People being hacked since the last Server Check.

[cantthinkofauser]

I've come to thinking skeptically - perhaps I was just hacked by people/friends I knew.
My highest character was hacked only, and the hacker went on it at least twice - first time to take my mesos and items, second to clear out the rest of the mesos, put me in the PPQ lobby, replace my equipment with crap from my bank. (I suppose to make it seem I didn't lose anything)

It doesn't seem entirely like what others have been hacked with - However, I did decide to go on for Hot Time today and see my closest friends (of which
one I shared my info with long ago) immediately delete me off their BL... With this, it makes me wonder if it was them or a leak hacker.

Not to make a whole post of drama, but I'm really trying to see if I wasn't part of the supposed leak. I might as well delete my account...

[MuscleWizard]

best friend just got hacked.
I'm kind of upset by this because he had that awesome level 47 2-handed axe that I gave him. The 127att one.

Ah well, gotta help him get re-semi-funded again, haha. :B

[Jon]

I finally got hit. Only things missing that are worth noting are all of my mesos and my Evo rings I and II. There are a few other items missing here and there, but whatever. My characters are playable without the rings and I still have a couple million lying around.

I'll survive.

[Chilly]

Someone tried resetting or verifying one of my accounts today. I didn't even know I had an account linked to the e-mail address and the need for reverification tells you how old or unused the account is, I'm curious to check out the account, but I'm pretty sure there isn't anything on it.

[Muppy]

Decided to log in today for the first time in months. Guess what: /* account is untouched, everything is just as I left it. */

So, yeah, lock your accounts.

[Combattente]

So, yeah, lock your accounts.

Anyways, people are starting to talk about this as if it's normal to eventually "get hit".

This is something beyond ridiculous. Many of these people shouldn't have been hacked at all, because they probably never gave out their account information or made any mistake for it to happen. Though it happened anyways.

It's stupid to state again that this is obviously a security breach on their part, so let's get over that. What I don't understand is how people could ever start finding this something almost "normal". Yes, it's been happening for several months now, but this doesn't mean it's something acceptable, at all.

People should keep protesting on Nexon Forums or doing something to get noticed until they finally admit there's an issue on their end and investigate the origin of it more thoroughly (even though I can understand that, if the hackers are experienced enough, it might NOT be so simple).

And I'm talking as someone who has never been hacked before.

[ctblack]

In MS as in real life, when there are no retribution on "immoral" acts (hacking accts, duping items, DCing ppl, KSer etc...), it then shows the true nature of the individual.

Anyways, lots of evidences point to some type of a leak on Nexon's side from all those hackings, instead of just complaining on forums, you can do something to protect your account, I will list the steps and then the explanation, its so obvious and lots of people dismiss it because they don't understand how password encryption works, here are the steps:

*Note* This will only protect those that truly never tell ANYONE their info and not get their computer infected with keylogger/virus/rat.

1. Change you password to to maximum length allowable by MS/Nexon and also your email password used to register to Nexon (I use 16 chars).
2. Make sure the password contain RANDOM upper and lower case letters, numbers and symbols
3. This step is for those real paranoid about getting hack. Change your password soon as possible right after each patch.

You can google for password generating web sites that will allow the above mentioned criteria. I would generate a bunch of passwords and save them in a file for copy and paste to log to MS, so you wouldn't need to remember them. Also make sure you make a backup of that file!

Explanation on how this would protect your info:

In every type of commercial computer system that required user ID and password to login, the server never stores the plain text password you had supplied when you registered, that info is passed into a one way hash function to form a encrypted string of characters, and only the encrypted string are stored. There is no known way to reverse the hashed string back into the plain text password easily.
The only way to "crack" the password is via brute force, i.e. to try popular lists of passwords and all combinations of characters to make up the password then feed it into the same hash function and then compare the output with the leaked encrypted password string of characters. The password is cracked when the resulting encrypted string matches.
There exist tool for people to use GPU (graphic cards) to greatly speed up the calculation of the hash function (up to 1+ billion hashed password can be calculated per second). Which means if your password is short and/or based on any forms of NON RANDOM characters, it can be cracked relatively easily.
With the above suggested criteria for the password there are total of 94 different characters (26 uppers + 26 lowers + 10 numbers + 32 symbols), which mean total combination of 94^16 or 37157429083410091685945089785856 different patterns and will take someone 28258749017727653 number of YEARS to complete all the combination on a 1 billion per second calculation.

Truly now more than ever, your account security is really in your own hands!

[KhainiWest]

In MS as in real life, when there are no retribution on "immoral" acts (hacking accts, duping items, DCing ppl, KSer etc...), it then shows the true nature of the individual.

