Fuck whoever hacked me!

[Bramson]

should people who have logged in with the union client reset passwords and stop using it?

From what I was able to gather, these guys were using a client over a year ago which was collecting passwords (at the time, I think the name "Rizen client" was mentioned; I don't know whether or how it relates to the Union client) and was involved in the time I nuked AD. Their accounts were stolen in this way, but they never switched their email addresses back, and were now taken again with a password-reset-email to the hacker's still lingering e-mail address. It is partly their own fault for not securing their e-mail address after their accounts were taken, in other words; which is part of the reason I'm not going to try and give their items back or anything (part of the reason, mind you).

That, of course, doesn't excuse the hacker himself. I'm awfully glad I was able to track him down this time.

Note to self: Don't get your account hacked as the devs obviously don't give a fuck.

Address Change in Progress
An e-mail has been sent to the address that you specified. As soon as it arrives, please follow the instructions contained therein to complete the address change.

1. No email address was sent to the original email address, letting the user know someone changed your email.
2. No place on your account information does it show what your email address is.


So knowing this if you get hacked. You have NO WAY to know your account was compromised nor would you ever know your email was changed.

So loftar, you are saying it is his fault that he got hacked and you are not restoring anything because he should of know his email changed when in fact, you give us no tools to check if our email was changed.

Let me be the first to tell you, YOU ARE WRONG!

Give us the tools to notify us when changes are happening to our accounts, as this was out of trolls control to know if his account was compromised and you should at least restore what you can ( like his character ).

Until you fix this the only the devs are at fault and liable for account thefts.

[GrapefruitV]

He lost his acc because of custom client with keylogger in the first place. Loftar didn't force him to use it. And then he didn't change email after that. Understandable, but his fault again. Besides, what would you call "giving a fuck"? Some time was spent to find a thief, he was punished. What else do you expect? Full resurection and free stuff? The only thing HnH will get from it is a huge wave of fake hacked accounts incidents.

[Bramson]

He lost his acc because of custom client with keylogger in the first place. Loftar didn't force him to use it. And then he didn't change email after that. Understandable, but his fault again. Besides, what would you call "giving a fuck"? Some time was spent to find a thief, he was punished. What else do you expect? Full resurection and free stuff? The only thing HnH will get from it is a huge wave of fake hacked accounts incidents.

Of course nobody forced a person to use a keylogger client. But the point is, the account got compromised, there was no warning "your email has been changed, if you didn't change your email then your probably getting fucked over" email. There is no place on your account page that displays your email. So the whole argument that he should of changed his email is invalid when the devs got lazy and didn't bother to implement proper account security tools that would make it 100% easier to detect a brute force account take over. This is a dev issue and they are responsible for not giving us the tools to better secure our accounts. Any "real" company who actually gave a shit about their customers would of punished said parties involved but also restored the damages caused by the brute force attack.

Obviously, they cannot restore everything as it seems they lack a complex database that actually shows what he had, but a character restoration would be expected 100%. I'm sure the only thing that really mattered to Troll ( although I dont speak for him) is the Dev Cape that he had, which for some reason loftar couldn't find which goes back to my original point of lack of complex database, and his character, so if I was a professional dev who actually gave a fuck about my community, I would of restored the dev cape and his character and told him the rest he has to come up with himself. Obviously, IMHO and I am sure that a majority would agree with me that would be fair and the right thing to do.

Of course you would always have people trying to "fake" account hacks as I am already sure this happens already, but would proper tools in place, a basic php watch dog application can detect all this stuff on the fly with little to no effort. So all the "fake" incidents can be quickly gone through and filtered.

Since you don't really play and have anything to lose your opinion would of course be who cares, but one day I hope you invest a lot of time into building a character and acquiring a bunch of stuff. Then one day you cannot login because you been hacked. You never received any email stating your account email has changed. You finally recover your account and you character is like a 1 day old alt and the dev tells you its your fault and you are getting shit back. I hope you remember this moment, this time and know that Karma got your ass.

Bramson

[ChildhoodObesity]

He lost his acc because of custom client with keylogger in the first place. Loftar didn't force him to use it. And then he didn't change email after that. Understandable, but his fault again. Besides, what would you call "giving a fuck"? Some time was spent to find a thief, he was punished. What else do you expect? Full resurection and free stuff? The only thing HnH will get from it is a huge wave of fake hacked accounts incidents.

well i was pretty skrub and didnt even know what a keylogger was back then, but even then my password was obtained by APX hacking into the email account of the client owner so its pretty shitty either way

[Amanda44]

@ Bramson - tbh, I also think Troll should have got his dev cape back and his char under the circumstances but honestly, wishing the same thing on someone else just because their opinion differs slightly is a bit much!

[ChildhoodObesity]

@ Bramson - tbh, I also think Troll should have got his dev cape back and his char under the circumstances but honestly, wishing the same thing on someone else just because their opinion differs slightly is a bit much!

lel i hardly care about the character i'd prefer the cape or even the first inherit of the character would be cool but they completely fucked over my character by how many times they killed it

[GrapefruitV]

so if I was a professional dev who actually gave a fuck about my community, I would of restored the dev cape and his character and told him the rest he has to come up with himself. Obviously, IMHO and I am sure that a majority would agree with me that would be fair and the right thing to do.

