Junior Member
Posts: 33
Threads: 10
Joined: 2009-01
2009-12-28, 02:37 AM
(This post was last modified: 2009-12-28, 04:12 AM by Infinium.)
After all this time, I'm finally hearing something that may be possible: Information leakage.
My account is safe as of now and I have never changed my password ever since my account was created in Dec.2006. However, I've had two of my friends who created their accounts around my time who never shared or experienced getting hacked lost all their items between Dec.2 and Dec.15 this year. My first friend had his secondary account hacked and had his stuff taken a few hours before the server maintenance which took place on the night of Dec.1 (right before the 2nd). At first we thought it was a keylogger, but odd thing was, his main account was perfectly safe. While my second friend who hadn't logged on since somewhere in April due to work suddenly came on on the night of Dec.15. Me and a guild member started tracking him since he wasn't saying anything, saw his character stripped in CH1 entrance. They had all their mesos and tradeable goods taken while their untradeable items were left untouched and none of their login info were altered. Both of them were not that rich to be worth hacking compared to the other merchants, etc. We still thought it was some kind of keylogger or someone had gotten their information through another source until we started running into these threads in the forums which made us think otherwise.
I understand that most of you believe players who got their accounts hacked were stupid to share information, went to stupid advertised sites, and/or keylogged and I don't blame you because I agree. This time however, that doesn't seem to be the case.
The people who thinks it isn't possible for someone to just get hacked out of the blue; Maybe you're right. I still find it ridiculous that it is possible as all the higher leveled players would be stripped like some of you said, but what if the information on certain accounts were in fact leaked through/by Nexon? And the people who are challenging this "hacker"; Have the thought of only a small hand full of random account information being leaked through/by Nexon ever crossed your minds?
I know most of you trust their security and I do too which is why I won't bother changing my password, but after seeing and hearing all these incidents, you can't conclude that the information leakage on certain accounts were impossible.
Won't Be Coming Back
Posts: 1,822
Threads: 200
Joined: 2009-10
MaxHudson Wrote:Greetings,
Thank you for contacting Nexon America's Customer Support team.
We appreciate you reporting this information. I will forward this information to the proper department for further investigation. We ask that you please be patient as it will take time.
Thank you and your patience is treasured.
Sincerely,
GM Diatia
Nexon America, Inc. Ahahahahaha. I haven't lol'd harder yet today.
I still remember vividly this one day I asked Nexon unlock one of my items. She saw my previous ticket, asking for an unlock on a different item, so she thought my ticket was a duplicate. She then closed the ticket and left all of my info there.
It took me another week to contact a different GM to take my info out of the ticket system. You're clearly mistake if you're trusting her, especially with matters like security.
Senior Member
Posts: 379
Threads: 27
Joined: 2009-07
Well, it'll be helpful to me if you know of any friends, guildmates, or others that were in this predicament and ask if their passwords have been unchanged for the past 6 months or so. If they can tell you the exact length of time, that'll be a bonus. Replies and responses in PMs across forums have been that their passwords have been the same since creation or were last changed over a year ago. I haven't heard of any accounts that are less than two years old yet that were affected also.
Member
Posts: 202
Threads: 9
Joined: 2009-08
Spideyjvc Wrote:No, more like use fake info to sign up with (that you'd remember) and never speak of it. Never hint as to what it is. I know of the IGN checker, but as I said before it isn't enough to hack anyone. They need to milk out a little more information, or be extremely lucky with guessing.
If it was as simply as searching through Nexon's database for accounts, the top100 of every world would be stripped naked of everything they own. A few isolated cases occurring around the same time doesn't mean anything. You were unlucky, that's all. Nobody magically woke up one morning knowing your account information. Somehow, someone got it. Most likely from you, in one way or another. You may not remember it, or it may have been so subtle that you didn't realize it, but your information was leaked one way or another.
Inb4 rumors of people logging into their own accounts and magically having access to other characters and etc.
If there's an exploit that can hack anyone's info, and the person using said exploit is trying to be smart about it and only hacking small accounts here and there, then prove it to me. Hack me, whoever you are. I am by no means a popular character, and my being hacked surely won't be a big enough deal that Nexon employees would catch on to your exploit and patch it.
