Have you been hacked today?

[Zuckuss]

Over the last couple of months I have sat aside and listened to report after report of different individuals that I know in game, getting hacked and losing their UO accounts.

I have listened SIX different victims stories over the last two months. SIX! I know six people that lost everything they had in this game due to someone getting access to their email, requesting the UO password info, and having it given to them, by EA.

Is 6 cases a matter of victim error? Or is there something else going on here?

I recieved a fake email myself..... Claiming to be administraters for my email provider. To the naked eye it may look legit to someone. They used teh proper logo, it was written semi professional. It asked me to "Click here to verify my email." I myself can usually spot a bogus email. I noticed in the web address that it was fake.......... an extended url address that had been doctored to look like it was from my prominent email service. I deleted it immediately.

Have others been fooled by this email? Are they "Clicking here?"
I took it as an obvious attempt at my UO accounts, and honestly I am still worried I could lose my UO accounts any day, any time.

What I did was make a totally seperate email, only linked to UO accounts. I in no way associated that email account with anything other than UO. No forum registration, no ebay user accounts, no verification for anything, just UO. I use my previous email for all the forums junk, and there is no link between it and my new UO email address.

Also make sure that your password question is not something that could be deduced. I have heard plenty of cases of people losing their emails because of a stupid password request question.

Thats what we can do. We have to protect ourselves, but while we are doing that, perhaps EA could make note of all these hackings, and consider that people losing accounts might cause them to quit, and therefore cost EA valuable subscription dollars.

EA would it be in yours/our best interest to implement an additional security procedure for account access? You could do it network wide perhaps and include pogo accts, etc. I know that there is little fault at the hands of EA over someone losing their UO accounts due to an email hack. But perhaps we are now at the era of additional internet security. Maybe email service providers need to step up and upgrade their security as well.

Anyways I am still trying to help six well known UO members of our community get back on their feet. A few of them have been here since day one. I felt that this should be posted. TY for reading.

 

[JC the Builder]

Is 6 cases a matter of victim error? Or is there something else going on here?

A lot of times it is.

If they get into your email account, they have your UO accounts in seconds. All it takes is a forgot account name request and then forgot password requests for each account, all sent to the email address they hacked into.

As long as you have your UO account on an email you never give out to anyone, you are extremely unlikely to be hacked. That is unless you share your account with other people. That is just as bad.

 

[Aboo]

I had my UO accounts hacked in October 2005. They did it by calling my e-mail provider and getting the password changed. Then they requested all my UO accounts associated with that e-mail be sent to my e-mail and then requested all the passwords to the accounts sent to my e-mail which they then had control over.

I have changed the e-mail associated with all my UO accounts to my work e-mail which I am administrator of. There is no way they can e-mail or call pretending to be me or the administrator and get my e-mail now.

It's sick how people hatch schemes to get what they haven't earned and don't deserve and steal from people who have earned and do deserve what they have. I do not understand the mentality of these kinds of people.

 

[Tom_Builder]

I got hacked back in 2002, I was kinda lucky as I was playing on my other account at the time and seen one of my chars run by. I went and logged in on that account and then went to uo.com and changed the password. But the one thing I lost was my Orc Skin Mask from the orc invasion in moonglow. It was the only one on my shard, if not all of UO. I have never seen or heard of another. I play it very safe now, I change my passwords all the time, I use one email for uo, and another for all other emails. I never download anything on the pc I use for uo. Still dont know how they got in the last time, but I hope it doesnt happen again.

Tom

 

[Gheed]

While I am relatively safe from email phishing attack (we are our own provider). I am concerned about brute force attacks. Oddly enough, I thought about this last night while spending the evening dying pentagram deeds... What if I got haked and lost all of these years of fun?

EA/Mythic I'll pay for it:

Option for any password reset or sending emails w/passwords in them to also require answering a challenge question

A seperate password tied to housing blocking demolition, going into custom mode or transfer.

The ability to restore deleted chars and they items they carried.

I would be willing to pay an additional monthly fee to password protect my homes. And a per Char fee to recover my deleted chars.

