1. Someone cracking account passwords

    While nothing been stolen, someone hacked into my account and activated my two factor authentication via app, preventing me from logging into this account, until I disabled it via email.
    I obviously immediately changed the password for both accounts and activated two factor authentication via email.

    It was probably wasn't done via keylogging, as my main account which was much more active but had same password wasn't hacked.
    Nothing was stolen, what make me believe they are looking for donor accounts with coins on them they can sell.

    I mainly make this post in order to warn people who use weak passwords and don't use two factor authentication to increase their security as someone is probably cracking into accounts.

    The IPs of the people who hacked into my account:
    77.111.246.61 was the IP on which my two factor auth was enabled on.
    85.248.227.165 was another IP on which someone logged into my account (last login on character info) 3 days ago.
    probably both are from VPN, but I'm not sure, so no issue about posting them.

    Edit:
    1st IP is from USA, 2nd IP is from Slovakia, I'm from neither of those countries.
    Edited: October 7, 2019

  2. This happens on basically every game and website where people are reusing usernames/emails/passwords that were leaked from a previous breach, not necessarily from the same place, and it's why we all but force everyone to have 2FA enabled.

    I highly recommend everyone uses 2FA and if not email then use an app (there's more than just ios/android) and make sure you save that unique key somewhere safe.

  3. Been there... one year ago someone stole my entire **** and sent it to another character, as I'm quite sure, that was not the adressee but just a link of a bigger chain... since that day I activated my 2FA, and a few times I've received a few notifications on my mail...
    But indeed, that happens everywhere on the net...

  4. Yea, I know this thing is common, but most people just ignore it as the chances it will happen to them are really low.
    I made this post in order to warn people that currently someone actively cracking passwords, so increasing their account security would be a smart move.

  5. Don't use any password listed here: https://raw.githubusercontent.com/da...op-1000000.txt
    And don't repeat the password from any other service you use. This works both ways. If website X leaks passwords they can log into into Y, if Y leaks it, they can log into X.
    Consider looking into password manages and remember one master offline password.

  6. I've been using a friend's old phone number as my password (when I was young he gave me his second SRO account, because I didn't know how to make one, and as I didn't know how to change the account's password I just got used to typing it. It had his username and email, so no connection to my Warmane account), so it's obviously not on that list, and really hard for people who know me to guess it, but since it was made of only numerical characters it was pretty easy to crack.

    In addition to that, my main account which I have been much more active on but had the same password, wasn't hacked, which make me believe it wasn't a keylogger, plus the fact that I barely download any executables, and when I do I scan them beforehand.

  7. I was fully aware of the email leak after molten got hijacked but for some reason even though my email was compromised I changed the password in order to prevent anything to happen, yet it happened anyways. After researching in password lists like the one Dolcokidol provided I reached the conclussion that the person entering my account and stealing all the valuable items and gold from it could only have been an ex-staff member from a previous server I was playing, probably under spite or vengeful intentions. I would also advice to not use the same password on all private servers especially if they are low tier unlike this one.

  8. This happens on basically every game and website where people are reusing usernames/emails/passwords that were leaked from a previous breach, not necessarily from the same place, and it's why we all but force everyone to have 2FA enabled.

    I highly recommend everyone uses 2FA and if not email then use an app (there's more than just ios/android) and make sure you save that unique key somewhere safe.
    As far as my experience goes even 2FA is not secure. I have been playing since molten times, and of course I lost all my characters in that issue. 6 months ago, some ***** (IP says Russia) was trying to hack my account (And yes I always keep 2FA enabled) and I got tons of mail for codes, and I don't somehow he logged in (so 2FA is a joke) and did some trading or whatever, I had my characters and everything but my account got banned! When I came to know and raised a ticket , the admins reset my account with 0 gold (All farms lost) and said not to trade with 3rd party persons.

    I already explained I didn't do anything, I'm a working person and just for enjoyment I play whenever I get time.

    Even after changing password of account and mail ID , I still sometimes get 2FA codes! How is this possible? This is one of the reasons I don't donate anymore! No security at all.
    By the way there are email authenticators and Google one. How does Google one work? Like fingerprint? But it seems annoying as someone is repeatedly logging in my account from somewhere.

    And is there any way to change username too??

    P.S. I don't share my credentials with anyone.

  9. Please do not necro-post threads. If you want to discuss the topic, create a new one.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •