Important Security Reminder

The latest news and announcements about theHunter provided by the developers
User avatar
Fletchette
Trophy Hunter
Posts: 6658
Joined: September 10th, 2013, 8:30 pm
Location: Missouri, USA

Re: Important Security Reminder

Postby Fletchette » November 5th, 2017, 11:58 am

Tanngnjostr wrote:
Levado wrote:
Tanngnjostr wrote:Unfortunately after I changed my password to one I've never used before (not in the game, not on another site), the hackers were still able to access my account until I asked for it to be temporarily locked. How could this have happened if they were using login data they got from another database?
If they don't log out, they'll continue to have access, regardless your password. ;)

This might be the case, but be aware that the time between me changing the password and the hacker starting the last game was around 12 hours. Maybe they just let the launcher run all this time, but even in this case I would expect some security measure to take effect!

Or they had the launcher open when you changed the password, then changed it themselves AFTER you did. That way, they still had the valid password.

I guess the real question is, was your original email address and/or password one that you also used on other another account somewhere? If yes, then that's a clue.
Personal Bests...
Image
Image
User avatar
Radamus
Trophy Hunter
Posts: 6492
Joined: January 23rd, 2014, 7:05 pm
Location: NW Ohio

Re: Important Security Reminder

Postby Radamus » November 5th, 2017, 12:38 pm

Marc, you've been spawn mashing!
Spoiler:
User avatar
Tanngnjostr
Moderator
Moderator
Posts: 6999
Joined: July 14th, 2015, 12:41 pm
Location: Moguntia

Re: Important Security Reminder

Postby Tanngnjostr » November 5th, 2017, 1:01 pm

Fletchette wrote:Or they had the launcher open when you changed the password, then changed it themselves AFTER you did. That way, they still had the valid password.

Even if the launcher was still open for them after I changed the password, they shouldn't have been able to change it themselves without entering the current (new) password, right? Also, the password wasn't changed again. It was still the one I chose, but my account had been used again over night.
User avatar
TheSheWolf
Scout
Posts: 368
Joined: April 28th, 2010, 9:48 am

Re: Important Security Reminder

Postby TheSheWolf » November 5th, 2017, 6:08 pm

Quick question, if theHunter's own database is what's being broken into, do those logging in through Steam need to worry about the security of either a. their theHunter account, or more worryingly, b. their Steam details?
User avatar
Alena Rybik
EW Staff
EW Staff
Posts: 5016
Joined: January 7th, 2014, 6:31 am
Location: Stockholm, Sweden
Contact:

Re: Important Security Reminder

Postby Alena Rybik » November 6th, 2017, 8:06 am

We are still investigating what happened, but our database has not been compromised and we see no signs of brute force on our backend. Will keep you updated.
User avatar
caledonianblues
Moderator
Moderator
Posts: 8181
Joined: September 27th, 2012, 11:01 pm
Location: Stockholm, Sweden

Re: Important Security Reminder

Postby caledonianblues » November 6th, 2017, 8:27 am

Fletchette wrote:If EW's database had been compromised then the "hackers" would have the correct password every time, and wouldn't be triggering "unauthorized" login attempts.

Hypothetically, even if someone had a complete dump of the database that contains the user account information, they wouldn't have the passwords. They're hashed. Staff members can't even see what someone's password is.
UHC Apps | UHC Stats | My PC Specs
Host your own competition, or get your geek on with stats.
User avatar
Catafesta
Tracker
Posts: 194
Joined: March 21st, 2014, 3:07 pm

Re: Important Security Reminder

Postby Catafesta » November 6th, 2017, 5:28 pm

I just tried to log-in in the forum because the game server and the website are down right now. When i tried to log-in i got this message on the 1st attempt:

"You exceeded the maximum allowed number of login attempts. In addition to your username and password you now also have to solve the CAPTCHA below."

So the forum's accounts are also in trouble?
User avatar
caledonianblues
Moderator
Moderator
Posts: 8181
Joined: September 27th, 2012, 11:01 pm
Location: Stockholm, Sweden

Re: Important Security Reminder

Postby caledonianblues » November 6th, 2017, 5:33 pm

Catafesta wrote:So the forum's accounts are also in trouble?

No, not at all. The CAPTCHA has been in place for a while and, right or wrong, it's configured to present on the first login attempt (no failed attempt needed to trigger it). It doesn't mean someone has been trying to log in with your credentials, it's working as expected.
UHC Apps | UHC Stats | My PC Specs
Host your own competition, or get your geek on with stats.
User avatar
ronMctube
Chat Logger
Posts: 14569
Joined: March 14th, 2009, 9:49 pm

Re: Important Security Reminder

Postby ronMctube » November 7th, 2017, 7:21 am

can someone fix the double login though ? its pretty annoying.put right password in then you have to login again with whats the colour of the hunter logo.
User avatar
gas56
Outfitter
Posts: 3364
Joined: April 4th, 2014, 12:51 pm

Re: Important Security Reminder

Postby gas56 » November 7th, 2017, 11:37 am

ronMctube wrote:can someone fix the double login though ? its pretty annoying.put right password in then you have to login again with whats the colour of the hunter logo.

I've suggested to put the CAPTCHA on the 1st log-in attempt since it was implemented,...
But it looks like it isn't going to happen,.. so I just type in some fast gibberish on the 1st try.....
to bring up the 2nd attempt and CAPTCHA up faster.......... so much for good real suggestions...... :roll:

Return to “Latest News & Announcements”

Who is online

Users browsing this forum: Bing [Bot], nomad, Prinz1989, TheSpecter and 1 guest