Attention Players Set Your Origin Account Profile To Private

[SoulWeaver]

One of my accounts was recently "hacked" and or invaded without my authorization. They got into a house of mine and stole some goodies. Luckily I must of logged in as they were doing it so they didn't take as much as they could have. FYI: Character Name Was " (Removed by Moderator to comply with the Stratics ROC) ".

So to make a long story short I couldn't see how this person who ever he may be and probably will be reading this thread and chuckling it up to himself. Got into my account, being that the account was only a few months old, had no passed owner, only had 1 game time code added to it etc etc...

So I then of course proceeded to change all my passwords and all of that.

Frustrated and pondering on how this man accessed my newbie account. I was at work last night, funny part is I actually had just gotten to work. Which gives me reason to believe it's someone that knows me so whoever you F*** You Are Karma's a bit** and will return the favor. But to continue on I get a text message on my phone basically telling me someone's trying to get into my email now and they locked it up nice nice for me to prevent any access.

As I proceed to change that information I go into my origin account to change some information around in their and realize.... theirs a privacy setting there that's automatically sets your origin profile to the public when your account is created. Well me being stupid and yes this is my own fault I do realize that and only blame myself, but I am sure some of how have the same mistake and I only hope to prevent you from having this situation happen.

My account name was my profile name, and I assume my profile being public listed my email address as well which their for when I changed my password to my account.... the PoS, tried to get into my email address. The password wasn't ridiculously hard once again my fault it was just holding a house for me I rushed making the account etc. So he either got lucky with a guess, used a program to crack password, or once again the Origin system fails and he knows a backdoor way into logging in peoples accounts once they have your Origin User name and or Email.

So to put in end to my lovely morning story log into your Origin account. www.origin.com its the same master account user name and password as you would use to login to the www.uo.com account management. Change your profile name if it is set to something similar to your account name, and go here and set your profile to private. Hope I save some people the aggravation in drama of it ever happening to you.

 

[Spiritless]

The real problem was that you chose a weak password, as you admitted, not your privacy settings. Security through obscurity is no security at all. The real advice here should have been to pick more secure passwords.

 

[SoulWeaver]

It was a weak password but mainly that my Profile name was my account name if it wasn't public they wouldn't have something to guess on. But yes entirely my fault but it can't hurt to set your profile to private and change your profile name if its related to one of your accounts. So it doesn't give someone the chance to guess your password.

 

[Tazar]

I've checked mine (several due to the number of accounts that I have) and all of mine were set by default to "No One" can see my info. Hopefully your issue is abnormal.

 

[THP]

i would guess that ..''no-one''...will be the default setting.....something wrong if it is not...alas really sorry u were hacked...but there will always be low life people trying to scam the public paying masses for a free meal

 

[SoulWeaver]

I checked everyone of my master accounts they were all set to Everyone. As well as one of my friends who just changed all his to private.

 

[MalagAste]

That sort of thing always creeps me out. Sorry for your loss. Always be very careful. I NEVER use the Email that I have my accounts on anywhere. It is for my accounts and that is it. I've found of late that one of the prime ways people get accounts is thru your email. Also don't use the same information you use for your accounts anywhere.

Don't use a name for your account and then use that name for your character(s).... Don't use a name for your email and then use that for your account or character(s)... Do use password Generators... they are great for making seriously wacky passwords no one could guess and you can still "personalize" them by say changing the first 3 or last 3 digits in some way or something. Firefox has good tools for this. Don't keep passwords and information together around a computer that isn't secure.

Ladies don't put this information in your purse! Especially don't put bank log-in information near your purse or wallet...

You can NEVER be too secure. Also you may want to look into services like Lifelock.

 

[Spiritless]

It is true that email accounts are a prime way to get into other accounts. Often people will use the "forgotten password" option on email services and people set really bad/obvious recovery questions. That's something to be thoughtful about.

Password strength is seriously quite a large factor to consider ahead of all else, though. People are prone to using really weak passwords for ease of remembrance, but they tend to be very easy to guess or for a machine to crack.

I wouldn't recommend using password generators. They come out with whacky passes like "De!2@ktc" which are difficult to remember and sometimes easier to crack than you'd think. You're better off picking a few words or even a sentence for your password: "velocity drink remote parasol" or "There are 205 zebras roaming around the ranch." are actually ridiculously strong passwords.

 

[Sean]

Hmmmm, mine was set to no one, never even looked at this before.

 

[Prince Erik]

Just checked mine and it was set to no one as well. Thanks for the advice - it never hurts to check. Sorry about your problems!

-P.E.