 

[MalagAste]

I like many others have ALWAYS kept my UO email separate from any other email... I go to great lengths to keep it that way... I never ever give out that email for anything other than UO.... And I'm extremely leery of anything coming into my email that I don't know about.... If something does get sent to that email that isn't from EA I delete it and I NEVER follow any links in any of the emails....

I personally have never had my accounts hacked.... If I did I believe that would be my last day playing UO.... Definitely could not go on after that.... especially if they deleted my characters.

 

[Static]

I always have made my passwords a sort of Cryptic code, not like "cookies" or "barack08" etc Random bunch of number and letter pressing


LGJOJ3TIW2492 something to that effect. I dont open emails i dont know so im decently safe... i think?

 

[Morgana LeFay (PoV)]

I was hacked in 2003 by someone I know.

But we live, we forgive, and we move on.

 

[Lore Master]

So far i have been lucky i have not been hacked in all the years i played knock on wood.

• Perhaps the reason i have not been hacked so far at least is because i do not use icq and i do a regular anti virus scan, anti spyware scans on a regular basis and i also clean my browsing history and my catche often too often. still i am not 100 percent immune to hacking no one is i am just lucky so far.

I wish there was added security like an additional verification or something maybe an added random Encryption program built in when logging in.

 

[Morgana LeFay (PoV)]

So far i have been lucky i have not been hacked in all the years i played

I wouldn't want you to feel left out, PM me your username and password, and I will "initiate" you!

 

[ZippyTwitch]

Obviously none of you know what "hacking" truely is. Getting someones username and password the way these people do are not hacks. 90% of the people that claim they were hacked have shared their account info with someone in game(don't say you don't I see it constantly). The other 10% are the idiots that fall for an email scam. Both of those are not hacking. Hacking involves useing the internet to connect to someones system and breaking thru their computer protections and gettings into their system.

 

[Morgana LeFay (PoV)]

Obviously none of you know what "hacking" truely is. Getting someones username and password the way these people do are not hacks. 90% of the people that claim they were hacked have shared their account info with someone in game(don't say you don't I see it constantly). The other 10% are the idiots that fall for an email scam. Both of those are not hacking. Hacking involves useing the internet to connect to someones system and breaking thru their computer protections and gettings into their system.

I know what hacking is.

It was a joke.

 

[Black Majick]

I wouldn't want you to feel left out, PM me your username and password, and I will "initiate" you!

*chuckles*

I have never been hacked.....if I did get hacked...UO gold is easy enough to make...chars can be remade...or it would be an "intervention" and hopefully break me of my addiction, haha. I do feel sorry for those folks that have been hacked and looted....would not be a cool thing....

 

[Morgana LeFay (PoV)]

*chuckles*

I have never been hacked.....if I did get hacked...UO gold is easy enough to make...chars can be remade...or it would be an "intervention" and hopefully break me of my addiction, haha. I do feel sorry for those folks that have been hacked and looted....would not be a cool thing....

It really isn't.

I am just thankful that the *person* that hacked my account didn't delete my characters. That would have been far worse than taking my "loot".

 

[Kelline]

I think ppl call it hacking cuz it was taken with otu there permission & its thru net

Last year I was hacked on 5 accts that my fam use

none of the emails r the same nor do we use em on any websites & none were paid with same CC

I dont clikc on links I dont know but some how I ended up with a keylogger & since I logged onto allthe accts to make sure they all got there valintine gifts, I know it was my fault, kinda, that it happened.

My email wasnt hacked into, all I got was a *your password has been changed* email & thats how I knew, specially since i couldnt log into anyof them. A friend paged a gm & got the accts temp banned til I could get on the phone & get it fixed.

acct 1 EVERYTHING in house was gone. a new trash can had been placed. chars & bank naked.
acct 2 about 90% was taken & chars were naked
acct 3 about 75 was taken & chars almost naked
acct 4 just pw changed
acct 5 untouched

thankfully houses were still there, chars undeleted & they left soulstones alone

some ppl Ive heard from werent as lucky

 

[Lore Master]

I wouldn't want you to feel left out, PM me your username and password, and I will "initiate" you!

I think i will hold on to that info i appreciate the offer though lol..

 

[Morgana LeFay (PoV)]

I do what I can for the community!

 

[Oriana]

That always infuriates me when I see a phishing email. I delete them then report them to my isp.

