Discussion about account security

[VikingWarrior]

Hello, right now i am on a account which is not mine. [This one i'm posting with right now] I didn't know it was so freaking simple to hack a account on this website haha. Now, the way i did it boys and girls was with "Sentry mba" Look it up if you are wondering what kind of program it is.

Here are the information about the account.

Username:VikingWarrior Password:youbeenhacked

Village name: Asylium [Which it was part of]

[shubla]

I am not surprised that security of HnH is not the best..
But how did you get him password? Did you actually get it through some cool haxor ways or did you just "scam" it?
Or maybea the account was originally yours.

[sabinati]

Credential stuffing is the automated injection of breached username/password pairs in order to fraudulently gain access to user accounts. This is a subset of the brute force attack category: large numbers of spilled credentials are automatically entered into websites until they are potentially matched to an existing account, which the attacker can then hijack for their own purposes.

[shubla]

Credential stuffing is the automated injection of breached username/password pairs in order to fraudulently gain access to user accounts. This is a subset of the brute force attack category: large numbers of spilled credentials are automatically entered into websites until they are potentially matched to an existing account, which the attacker can then hijack for their own purposes.

Devs should really do something to security such as:
Changing password or email should be made impossible without confirmation from current mail.
Also somekind of "maxium of 5 logon attempts in x amount of time". Maybe evenCAPTCHAS. Of course some may say that captchas are not helping, because theres lot of services that will solve them for few pennies. But some captcha is better than no captcha. It would perhaps reduce the amount of attempts. Maybe re captcha could be required on each logon attempt. In my user side experience they arent much of a hassle. Of course something like that would have to be implemented in client as well..
Captchas would atleast make people feel a bit safer.

[sabinati]

the main point is don't use the same account name and password on multiple sites, at least for this method of attack.

[loftar]

Sentry mba

So what you're saying is that you got his username and password via external means? Not sure what you'd expect this website to do against that.

[shubla]

Not sure what you'd expect this website to do against that.

Please add some more security on changing password/email atleast.

[loftar]

Changing password or email should be made impossible without confirmation from current mail.

This makes you lose your Haven account if you lose your e-mail account.

Also somekind of "maxium of 5 logon attempts in x amount of time".

There were no failed login attempts; he knew the password from the outset.

[The_Blode]

Not sure what you'd expect this website to do against that.

Please add some more security on changing password/email atleast.

if they add too much it becomes easy to get locked out of your own stuff. Extra security is great until you find yourself on the outside looking in wistfully at your account.

[bananza]

apx again..... omg..........


i hope you dont hack me becuase this account is a key to my ironic memes vault