Come, show me.
I'll even give you a hint: My Nexon info isn't my real life info. Have fun.
From what I see, there's always a "huge hacking wave". No, I'm being serious here. Hacking threads are made often, and in every one of them people claim there's a "spree of recent hackings greater in number than previously recorded in all of Maple history!" or something like that.
Or he had a perfect sword that he item smegaed one day. A perfect item is enough initiative for hacking someone.
Administrator
Posts: 17,190
Threads: 2,153
Joined: 2008-09
Gender: Male
Sexual Orientation: Gay
IGN: Aesilyn
Server: Mardia
Level: 200
Job: I/L ArchMage
Guild: Animus
Jellyflower Wrote:I'm just gathering info from the victims and hopefully draw a conclusion, simple as that.
You're not doing a very good job at it, honestly.
You might want to consider asking specific questions to determine a pattern to the alleged incidents. Off hand first thing I'd look for; - If you were hacked, what email provider were you using for your Maple account?
If the breach isn't on the user side, and isn't on Nexon's side, look to the middleman.
Posting Freak
Posts: 6,092
Threads: 186
Joined: 2008-07
Eosian Wrote:You're not doing a very good job at it, honestly.
You might want to consider asking specific questions to determine a pattern to the alleged incidents. Off hand first thing I'd look for;- If you were hacked, what email provider were you using for your Maple account?
If the breach isn't on the user side, and isn't on Nexon's side, look to the middleman. Which is what I've been wondering. Wasn't there an exploit in msn some time ago?
Just to add a fact to this thread, I'm not sure how helpful threads like this can actually be, but apparently a friend of mine has left her character on for over 3 days so far. She's reinstalling everything from OS to Maple since she's not very good with computer and it at least helps her sleep at night. I'm furious, to be honest. This is not pineappleing helping, either quickly form a goddamed list and file it to Nexon, "over a thousand of your users have been hacked, investigate please," or shut the pineapple up, because even if you know exactly what's happening you're not going to do jackpomegranate to end it, Nexon has to.
That is ASSUMING the leakage is true. If it's not true, more reasons for QQers to shut the pineapple up.
Posting Freak
Posts: 6,070
Threads: 229
Joined: 2008-07
2009-12-28, 02:08 PM
(This post was last modified: 2009-12-28, 02:10 PM by KajitiSouls.)
Spideyjvc Wrote:In this case, it's paranoia and not concrete evidence leading to that Toledo. It goes something like this;
1. Tons of people get accounts stolen before
2. Slight suspicious arouses, but most people don't pay mind to it
3. Some new event happens that visibly brings forth glitches into the game
4. All stolen accounts after this event gets acknowledged, since 1 person points this possibility out and others decide to jump onto this train of thought. It could very well be the same exact amount of people losing their information as in phase 1, but nobody cared about it before. It's only now that people decide to look at every stolen account and think "oh, this must be for Nexon's messup at that last event!~"
This same thing happens a lot. There are plenty of times in the past where people notice a "spree of account hacking" and relate it to some recent problem in game, creating theories as to how the account thefts could occur in a way related to this game problem.
You can look into it if you want, but this certainly isn't the way to do so.
"So, how many of you got your accounts hacked this patch?" isn't collecting answers. All it's doing is making a placebo effect."Oh yeah, I got my account stolen recently! Now that you bring it up, this may have happened to me as well!!!!"
They may not have even thought anything of it at first, and would probably believe they had bad luck. They might be trying hard to think back on how their account got lost. Or perhaps they're too embarrassed to accept how their account got taken from them. In either case, once they read such a theory they'll stop any thought process they had relating to the cause of their account loss, and simply place the blame on this "exploit". It becomes a scapegoat, and as more people place the blame on this scapegoat it provides more fuel to a fire. The one rumor that some kid on Basil started because he didn't want to admit that he was sharing accounts leads to an outbreak of people stepping up to the plate and holding one another in support for each other.
"Don't worry, it wasn't your fault at all. It was Nexon. Let the anxiety release from you. You'll be more at ease knowing that your account loss could not have been prevented no matter what you did. Come, let's all forget our troubles."