One thing that always tips them off to me anyway, is all of the emails I get from my various incoming emails are I know the person or the companies use my full name. Even then. I call the company instead of opening them. Yea it's inconvenient but better safe than sorry. I don't know ya sorry I'm not opening it. Oh and no i don't want to make my boobs bigger, loose 20 ponds in 2 days or find out what insane product the latest celebrity is endorsing.

I feel for anyone that has been hacked. I can't even begin to imagine how that must feel. Hopefully something someday will stop it, but I sincerely doubt it will ever happen. In the meantime, just do what you can to keep your stuff, not only in UO but everything safe.

 

[Zuckuss]

Implement an additional method of secuity, be it a question, an additional password......


instant telephone validation?

 

[Petra Fyde]

All email relating to boards, icq etc belong to 'Petra Fyde'. Only EA has my real name.
Passwords I use initial letters of sentences, makes a nicely scrambled password that's not too hard to remember, and can even be written down in a file somewhere.

Example: The best way to be safe is use a sentence. = Tbw2bsiuas

 

[Snakeman]

I have asked for Tighter Account Security on Chara Deletion (time limits on only 1 chara per X hrs & then a option to un delete within X hrs if it could be possible ((Costs $ tho if abused)) ), retrieval of Acct info Etc for over 2 yrs now...(There were over 10 pages of people wanting this). You can see where it's got me & the rest that play UO.... Absolutely No Where! They need to do something & until they get off their hind ends & do something we're speaking on Deaf Ears .

 

[Petra Fyde]

suppose there was a time limit tied to the account changes. So no character deletion if the password or email on the account has changed in the preceding 24 hours?

 

[hawkeye_pike]

Who would hand out his email account to someone else??

You cannot make a system 100% secure. You can just make it more annoying for customers.
The best protection is, to use your brain and do not tell anyone about any kind of access data!

 

[Moreeg]

You cannot make a system 100% secure. You can just make it more annoying for customers.
The best protection is, to use your brain and do not tell anyone about any kind of access data!

This is the best advice you will ever recieve. I worked as an IT consultant for almost ten years, and I can tell you that real "hacking" is very, very, VERY rare.

99% of the time, people I dealt with who were "hacked" were actually victims of their own errors. They downloaded things they shouldnt have and got malware on their computer, or they answered a phising email (come on... anyone who doesnt know by now that NO email provider or bank or credit card company or anyone is going to ask you to enter your account info to "verufy" it, is probably in need of a refresher course on basic computer safety).

Another good one is people who shut off antivirus/firewall software because it takes too much system resources while they are doing something or another. Its the equivalent of leaving your keys in the car with the door unlocked because you just need to run in a store... real quick.

Nothing is going to make you 100% secure, but for the most part, the error lies with the user in these cases.

I wouldnt use an ISP email address for my account anyway, if not just for the fact that they are easy to fool and get someones mail password from... I have pretended to be someone I was not hundreds of times and retrieved passwords, but I was doing it because it is easier for me to do than it would be for the client to get on the phone with the ISP and stammer and "uhhh" at questions he or she didnt understand. My suggestion would be to use a free email account, preferably from g-mail, as they seem to have the most intuitive spam filtering.

Sorry if I come off sounding like a know-it-all... I really just dont want to see people get scammed.

My advice to anyone who cares is:

*have multiple email accounts.
*have one specific email account that is JUST for when you need an email address to sign up for things (I use yahoo, beccause their spam filtering is horrible anyway). you can always change it in your account settings for the site to a different email account if the site is useful and doesnt spam.
*have one email address for friends and family type general mail.
*have one email address for business purposes ( , so you dont have to give an email address in business situations that is [email protected]).
*NEVER use the same password for any two email accounts, games, system log ins, or anything.
*if you have trouble remembering passwords, look into PGP or some form of encryption, and just encrypt a file with all of the info so that you and only you will be able to reference it if need be.

Common sense (un-common sense?) goes a long way... you can still get hit, as Im sure some of you who were did take precautions, but you can at least go a long way toward protecting yourself.