Of course you would always have people trying to "fake" account hacks as I am already sure this happens already, but would proper tools in place, a basic php watch dog application can detect all this stuff on the fly with little to no effort. So all the "fake" incidents can be quickly gone through and filtered.

...and if I was average haven faggot, I would tell you dev item is missing (even if it isnt) to get another one for my friends.
None of it would work. I can actually hack my own acc or ask friends to do it to make it look real.

Since you don't really play and have anything to lose your opinion would of course be who cares, but one day I hope you invest a lot of time into building a character and acquiring a bunch of stuff. Then one day you cannot login because you been hacked. You never received any email stating your account email has changed. You finally recover your account and you character is like a 1 day old alt and the dev tells you its your fault and you are getting shit back. I hope you remember this moment, this time and know that Karma got your ass.

Oh yeah, tell me about it. Already been there. Account which got stolen was not exactly mine, but it had access to my village and it got fucked up pretty hard. Guess what devs said? Nothing. They just ignored my pm. Not even talking about everything I've lost because of bug raids in w6. And yet I'm not crying like a bitch, because this is what I signed up to: raw alpha with devs being away almost all the time and a promise of no resurections. So "you just don't know how it feels!" doesn't really work here.

Ofcourse I feel sorry for Troll and would like to see him getting back both cape and char, but it is impossible for mentioned reasons and there are only 3 people responsible:
1. Adriano for collecting everyones who ever used rizen passwords.
2. Apxeolog (or whoever from Dis was it) for using this flaw.
3. Troll for trusting AD and not changing his email.

This email thing is not the reason, it is only a circumstance, which made it more likely to happen. I'm not saying we don't need accounts security system to be fixed, my point is it is just not the thing to be blamed. It took a while for Troll to remember which email he used for that account, so I doubt he was checking it constantly and would see a notification about email change.

[ChildhoodObesity]

It took a while for Troll to remember which email he used for that account, so I doubt he was checking it constantly and would see a notification about email change.

well i mean the email was changed about a year ago went a while without any problems didnt really have a reason 2 be like "o i shud change my email because its definately NOT my email" but yea im not expecting anything back although i'd rlly like the cape CONSIDERING the guy who owns the ONLY other cape hardly even plays and doesnt even take it out so its pretty much lost forever. atleast when i was wearing it i wore it everywhere so anyone had a chance at it

[Tonkyhonk]

as for the security system, loftar did mention the other day that he might change the system sometime in the near future, but the reason he hadnt done so was that he was more worried about those players who cry to them by pm and say "i forgot which email address i used, halp" and bother them even more often than they currently do now with passwords loss. (and as you know they dont have manpower to reply to every single retarded message they receive daily, when they charge you NOTHING for playing the game but only receiving whatever very small donations they get.)
besides, we all know that people usually do not get their passwords stolen UNLESS you are retarded enough to use some plz-hack-me-passwords or weird downloads with keyloggers or giving passwords away to "friends". since this is a free for all indie alpha game, i dont think its fair for us to demand them to do everything like other official games around do in every way.

some of us want the notification emails (and i have requested it quite a few times already myself) and require us to use the email address to change passwords for the worst case scenario, but also, some of us rather want it be easy to change the pass very often for their own security measure. (some players have registered too long ago to remember which email address, some players might have lost their original email address for one reason or another, some players might not be able to use the email they registered before... and so on.)

i still think its better to get those notification emails, requiring both pass and email to change pass would make it harder to hack imo, but i do understand why he didnt want to do that for a long time as well.

as for the cape.
loftar is trying to be as fair as possible. if he actually gave troll the cape, he would have to do the same to all the other players who have lost their valuables in the past for whatever reason they could not help with, but most likely he wouldnt be able to do so. and also because of the old hacking incident *should* have made victims check their own email and pass and make it secure as to not let that happen again, it is definitely partly troll's own fault for this incident, so as 2 others. now im sure troll would be more careful with his own security, which is good for him over all.

p.s.
@tkearns, that is your opinion and it doesnt convince me, but you know that my whining doesnt change a thing here anyways. just letting you know im being rather skeptical and finding it rather questionable how two of you didnt lose anything by this when you were on apx side.

[ChildhoodObesity]

as for the cape.
loftar is trying to be as fair as possible. if he actually gave troll the cape, he would have to do the same to all the other players who have lost their valuables in the past for whatever reason they could not help with

lel loftur revived 2 accs last world which was caused by the same keylogger, i lost my acc a year ago when i didnt kno keyloggers were a thing so even tho its my fault its kinda shitty since i was playing the game for a few months only just a pOOR LITTLE NAB, anyways I dont even want my main revived i want the inherit revived but i wont make a big deal about that newayz 2 da cape there's apparently only 2 of those in the game (1 now since he drownd mine) 1 is alt vaultd i dont see how any other players could be like WOW MY CAPE WAS STOLEN FROM HACKING GIVE BACK, loftar should know how many hes given out. and by that logic when he revived Thundercat and *Svetkin* last world i should be revived now HUEHUEHUEUE