"That's exactly why I avoided using a human sign in my Toledo example, and thus a variable has been left out."
Also I think there was a reason why quite a few "I got hacked! Who else got hacked!?" threads appeared around now. Maybe it is just a coincidence that a lot of people got the axe (it is Christmas time after all) with the supposed patterns for all I know.
Eosian Wrote:You're not doing a very good job at it, honestly.
You might want to consider asking specific questions to determine a pattern to the alleged incidents. Off hand first thing I'd look for;- If you were hacked, what email provider were you using for your Maple account?
If the breach isn't on the user side, and isn't on Nexon's side, look to the middleman.
You're quite precisely right about the execution of the investigation. People tend to be lazy about their roles if not motivated. More often than not, if they're given a survey sheet and there's one whole page that asks for comments in general, they'll probably just leave a few lines at most and call it good.
Except I wouldn't even give you my account info before telling you my email provider. That's just me though. Nothing stopping others from telling their providers.
Administrator
Posts: 17,190
Threads: 2,153
Joined: 2008-09
Gender: Male
Sexual Orientation: Gay
IGN: Aesilyn
Server: Mardia
Level: 200
Job: I/L ArchMage
Guild: Animus
Kalovale Wrote:Which is what I've been wondering. Wasn't there an exploit in msn some time ago?
Hotmail, and all LIVE / Passport accounts, I'm told.
Kalovale Wrote:even if you know exactly what's happening you're not going to do jackpomegranate to end it, Nexon has to.
This part I don't entirely agree with - If you can't explicitly prove to Nexon what the problem is they're not very good at fixing it. They do almost zero investigation of their own, especially if you go through the ticket-monkeys. The Elemental Wands/Staves were broken for over a year because no one had taken the time to painstakingly detail the exact scenario Nexon wasn't testing so that they'd understand the gap.
If there is in fact an issue that's letting a significant portion of accounts be taken over it's somewhat necessary to identify the how just so Nexon can't easily blame user error and rubber stamp the tickets as self inflicted.
It's not having what you want - It's wanting what you've got.
Senior Member
Posts: 379
Threads: 27
Joined: 2009-07
If you look on SW, there's a thread with quite a few reports on what email services they use, anywhere from yahoo, gmail, hotmail, to aol. I have yet to see one that is non free provider yet sadly, as this will greatly eliminate the possibility. I'm aware of the October hotmail leaked incident, but it seems that the affected users come from other email providers as well. Even if the hackers have a hold on your email, explain to me how they can retrieve your password with access to your email alone. I do not believe that each and every single one of them have saved their maple info stored in their email and that the hackers can see them in plain sight. I know mine isn't and there's no cache/archive of email saved. Plus, when you request forgotten password from the official site, Nexon does an automatic reset for you anyway which means passwords to all compromised maple accounts should be changed. But in the recent wave of incidents, none of the passwords were changed. And I would like to stress on the fact none.
I'm no detective, so any help will be greatly appreciated. If I could do this myself, I wouldn't have came on the forum to ask. I don't stress that I'm right, hell I don't even want to be right in this case; it's a dilemma. But if the main cause follows my gut instinct, then I want it to be fixed as soon as possible. In a lot of campaigns, you have to raise awareness first. With discussion and brainstorming, there are times where there are certain aspects of the issue that do not come to light immediately. Too much information wouldn't hurt but too little will not do you any good. I know SP has a good community so I came here to ask, whereas I go to SW for the sheer number of possible victims.
Posting Freak
Posts: 9,625
Threads: 523
Joined: 2008-09
My friend, who recently started lurking SouthPerry.net, had his level 15x Bishop hacked away from him. =/ He had to remake his character and start over completely.
Posting Freak
Posts: 1,069
Threads: 14
Joined: 2009-03
Gender: Male
Country Flag: canada
Server: Khaini
Job: Various
Kalovale Wrote:This is not pineappleing helping, either quickly form a goddamed list and file it to Nexon, "over a thousand of your users have been hacked, investigate please," or shut the pineapple up, because even if you know exactly what's happening you're not going to do jackpomegranate to end it, Nexon has to.
