Jump to content
ArtDeco

CAUTION! ACCOUNTS BEING HACKED!!!

Recommended Posts

47 minutes ago, xHenryman90x said:

Damn annoying, you get sometimes kicked back to login screen when switching characters, then you have to re-enter the code.

Yeah, exactly.

 

36 minutes ago, ArtDeco said:

Watch this video, a friend just told me about this right now.

 

This was uploaded today.

 

LO, watch this carefully!

 

Alright.. who is this failed ******* who is doing this to APB?

Share this post


Link to post
Share on other sites

The thing is, LO need to address this and make a statement, not only ban him or smth, they need to make progress, to upgrade the defenses, to avoid these situations again, and they need to let us protect our accounts in a better way, because like that.. isn't any good.

 

Share this post


Link to post
Share on other sites

Anywho, whether this video or this hack is legit or not, all I know is that one of my alt account got hacked into, a lot of accounts in EU also reported to be hit, they all include theme makers and non theme makers but with theme makers, their accounts were violated (giving their themes out randomly) renamed stolen account themes, verbally abused people (victims have screenshots of chat logs) and reported cheating on the stolen accounts. Some of these reports match the video that was uploaded by this apb cheater on youtube.

I will follow up with LO, they should be aware of this and investigate a little.

Edited by ArtDeco

Share this post


Link to post
Share on other sites

I have done my part, LO has taken this into account and part of the community is aware and cautioned, now this thread can drift in whatever direction it wants to.

Share this post


Link to post
Share on other sites
3 hours ago, LaFuggitiva said:

The thing is, LO need to address this and make a statement, not only ban him or smth, they need to make progress, to upgrade the defenses, to avoid these situations again, and they need to let us protect our accounts in a better way, because like that.. isn't any good.

 

That's quite naive from you bro, we all know that's not gonna happen that instantly. Well, at least they aware of it.

Edited by Nagletz

Share this post


Link to post
Share on other sites

We take player account security seriously. The most common source of compromised accounts stems from poor password security. Please make sure you have 2FA on your account and avoid reusing your passwords across services. Also, please remember to never share your information and avoid using unapproved 3rd party programs with APB. Not only is doing so against the TOS, you may be putting your information at risk.

We will look into the desync issues that have been reported with 2FA.

  • Like 1
  • Thanks 4

Share this post


Link to post
Share on other sites
9 hours ago, Saxtus said:

Have they fixed the Google Authenticator problems?

Last time I had it enabled was last year when they were plagued with problems due to issues with clock time sync on their behalf, making generated keys invalid.

Google Authenticator itself is half an issue.

It doesn't (or at least didn't) have a backup feature, which other 2FA apps do support.

 

Time desync has been fixed for a while now, but SakeBee already said they'd look into it again.

 

9 hours ago, Saxtus said:

Anyway I 've changed my password and I couldn't login. I realized that one of the following characters in the password is a big no-no for LO:

$&@

Not all of the characters above are issues ...

 

5 hours ago, ArtDeco said:

all I know is that one of my alt account got hacked into, a lot of accounts in EU also reported to be hit, they all include theme makers and non theme makers but with theme makers, their accounts were violated (giving their themes out randomly) renamed stolen account themes, verbally abused people (victims have screenshots of chat logs) and reported cheating on the stolen accounts. Some of these reports match the video that was uploaded by this apb cheater on youtube.

So basically, people have piss poor protections on their accounts and then blame the company. Got ya.

Never saw the video (don't really want to anyway), but are you really going to just believe anything you see online? If so, I would advise to leave now before you accidentally sign over your belongings/life to someone.

Themes can be recreated, they are in the end just midi compositions. There are tools out there that can help in recreating sounds or even exploits (not sure if those have all been patched or not)

Share this post


Link to post
Share on other sites

2FA makes it virtually impossible to bypass account security, even with compromised password.

I advise you all to turn it on - at least on your mains.

Share this post


Link to post
Share on other sites
25 minutes ago, Mitne said:

2FA makes it virtually impossible to bypass account security, even with compromised password.

I advise you all to turn it on - at least on your mains.

But both password and authentication code can be brute forced right? Injectable software that works in-game login screen.

Edited by xHenryman90x

Share this post


Link to post
Share on other sites
2 hours ago, Kevkof said:

Google Authenticator itself is half an issue.

It doesn't (or at least didn't) have a backup feature, which other 2FA apps do support.

That isn't an issue at all if you use Google Authenticator compatible apps that allow backups.

Share this post


Link to post
Share on other sites
8 minutes ago, Saxtus said:

That isn't an issue at all if you use Google Authenticator compatible apps that allow backups.

Do you mean LO should provide a backup method or that you would need another app to do those backups?

 

I'll fully support you in that there should be something like backup codes or something similar.

You could just mail to support directly and then from there verify account ownership and they'll sort out any issues for you then.

 

If you're saying to get another app, I'd rather just use a 2FA app like Authy which does have a backup option and even has a PC client available.

Share this post


Link to post
Share on other sites
7 minutes ago, Kevkof said:

If you're saying to get another app, I'd rather just use a 2FA app like Authy which does have a backup option and even has a PC client available.

That is exactly what I meant.

 

I read that they fixed token time sync issues.

