Compromised account


(sally Deninard) #1

Hi,
my partners Eve account has been compromised, an amount of corp isk has been transferred and her password has been changed so she cannot gain access.
We have a ticket open, remaining account passwords have been changed and we have moved assets from the corp hangers to remaining personal accounts.
Her spersonal ships and assets have been at the mercy of the perpetraitors for a number of hours now.
Is there anything else I need to do ingame to mitigate this?
How long does it take for a communication to take place from CCP?
They are in reciept of he ticket but hae been silent since.
I only ask this because from my experience games companies are a little quicker out of the blocks to get the account returned to its owner. It is quite frustrating to know you have reported a crime and you have to accept it just continues regardless.
Thx in advance.


(Arcanith Lionheart) #2

Yeah CCP really needs to set a priority on the type of tickets that are around.

As a benefit of the doubt I’d like to say that they are already investigating the matter and dealing with the matter appropriately.

But even if they delay it a bit, I am fairly certain that whoever hijacked the account will be banned and the damage repaid in some shape or form, so give CCP some time, they got a good service, even if they are a bit slow at times.

Reason I believe the culprit will be banned is because a friend of mine had a similar experience where the GM said “Someone has indeed been using your account, I went ahead and banned that person from playing and here is a thing to compensate for the trouble”


(sally Deninard) #3

Thankyou for both your reply and reassurance. It is in a bizarre way comforting to know that someone else has been through the process and had it resolved.


(Arcanith Lionheart) #4

Better to know that someone else suffered and got the issue fixed than suffering and not being solved, so I don’t really consider that bizarre


(Lulu Lunette) #5

In my experience, they were not allowed to tell me what they were going to do to the ‘third party,’ if anything at all.

All I have to say is good luck!

CCP has historically done nothing for people who’ve been hacked. I’m sorry.


(Arcanith Lionheart) #6

I still remember reporting people breaking rules in Rookie Help, the GMs did mention how they cannot explain the method they are dealing with it.

I suppose it is their way of saying “Alright, you got proof there, we will do our thing to fix this issue, but we will not tell you so you won’t boast around or something”, which I suppose when they told my friend they dealt with the third party that hijacked his account it was because it was quite the serious thing.


(Lulu Lunette) #7

Essentially that’s the copy + paste answer I got for a recent ticket.

we can simply not disclose what action may or may not have been taken against reported players, just as I would not tell them who reported them.

I’m probably flying a little close to some broken rules myself there. :sweat_smile: They did reassure me with a ‘we take these kinds of reports very seriously.’

https://community.eveonline.com/news/dev-blogs/account-security-and-you/


(sally Deninard) #8

I had also read this so obviously im a little anxious to get some kind of communication :stuck_out_tongue: The corp bank is completeley cleaned out so im gonna probably have to put the other 3 accounts onto free to play in the next 5 days. It has pretty much left the setup unplayable. I was halfway through a 2 week production purchase on my market alt, went to a corp toon to grab corp cash and bam… nothing left ><. What sucks is that the buying phase is unfinished so I cant run the jobs. I could probably raise capital by selling the materials but i`d lose a billion easy.
My biggest worry is that with a reasonable amount of missing isk and 60 mill sp toon there is a chance the sps have been extracted… that sucks


(Arcanith Lionheart) #9

Just wait out on what CCP or the GMs have to say in the matter, if they do it right they will notice the IP used to access the accounts and that right there is one proof that it has been accessed somewhere else. Logs and everything related to corporations will surely go by noticed so keep an eye on your ticket.


(Nana Skalski) #10

I use different passwords for every online acccount.

I have found its a good way to remember them.


You can actually use all words humans can think off. In all languages.


(sally Deninard) #11

Thx for the advice.
Sit rep… 12hrs later and still waiting for a response :frowning:


(Amhra Rho) #12

This might be a more important message than it seems. Is this story board suggesting that the best practice we should adopt when creating strong passwords has recently changed? Yes. Exactly.

Five ordered words are now recommended, like this: modicum reliquary bushido penchant observation

Leave out the spaces, of course. You’ve now got a passcode which has - to use the story board’s terminology - 78 “bits of entropy”. It’s 2 to the 78th power - that’s huge! How big a number is that? According to https://howsecureismypassword.net/, it would take 213 Duodecillion Years to crack - that’s 213 followed by 72 zeros! Far more trillion billion lifetimes than the average hacker would be willing to expend trying to crack your passcode. It’s all about the key length. Size matters!

Gets better - so you say that you’re mandated to change your passcode in another three months? Just change the word order, like this: bushido observation modicum penchant reliquary. How many permutations do you get with five distinct words while using each word only one time? The answer is five factorial (5!) which is 5x4x3x2x1=120. Congratulations - you can now change your passcode 120 times without repeating a combination.


(sally Deninard) #13

This is usefull and i thank you for it. !!


(Linus Gorp) #14

They always do. Square Enix also writes that in every of their ticket responses and they never give a ■■■■.


(Hakaru Song) #15

Has the email address associated with the account been compromised as well?

You can request a password reset from the webpage. Control belongs to the email address associated with the account. Unless the character has been moved off the account you can get control back.


(sally Deninard) #16

yes thats all been sorted thx


(sally Deninard) #17

OK sitrep #2 . Its not good…
The char was extraxted using corp money. The skill extractors were sold off. The skill points were reimbursed but nothing else…
Sucks major


(Ptraci) #18

I’m curious as to how this happened - did you get phished at some point with an email that looked like it came from CCP? Or did someone guess your login/password because you used the same combo on another website that got hacked or had a dishonest admin, etc?


(sally Deninard) #19

werte not sure how it happened at the moment. Weve changed account and associated email passwords but thats all i know.


(Amhra Rho) #20

Another highly regarded, very strong security technique is to select “on” 2-factor verification for all your Eve accounts. This means that in addition to your login passcode, you will then be mandated to provide a separate six digit code number which can only be found in one place in the entire universe - on your personal secure smartphone.

A free app called Google Authenticator generates the six digit number, and it changes every fifteen seconds or so. Good luck to the bad guys - they’ll have fifteen seconds to crack that six digit number. Starting . . . . NOW.

Either that, or they’ll need to have open access to the account owner’s secure private cell phone. Bad guys don’t have access to your own personal smartphone? Too bad, so sad for them. More information on 2-step verification here - for Eve accounts, it comes highly recommended. Security doesn’t get much better than 2-step verification.