ACCOUNT INSECURITY AND SOCIAL ENGINEERING [Author: Lum the Mad]
We just got a new update from him.
Just wanted to update you on the situation at hand. After Verant thoroughly investigated my claim, it turned out the “hacking” occurred because I shared my password with several members in my former guild, which gave them access to my account. I can now appreciate the point Verant is trying to make with their Account Security statement.
I wanted to leave you with a warning of sorts. Lots of big guilds share account info, usually for when someone is unavailable to play and their character is needed for a raid. Although you may be needed badly for that raid, realize that everything you have could be lost all at the risk of receiving another phat lewt or helping the Guild out. As you can see, my account got terrorized and I lost most of my items, even my No drop stuff. Hours and hours of work gone because I was foolish and shared my account info. According to the new policy, sharing of account information is risking your own account, and if compromised due to this, it is your own responsibility to deal with it. I know a lot of people that share their account info, and I don’t want them to lose their items like I have. So please change your passwords before this happens to you, because trust me, you won’t regret it. But thank you for all the support you have shown me since this happened, I really appreciate all the tells offering to help.
*hugs everyone*
Sincerely,
Uumpaa
58th Halfling Stabber
Kaphorian Waylander
56th Luminary
As every oldschool hacker knows, the easiest way to “hack” someone, bad Hollywood movies to the contrary, is by what hackers call “social engineering”. In other words, getting people to give you access to whatever you desire. Whether cracking a corporate account by calling an overworked secretary posing as an imperious network manager, or by scooping up MMOG accounts by posting copies of Gear that are really trojan horses, hackers follow the path of least resistance. It’s a lot easier to convince you to say the secret word then to buy time on a Cray to crack the encryption on your network traffic.
Of course, you probably still shouldn’t page a GM in EQ and tell them your account was hacked.