Oh, and I always called this "the talk" when I was in IT, it applied to guys more often than women, but there were a few women... I always felt it was the adult equivalent of the birds and bees talk with a child. But in all seriousness, just spring and pay for a subscription to some porn site of your liking. A majority of computer related issues I saw most likely started with someone looking at or downloading "free" porn videos, lol. If youre that into adult babies, its going to be cheaper in the long run to pay to be a member at a site... hell, one visit from me cost more that the year subscription to most of those sites, and I had a lot of clients who I saw every six months or so... (not to knock adult babies if that happens to be your thing!).

 

[Aboo]

Obviously none of you know what "hacking" truely is. Getting someones username and password the way these people do are not hacks. 90% of the people that claim they were hacked have shared their account info with someone in game(don't say you don't I see it constantly). The other 10% are the idiots that fall for an email scam. Both of those are not hacking. Hacking involves useing the internet to connect to someones system and breaking thru their computer protections and gettings into their system.

You may be right about the true definition of "hacking" but you are completely wrong about "90% of the people that claim they were hacked have shared their account info with someone in game(don't say you don't I see it constantly). The other 10% are the idiots that fall for an email scam." I didn't share my account info with the person who "hacked" me (I didn't even know them) and I did NOT fall for an e-mail scam. Maybe you should redo your numbers to reflect the % of people who did neither and got "hacked".

 

[Moreeg]

You may be right about the true definition of "hacking" but you are completely wrong about "90% of the people that claim they were hacked have shared their account info with someone in game(don't say you don't I see it constantly). The other 10% are the idiots that fall for an email scam." I didn't share my account info with the person who "hacked" me (I didn't even know them) and I did NOT fall for an e-mail scam. Maybe you should redo your numbers to reflect the % of people who did neither and got "hacked".

Aboo, read my post above... I understand what happened to you all too well. You should really consider getting sensitive information away from your ISP email. ISPs have a very narrow scope of things they need in order to hand over your password, and that scope can be narrowed greatly by someone who knows what to say to the ISP personnel. Get a free account and dont list a secondary email account on it. Its much safer.

 

[Setnaffa]

I'm fairly certain that all 6 hacks were caused by poor password/account protection.

Some simple ways to protect yourelf:

1) Your Username and "Main" character name should NEVER NEVER NEVER be the same.
2) Your email address should not be the same as your username. Your Stratics chat name should not be the same as your username either. Your Facebook or Myspace account or page name, or your ICQ, AIM, or other chat account should not be the same as your UO account.
3) Your password should be at least 8 characters long, contain at least one capital letter, 1 special character, and 1 number. It should contain no words or phrases. Also remember that pA$sw04d is still password in a hack dictionary (i.e brute force attack). Try coming up with a phrase then convert it to a password. Something like "The Steelers may win or lose by 2 touchdowns" would become T$mw0!b2t.
4) Don't give your username or password to ANYONE! Even friends, guildies, family or significant other cannot be trusted with this information. Not even in an emergency!!!
5) Change your password every 60-90 days.

Some other ways to protect yourself
1) Don't give your real name to anyone you only know in the game.
2) Don't give your home address or phone number to anyone in game.
3) Don't give the name of your ISP to anyone in game (Don't even tell them if you have Cable or DSL. Just say "Broadband" if you have to).
4) Don't click on links in emails.
5) Keep your system patched (Windows, Office, Flash, Acrobat, JRE, Realplayer, Quicktime)
6) Use Malware protection (AV, Anti-Spam, Anti-Spyware) and keep it updated.
7) Use a Firewall. A Software Firewall is OK, but to be really protected, make sure your Broadband router has a firewall and it is enabled.
8) Try using something like KeePass to track your usernames and passwords. You can even use Keepass to generate very cryptic passwords. You'll only have to remember your password to open Keepass, and keepass will remember all the others. http://keepass.info/

 

[Moreeg]

I'm fairly certain that all 6 hacks were caused by poor password/account protection.

Some simple ways to protect yourelf:

1) Your Username and "Main" character name should NEVER NEVER NEVER be the same.
2) You email address should not be the same as your username. Your Stratics chat name should not be the same as your username either.
3) Your password should be at least 8 characters long, contain at least one capital letter, 1 special character, and 1 number. It should contain no words or phrases. Also remember that pA$sw04d is still password in a hack dictionary (i.e brute force attack). Try coming up with a phrase then convert it to a password. Something like "The Steelers may win or lose by 2 touchdowns" would become T$mw0!b2t.
4) Don't give your username or password to ANYONE! Even friends, guildies, family or significant other cannot be trusted with this information. Not even in an emergency!!!

