People being hacked since the last Server Check.

[Eos]

I think they went to work and changed that pretty quickly and quietly, there have been a lot of changes to the site that weren't announced.

If true then the entire "do we have to just continuously repost that guy saying the login server returns the real password to the client till they change it?" is asking for something that already happened and still has no value.

Either way may point was correct. Why would we continue asking for something that no one has demonstrated (still) exists and no one could confirm the first time it was alleged? People keep repeating it over and over like it's something there was any evidence for.

[Exidous]

Why would we keep reposting a blatant lie no one has been able to recreate or confirm?

I didn't know anyone had tried and posted results.

If it can't be recreated now then yes that means it was fixed or never existed.

But it sure beats the hell out of accusing everyone of downloading keyloggers, or putting blind faith in the unshakable security of Nexon's methods. I've yet to hear a better theory that accounts for the scope of hackings we've seen.

Anyway, it doesn't even have to be the case that the server returns passwords. I was asking rhetorically if we have to badger nexon incessantly until they change whatever it is thats under the hood thats so mind blowingly easy to exploit. A keylogger is the only thing that practically explains how a hacker could get both (a secure) username and password on disparate networks. It doesn't even cover pic. Something is obviously very wrong in Nexonland, and if the source of rumbling that gets them to actually fix it is a not-perfectly-informed public, so what?

[Backflippy]

Until now I had always thought the people getting "hacked" were doing dumb things of their own accord, giving out their details, downloading keyloggers/etc, but...

I get on today, and my mesos are wiped, my bow I bought only yesterday is gone (119 att nisrock, +5 att 2% attack potential) evo ring II lvl 17 is gone, 3 att 2% dex pac is gone, 9% dex earrings are gone and thats all I've noticed for now. Also, I play on Galicia, and know next to nothing about "known hackers". I've never had prepaid nx, and never used the MTS.

They seem to have only taken the 100m+ items, as they left things like my 8 att 3%dex machine gloves and other cheaper items. I had something like 1bil left, and now have 80k. Only things from the character I'm currently maining were taken (well, it's the only character with anything valuable on it anyway). So I'm wondering, what exactly do I do? Just send in a ticket and wait for the "compensation"?

[Eos]

That's the extent of it, yes.

[CarrionCrow]

My bishop mule just logged in. It aint me on it. The account had a weak password, but I soley used it on a computer never doing anything other than MS. I will change pass and pic and see how it goes. Good thing I had almost nothing of value on the account.

[Muppy]

A friend of mine just got hacked as well (like, 2-3 days ago). All of the mesos and tradeables were taken, but they didn't take the SoKed Zhelm he had.

Locking my account has become second nature to me already.

[Combattente]

Locking my account has become second nature to me already.

Same here. At this point, there's no other better thing we can do to lower (if not cancel completely, hopefully) the chances of being hacked.

Guess I'm going to have to keep locking my account every time I'm not on it for a long, long while.

Can't complain, if it prevents myself from being hacked or, worse, having my character completely deleted.

Anyways, about the PIC, I think they have a way to skip that, just like there used to be for PIN.

Can't still realise HOW they get user and password though. Well, maybe I can about username (yet many people who weren't on the list were hacked, and I guess people who didn't use MTS too), but.. password.. is almost impossible to get without some kind of exploit which there MUST be in the game or somewhere else (maybe the site).

Or they're just making the client think that the person has already logged in from the site even if he hasn't, by providing the username only, but their security would have to be REALLY weak for something like that to happen. I guess there's a generated token which you gotta send the server if you want it to authenticate you as logged in from site, and, unless the hackers realised what the algorithm is (nearly impossible) or were able to get it from the server somehow, that's not possible.

Well, the guesses can be infinite but probably the answer only is one. And we still don't have it. And maybe we'll never have it. This is getting as bad as the meaning of life.

Feels awkward, man.

[Valon]

Happened to me a month or so ago, the amount lost was impressive by any means. The depressing thing about this thread is that the consumer in me wants to put faith in Nexon as the corporation, and expects them to have fixed this by now. Every time I see someone else get hacked it reminds me how half-assed theyre going about this. I'm not about to read all 29 pages of this thread to see if it has been suggested, but considering I'm starting over and freshly funding a character, security is very important to me this time around. (I kind of disregarded most steps before) As a result I've been generating random 64 character passwords here: https://www.grc.com/passwords.htm and changing it daily, as it seems the database is compromised very often (if this is indeed what's happening).