Of course only Nexon can do anything about it. And this is why this subject should be discussed. If all discussions on the matter are curtailed, as some of you seem to prefer, then there is about zero chance that Nexon will ever do anything about it (which benefits only the hackers). If however through open discussion they realize that there is a real and widespread problem, and that people are worried enough about it that it might affect their spending, then Nexon might be moved to investigate.
Same goes for the D/C hacking problem. If no one is allowed to complain about it, nothing will ever be done.
Oh wait, I guess that isn't a real problem either. Just a lot of people with crappy computers and internet being delusional.
Administrator
Posts: 17,190
Threads: 2,153
Joined: 2008-09
Gender: Male
Sexual Orientation: Gay
IGN: Aesilyn
Server: Mardia
Level: 200
Job: I/L ArchMage
Guild: Animus
Jellyflower Wrote:Even if the hackers have a hold on your email, explain to me how they can retrieve your password with access to your email alone.
Frankly I don't believe the problem exists at all because of the aforementioned pointlessness of the majority of the hacks. Why risk the consequences that may be associated with hacking to compromise dozens of piss-ant accounts n one would ever bother with if they knew what they were taking? It just doesn't add up unless there's a missing link that establishes the why.
Jellyflower Wrote:I'm no detective, so any help will be greatly appreciated. If I could do this myself, I wouldn't have came on the forum to ask.
You need to find a series of questions for the effected to help you identify a pattern. Any hope of results relies on A) Not accepting anecdotal evidence from a friend of a friend who got hacked and only has second hand info on the incident at best. B) Them being honest with their answers. If the average "I got hacked" claim weren't made by lying attention whores and people who gave their info out then were surprised by losing everything you'd almost stand a chance of getting somewhere, depending on C) You have the right questions, which no one appears to.
The only reason this thread hasn't been locked as a waste of time despite the reports asking for it is on the off chance their really is something going on and a pattern emerges, but right now it's just circling the usual drama toilet.
It's not having what you want - It's wanting what you've got.
Senior Member
Posts: 644
Threads: 17
Joined: 2008-07
Gender: Female
Country Flag: usa
IGN: LiIIPrincess
Server: Bellocan
Level: 200
Job: Bishop
Guild: Nobility
2009-12-28, 06:05 PM
(This post was last modified: 2009-12-28, 06:09 PM by LittlePrincess.)
I have more than 15 accounts and reacently one of them was broken into.
I could not have been keylogged. If I were keylogged I would have lost more than one account because I log in and out on several accounts on multiple computers each day. If I were keylogged I should have lost at least five accounts though probably closer to 10.
No one has my login info or my real name, dob, etc. I always give out fake info. (Why would anyone give real info to some random person in a game?) o.o
Interestiningly enough I was reacently dc'ed from HT during a run where a dc hacker was bothering many of the runners by causing them do dc. I have no way of knowing if I was dc'ed by the hacker or not, but I logged into the account that was broken into within 5-10 seconds of being dc'ed (because it was 2x event, and since I couldn't finish HT I wanted to train my nib). And 1.5 days later the PIN had been changed, upon having it reset I discovered they had stripped any valuable items from the account. However they left all my clean nib equips, pico hammers, several rows of NLC pots, all untradable stuff like maple earrings, chairs, etc. They even left some below avg lvl 64 maple knuckels. Really all the hacker took was anything you could sell quickly for more than a mil. The one character on that account that had nothing except a mil in meso wasn't even moved to the FM or touched at all. They did use about 3k of maple points and w/e they got from it was not on my account.
I had not changed my pw before (like ever since I made the account, probably 2006 or so), all my accounts had the same pw & pin, but I only lost one and it was not either of my main accounts that I play all the time either. Mostly this account had some future characters that usually sat at Huckle making orbis rock scrolls every day. (And the hacker left all the shells on them to make more too - but took any orbis scrolls, idk if they had any at the time or not.)
Also I do not use the e-mail associated with the account. It was only used to make this account. And every 6 months or so I log into all my e-mails and "keep them active."
