Jump to content
ArtDeco

CAUTION! ACCOUNTS BEING HACKED!!!

Recommended Posts

The thing is, LO need to address this and make a statement, not only ban him or smth, they need to make progress, to upgrade the defenses, to avoid these situations again, and they need to let us protect our accounts in a better way, because like that.. isn't any good.

 

Share this post


Link to post
Share on other sites

Anywho, whether this video or this hack is legit or not, all I know is that one of my alt account got hacked into, a lot of accounts in EU also reported to be hit, they all include theme makers and non theme makers but with theme makers, their accounts were violated (giving their themes out randomly) renamed stolen account themes, verbally abused people (victims have screenshots of chat logs) and reported cheating on the stolen accounts. Some of these reports match the video that was uploaded by this apb cheater on youtube.

I will follow up with LO, they should be aware of this and investigate a little.

Edited by ArtDeco

Share this post


Link to post
Share on other sites

I have done my part, LO has taken this into account and part of the community is aware and cautioned, now this thread can drift in whatever direction it wants to.

Share this post


Link to post
Share on other sites
3 hours ago, LaFuggitiva said:

The thing is, LO need to address this and make a statement, not only ban him or smth, they need to make progress, to upgrade the defenses, to avoid these situations again, and they need to let us protect our accounts in a better way, because like that.. isn't any good.

 

That's quite naive from you bro, we all know that's not gonna happen that instantly. Well, at least they aware of it.

Edited by Nagletz

Share this post


Link to post
Share on other sites

We take player account security seriously. The most common source of compromised accounts stems from poor password security. Please make sure you have 2FA on your account and avoid reusing your passwords across services. Also, please remember to never share your information and avoid using unapproved 3rd party programs with APB. Not only is doing so against the TOS, you may be putting your information at risk.

We will look into the desync issues that have been reported with 2FA.

  • Like 1
  • Thanks 4

Share this post


Link to post
Share on other sites
9 hours ago, Saxtus said:

Have they fixed the Google Authenticator problems?

Last time I had it enabled was last year when they were plagued with problems due to issues with clock time sync on their behalf, making generated keys invalid.

Google Authenticator itself is half an issue.

It doesn't (or at least didn't) have a backup feature, which other 2FA apps do support.

 

Time desync has been fixed for a while now, but SakeBee already said they'd look into it again.

 

9 hours ago, Saxtus said:

Anyway I 've changed my password and I couldn't login. I realized that one of the following characters in the password is a big no-no for LO:

$&@

Not all of the characters above are issues ...

 

5 hours ago, ArtDeco said:

all I know is that one of my alt account got hacked into, a lot of accounts in EU also reported to be hit, they all include theme makers and non theme makers but with theme makers, their accounts were violated (giving their themes out randomly) renamed stolen account themes, verbally abused people (victims have screenshots of chat logs) and reported cheating on the stolen accounts. Some of these reports match the video that was uploaded by this apb cheater on youtube.

So basically, people have piss poor protections on their accounts and then blame the company. Got ya.

Never saw the video (don't really want to anyway), but are you really going to just believe anything you see online? If so, I would advise to leave now before you accidentally sign over your belongings/life to someone.

Themes can be recreated, they are in the end just midi compositions. There are tools out there that can help in recreating sounds or even exploits (not sure if those have all been patched or not)

Share this post


Link to post
Share on other sites

2FA makes it virtually impossible to bypass account security, even with compromised password.

I advise you all to turn it on - at least on your mains.

Share this post


Link to post
Share on other sites
25 minutes ago, Mitne said:

2FA makes it virtually impossible to bypass account security, even with compromised password.

I advise you all to turn it on - at least on your mains.

But both password and authentication code can be brute forced right? Injectable software that works in-game login screen.

Edited by xHenryman90x

Share this post


Link to post
Share on other sites
2 hours ago, Kevkof said:

Google Authenticator itself is half an issue.

It doesn't (or at least didn't) have a backup feature, which other 2FA apps do support.

That isn't an issue at all if you use Google Authenticator compatible apps that allow backups.

Share this post


Link to post
Share on other sites
8 minutes ago, Saxtus said:

That isn't an issue at all if you use Google Authenticator compatible apps that allow backups.

Do you mean LO should provide a backup method or that you would need another app to do those backups?

 

I'll fully support you in that there should be something like backup codes or something similar.

You could just mail to support directly and then from there verify account ownership and they'll sort out any issues for you then.

