Senzu Beans
Visitor
losing everything characters, items, and castle. Then looking for help and not getting any from GMs kinda hurts.
-
Hail Guest! We're looking for Community Content Contribuitors to Stratics. If you would like to write articles, fan fiction, do guild or shard event recaps, it's simple. Find out how in this thread: Community Contributions
-
Greetings Guest, Having Login Issues? Check this thread!
-
Hail Guest!, Please take a moment to read this post reminding you all of the importance of Account Security.
-
Hail Guest! Please read the new announcement concerning the upcoming addition to Stratics. You can find the announcement Here!
Getting Hacked Sucks
- Thread starter Senzu Beans
- Start date
- Watchers 6
Senzu Beans
Visitor
my castle is now owned my someone else looking identical.
Captn Norrington
Stratics Forum Moderator
Moderator
Professional
Stratics Veteran
Stratics Legend
UNLEASHED
Campaign Supporter
Sorry to hear you were hacked 
Unfortunately the GM's have always said they will not help get back hacked accounts. You could always try emailing Mesanna, the producer of UO, but I don't think she will be able to do anything about this either. [email protected] is her email address.
Unfortunately the GM's have always said they will not help get back hacked accounts. You could always try emailing Mesanna, the producer of UO, but I don't think she will be able to do anything about this either. [email protected] is her email address.
99.9% of 'Hacks' is end users error - giving their account info to people who at a later date take everything they have.
with gold at a all time low i doubt very highly the Russian syndicate is opening stalking UO accounts to flip.
in fact i don't think in the 20 years I've been playing this game that i have ever heard of someone legitimately getting 'hacked' for their UO account.
either way it sucks dirty pancakes to loose your account.
you really should contact Broadsword though, they can see who is accessing that and account and from what IP.
its not so much a GM thing as it is a Broadsword higher up thing.
with gold at a all time low i doubt very highly the Russian syndicate is opening stalking UO accounts to flip.
in fact i don't think in the 20 years I've been playing this game that i have ever heard of someone legitimately getting 'hacked' for their UO account.
either way it sucks dirty pancakes to loose your account.
you really should contact Broadsword though, they can see who is accessing that and account and from what IP.
its not so much a GM thing as it is a Broadsword higher up thing.
My partner had his WOW account hacked once, he NEVER gave any info out to anyone. He ONLY played with myself and a friend of mine, and even then only played for 6 mths as did I. We then went back about a yr later to find my account fine but his 'avatar' hacked and out in the boonies falling off the edge of screen with all his 'stuff' minor tho it was gone.
ONE email to Blizzard, all his stuff was returned, every single thing, we changed the pw on his account, and all was good to go. You would think that UO after 20 yrs could actually provide some form of recovery service for hacked accounts, and I disagree, with the above, I know for a fact it was NOT user error, there was never even any third party apps put on his account and he never joined any 'alliances' 'guilds' etc. The email was wow specific and never used for anything else. No idea how the account got hacked but I know it wasn't user error for a fact.
ONE email to Blizzard, all his stuff was returned, every single thing, we changed the pw on his account, and all was good to go. You would think that UO after 20 yrs could actually provide some form of recovery service for hacked accounts, and I disagree, with the above, I know for a fact it was NOT user error, there was never even any third party apps put on his account and he never joined any 'alliances' 'guilds' etc. The email was wow specific and never used for anything else. No idea how the account got hacked but I know it wasn't user error for a fact.
I've known a few who got hacked and they didn't hack the Account Mismanagement site they hacked them through their emails attached to their accounts... this was something that was more prevalent years ago when accounts sold for 2k or more... anymore I honestly wouldn't know why someone would hack someone elses account... gold is pennies on the dollar...
Though I'll say I've also heard things about people who sold accounts coming back and calling EA claiming they "can't remember" how to activate their account etc... and getting the account back that way. Shady if you ask me.
Hence why the email I use for that never is used for anything BUT my account... but you never know if what you hear is true... or just paranoia...
