So Star Vault...

Thanks for calling them out on the BS

 

1. Always use different passwords for EVERY registration.
2. Get a domain for about 1 euro / 1 dollar per month and get access to hundreds of different email addresses. Always use another email address for EVERY registration.
3. Never NEVER never share account information even with best friends. Your personal PC might be save and clean from virus, but how about your friend's PC?
4. If you are streaming your game you should always avoid streaming your desktop or other opened software! Do you streaming guys realize that streaming the login process publishes your account name and the length of your password?

 

i wonder what kind of best friends you have, but other than that i pretty much agree with you ^^

 

That was a case of years, in which we didnt store back then.
This month we have ofc everything logged and can see all logins on all accounts and trades done during this.
We have already shut down multiple accounts in which we go through to restore properly.

 

Wow you have one month from the breach until today covered and call that you have everything under control.
Realistically you might be able to get back a sixth of the accounts tops or something.

 

I didnt mean we have a month max of recovering accounts/logs.
I meant that the breaches happened during this month in which we cover ofcourse.
We can go back further than that before any incident happen during the cases described in this thread.
Sorry for the confusion. All the accounts logged in by the wrong user will be handled, simply as that.

 

These guys be hacking into mine and Grike's accounts for like few months now. They stole my in-game stuff and spread my personal info. When I asked SV if I can get my stuff they said my acc was hacked too long ago. So... Someone is hacking into people accounts and SV doesn't even know it . What happens with all the veterans account's that don't play the game anymore and don't realize their accounts got hacked? I bet they're all empty by now

 

I hope SV is checking mail bags of things coming and going?

 

So I have skimmed through this whole thread and there has been a shit ton of wild speculations, assumptions and just out right rage.

While SV is partially to blame for this, so are you as a player for having a shit password. Not saying Strillen or anyone else is exactly at fault but if you are running a 6 or less character password that is based on a word without any breaks or special characters in it, then you have a real weak password. I personally think that all of the statements about laws and how the US or Canada, or UK handles these cases are great but no need to be an internet lawyer. Those are about as useful as tits on a bull. As far as we know this person lives in a nation that has weak laws. The idea of trying to go all Liam Neeson "Taken" on him is a pipe dream. Most of you cant even afford to get out of your own counties let alone leave your country.

The best thing to do is just change your passwords to something more secure, avoid having the same forum password as your game password, same for your login. And don't save any personal account information on your PC.

Just my 2 pesos on the subject.

 

I asked that already several times - how to delete my Forum account and all my posts at once?
Seriously, I only visit these forums only when I am completely waisted and forget about the security issues (well, it's fun to post here) but I don't think it is worth to have an account here.

 

I am curious too.

 

Why is this person just targeting a select few and not just everyone.

 

Yes, blaming the customer for the Star Vault's security problem. Good job!

The only problem with "must have strong password argument" is that Star Vault are making people login and logout hard dues to instability.

The Two Step Authentication would have to be put in place for Mortal Online Game. This should be done by double clicking client or Steam which open the application that forced you to login into Mortal Online website to be verify and authenticate your IP. If IP matches the trusted IP source list according to the authentication, you passed. If not, you are to go to your email and verify your new IP source. If repeatedly login from a new IP without authentication, IP is blacklisted and have to be force to reset your password and immediately send alert to the Star Vault security team. To redeem yourself from blacklisted IP, you have to do the protocol to verify yourself.

After IP verified and authenticated, you only need a button that says "Play". The whole idea is to put a Two Steps Authentication because obviously hard coding it into Mortal Online directly would be not within Star Vault's budget.

The database that verify people password need to be encrypted. If it isn't encrypted then .... why aren't they doing it?

Pride. Denial. Lack of trust in staffing. Low budget. Sub-contracted. Excuse. One to Two Man Army on security team. Wreckless on people's personal and banking information.

 

I am not blaming the customer, I am just saying from my own experience as a US Army network administrator that a fair amount of the time the client is the one who is at fault with the weak password. I don't know how many times I have seen Password1, or Password!2 as a password. But I have also seen people use their login names as their password, which is idiotic. You as a system administrator can not prevent client stupidity, or as I call it lose nut on keyboard.

And yes upgraded security would be nice, but let us be honest, how many games out there have high level security.

 

Agree, the list of the top 25 passwords of last year is great with "starwars" as a new password on rank 25. You can break more than 50% of all accounts by just trying the top 25 list.

 

Ye if he really just posted the last 4 digits I am certain he didnt have the entire number since every site shows only the last 4 digits.

That is if Insta lives in Sweden.

 

That is not true, there are multiple components to cyber crimes like these.

 

Agreed. I'm confused as to how much of it is from actual hacking as opposed to people sharing info/ using weak PWs or recylcing passwords between accounts. There is a distinction and only so much a company can do to prevent it.

 

Ok, you made me understand you better.

But, as a I suggested, password alone isn't enough because once breach have been made. Password get changed and would be a pain for people to remember a new password. Authentication and IP approval, such as the one that Mortal Online forum used, should be installed for Mortal Online client. They don't need to hard code it into Mortal Online, just need to have the opening launcher point to the website for authentication then website open the program in computer. The login username or password would however have to be disabled in the MO client which definitely need to be hard coded.

Let says, Eve Online, for an example, were to be more sophisticated than Mortal Online. Then, Mortal Online would have to be more modern to be up to date with security.

I, too was a victim of security breach for Origin. Hacker hacked my account. It was a general reminder that password alone isn't enough to stop people from taking over account. Authentication was the system that needed to prevent would be identity or security breach from happening again.

This sames goes for eBay.

It isn't my password that are the problem. It is the fallacy, neglect, and out of date security protocol that give desperate hackers to hack corporate servers and hide in the computer crime gray area. It is bull crap that Unversity of computer would dress people open as "cyber warrior" when they are just meaningless pawn.

It is time Star Vault have to smart up security protocol.

 

He needs to live in a country which hands over criminals, have cyber laws or a country that would prosecute for a citizen of another country or for another country for that matter in order to be able to get caught.