 

If you're saying to get another app, I'd rather just use a 2FA app like Authy which does have a backup option and even has a PC client available.

Share this post


Link to post
Share on other sites
7 minutes ago, Kevkof said:

If you're saying to get another app, I'd rather just use a 2FA app like Authy which does have a backup option and even has a PC client available.

That is exactly what I meant.

 

I read that they fixed token time sync issues.

Have they fixed the issue with requiring a new token when you switch characters too?

  • Like 1

Share this post


Link to post
Share on other sites
1 minute ago, Saxtus said:

Have they fixed the issue with requiring a new token when you switch characters too?

Not fully, as in it can still happen, but it shouldn't be frequent.

If it is frequent, go to your account settings (https://www.gamersfirst.com/account/) and there disable tokenize and then re-enable it.

That's been known to fix that

  • Thanks 1

Share this post


Link to post
Share on other sites

Yea well too bad 2FA doesn't work for shit. Ain't got time to enter 10 codes until I can login.

Share this post


Link to post
Share on other sites
2 minutes ago, thelinux said:

Yea well too bad 2FA doesn't work for shit. Ain't got time to enter 10 codes until I can login.

What issues are you running into?

Can you recall/check if maybe the time sync is being a pain again? 

Your codes expire in about 30 seconds, does it only fail if in the first X or in the last X seconds of that timeframe?

Share this post


Link to post
Share on other sites
4 hours ago, Kevkof said:

 

So basically, people have piss poor protections on their accounts and then blame the company. Got ya.

<name>.apb@<email-provider>.com

 

Security 101

Share this post


Link to post
Share on other sites
3 hours ago, Kevkof said:

What issues are you running into?

Can you recall/check if maybe the time sync is being a pain again? 

Your codes expire in about 30 seconds, does it only fail if in the first X or in the last X seconds of that timeframe?

It doesn't fail, you can still login even if the codes changes you still use the same one the app told you 1 min ago.

 

Oh btw, yes, even 2FA can be brute forced or bypassed in the most gg way, like hackers do with youtubers, they just duplicate your browser/pc so they don't need any password or code, they are alredy logged it, but that's an issue related Chrome, idk if this thing can be done on other browsers or in other ways.

Changing passwords and activating 2FA Can help, but isn't secure anymore in 2020 even with those active.

 

If the video is true and if that guy can do things like take emails and psw easy peasy like nothing, who got auth off is f*, maybe he/she has also a 20 chars password that nobody can even think of.

  • Like 1

Share this post


Link to post
Share on other sites

Interesting. I haven't had any issues with 2FA in APB or on the website/Armas ever since they fixed that initial small delay problem in the very beginning. I haven't had any issues with logging in with 2FA regardless of the timing on received codes.  It also remembers me for the next 15-20 logins and then it might ask again which is decent security. Not sure where all of you are coming from with 2FA complaints.

  • Thanks 1

Share this post


Link to post
Share on other sites
42 minutes ago, Flaws said:

Interesting. I haven't had any issues with 2FA in APB or on the website/Armas ever since they fixed that initial small delay problem in the very beginning. I haven't had any issues with logging in with 2FA regardless of the timing on received codes.  It also remembers me for the next 15-20 logins and then it might ask again which is decent security. Not sure where all of you are coming from with 2FA complaints.

If it works for you doesn't mean it works for everyone.

  • Like 1

Share this post


Link to post
Share on other sites

Its clearly your own personal fault. LO did everything correct.

Use 2FA, password with €:@:”-,!/&: symbols and random uppercase letters - and you are good to GoOooo

Share this post


Link to post
Share on other sites
51 minutes ago, wHisHi said:

Its clearly your own personal fault. LO did everything correct.

Use 2FA, password with €:@:”-,!/&: symbols and random uppercase letters - and you are good to GoOooo

Because you have 2FA enabled, even if you change password every time you want or put how many chars you want, doesn't mean you are 100% protect.

In 2020, especially.. hackers and the privacy get violated much easier because of holes in the systems that are vulnerable, companies can fix them, but there will be Always alternative methods to brute force something, or to just simply cheat.

 

If your "LO did everything correct" sentence was really that, there won't be cheaters, there won't be theme stealers, there won't be glitch and exploit abusers, and there won't be many other things related to company responsability.

Isn't easy as you think to solve something like that.

Share this post


Link to post
Share on other sites

So all in all, just set up 2FA for your own safety, most of the accounts that were hacked past few days did NOT have 2FA it seems.

