Important Security Reminder

The latest news and announcements about theHunter provided by the developers
User avatar
Fletchette
Trophy Hunter
Posts: 7317
Joined: September 10th, 2013, 8:30 pm
Location: Missouri, USA
Contact:

Re: Important Security Reminder

Post by Fletchette »

Tanngnjostr wrote:
Levado wrote:
Tanngnjostr wrote:Unfortunately after I changed my password to one I've never used before (not in the game, not on another site), the hackers were still able to access my account until I asked for it to be temporarily locked. How could this have happened if they were using login data they got from another database?
If they don't log out, they'll continue to have access, regardless your password. ;)
This might be the case, but be aware that the time between me changing the password and the hacker starting the last game was around 12 hours. Maybe they just let the launcher run all this time, but even in this case I would expect some security measure to take effect!
Or they had the launcher open when you changed the password, then changed it themselves AFTER you did. That way, they still had the valid password.

I guess the real question is, was your original email address and/or password one that you also used on other another account somewhere? If yes, then that's a clue.
Personal Bests...
Image
Image
User avatar
Radamus
Master Hunter
Posts: 8843
Joined: January 23rd, 2014, 7:05 pm
Location: NW Ohio
Contact:

Re: Important Security Reminder

Post by Radamus »

Marc, you've been spawn mashing!
"Out of all competitors, Radamus was the only one who got it I think" - BCKidd
"Ugh, I absolutely hate the thought that Radamus is right about this and I was wrong...!!!" Splainin2do
I can't afford a swear jar - xOEDragon
Spoiler:
User avatar
Tanngnjostr
Master Hunter
Posts: 8887
Joined: July 14th, 2015, 12:41 pm
Location: Moguntia

Re: Important Security Reminder

Post by Tanngnjostr »

Fletchette wrote:Or they had the launcher open when you changed the password, then changed it themselves AFTER you did. That way, they still had the valid password.
Even if the launcher was still open for them after I changed the password, they shouldn't have been able to change it themselves without entering the current (new) password, right? Also, the password wasn't changed again. It was still the one I chose, but my account had been used again over night.
Image Image Image
User avatar
TheSheWolf
Hunter
Posts: 935
Joined: April 28th, 2010, 9:48 am
Contact:

Re: Important Security Reminder

Post by TheSheWolf »

Quick question, if theHunter's own database is what's being broken into, do those logging in through Steam need to worry about the security of either a. their theHunter account, or more worryingly, b. their Steam details?
User avatar
Alena Rybik
EW Staff
EW Staff
Posts: 4643
Joined: January 7th, 2014, 6:31 am
Location: Stockholm, Sweden
Contact:

Re: Important Security Reminder

Post by Alena Rybik »

We are still investigating what happened, but our database has not been compromised and we see no signs of brute force on our backend. Will keep you updated.
User avatar
caledonianblues
Master Hunter
Posts: 9725
Joined: September 27th, 2012, 11:01 pm
Location: London, UK
Contact:

Re: Important Security Reminder

Post by caledonianblues »

Fletchette wrote:If EW's database had been compromised then the "hackers" would have the correct password every time, and wouldn't be triggering "unauthorized" login attempts.
Hypothetically, even if someone had a complete dump of the database that contains the user account information, they wouldn't have the passwords. They're hashed. Staff members can't even see what someone's password is.
User avatar
Catafesta
Tracker
Posts: 209
Joined: March 21st, 2014, 3:07 pm
Contact:

Re: Important Security Reminder

Post by Catafesta »

I just tried to log-in in the forum because the game server and the website are down right now. When i tried to log-in i got this message on the 1st attempt:

"You exceeded the maximum allowed number of login attempts. In addition to your username and password you now also have to solve the CAPTCHA below."

So the forum's accounts are also in trouble?
User avatar
caledonianblues
Master Hunter
Posts: 9725
Joined: September 27th, 2012, 11:01 pm
Location: London, UK
Contact:

Re: Important Security Reminder

Post by caledonianblues »

Catafesta wrote:So the forum's accounts are also in trouble?
No, not at all. The CAPTCHA has been in place for a while and, right or wrong, it's configured to present on the first login attempt (no failed attempt needed to trigger it). It doesn't mean someone has been trying to log in with your credentials, it's working as expected.
User avatar
ronMctube
Chat Logger
Posts: 17439
Joined: March 14th, 2009, 9:49 pm
Contact:

Re: Important Security Reminder

Post by ronMctube »

can someone fix the double login though ? its pretty annoying.put right password in then you have to login again with whats the colour of the hunter logo.
User avatar
gas56
Outfitter
Posts: 4340
Joined: April 4th, 2014, 12:51 pm
Location: Ohio
Contact:

Re: Important Security Reminder

Post by gas56 »

ronMctube wrote:can someone fix the double login though ? its pretty annoying.put right password in then you have to login again with whats the colour of the hunter logo.
I've suggested to put the CAPTCHA on the 1st log-in attempt since it was implemented,...
But it looks like it isn't going to happen,.. so I just type in some fast gibberish on the 1st try.....
to bring up the 2nd attempt and CAPTCHA up faster.......... so much for good real suggestions...... :roll:
Post Reply

Return to “Latest News & Announcements”

Who is online

Users browsing this forum: No registered users and 1 guest