Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Any recent hacked accounts from Southperry users?
My information is limited to all 40 pages in this thread and the khani section on sw.
We know they can rebreak into previously targeted accounts via email with new complex passwords, like myself.
Clericromeo was rebroken into after rebuilding from being hacked, but he didn't mention if the hackers used email or just cracked the ms pw.

If the above posts are sound that brand new passwords on previously untouched accounts are game for being stripped, it is a sad day indeed.
Reply
Jellyflower Wrote:I'm not sure what your exposure unit is, is it 1 billion hashes per computer or organized network or what? Let's just say you're right 72^9/10^9 = time to crack a specific passsword, which is around 520 million second (not sure where you get 3.13e16 at), translated to 1.65 years. You're forgetting the fact that they have more than one specific target. If passwords are uniformally and identically distributed and say 2000 users have 9-letter long passwords, so divide that by 2000 and you get 7.22 hours per successful crack. Suddenly it doesn't look as nice. You can also argue that my method will incorporate multiple checkings so in the end it's still as many comparisons as like targetting one target, but using quicksort or whatever efficient method, you can end up with log n or less comparsions instead of n. (Let's say log 2000/log 2) = 11, multiply this to 7.22 hours and you get 79.42 hours, I sure wouldn't feel safe. But each subsequent letter will increase the average crack time by 72x of previous.

10-letter -> 238.26 days
11-letter -> 47 years
12-letter -> 3384 years

Bottom-line is, it's 'safer' to have longer passwords and what's stopping you to having them? An old guildmate of mine is presumed hacked as well just today and she hasn't logged on for 7 or 8 months now.
Okay, I'll accept the long password theory this time because it's hashes were talking about and not bruteforce over the internet.
Fumni Wrote:I really wish I knew how these hackers are doing this...
Probably the good ol' method of 1.find an exploit 2.abuse it in every possible way.

Also, if Nexon aren't getting these guys' asses into jail ASAP they are retarded. It's not that fucking hard to notice you are being hacked and find out how to fix it and find who did it, really.
Reply
Kortestanov Wrote:Okay, I'll accept the long password theory this time because it's hashes were talking about and not bruteforce over the internet.

Also Rainbow Tables have been hypothesized previously as another way of getting through easily, since many rainbow tables can be downloaded readily for up to 8 characters.
Reply
Eosian Wrote:Also Rainbow Tables have been hypothesized previously as another way of getting through easily, since many rainbow tables can be downloaded readily for up to 8 characters.

Fffffffffff the password Nexon gave me is 9 characters. This meant then that my password could have been cracked long ago if Nexon didn't give that one extra character.

I'm still paranoid of whether fresh accounts or recently changed passwords are being hacked. I put too much money and effort to just lose it all so I retreated to DFO until I can get some confirmation on whether it's possible to still get hacked despite recently changing my password.
Reply
Those people that gotten "rehack" after they had changed their password recently does not mean 100% the hacker(s) gotten a fresh copy of the hashed password info from Nexon. As if the hacker did had the account info which would include the email that will provide the hacker another way of hacking. There need to be more data needed to determine (logically guess) how those hacks happened.

As for brute force cracking of MD5, the latest speed is ~ 4.6 billion hash per second done using a pair of latest GPU on a single computer without using networked bots. This will give more reason to use the full length (12 chars) for a password and with upper/lower cases, numbers and symbols and as a safely precaution to change it after every server checks and patches.
Reply
IllegallySane Wrote:I retreated to DFO

I remind you no Nexon game is safe if you have NX, your maple account is just a way of sucking you dry as I and my guildies found out having lost all our Mabinogi NX via our inactive maple accounts.

We've resorted to entirely different MMO's now and won't be back unless things vastly improve.
It's not having what you want - It's wanting what you've got.
Reply
Eosian Wrote:I remind you no Nexon game is safe if you have NX, your maple account is just a way of sucking you dry as I and my guildies found out having lost all our Mabinogi NX via our inactive maple accounts.

We've resorted to entirely different MMO's now and won't be back unless things vastly improve.