Though I'll say I've also heard things about people who sold accounts coming back and calling EA claiming they "can't remember" how to activate their account etc... and getting the account back that way. Shady if you ask me.
Hence why the email I use for that never is used for anything BUT my account... but you never know if what you hear is true... or just paranoia...
- Awards
- 5
Your account was still paid up and your stuff was gone? You didn't stop paying and your castle fell? But it would still be odd your characters were all gone...
I Got a weird Email from which IT Looks from EA that my Password was reset dir Security reason after suspicious Actions.
IT include a Link for Password reset. Which i have Not clicked. And i also will Not klick it
IT include a Link for Password reset. Which i have Not clicked. And i also will Not klick it
Exactly the same thing happened to my uo friend six years ago. That’s absolutely possible.
- Awards
- 5
I have heard a lot of weird things from returning players, but is there some policy of clearing old accounts? That's a bit worrying.... Surely if the account was hacked the password would be changed? Sorry if I sound a bit dumb, I don't have any experience of hacking and stuff. Just trying to puzzle out what happened here!
It’s good that you’ve never seen this kind of cheatings. Just play as a good citizen, keep your personal info in secret, and dont use the 3rd party programs if you are not so sure.I have heard a lot of weird things from returning players, but is there some policy of clearing old accounts? That's a bit worrying.... Surely if the account was hacked the password would be changed? Sorry if I sound a bit dumb, I don't have any experience of hacking and stuff. Just trying to puzzle out what happened here!
Food for thought.
Back some time ago when doom first opened up there was a lot of rmt occuring as I am sure you all know. There was a guy trading vet accounts for doom artifacts and rmt. I ended up trading an inquisitors resolution for 2 of these accounts.
The accounts usernames and passwords were a bit suspicious. One was qwerty as the username and the other had robrob for the usernames. Even back then people knew better than to use such crappy login credentials. After further examination both accounts were created in 97 and both ended on the same date that accounts stopped acruing vet reward status while the account was closed.
Having worked with many webmasters in the past in regards to login security this sent up a red flag to me. These logins struck me as dead logins meaning that the accounts were created then quickly abandoned. Also from talking to others at the time this person seemed to have many accounts for trade/for sale. You cant phish for a login if the user never even bothered to use the said account. This leaves two ways this person came into these accounts. The first is a server breach. Since the crap didnt hit the fan with everyone losing access to their accounts I would have to assume that was not it. The second possibillity would be someone bruteforcing the logins. That would make a lot of sense in this case. Easy logins is exactly what an attacker is looking for when using this form of attack. So I can almost gurentee that someone could have been hacked without giving out their password or having malware infecting their machines. As for the accounts I never did end up activating them. Just seemed a bit risky to me.
Back some time ago when doom first opened up there was a lot of rmt occuring as I am sure you all know. There was a guy trading vet accounts for doom artifacts and rmt. I ended up trading an inquisitors resolution for 2 of these accounts.
The accounts usernames and passwords were a bit suspicious. One was qwerty as the username and the other had robrob for the usernames. Even back then people knew better than to use such crappy login credentials. After further examination both accounts were created in 97 and both ended on the same date that accounts stopped acruing vet reward status while the account was closed.
Having worked with many webmasters in the past in regards to login security this sent up a red flag to me. These logins struck me as dead logins meaning that the accounts were created then quickly abandoned. Also from talking to others at the time this person seemed to have many accounts for trade/for sale. You cant phish for a login if the user never even bothered to use the said account. This leaves two ways this person came into these accounts. The first is a server breach. Since the crap didnt hit the fan with everyone losing access to their accounts I would have to assume that was not it. The second possibillity would be someone bruteforcing the logins. That would make a lot of sense in this case. Easy logins is exactly what an attacker is looking for when using this form of attack. So I can almost gurentee that someone could have been hacked without giving out their password or having malware infecting their machines. As for the accounts I never did end up activating them. Just seemed a bit risky to me.