Im always shocked by the amount of people who have one password for everything. Hell, how many people signed up for stratics using the same log in name and password they use as their UO log in? More than a few I would bet.

 

[Aboo]

Aboo, read my post above... I understand what happened to you all too well. You should really consider getting sensitive information away from your ISP email. ISPs have a very narrow scope of things they need in order to hand over your password, and that scope can be narrowed greatly by someone who knows what to say to the ISP personnel. Get a free account and dont list a secondary email account on it. Its much safer.

I already read your post. I was stating that when you add 90% and 10% you come up with 100%. 100% of the people hacked do NOT fall into the category of "90% of the people that claim they were hacked have shared their account info with someone in game(don't say you don't I see it constantly). The other 10% are the idiots that fall for an email scam." There is a small percentage that are neither of those categories.

As for the e-mail, if you read my post above you will see that I changed the e-mail associated with my UO accounts after I got hacked. Now they are associated with my work e-mail to which I AM the sole Administrator. There is no way - EVER - that they are going to be able to call my work and pretend to be me and get my password. So I have corrected that problem. However, it wasn't until AFTER I was hacked that I realized the security issues I had with the idiots who provide my personal e-mail service.

 

[Moreeg]

I already read your post. I was stating that when you add 90% and 10% you come up with 100%. 100% of the people hacked do NOT fall into the category of "90% of the people that claim they were hacked have shared their account info with someone in game(don't say you don't I see it constantly). The other 10% are the idiots that fall for an email scam." There is a small percentage that are neither of those categories.

The quote you refer to was posted by someone other than me. I wouldnt claim such things and was, in fact, very cautious NOT to imply that anyone was an idiot that had it happen to them. No need to be cranky with me... Im on your side and just trying to help.

 

[Aboo]

The quote you refer to was posted by someone other than me. I wouldnt claim such things and was, in fact, very cautious NOT to imply that anyone was an idiot that had it happen to them. No need to be cranky with me... Im on your side and just trying to help.

I tried to be careful to not say that YOU posted that, I knew you didn't, I was simply trying to point out that the numbers didn't add up. I apologize if you felt I was being cranky with you. I didn't mean to be.

I do get annoyed at people, not pointing at you, that ALWAYS blame the person who got hacked saying they had to do something wrong for it to happen. Sometimes all you do is a simple thing like admit you have a birthday coming up, or that you are a Nana. Some people can pounce on anything. I have always been careful to protect the security of my UO accounts. Unbeknownst to me the knuckleheads at my ISP provider don't consider the security on my e-mail as important as I do. I learned a hard lesson. I guess that's how you learn lessons though, through mistakes you didn't even realize were mistakes.

Again, if I offended you I apologize, I truly didn't mean to.

 

[Lady Tiger]

I started the game with nothing and with nothing i'd play the game again!

 

[Moreeg]

Again, if I offended you I apologize, I truly didn't mean to.

Naaahhhh, life is too short to be mad about stuff.

 

[Mook Chessy]

In my 132 months of Ultima... 99% of the time a person get "hacked" it was done by a person that they "gave their account info to"

Husband/Girlfriend/RL best friend/Guildmate...

to quote a great movie

momma always said "stupid is as stupid does"

enough said!!

 

[christy1221]

In my 132 months of Ultima... 99% of the time a person get "hacked" it was done by a person that they "gave their account info to"

Husband/Girlfriend/RL best friend/Guildmate...

to quote a great movie

momma always said "stupid is as stupid does"

enough said!!

Guess I'm in the 1% because I have never gave anyone my account info. They got seven of my accounts one of them had been closed for over a year not sure how they got that one. And they had different emails and passwords.

I never thought in a million years that I would get hacked but I did. I never click on links and never give out my information.

And even if someone did give their info out or click on a link that still doesn't give someone the right to take what isn't theirs.

 

[Aboo]

Guess I'm in the 1% because I have never gave anyone my account info. They got seven of my accounts one of them had been closed for over a year not sure how they got that one. And they had different emails and passwords.

