theHunter Classic Forums

Tanngnjostr wrote:

Levado wrote:

Tanngnjostr wrote:Unfortunately after I changed my password to one I've never used before (not in the game, not on another site), the hackers were still able to access my account until I asked for it to be temporarily locked. How could this have happened if they were using login data they got from another database?

If they don't log out, they'll continue to have access, regardless your password.

This might be the case, but be aware that the time between me changing the password and the hacker starting the last game was around 12 hours. Maybe they just let the launcher run all this time, but even in this case I would expect some security measure to take effect!

Or they had the launcher open when you changed the password, then changed it themselves AFTER you did. That way, they still had the valid password.

I guess the real question is, was your original email address and/or password one that you also used on other another account somewhere? If yes, then that's a clue.

Marc, you've been spawn mashing!

Fletchette wrote:Or they had the launcher open when you changed the password, then changed it themselves AFTER you did. That way, they still had the valid password.

Even if the launcher was still open for them after I changed the password, they shouldn't have been able to change it themselves without entering the current (new) password, right? Also, the password wasn't changed again. It was still the one I chose, but my account had been used again over night.

Quick question, if theHunter's own database is what's being broken into, do those logging in through Steam need to worry about the security of either a. their theHunter account, or more worryingly, b. their Steam details?

We are still investigating what happened, but our database has not been compromised and we see no signs of brute force on our backend. Will keep you updated.

Fletchette wrote:If EW's database had been compromised then the "hackers" would have the correct password every time, and wouldn't be triggering "unauthorized" login attempts.

Hypothetically, even if someone had a complete dump of the database that contains the user account information, they wouldn't have the passwords. They're hashed. Staff members can't even see what someone's password is.

I just tried to log-in in the forum because the game server and the website are down right now. When i tried to log-in i got this message on the 1st attempt:

"You exceeded the maximum allowed number of login attempts. In addition to your username and password you now also have to solve the CAPTCHA below."

So the forum's accounts are also in trouble?

Catafesta wrote:So the forum's accounts are also in trouble?

No, not at all. The CAPTCHA has been in place for a while and, right or wrong, it's configured to present on the first login attempt (no failed attempt needed to trigger it). It doesn't mean someone has been trying to log in with your credentials, it's working as expected.

can someone fix the double login though ? its pretty annoying.put right password in then you have to login again with whats the colour of the hunter logo.

ronMctube wrote:can someone fix the double login though ? its pretty annoying.put right password in then you have to login again with whats the colour of the hunter logo.

I've suggested to put the CAPTCHA on the 1st log-in attempt since it was implemented,...
But it looks like it isn't going to happen,.. so I just type in some fast gibberish on the 1st try.....
to bring up the 2nd attempt and CAPTCHA up faster.......... so much for good real suggestions......