Have they fixed the issue with requiring a new token when you switch characters too?

  • Like 1

Share this post


Link to post
Share on other sites
1 minute ago, Saxtus said:

Have they fixed the issue with requiring a new token when you switch characters too?

Not fully, as in it can still happen, but it shouldn't be frequent.

If it is frequent, go to your account settings (https://www.gamersfirst.com/account/) and there disable tokenize and then re-enable it.

That's been known to fix that

  • Thanks 1

Share this post


Link to post
Share on other sites

Yea well too bad 2FA doesn't work for shit. Ain't got time to enter 10 codes until I can login.

Share this post


Link to post
Share on other sites
2 minutes ago, thelinux said:

Yea well too bad 2FA doesn't work for shit. Ain't got time to enter 10 codes until I can login.

What issues are you running into?

Can you recall/check if maybe the time sync is being a pain again? 

Your codes expire in about 30 seconds, does it only fail if in the first X or in the last X seconds of that timeframe?

Share this post


Link to post
Share on other sites
4 hours ago, Kevkof said:

 

So basically, people have piss poor protections on their accounts and then blame the company. Got ya.

<name>.apb@<email-provider>.com

 

Security 101

Share this post


Link to post
Share on other sites
3 hours ago, Kevkof said:

What issues are you running into?

Can you recall/check if maybe the time sync is being a pain again? 

Your codes expire in about 30 seconds, does it only fail if in the first X or in the last X seconds of that timeframe?

It doesn't fail, you can still login even if the codes changes you still use the same one the app told you 1 min ago.

 

Oh btw, yes, even 2FA can be brute forced or bypassed in the most gg way, like hackers do with youtubers, they just duplicate your browser/pc so they don't need any password or code, they are alredy logged it, but that's an issue related Chrome, idk if this thing can be done on other browsers or in other ways.

Changing passwords and activating 2FA Can help, but isn't secure anymore in 2020 even with those active.

 

If the video is true and if that guy can do things like take emails and psw easy peasy like nothing, who got auth off is f*, maybe he/she has also a 20 chars password that nobody can even think of.

  • Like 1

Share this post


Link to post
Share on other sites

Interesting. I haven't had any issues with 2FA in APB or on the website/Armas ever since they fixed that initial small delay problem in the very beginning. I haven't had any issues with logging in with 2FA regardless of the timing on received codes.  It also remembers me for the next 15-20 logins and then it might ask again which is decent security. Not sure where all of you are coming from with 2FA complaints.

  • Thanks 1

Share this post


Link to post
Share on other sites
42 minutes ago, Flaws said:

Interesting. I haven't had any issues with 2FA in APB or on the website/Armas ever since they fixed that initial small delay problem in the very beginning. I haven't had any issues with logging in with 2FA regardless of the timing on received codes.  It also remembers me for the next 15-20 logins and then it might ask again which is decent security. Not sure where all of you are coming from with 2FA complaints.

If it works for you doesn't mean it works for everyone.

  • Like 1

Share this post


Link to post
Share on other sites

Its clearly your own personal fault. LO did everything correct.

Use 2FA, password with €:@:”-,!/&: symbols and random uppercase letters - and you are good to GoOooo

Share this post


Link to post
Share on other sites
51 minutes ago, wHisHi said:

Its clearly your own personal fault. LO did everything correct.

Use 2FA, password with €:@:”-,!/&: symbols and random uppercase letters - and you are good to GoOooo

Because you have 2FA enabled, even if you change password every time you want or put how many chars you want, doesn't mean you are 100% protect.

In 2020, especially.. hackers and the privacy get violated much easier because of holes in the systems that are vulnerable, companies can fix them, but there will be Always alternative methods to brute force something, or to just simply cheat.

 

If your "LO did everything correct" sentence was really that, there won't be cheaters, there won't be theme stealers, there won't be glitch and exploit abusers, and there won't be many other things related to company responsability.

Isn't easy as you think to solve something like that.

Share this post


Link to post
Share on other sites

So all in all, just set up 2FA for your own safety, most of the accounts that were hacked past few days did NOT have 2FA it seems.

 

I really don't care whether you all beleive the video or not, like I said before, accounts were hit and the "exploit" claimed on the video seems to match up with everything that has been reported in the past few days.

 

The thread was to caution people, please set up 2FA for your own safety and yes, I didn't have any issues with tokens when setting up mine.

Share this post


Link to post
Share on other sites
9 hours ago, Kevkof said:

If so, I would advise to leave now before you accidentally sign over your belongings/life to someone.

I also do not understand what you're saying here, like many who were hacked we did not set up 2FA but did not do anything stupid like give our information out, nor did I install any suspicious third party software, it was the most random incident where an idle account that was not used often and was broken into without my awareness, like I stated before, a friend on dischord and others saw my character "speedhacking" in missions and I comfirmed that my account WAS broken into becuase my mailbox looked different when I logged back in after work.

Other also report of the same thing before I was notified by my friend.

 

I also understand that a thread like this would incite panic in the community and I understand why it is wise not to quickly jump to any conclusion on whether there has been a security vulnerability or not.

So for now I would tell others to set up 2FA and just leave it at that unless this situation develops somehow.

 

 

Edited by ArtDeco
mispelling

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...