I'm in that 1% too. Although one other person has my info (my RL sister, Devil_Woman, who I trust with my life), the person who hacked me didn't know me nor me him EXCEPT from the boards.

And even if someone did give their info out or click on a link that still doesn't give someone the right to take what isn't theirs.

That is so true. Unfortunately there are a lot of people out there who would and do STEAL anything they can whether they have earned it or deserve it.

 

[Aboo]

Naaahhhh, life is too short to be mad about stuff.

You're a sweetie!

 

[Redxpanda]

My account has been inactive now for about 7 months and i am completely confident that it has not been hacked. I pride myself on creating Usernames/Passwords that are not easy to remember (so much so that I often find myself needing a reminder myself).

I suggest everyone do the same thing to prevent unauthorized access to your accounts. Make sure you choose a completely random password and write it down somewhere. I would rather stick a post it note to my monitor than have a password that can be easily figured out. Also, it is also very important to resist the urge to use the same password for everything. I know it's easier for you but that just makes it easier for someone else. I have used the same passwords for my accounts for years and haven't been caught out there yet. I'm not bragging or challenging hackers (Seriously, leave me alone hackers), i just think the system i use is working very well.

 

[FatMagic]

Note: If you have a strong password, and your email is getting hacked -- most likely a keylogger. I had a friend who made an insanely long strong password for his WoW account, and it kept getting hacked... so I took his PC and had to wipe the whole thing to clear out the keylogger... they are SO invasive.

Here is my suggestion/solution:
FIRST REFORMAT & START OVER (with your recovery disks) if you've been hacked (especially multiple times). SECOND - when you are browsing the internet, checking email, downloading ANYTHING - use SANDBOXIE - it will run those processes in a TEMPORARY layer, so if you accidentally get a keylogger, virus, malware or spyware --- when you finish the session it will delete all the garbage that came in with it. And it will never touch your computer!

NOTE: This will NOT WORK if you already have a keylogger installed! They can still get your password! You need to reformat first! This is a preventative measure, not a reactive measure.

http://www.sandboxie.com/

It is free program that you CAN buy, but don't have to. If you don't buy it, it just runs with a few restrictions that really aren't too bad. So you should have no problem running
it on the free version.

Hope that helps you guys

 

[Harlequin]

Obviously none of you know what "hacking" truely is. Getting someones username and password the way these people do are not hacks. 90% of the people that claim they were hacked have shared their account info with someone in game(don't say you don't I see it constantly). The other 10% are the idiots that fall for an email scam. Both of those are not hacking. Hacking involves useing the internet to connect to someones system and breaking thru their computer protections and gettings into their system.

True, purists do not consider getting account/passwords from trojans/key loggers/social engineering/website applets as hacking. However, they do consider brute force hacking (trying thousands of combinations of password) as hacking, but that's so passe. It's much more elegant to exploit a weakness and con the systems into giving you access to a root shell and then insert a root account/copy out the password/data files etc.

Not just internet either, before internet, there were BBS's, networks etc. Now, there's also WLANS.

However, to the average person that was victimized, it's not wrong either for them to say that they were hacked. It's so much simpler too.

For those who have been hacked, I know it's a difficult time, and you would likely think about quiting. But take heart, most of what you lost are just virtual items that you can replace with a little effort.

The important things, the memories that you had, the friends and strangers that stepped up to console and help you, the experience and mistakes learned, the wisdom, all these can never be taken from you.

Consider it a cheap crash course in IT security and the dark nature that certain people possess, even in real life. I'm not telling people to be cynical, just saying that there are certain things to reduce your risk.

Dedicate an email account for only UO, and never use it anywhere else. Be wary of sites and programs people send to you. Verify it via a quick google check etc. Once you put up any info on the net, expect it to be used against you.

eg your security question is your state or pet's name. and you have posted this info in your blog/facebook/icq/forums etc

It's possible for forum databases to be hacked and the passwords stored therein decrypted. It it also possible that certain forums running off personal servers have no encryption, allowing anyone (or at least the super users) that can generate the correct queries to extract the entire list of accounts/passwords.

Alot of good security info and advice can be found in the stickies. Good luck!