Anyways, lots of evidences point to some type of a leak on Nexon's side from all those hackings, instead of just complaining on forums, you can do something to protect your account, I will list the steps and then the explanation, its so obvious and lots of people dismiss it because they don't understand how password encryption works, here are the steps:

*Note* This will only protect those that truly never tell ANYONE their info and not get their computer infected with keylogger/virus/rat.

1. Change you password to to maximum length allowable by MS/Nexon and also your email password used to register to Nexon (I use 16 chars).
2. Make sure the password contain RANDOM upper and lower case letters, numbers and symbols
3. This step is for those real paranoid about getting hack. Change your password soon as possible right after each patch.

You can google for password generating web sites that will allow the above mentioned criteria. I would generate a bunch of passwords and save them in a file for copy and paste to log to MS, so you wouldn't need to remember them. Also make sure you make a backup of that file!

Explanation on how this would protect your info:

In every type of commercial computer system that required user ID and password to login, the server never stores the plain text password you had supplied when you registered, that info is passed into a one way hash function to form a encrypted string of characters, and only the encrypted string are stored. There is no known way to reverse the hashed string back into the plain text password easily.
The only way to "crack" the password is via brute force, i.e. to try popular lists of passwords and all combinations of characters to make up the password then feed it into the same hash function and then compare the output with the leaked encrypted password string of characters. The password is cracked when the resulting encrypted string matches.
There exist tool for people to use GPU (graphic cards) to greatly speed up the calculation of the hash function (up to 1+ billion hashed password can be calculated per second). Which means if your password is short and/or based on any forms of NON RANDOM characters, it can be cracked relatively easily.
With the above suggested criteria for the password there are total of 94 different characters (26 uppers + 26 lowers + 10 numbers + 32 symbols), which mean total combination of 94^16 or 37157429083410091685945089785856 different patterns and will take someone 28258749017727653 number of YEARS to complete all the combination on a 1 billion per second calculation.

Truly now more than ever, your account security is really in your own hands!

You should probably read the thread to understand the problem before stating the obvious

[Eos]

Anyways, lots of evidences point to some type of a leak on Nexon's side from all those hackings,

Truly now more than ever, your account security is really in your own hands!

Are you completely ignorant of how these concepts are mutually exclusive? Are you also completely oblivious to the existence of things like rainbow tables that make your understanding of brute forcing look like a kindergarteners attempt at recreating the mona lisa?

People who know more about cryptography and security than you can condescend have been hit by this. No amount of explaining what a secure password looks like is going to change the fact that people with secure passwords are still getting their accounts violated, daily.

This sort of crap doesn't help. No one is going to thank you for handing them the secret magic key they've been missing all along here.

[Kaffei4Lunch]

So there's no way to prevent being hacked? ;__;

[Eos]

So there's no way to prevent being hacked? ;__;

No. The best you can do is make it as challenging as possible from your end, minimize what can be done if they get in, and pray the other points of vulnerability in the process are doing as much as they can to do likewise. Bottom line, as long as any portion of a process is out of your control there is no such thing as 100% safety.

[Kaffei4Lunch]

So like having a 64 character password and a 16 character PIC?

[Eos]

So like having a 64 character password and a 16 character PIC?

And never sharing it, never writing it down, never sending it across WiFi without at least a VPN encrypting it, never sending it across an open network... using a virtual machine that's a read only image so everything in it gets reset every time you log in (no possibility of persistent keylogging or spyware)...

That would be very near the limit of what you could to do protect it.
And even then you'd be susceptible to a few things, mostly on Nexon's side.

[Flonne]

Based on how the hackers are obtaining their passwords, have a password under max characters may actually make you LESS likely to get hacked; if, god forbid, they actually have access to full unencrypted lists, they are going to aim for people with the highest amount of characters first, since those people are more likely to have better stuff if they are going to that length to protect their account.

Not to mention, having a 64 character password would be extremely annoying...you would spend more time logging in than playing, especially with the amount of crashes the game gets now.

[cantthinkofauser]

Knowing that this has gone on for nearly half a year now, has anyone ever gotten hacked twice on the same account?
I'm wondering if these "hackers" (if they are of a group) just run by accounts and throw them away as soon as they finish with them.

[Combattente]

Goodbye account hackers.

[Eos]

Goodbye hackers.

I so wish

[KhainiWest]

Goodbye account hackers.

I feel like that wouldn't be a possibility unless it became subscription based

[Kaffei4Lunch]

Goodbye account hackers.

What's that o.o

[Eos]

I feel like that wouldn't be a possibility unless it became subscription based

Honestly as long as Nexon made you pay for the fob it really shouldn't be much of an issue for them to do. Goodness knows they put off enough to the players as is.