 

I really don't care whether you all beleive the video or not, like I said before, accounts were hit and the "exploit" claimed on the video seems to match up with everything that has been reported in the past few days.

 

The thread was to caution people, please set up 2FA for your own safety and yes, I didn't have any issues with tokens when setting up mine.

 

Merged.

 

On 10/31/2020 at 7:20 AM, Kevkof said:

If so, I would advise to leave now before you accidentally sign over your belongings/life to someone.

I also do not understand what you're saying here, like many who were hacked we did not set up 2FA but did not do anything stupid like give our information out, nor did I install any suspicious third party software, it was the most random incident where an idle account that was not used often and was broken into without my awareness, like I stated before, a friend on dischord and others saw my character "speedhacking" in missions and I comfirmed that my account WAS broken into becuase my mailbox looked different when I logged back in after work.

Other also report of the same thing before I was notified by my friend.

 

I also understand that a thread like this would incite panic in the community and I understand why it is wise not to quickly jump to any conclusion on whether there has been a security vulnerability or not.

So for now I would tell others to set up 2FA and just leave it at that unless this situation develops somehow.

 

 

Share this post


Link to post
Share on other sites
1 hour ago, ArtDeco said:

I also do not understand what you're saying here, like many who were hacked we did not set up 2FA but did not do anything stupid like give our information out, nor did I install any suspicious third party software, it was the most random incident where an idle account that was not used often and was broken into without my awareness, like I stated before, a friend on dischord and others saw my character "speedhacking" in missions and I comfirmed that my account WAS broken into becuase my mailbox looked different when I logged back in after work.

Other also report of the same thing before I was notified by my friend.

 

I also understand that a thread like this would incite panic in the community and I understand why it is wise not to quickly jump to any conclusion on whether there has been a security vulnerability or not.

So for now I would tell others to set up 2FA and just leave it at that unless this situation develops somehow.

 

 

4:13 up to 4:42, when you meet up with a speed hacker or when a sort of situation happen.

I don't react like that but inside my brain, is similar.

Share this post


Link to post
Share on other sites
21 hours ago, LaFuggitiva said:

Итак ... дело в том ... откуда ты знаешь, что это точно происходит / ред?

Я бы больше доверял LO, если бы они давали информацию или знали обо всей этой «ситуации».

 

Какой смысл взламывать другую учетную запись и скорость взлома.

Похоже на рассказы хакеров, когда их банят и пытаются сказать, что они невиновны, понимаете?

«Я не играл, был моим братом» или «Меня не было дома, кто-то украл мой компьютер и взломал APB» и т. Д.

 

Послушайте ... я не хочу этого говорить, но мне кажется странным, что люди взламывают аккаунты только для тем, я имею в виду ... все возможно, да, но я не знаю ...

 

Двухфакторная аутентификация в этой игре плохо реализована, единственный способ получить это с помощью приложений-аутентификаторов, вы не можете получить коды на свою электронную почту, вы не можете получить коды на свой телефон, и вы даже не можете настроить несколько приложений, в то время как на большинстве других платформ, программ, веб-сайтов вы можете это сделать.

Я всегда думал о том, как лучше реализовать это, возможно, потребуется некоторая доработка, но LO никогда не рассматривал это, или, по крайней мере, до сих пор у нас все еще есть один плохой вариант из того, что не должно, но должно быть быть приоритетом.

 

Мы говорим об услугах, которые могут быть использованы, чтобы нанять много денег, и этот тип защиты просто унизителен, почти ничего.

Это все еще что-то, да, но не в соответствии со стандартами нашей конфиденциальности, наших учетных записей.

 

Я могу понять эту плохую 2FA на форумах, хорошо, но на G1.com и в игре это ... совсем не полезно.

Не говоря уже о том, что в большинстве случаев это ошибка, и вам нужно вставлять код каждый раз, когда вы меняете символ.

да, я знаю о «токене» внутри G1.com, но он сломан и иногда (всегда для меня) продолжает спрашивать код, даже когда я проверяю «Запомнить это устройство».

 

НАМ НУЖНО БОЛЬШЕ ОПЦИЙ, НАШИ Аккаунты ДОЛЖНЫ : БЫТЬ БОЛЬШЕ ЗАЩИТЫ И  БЕЗОПАСНОСТИ, Потому ЧТО МЫ Тратим НА НИХ ДЕНЬГИ .

user hacking usually happens .. if you installed a hacking application for superiority over others ... and in most cases it is free cheese, which is in the mouse))

 

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...