People being hacked since the last Server Check.

[Viaje]

I just refuse to believe hacks until I see it for my eyes.

That's an absolutely absurd way to go about life.
People's accounts have been compromised, and you are basically saying that you believe all of us to be liars.

I'm in the same boat as you. If these hackings are true one question for everyone. Have you played DFO recently. NEXON has stated if you play or have played DFO there was a breach there.

A breach would only be the result of hacking.
If you believe in the breach, you must believe these hackings are "true".

My brother played DFO, but only for the crossover event they had months ago.
He played for less than an hour (not that that's relevant other to demonstrated that he was not a regular player).

I think Nexon's login server got attacked or the database is somehow leaked out after the login server maintenance (thinking of Edison Chan's photos case).
...
The timing on login server downtime is pretty much match on the hack reported time, all hack reports are happened after the login server downtime.

This is the conclusion I came to as well.

I also found it disturbing that, as the servers came back up, some people were actually about to login to their characters without entering a PIC.
That tells me that the PIC can, in fact, be bypassed.

Then I should not be the first wave of victims, I am not known for good damage or rich. And I am not that high level as well... Only level 178.

I don't think there's a true pattern to the hack as some people have reported their mule accounts getting hacked while their mains are so-far untouched.

One this is for sure:
The hackers don't to seem to have any real knowledge of the game economics.
They also are intent on making money with as few transactions as possible.

[Joe.2]

You were D/C'ed then hacked? Or do you mean a mushie shop?

Yeah I meant a mushie shop, which was stocked with androids and hearts.

[Locked]

3 people got hacked today.

Kind of getting worried lol.

[CrazyNomad]

nvm... i will ask someone to check my account.

[The Great One]

Tranfer ur items man... is the only way to save your time.

I think it says that with everyone(at least it dose for me and I haven't been hacked). Besides if this was how they were getting peoples info almost everyone who has ever logged in using the game site would be hacked already or at least the number of people hacked would be much much higher.

[ResistGreen]

Yay, Got hacked today ^^

In all seriousness, I lost 5b in cash, and about 6b in equips.

[street]

Yay, Got hacked today ^^

In all seriousness, I lost 5b in cash, and about 6b in equips.

Last time you changed your password?

[ResistGreen]

Last time you changed your password?

I change it every two weeks.

[Viaje]

I change it every two weeks.

Holy. F'ucking. S'hit.
We're all boned.

Well, that's mostly an exaggeration.
Sorta...
If changing one's password does nothing to further secure one's account, then there must be either an ongoing breach or a bypass.
If there's an ongoing breach or a bypass, then literally no one is safe.

I'm trusting that the checklist applies to you:
- Associated email address untouched.
- Password intact.
- PIC intact.

Was your account connected to MSA or did you play DFO?

[ResistGreen]

Holy. F'ucking. S'hit.
We're all boned.

Well, that's mostly an exaggeration.
Sorta...
If changing one's password does nothing to further secure one's account, then there must be either an ongoing breach or a bypass.
If there's an ongoing breach or a bypass, then literally no one is safe.

I'm trusting that the checklist applies to you:
- Associated email address untouched.
- Password intact.
- PIC intact.

Was your account connected to MSA or did you play DFO?

Everything was untouched other than my items, and I never played MSA or DFO before.

To add on to it, My untradables were still there, Czak, My level 200 medal, My shoulder, Von leon weapons, Except for my MoN, which seems to be gone.

[Viaje]

Everything was untouched other than my items, and I never played MSA or DFO before.

To add on to it, My untradables were still there, Czak, My level 200 medal, My shoulder, Von leon weapons, Except for my MoN, which seems to be gone.

So, in other words, completely consistent with other reports so far.
It's fairly clear that neither MSA nor DFO are the cause of the epidemic.

I'm at a loss as to what the common thread might be if it's something other than a database leak.
FM usage?
MTS usage?

I'm fairly confident that the spree of guildmates/alliances getting hacking is simply because guilds/alliances basically give the hackers a list of who they should probably hack next...

[ResistGreen]

So, in other words, completely consistent with other reports so far.
It's fairly clear that neither MSA nor DFO are the cause of the epidemic.