I do not use any social networking things, I don't have a facebook for either m real persona or my in game persona. I don't use twitter, myspace, msn, aol, or anything like that. I don't open any attachements in e-mail unless I asked for them. When my friends send me funny power points they are always deleted unread. And I don't visit random web sites.
Anohter possiblity is that it's not hard to break into accounts at random. Nexon tells you which part you get wrong. (Invalid ID, Invalid PW, Invalid PIN, etc) If one wanted to hack people at random (mostly ending up with crap) they could guess IDs and they put a PW cracker to work followed by a PIN cracker.
Posting Freak
Posts: 6,092
Threads: 186
Joined: 2008-07
Eosian Wrote:This part I don't entirely agree with - If you can't explicitly prove to Nexon what the problem is they're not very good at fixing it. They do almost zero investigation of their own, especially if you go through the ticket-monkeys. The Elemental Wands/Staves were broken for over a year because no one had taken the time to painstakingly detail the exact scenario Nexon wasn't testing so that they'd understand the gap.
If there is in fact an issue that's letting a significant portion of accounts be taken over it's somewhat necessary to identify the how just so Nexon can't easily blame user error and rubber stamp the tickets as self inflicted.
Assuming the fault is in their security, however are we going to prove it to them? "2546543653 of your users (click here for full list) who have never fallen for any of the common hacking schemes have been victimized, we believe it's your system that's pineappleing up, fix please?"
Apparently we cannot prove anything, whether a single user was magically hacked or, like Spidey suggested, was just too cowardly to acknowledge their own idiocy, not to say a thousand users and perhaps more. We may know it's true, but we cannot prove anything.
I'm proposing we do what we can and do it right now instead of goofing around complaining and worry others to no end. Compile a list, send it to them, update it every day along with any result this "discussion" may come to achieve.
MissingLink Wrote:Of course only Nexon can do anything about it. And this is why this subject should be discussed. If all discussions on the matter are curtailed, as some of you seem to prefer, then there is about zero chance that Nexon will ever do anything about it (which benefits only the hackers). If however through open discussion they realize that there is a real and widespread problem, and that people are worried enough about it that it might affect their spending, then Nexon might be moved to investigate.
No discussion leads to no positive change, yet this discussion isn't leading anywhere except convincing everyone that everyone else is getting buttraped without lube and they don't know why, which we already know from the get-go. That is why there needs to be a conclusion to these so-called discussions, which I don't see coming in a very long future. Frankly, we're just groping around in the dark without a hint of what we're looking for. I agree something needs to be done because this many people magically getting hacked is no joke, be it server exploit or users' amazing idiocy. But we're not doing crap here except arguing with one another whether or not this is worth "discussing." Just get to the goddamned point, YOU GOT HACKED? OKAY WELCOME ABOARD, PLEASE SIGN YOUR NAME HERE SO WE CAN TELL NEXON THEY'RE F'UCKING UP BIG TIME, AND OH BTW, YOU CAN STOP WITH THE QQING BECAUSE EVERYONE HERE SHARES THE SAME FATE, WELL, AT LEAST THEY CLAIM SO.
MissingLink Wrote:Same goes for the D/C hacking problem. If no one is allowed to complain about it, nothing will ever be done.
Oh wait, I guess that isn't a real problem either. Just a lot of people with crappy computers and internet being delusional. DC hacking isn't even slightly similar to a server database security breach on any level, or a huge bunch of idiotic people. Pardon me, unless proven otherwise, I will continue to believe that both possibilities are, well, possible.
Posting Freak
Posts: 8,478
Threads: 128
Joined: 2008-07
Gender: Neuter
Country Flag: canada
IGN: Oooh
Server: Bera
Job: Empress
Farm: Stereo
LittlePrincess Wrote:They did use about 3k of maple points and w/e they got from it was not on my account.
You can probably log on the Nexon website and view your NX purchase history to find out. As far as I know they keep records for everything.
Won't Be Coming Back
Posts: 1,822
Threads: 200
Joined: 2009-10
Kalovale Wrote:Which is what I've been wondering. Wasn't there an exploit in msn some time ago?
