[Announcement About Account Security] Haven/Salem

[jordancoles]

Currently the Haven forums are blowing up with reports of account hacking.

Some of this is apparently coming from a custom client that has a keylogger inside of it, but the hackers have also gotten the emails of many members of the community and have been requesting to change the passwords of accounts.
If you get an email from the Salem forums or the Haven forums asking you to change your password, delete the email and do not click the link.

Change the email linked to your account and these emails should (hopefully) stop coming. I've received emails for both my Salem and Haven accounts myself.

DO NOT CLICK THE LINKS INSIDE OF THESE EMAILS.


Reposted from this thread on the Salem forums
http://forum.salemthegame.com/viewtopic ... 657#p80854

[Phoenix246]

What has become of Haven now in days?

[joojoo1975]

tis easier to cheat, than to actually win. But "cheatin's" been going on since W2.

we can only hope for a brighter future.

[loftar]

By clicking the link you are essentially agreeing to have your password changed by the other person.

What procedure are you implying? Changing the password should only be possible for the person actually doing the clicking.

[borka]

Interesting would be where the link leads to and what (if there is) script (and what's in that) ?!?

[jordancoles]

By clicking the link you are essentially agreeing to have your password changed by the other person.

What procedure are you implying? Changing the password should only be possible for the person actually doing the clicking.

Could be different here I suppose? I did not click the link to find out. For most sites I've been on you change the PW to whatever and then you confirm with the email link to change it.

[loftar]

For most sites I've been on you change the PW to whatever and then you confirm with the email link to change it.

Um.

If you already know the current password of an account, you can change it without any e-mail. As on most sites, indeed; I haven't seen any site that works differently, but feel free to enlighten me. :)

If you use a reset e-mail, the link in the e-mail brings you to a page where you enter a new password; not a page to confirm a password entered in the past.

[jordancoles]

For most sites I've been on you change the PW to whatever and then you confirm with the email link to change it.

Um.

If you already know the current password of an account, you can change it without any e-mail. As on most sites, indeed; I haven't seen any site that works differently, but feel free to enlighten me.

If you use a reset e-mail, the link in the e-mail brings you to a page where you enter a new password; not a page to confirm a password entered in the past.

Aye, I seem to recall something different on some sites I've used in the past but I've been hearing of people being hacked simply through the link so it may be something different entirely :s
Either way don't click the link to avoid potential problems

[Momoka]

For most sites I've been on you change the PW to whatever and then you confirm with the email link to change it.

Um.

If you already know the current password of an account, you can change it without any e-mail. As on most sites, indeed; I haven't seen any site that works differently, but feel free to enlighten me.

If you use a reset e-mail, the link in the e-mail brings you to a page where you enter a new password; not a page to confirm a password entered in the past.

It would be good if it would send a pre-confirmation to the email. The legitimate owner would get an email redirecting him to a password change page. That would make it harder to steal the account.


If the attacker got both, the email and the account passwords, it's the user's fault.

[fanit937]

Good thing I never check my mails, I just delete them all.