What is not possible?
One of the biggest issues is that if an account is down even if you get the password wrong you it tells you that the account is down, telling you that the account id is correct.
From there you could wait until it gives you the message the password is incorrect meaning the account is active and then try to brute force it, but that would take a considerable amount of time or resources.
From there you could wait until it gives you the message the password is incorrect meaning the account is active and then try to brute force it, but that would take a considerable amount of time or resources.
You would think but not really. Most will run a list of known logins from other compromised sites to test against the server. These attackers will use lists of username/password combos that literally number in the hundreds of thousands of logins. The software the attacker uses can test 100k+ combinations an hour. Eventually they will get access unless the system is setup to block an IP after a certain number of failed logins. Even then proxies can be used to eliminate that issue.
this isnt blizzard, blizzard when you get hacked they restore everything you lost, EA when you get hacked all you get is the finger
How did it happen OP? Any theory how they got to you? I fear there is nothing anyone can do for you when it comes to getting em back..
Only real hacking-related help that has potential to travel here does so to other direction, if you willing to make any guesses about how you got compromised. So others won't repeat your mistakes. Assuming you even made any.
Only real hacking-related help that has potential to travel here does so to other direction, if you willing to make any guesses about how you got compromised. So others won't repeat your mistakes. Assuming you even made any.
Last edited:
Very prudent. Also you should aviod using the same password for multiple accounts. That way if one of your logins are compromised then at least your other accpunts will still be safe. As far as I know you can not change your username.
Yeah, passwords are a given. I believe a password manager that generates random passwords is a must these days. But in the absence of 2-factor authentication, username may be the weak point. And people who created their account 20 years ago may have used that same username on hundreds of sites since then.
First: Date of Suspected hacking?
Second: Account active?
Third: Are you the original creator of account? If not did you buy and register it to you?
Forth: If answer to third is no/ no .. Did you change the Secret word ?
Years ago many bad people took hints of account names and went "Fishing" at customer support...
The CS people were a little loose lipped in effort to help players "remember" their info.
As you can surmise they helped too much. Hints add up.
Now as a course of action I suggest e mailing Mesanna,
Explain in your note the issue in a nut shell. Meaning make it to the point, give all needed info.
Such as last time you logged in before things went poof.
UO has a back up of shard details, So things can be looked at.
Give the lady a few bits of real info and except If she says sorry its gone nothing we can do as the answer.
Sometimes the bad guy wins. But as all have said its worth a try.
Remember to put in the Subject line of your e mail the reason for your note.. IE: Hacked account Help Request
Be polite. Honey will get you places that vinegar wont.
Good Luck
Second: Account active?
Third: Are you the original creator of account? If not did you buy and register it to you?
Forth: If answer to third is no/ no .. Did you change the Secret word ?
Years ago many bad people took hints of account names and went "Fishing" at customer support...
The CS people were a little loose lipped in effort to help players "remember" their info.
As you can surmise they helped too much. Hints add up.
Now as a course of action I suggest e mailing Mesanna,
Explain in your note the issue in a nut shell. Meaning make it to the point, give all needed info.
Such as last time you logged in before things went poof.
UO has a back up of shard details, So things can be looked at.
Give the lady a few bits of real info and except If she says sorry its gone nothing we can do as the answer.
Sometimes the bad guy wins. But as all have said its worth a try.
Remember to put in the Subject line of your e mail the reason for your note.. IE: Hacked account Help Request
Be polite. Honey will get you places that vinegar wont.
Good Luck
i had heard that if your using a account that wasn't originally yours that the original owners can actually get them back from under you.
not sure if its true or not, but if you call EA and give them the number off your original CD you used when creating the account they will give you the account back irregardless of the activity it has had or is having.
not an issue for me as all my accounts that i use are mine and have always been mine, but food for thought for people who run with accounts they purchased or where gifted.
not sure if its true or not, but if you call EA and give them the number off your original CD you used when creating the account they will give you the account back irregardless of the activity it has had or is having.
not an issue for me as all my accounts that i use are mine and have always been mine, but food for thought for people who run with accounts they purchased or where gifted.
