I haven’t played DDO in over a year so I can’t say how things are there, but since F2P launch the number of compromised LOTRO accounts have skyrocketed.
Luckily, I was online at the time. My kinship had just finished an instance run about a week-and-a-half ago and were in the process of reloading back into the world when I got the message that I was being disconnected because I had just logged into the Brandywine server. Huh? Suspecting the worst, I immediately hit up the Turbine Account page and changed my password then re-logged back into the game, which would boot the hacker offline just like I had been minutes earlier.
I was lucky, and did that before the hacker had time to switch servers to where my active characters are.
Other kin-mates have not been so lucky. Two days after my attempted hack, one of the kin’s main hunters was hacked while he was at work. I was in-game at the time, as were a few other regulars, and wondered why he wouldn’t talk to us. Our kinship leader just happened to login and notice the odd behavior then noticed the hunter trying to clean out the chests in our kin-house, so kicked him (and all alts) from the kinship until the mess was straightened out. Later the hunter logged in again — this time the real player — standing naked at the mailbox. Gold gone, armour, weapons, vault, etc. had been cleaned out.
Tonight, my kin leader was also hacked. It’s an ongoing process as I write this — we’re all in Ventrilo together as Turbine gets to him. They did reset his in-game password so he could login, but they also automatically apply a one-hour ban on the account, which just expired a few minutes ago. So far all of his characters were standing at the mailbox but only his gold is missing. All armours, etc. and vaults are intact. Permissions were altered to the kin-house, however, so apparently more of us are still being targeted. Our kin-leader is down roughly 500 gold, but in the big scheme of things, that’s probably not of much value anymore. Armour is bartered these days, and cannot be bought. His crafting materials and Symbols of Celebrimbor would go for much more on the Auction House than Turbine would give him as a condolence prize.
The forums are going crazy with threads of compromised accounts. Turbine’s primary response? “It’s not our fault. Check your PC for keyloggers.”
Turbine also has a No Rollback policy, which is retarded. No, I don’t think they should rollback every little thing, because that makes it too easy for players to game the system, but having an immobile policy to never, under any circumstance rollback a character even when proven beyond a shadow of a doubt that it was compromised is equally retarded. Even Blizzard will do a character rollback.
I’m not buying the “it’s not our fault” and “it’s always a keylogger.” It’s been documented and proven numerous times that when creating an account, your account info is sent via unencrypted plain text. If your email account is compromised, bingo. Second, thanks to the Skirmish Leaderboards, it is incredibly easy to see all the players. Near as we can tell, it shows either your forum username (in my case, my game and forum usernames were the same) or your game username (our hunter has never signed up for the forums, so we easily found his game login on the leaderboards). At that point, passwords can be brute-force hacked.
LOTRO readers, consider this a forewarning and go change your login password, and make it something separate from your forum login if you have one. I’ve still not seen a single gold farmer spam, but I’m hearing the prices on the LOTRO gold selling sites has recently risen (also coincidentally after the F2P launch) so they’re going after as much gold as they can get, any way they can get it. Apparently why farm the gold when you can just steal it?
Posted in Lord of the Rings Online, MMO by Scott Geeding with 6 comments.