 

[SoulWeaver]

Yeah I never used the email at all beside for the uo account, they tried doing forget password and guessing my questions but I have extra security in place after that, and thank you. He did get quite a bit from me but not enough to break my spirit! It seems a lot have it set to no one, and quite a few have it set to everyone not sure whats determining the default. Unless maybe when it first migrated the default was set one way and changed later not sure. I know I just tested making a new origin account and it was set to everyone. Very strange but anyways hope to save people the trouble.

 

[Lord Kotan]

A good point, is to at least check to make sure it says "no one" and that account name =/= profile name. Good are good bits of advice -- even if they are already that way, good point to make sure they aren't. Makes it one step harder to get compromised

 

[Lady Michelle]

On Orgins site there is a download where you down load Orgins site to your computer. I think that is a big mistake and where players down load it never check their profile, and privacy settings. Also this down load thing also has a friend thing I think works like a message thing you add friends to. Not sure how it works, but I would be checking my profile privacy settings if you down loaded that thing. Plus if you do use that friend thing.

 

[Nails Warstein]

I checked 4 of mine, and " no one " was only default on one of them

 

[Andrasta]

Thank you for the warning. Mine was set to everyone. You'd think no one would be the default.

 

[Spellbound]

Did anyone notice the security tab there? It brings up a gump that generates 6 backup codes of 8 digits each. Hope one never has to use them!

 

[Captn Norrington]

thank you Soulweaver for posting this, seems like a lot of people had theirs set to everyone...who knows how much damage this guy would have been able to do if he continued.

 

[Eärendil]

Yea! Thanks for the info!

 

[Akalabeth]

One of my accounts was recently "hacked" and or invaded without my authorization. They got into a house of mine and stole some goodies. Luckily I must of logged in as they were doing it so they didn't take as much as they could have. FYI: Character Name Was " (Removed by Moderator to comply with the Stratics ROC) ".

So to make a long story short I couldn't see how this person who ever he may be and probably will be reading this thread and chuckling it up to himself. Got into my account, being that the account was only a few months old, had no passed owner, only had 1 game time code added to it etc etc...

So I then of course proceeded to change all my passwords and all of that.

Frustrated and pondering on how this man accessed my newbie account. I was at work last night, funny part is I actually had just gotten to work. Which gives me reason to believe it's someone that knows me so whoever you F*** You Are Karma's a bit** and will return the favor. But to continue on I get a text message on my phone basically telling me someone's trying to get into my email now and they locked it up nice nice for me to prevent any access.

As I proceed to change that information I go into my origin account to change some information around in their and realize.... theirs a privacy setting there that's automatically sets your origin profile to the public when your account is created. Well me being stupid and yes this is my own fault I do realize that and only blame myself, but I am sure some of how have the same mistake and I only hope to prevent you from having this situation happen.

My account name was my profile name, and I assume my profile being public listed my email address as well which their for when I changed my password to my account.... the PoS, tried to get into my email address. The password wasn't ridiculously hard once again my fault it was just holding a house for me I rushed making the account etc. So he either got lucky with a guess, used a program to crack password, or once again the Origin system fails and he knows a backdoor way into logging in peoples accounts once they have your Origin User name and or Email.

So to put in end to my lovely morning story log into your Origin account. www.origin.com its the same master account user name and password as you would use to login to the www.uo.com account management. Change your profile name if it is set to something similar to your account name, and go here and set your profile to private. Hope I save some people the aggravation in drama of it ever happening to you.

Why do you have an Origin Account? I don't seem to have one. I don't think I ever go to the Origin website. Just curious. Trying to utilize this information.

 

[a slave girl]

Why do you have an Origin Account? I don't seem to have one. I don't think I ever go to the Origin website. Just curious. Trying to utilize this information.

This is where we buy legit UO game codes, etc. We are required to set up an account before we can purchase UO items.

Thanks SoulWeaver, I think I have one Origin account to buy things with, but it was set to Everyone. Now it's not.

 

[SoulWeaver]

Everyone has an Origin account. When they made the new account management "crap system"... Your master account email and passwords also migrated over into an Origin account. This is how you would change the email on your account if you needed. It also allows you to add security questions etc.

 

[Snowdrop]

One thing I noticed is if you don't click on the bottom right to save changes or whatever it says, It will NOT save !

 

[a slave girl]

Everyone has an Origin account. When they made the new account management "crap system"... Your master account email and passwords also migrated over into an Origin account. This is how you would change the email on your account if you needed. It also allows you to add security questions etc.

Oh My Gosh. I was wondering why people needed more than one Origin account to buy UO stuff!

Guess I will spend the next hour checking all my UO accounts Origin accounts.

:<

 

[Ludes]

A good tip.. checked mine right away.