tarami]

Most "real" account systems also only allow a certain number of attempts per minute or hour, which makes brute forcing terribly inefficient most of the time. I'd wager most forums do not, since it's pretty tricky to identify multiple web requests as coming from the same source and mistaking different machines as the same machine can result in a lot of issues for people on NAT'ed LANs. If you can just churn through a dictionary + variations without limitations, you can try hundreds of thousands of passwords per hour given you have a decent connection. Distributed over a few machines you can zero in on a less secure password in mere hours. If that drops to, say, 60 attempts per hour, it'll instead take a very, very long time.

[Signe]

So this morning I get an email saying that my account has been successfully resumed.  Umm... not by me it wasn't!  I haven't re-subscribed since April, I think.  I checked and, yes indeedy, Turbine debited $14.99 from my account.  I notice that there's one of those Welcome Back events going on right now.  Could it have been that sort of cock up or is this the new way to drum up business?

[rattran]

I think bad things have happened to you.

[Signe]

But why?  WHY ME???

[Signe]

I did send support an email and I suppose they sorted it out because my account details now read: 

Banned until 6/11/2037 9:49:14 AM US EST

HA!  Twenty five year ban!  I called them and they  told me that this is something that's "going around" at the moment.  I guess that's why they gave me a refund immediately and apologised profusely.  In any case, I didn't have anything all that important so I'm not fussed about gold and stuff.  I don't remember if I'm still in a guild.  Someone might want to check on that, I suppose. 

[Mrbloodworth]

I did send support an email and I suppose they sorted it out because my account details now read: 

Banned until 6/11/2037 9:49:14 AM US EST

HA!  Twenty five year ban!  I called them and they  told me that this is something that's "going around" at the moment.  I guess that's why they gave me a refund immediately and apologised profusely.  In any case, I didn't have anything all that important so I'm not fussed about gold and stuff.  I don't remember if I'm still in a guild.  Someone might want to check on that, I suppose. 

I wonder if you got hacked and someone resubscribed using your CC details on file.

There seems to be a rash of account hacking lately, not just Turbine.

[Soln]

this is a worrisome trend for all MMO's

[Mrbloodworth]

this is a worrisome trend for all MMO's

I have just noticed that there is a good deal of news about account hacking lately, I think it started with NC soft.

I don't suppose you two that have had issues use the same user name and password on the NC soft master account site as you do on your turbine master account?

On second thought, maybe you shouldn't answer that. Reason I even bring it up, is because Turbine put in the original launcher message, BECAUSE of NCsoft's issues.

[Signe]

Yes, the person I talked to said it something that's making the rounds of a lot of MMOs, not just them.  I don't know exactly what happened, to be honest.  I don't respond to any sort of mail from any MMO.  Well, actually, I don't respond to anything on that email account, except family and friends.  There's no one here except me, Righ and the cats.  THE CATS!  It must have been Lister.  He sorted out how to turn the living room light on and off today, too.  He just sits on the button.  I guess it amuses him.

No other account seems to have been messed with so far.  I changed all the passwords and removed CC info to be safe, though.  Well, where I could anyway.

[Ard]

I don't suppose you two that have had issues use the same user name and password on the NC soft master account site as you do on your turbine master account?

I only wish I could blame this on NC Soft, but sadly, no, my account info is different for NCSoft, Guild Wars (since they'd be able to get that by extension), and Turbine.