I'm at a loss as to what the common thread might be if it's something other than a database leak.
FM usage?
MTS usage?

I'm fairly confident that the spree of guildmates/alliances getting hacking is simply because guilds/alliances basically give the hackers a list of who they should probably hack next...

I had a shop open in the FM every other night.

I only used MTS to store things or buy WGs, but never sold anything.

And the thing about the guild/alliance thing, There are far richer people in my guild than me.
Also would like to note that the hacker didn't delete anyone from my guild.

[Liteness]

nexon: hey guys, item lock all ur items cuz they only take tradable equips.

[Viaje]

And the thing about the guild/alliance thing, There are far richer people in my guild than me.
Also would like to note that the hacker didn't delete anyone from my guild.

There would be no reason to delete anyone from your guild. They're only after money.

Similarly, it's not really relevant that there are richer people in your guild.
The hackers clearly don't seem aware of many nuances about the game, and they're likely equally ignorant about who is richer than who. It seems to be a matter of visibility more than anything else.

On a side note, I just realized you're in FallenStarz. I actually was in the guild some time ago.
Sad to hear it's getting hit hard.

[Viaje]

I read through Nexon's "venting" thread and at least two people reported that Nexon removed the feature that locks you out of your account after too many failed password attempts, allowing hackers to potentially brute-force people's passwords.

After running some experiments on a secondary account, I've found this to have mostly truth but some falseness...
While I never experienced it personally, I understand that, at some point (or by some method), trying too many passwords for an account would lock the account until it was "verified" through an email.
This no longer seems to be the case.

After too many password attempts (five), you are indeed unable to attempt to login to any account for a certain duration of time.
Seems this block is done based on IP as deleting cookies or hopping to another browser doesn't allow for it to be bypassed.
However the duration of this lock is rather short. I roughly estimate about a minute.
So it does seem that brute-forcing is a very real possibility.

It is possible that the old lock-out is still around as I conducted these tests through the website, but I'd imagine the Gamelauncher is a poor platform through which to brute-force.
Notably, there is the fact that it's impossible to attempt to use Gamelauncher to login to an account which is already logged in while the web portal doesn't feature the same inability.

[Locked]

I'm going to take a guess in the dark and say all of these hackings are done via multi maple, seeing how unprofessional it is chances are if you make your password 13-64 digits long you can probably stop the hackings seeing as GameLauncher only accepts 12 at most.

[Viaje]

I'm going to take a guess in the dark and say all of these hackings are done via multi maple, seeing how unprofessional it is chances are if you make your password 13-64 digits long you can probably stop the hackings seeing as GameLauncher only accepts 12 at most.

Indeed. Seeing as it does seem to be done in a factory-like style, I'd imagine this isn't a one-machine operation.
While I was looser with my Maple passwords previously, I recently upped the brute-force difficulty. Relevant.

Curious what you mean about Gamelauncher though. I'm able to type in more than 12 characters, and there doesn't seem to be any indication that that's an invalid length.

[Kalovale]

I'm going to take a guess in the dark and say all of these hackings are done via multi maple, seeing how unprofessional it is chances are if you make your password 13-64 digits long you can probably stop the hackings seeing as GameLauncher only accepts 12 at most.

The site is never up when I need to update my password.

The log-in page now allows 30 characters, it seems.

[Bomber]

That's an absolutely absurd way to go about life.
People's accounts have been compromised, and you are basically saying that you believe all of us to be liars.

I'm sure that many accounts have been compromised. I'm not calling you liars. I'm just not going to pay any attention to these "hacked" accounts because I'd rather go on oblivious then worry about it(of course if I see my friend hacked I'd be upset). I don't care how much of a bad thing that does to my account, because it's kept my character healthy since broa came out.

[Locked]

Curious what you mean about Gamelauncher though. I'm able to type in more than 12 characters, and there doesn't seem to be any indication that that's an invalid length.

Last time I checked, it was 12 characters. I tried a 64-digit and it didn't fit, so I'm sure 64 digit works for what I mentioned.

The site is never up when I need to update my password.

The log-in page now allows 30 characters, it seems.

Ah, that makes sense.