Just to add a fact to this thread, I'm not sure how helpful threads like this can actually be, but apparently a friend of mine has left her character on for over 3 days so far. She's reinstalling everything from OS to Maple since she's not very good with computer and it at least helps her sleep at night. I'm furious, to be honest. This is not pineappleing helping, either quickly form a goddamed list and file it to Nexon, "over a thousand of your users have been hacked, investigate please," or shut the pineapple up, because even if you know exactly what's happening you're not going to do jackpomegranate to end it, Nexon has to.
That is ASSUMING the leakage is true. If it's not true, more reasons for QQers to shut the pineapple up. Good to see that she's taking precautions to protect her account. I don't know why you're furious at her for doing so.
Posting Freak
Posts: 6,092
Threads: 186
Joined: 2008-07
2147483647 Wrote:Good to see that she's taking precautions to protect her account. I don't know why you're furious at her for doing so. Because that's what I had to suggest to calm her down. She deleted her facebook, deleted everyone on MSN, uninstalled everything and then apparently still felt paranoid thus she reinstalled her OS, drivers, AVs, even redownloaded Maple. Do you enjoy seeing a friend freaking out every day? I sure don't, especially when little to nothing can be done to fix the situation. If it's a bluff, is it worth it? If it really is a security breach, does spreading paranoia help? No. Stay on your account 24/7 and you're safe. STOP SCARING OTHER PEOPLE. Sweet mother of Christ, lately I've been wishing to some unknown Maple God that every friend of mine who just logged on didn't get hacked. THANK YOU SO MUCH FOR THE FEAR.
Member
Posts: 81
Threads: 2
Joined: 2008-10
2009-12-29, 09:44 AM
(This post was last modified: 2009-12-29, 09:46 AM by Wigum.)
I got hacked recently, the email was a NONFREE provider - and it doesn't appear to be compromised. the logins and passwords had nothing to do with any forum/login/etc that i use on the web. The pin got changed. And anything valuable on the account was looted.
I show no viruses, malware, etc. I use firefox with scripts and stuff locked down. I can't figure out what happened. Only one of my accounts was compromised. So I really have no idea what is going on. The account is ~4 years old. And has never had an issue.
I don't have an msn account. I haven't logged into aim in about 3 years. I havent gone anywhere funny, and i don't go to any facebook twitter crap for maple - nor does the info have anything to do with maple.
Senior Member
Posts: 644
Threads: 17
Joined: 2008-07
Gender: Female
Country Flag: usa
IGN: LiIIPrincess
Server: Bellocan
Level: 200
Job: Bishop
Guild: Nobility
Stereo Wrote:You can probably log on the Nexon website and view your NX purchase history to find out. As far as I know they keep records for everything.
Apparently they don't care what you do with their maple points.
I gifted a perma Kino to that account and then bought the pet Kino with maple points rewarded. That doesn't show in my transaciton log either. o.o
Junior Member
Posts: 49
Threads: 0
Joined: 2009-10
Just to reiterate of whats been documented in sw Khani section, there is a major problem. I "was" one of the larger merchants and was one of the first to be hit, lost roughly 20b. Most hacking's seem to be low profile and hit/miss, pretty much what people have been saying in this thread (the ones who believe not the naysayers). Not all hacking's are from free email providers, and ranging from lvl 200 down. Accounts are being stripped but leaving reverse gear and random lower worth things. One of the lvl 200's changed his pw as soon as he heard what was happening and still got hacked, so don't think that matters.
Karmad away my 7 atk belt and left my clean and badly scrolled one. Helm/HT pend also karmad away. Reverse weapon x2 not dropped.
Left my 4 atk pac? But took my 10 int nap?
Stripped everything else all 80ish scrolls, white maple dana even random bad skillbooks, why my pac was left makes NO sence.
I also put in a ticket, 9 days later got a similar response as the person above "further investigation"
Anyone who is affected should log a ticket "detailing gear lost, account history ect", even if you don't care for your account. I doubt I will get anything back, if I do not I just wont play anymore, whatever Nexon's loss and 100% their fault with their shotty security system. But if my ticket stops someone else from getting hacked down the road, the time it took to write it was worth it.
|