Basil aside, when a community as accurate (typically) as southperry acknowledges that there is clearly something wrong, and there has been for months, it astounds me that Nexon is completely disregarding something so serious. This should be top priority. I am pretty loyal to Nexon in most cases, understanding that they are in fact a business and many of their decisions are made to benefit them, not us. This is one of the few things that has really caused me to lose faith in the way they're handling the game.

[Seanny]

Well, turns out i wasn't hacked. but in the time i have been gone, Zenith has become EVEN MORE dead than it already was. Ch 1 barely even can fill FM 3... in the afternoon? what is this.

blah. at least the inflation isn't as horrid here.

[Killed]

I lost 2 of my mule accounts within the last 2 weeks, both had 9 mules on each, all filled with max meso. No meso is left. Just a few equips on each. Guess I was asking for it, those 2 accounts were the only 2 accounts I didn't change PW too within the last year

[Mibs]

Some of my friends have been finding keyloggers around their comps, and I'm now thinking that this could all still be possible via keyloggers or rats. Seeing as neither would show up on the average virus scan...well I haven't been hacked yet on any accounts. Can't lock my account because I don't have my email anymore though.

[Eos]

And why exactly do you believe keyloggers would not show up?

[Mibs]

And why exactly do you believe keyloggers would not show up?

I've been told repeatedly that the "best" keyloggers are personally made and don't appear on virus scans until they're "caught". Second hand information from a person not knowledgeable in this field. I just assumed that if rats could be undetectable, so could these, at least enough of the time to cause some hackings.
If this is not true then please elaborate so I can learn something.

[Eos]

There are only a finite number of ways to hook into low-level keyboard input.
There are also a finite number of ways to rootkit the system to hide.

A remote access trojan is just a client-server app. They're not distinctive enough to be universally detectable.
The other two are, so even a keylogger using a root kit can be detected by a sufficiently sophisticated AV.
I can write a keylogger in ASM in minutes and a good AV will at the very least throw a warning because the code isn't signed by a trusted authority and is trying to do something suspicious.

All three require a delivery mechanism to execute & install.
Both capture methods would also require the victim to log in and use those credentials for them to be recorded.

Circumstances and evidence do not support the premise for the majority of the cases that are inexplicable.

[Stereo]

HackShield would make a good delivery mechanism and also takes care of trust issues - people know it's a rootkit and they accept that... Of course you'd need to poison some DNSs to trick anyone into downloading the wrong version of it. Plus it throws up gibberish errors every so often, so how can you even tell it's working right?

My thinking is still that it's Nexon's problem, just like last time a large number of people were hacked at once. If it's a client side problem, the hackers benefit from deploying it slowly, making it look like a less serious issue, just targeting a few extremely rich players - if it's an assault on Nexon's DB, well then take as much as you can before they close the hole.

[Eos]

Hackshield having been compromised is one the more highly unlikely possibilities.
If that were the case it'd have been AhnLab's responsibility, not Nexon's anyway and you could bet Nexon would be going after them for punitive damages even while they'd deny there were any damages from the same activity had it been their own fault.

[BBD]

Items are missing.
2 evo Rings that make me wear most of my gear.
my WG is missing....
and one of my chairs is missing.

That is known. I don't write everything down what I have, I don't ever plan getting hacked.
But rings were first thing I noticed. Then the glove (15mins later) and when I was chilling in FM and wanted to sit on the chair I love sitting, I couldn't.

[Ketchup]

Did anyone follow up on the theory about older accounts being vulnerable?
I remember reading someone suggesting that earlier in this thread. From the people I have asked, they all seem to have an account that is >3 years old.

[ElderTree]

Did anyone follow up on the theory about older accounts being vulnerable?
I remember reading someone suggesting that earlier in this thread. From the people I have asked, they all seem to have an account that is >3 years old.

My wife's account (which got hacked) was 2 years and 0-1 month old when it got hacked. Thanks to the changes in the login system (only need email to reset a password), I was able to access all 5 of my really old accounts (oldest: Aug 2004), some with the Mark of the Beta. None of them have been hacked.

Granted, I had to do a PIN (not PIC!) reset on them to even get into them... so it may be what protected them.

[Ketchup]

My wife's account (which got hacked) was 2 years and 0-1 month old when it got hacked. Thanks to the changes in the login system (only need email to reset a password), I was able to access all 5 of my really old accounts (oldest: Aug 2004), some with the Mark of the Beta. None of them have been hacked.

Granted, I had to do a PIN (not PIC!) reset on them to even get into them... so it may be what protected them.

but did those accounts hold valuables that would make cleaning it out worth their time?
and your wife's hacking does break my theory but so far that is the only case i have read about

or it could just be me wrapping myself up in my theory to comfort myself since my account is less than a year old