Except DFO isn't as NX intensive as Maple is. I spend ~$31 a month for my 2x EXP and 2x Drop at TT, in which I sell off the Time Pieces to make that back, and more; this (the $31/month) does not include the 1-2 Mush Shops I buy to sell the Time Pieces, nor the pet equipment and 2 NX equipment I buy every 3 months. DFO requires virtually nothing to maintain playing because Avatars and storage upgrades are permanent (paying $4.50 per month for a store is the only "required" NX related item to maintain); if I get hacked on Maple, I can still play DFO without problems. If I do get hacked, it'll take me a good month or 2 of constant playing (with a 2x drop card) to get the ball rolling again in Maple.
Reply
Mabi isn't NX intensive either, that just makes it worse because you charge 5/10/25/30 and then only use it in small chunks here and there, and by mabi standards those chunks are in the 100's, not 1000's.

That means all that NX is just sitting there fat and juicy for a hacker to take via MTS because you'll never need to use the quantity of it that's charged in a hurry.
It's not having what you want - It's wanting what you've got.
Reply
Eosian Wrote:One report is inconclusive, and since this is a secondhand report we can't really assume it's a separate incident. It's not impossible that it's an unrelated coincidence, or that the two events aren't entirely related.
What we really need is for everyone who hasn't been hacked yet to change their passes so we can determine if that actually makes any impact. If Nexon had actually encouraged this as they were asked to we'd be in a better position to determine what's happening.

I changed all my passwords after loosing one account Dec 22nd.
I changed all my passwords again in mid January (hours after patch completed) to use a unique password for every account.
I think I have 18 accounts (unless I missed a couple), one comprimised Dec 22.
I leave 3 main accounts & 2 stores logged in 24/7 except patches and SC.
I leave some mule accounts logged in most of the time, 3-4 more accounts for a total of 8-9 accounts for probably 20/24 hours a day.
Everyday I have at least 9 accounts not logged in (available to be hacked).
I do not bother protecting the already comprimised account (I cleaned out everything the hackers forgot and leave it logged out).
I have not had anything missing or any PIN changes on anything missing from any account from the first occurance until today.
It is true that many of my mules hold items for quests that hackers may not percieve as valuable, but many people have reported being cleaned out of the nonvaluable items as well lately.
My e-mail was not comprimised nor my pw changed on compromised account.

So there's one sample for you.

Chirdaki Wrote:My information is limited to all 40 pages in this thread and the khani section on sw.
We know they can rebreak into previously targeted accounts via email with new complex passwords, like myself.
Clericromeo was rebroken into after rebuilding from being hacked, but he didn't mention if the hackers used email or just cracked the ms pw.

If the above posts are sound that brand new passwords on previously untouched accounts are game for being stripped, it is a sad day indeed.

This is only true for when the e-mail is compromised. It's pretty clear there is a minimum of two types of account theft occuring.
Reply
As said before, none of the Nexon games are safe. In the extreme, the hackers with malicious intent can delete your characters (if they find a way to retrieve your birthday info somehow), rendering your work useless. But by all means, if you're having fun, that's ok, but know that it comes with a cost at risk. They might start targetting equips over at Mabinogi and Dungeon Fighter too if the market becomes full bloom, which I think is doubtful right now. I loathe over the fact that once the account is compromised, it's never 100% safe anymore more so than the items lost.
Reply
Eosian Wrote:Just to be absolutely clear on this, the account that was hacked was a separate account from the original, that had had it's password changed after the original was hacked last month, but was still broken into without the intruder having to change any of the (fairly new) info?

MissingLink Wrote:There was a similar report in the SW Q&A thread. (Could be same guy actually). Mule account was hacked (as well as main rehacked) even though password was changed 3 days before.
There goes the comforting notion that the hackers only had old info and you were safe if you changed your password.
I guess there is still hope that a long and complex password will protect you. Unfortunately the Q&A thread does not ask how long or complicated the password was, only if it was on the hash-reverse sites.