Poo your correct.
Mesanna said if a past owner could prove the account was theirs and had the correct secret word ... its theirs.
Many have lost accounts to the original or last owners due to that point. Read the last few UO letters from the Team in your e mail.
Down at the bottom is how they can find out how to do so.. and for those who bought can safeguard for this not the happen to them.
Mesanna said if a past owner could prove the account was theirs and had the correct secret word ... its theirs.
Many have lost accounts to the original or last owners due to that point. Read the last few UO letters from the Team in your e mail.
Down at the bottom is how they can find out how to do so.. and for those who bought can safeguard for this not the happen to them.
Captn Norrington
Stratics Forum Moderator
Moderator
Professional
Stratics Veteran
Stratics Legend
UNLEASHED
Campaign Supporter
There are a couple of problems with the secret word thing...
1. Not every account has a secret word at all. They didn't exist for many years, so really old accounts don't have one usually.
2. When you ask to change the secret word, they make you tell them the current secret word first. If you aren't the original owner of the account, or your account never had one to begin with... this creates a large problem since they refuse to change it without first being told the current one, and they usually do not believe you when you tell them your account has no secret word at all.
I put a secret word on a account years ago and have no clue what it is lol
Trying to recover old accounts is beyond a joke, I have tried a few times a gave up just opened new ones.
I usual open up old or new accounts to transfer houses.
Trying to recover old accounts is beyond a joke, I have tried a few times a gave up just opened new ones.
I usual open up old or new accounts to transfer houses.
True, and not true. My main account was "hacked" 7 years or so ago. I logged into my second account to see one of my main characters on my first account rifling through the chests in my second account house. Wanna freak sometime, walk into THAT **** lol. I immediately removed all access to that house but a lot of damage had been done. In vent, I talked to guildies who went to my keep and entertained the "hacker". Asked him to check out some other characters on the main account. In the meantime, I was on the phone to EA. After talking to EA, they locked the account down. A good friend in RL and guild, got the guy to log out and check out another character and he too was locked out of the account. I then went through holy hell getting the account back.
I admit I bought the account on eBay waaaay back in the day. Apparently, the original owner had it hacked from him when he went to WoW. So, when he decided to try UO again, he pulled out the old CD code and EA gave him all the account information (***holes). It took over a month to sort out. EA threatened to close the account to either of us permanently. But I had proof that I had been paying on the account for around 6+ years and they finally released it back to me. Even then, I couldn't get on, since it was locked at a "Level 4". (?????) Needless to say, after another 2 1/2 hour phone call, and working my way through the channels, I reached a person who COULD give me back control of the account. So yes, they will still give them back if you have the CD, but IF, you can PROVE, that you have been the payer and caretaker of the account (for a relatively long and stable period), they do give it back to you. Just an FYI and YMMV. I got lucky. If I would have lost that account, which wasn't much when I bought it but through a ton of 2009ish gold in transfer tokens and scrolls I'd built into a very nice account, I wouldn't be playing UO anymore.
I'd also like to add no hate for the dude that wanted his account back. He got screwed as well. I actually emailed him after the fact and he was cool with it, though he said he did enjoy raiding his "sister" house lol. With that said, when I bought it it was what any of us would consider a very basic account, with the highest toon being scrolled to 115. I bought it for the types of characters and levels, not that it was uber leet, and I bought it for a pittance at a time when that was still legal.
Last edited:
It took me a few emails and about 5 business days. Not too shabby to recover about $200 in upgrades and features.
My guess is, someone found out your username somehow, you probably had it written in a UO book, i've seen people do that . And then your password was too easy. If you were hacked , it was more thank likely a brute force password breach. If I have your username and password and I log in on your account, you weren't hacked, you were careless.
I will make a new post explaining all about the Acct Mgmt and How to proper set them up