Yes, it was my long time Maple friend, Kapel07. He was hacked on his shadower the same time as me, then changed his other accounts passwords and PINs in response. Yesterday, he went on one of the accounts just to find out that it was stripped clean, and his shadower was robbed again.
I didn't mention his shadower, because he forgot the birthday on it, so all he could do was change the PIN on that account, but the other account definitely had different password on it.
Again, it's one report so far, but I quizzed him with qualifiers to make sure he wasn't being a complete retard when it came to his account security, so I can vouch for his claim. Not enough to establish a pattern, more like a warning.
Reply
Fumni Wrote:Yes, it was my long time Maple friend, Kapel07. He was hacked on his shadower the same time as me, then changed his other accounts passwords and PINs in response. Yesterday, he went on one of the accounts just to find out that it was stripped clean, and his shadower was robbed again.
I didn't mention his shadower, because he forgot the birthday on it, so all he could do was change the PIN on that account, but the other account definitely had different password on it.
Again, it's one report so far, but I quizzed him with qualifiers to make sure he wasn't being a complete retard when it came to his account security, so I can vouch for his claim. Not enough to establish a pattern, more like a warning.

ewwww that's dangerous. Eek

When did he change the password? Maybe passwords need changed monthly now? *groans*
Reply
Eosian Wrote:We've resorted to entirely different MMO's now and won't be back unless things vastly improve.

And if they never improve? Deep down you know they won't.
Reply
Greg Wrote:And if they never improve? Deep down you know they won't.

I think the real question is if the benefit of Nexon finding out with proper compensation is even worth it. Remember how they compensated guilds? That hack was pervasive and affected entire communities and worlds and the compensation was small in comparison. I don't see this as being any different.

If you get hacked, sayonara, end of your maple life. Join a new MMO and be happy.
Reply
Greg Wrote:And if they never improve? Deep down you know they won't.

I was perfectly clear that us returning was completely conditional on improvement.

Fiel Wrote:I think the real question is if the benefit of Nexon finding out with proper compensation is even worth it. Remember how they compensated guilds? That hack was pervasive and affected entire communities and worlds and the compensation was small in comparison. I don't see this as being any different.

If you get hacked, sayonara, end of your maple life. Join a new MMO and be happy.

We (my guild) don't care about compensation from a game we've already abandoned, we just want to be able to play Mabi with at least a normal level of assurance our account won't be gutted open by circumstances only the game company can control or prevent.
Reply
LittlePrincess Wrote:ewwww that's dangerous. Eek

When did he change the password? Maybe passwords need changed monthly now? *groans*

We were both hacked around Jan. 11. He only changed his password once, after he was hacked on his shadower. I used to have both of my accounts online 24/7, but it was making my computer run like pomegranate after a while, so I resorted to locking my bishop with Spideymench's symbol password system, and leaving my archer online 24/7.
I've changed my passwords 3 times on both accounts so far since the hacking occured, but I plan on monitoring my bishop via ranks to see if she gets broken into with the symbol system.

So far, that seems like the last unproven defense we Maplers have left.
Reply
Fumni Wrote:Yes, it was my long time Maple friend, Kapel07. He was hacked on his shadower the same time as me, then changed his other accounts passwords and PINs in response.

Sadly, the only reassuring thing for the rest of us about your friend being hacked again is... that he was already hacked once.. we can only hope that all of us who have yet to be hacked and have recently changed our passwords will continue to be uncompromised.
Reply
I was hacked in the recent run of hacks involving Kradia in GMS. I have never shared my acct with anyone and I do regularlly change my password and pin. The culprate was a char by the name elfu3rte. I have screen shots taken by a friend that saw it happen. The whole incident happened durring a GM event and the GM did not respond to the smegas that were sent out about the hacking going on. So the breech is real and it does not matter what steps you take to secure your acct. And yes my best items were locked.
Reply
Finally got a response to my BBB post. Nexon must have a copy & paste wiki for everything. Tongue

Worthless Nexon CopyPasta Wrote:Company's Response

Company's Initial Response - Posted 02/02/2010
The hacked account complaints that we receive are taken very seriously and they are reviewed by the CS team. If your account was compromised please be sure to give as much information in your ticket as you can about your issue and items you lost. Please remember, sharing account information is the best way to be compromised. Information posted in a locked area or "private" message can be seen by others. Thank you, Nexon Support
Initial Response Summary
Nexon America does not provide customer support through third party systems like the BBB.
Reply
That's exactly what they sent me. DEALING WITH ISSUES? NOT OUR STYLE.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)