Author Message

chenxueyu

Rank 0
Joined
06 Feb 2009
Posts
43
Location
Singapore
PostedApr 22, 2013 12:22 pm

Comprised Accounts

Yes, I have noticed quite a few comprised accounts myself... unfortunately... you guys have made the mistake on giving some of the accounts out to individuals who don't own the account... I can name one from a few months back that involved my account that you guys handed out to another individual... giving out all my personal information... I worked closely and diligently with a GM to get this matter resolved...only to find out today you guys suspended the account again for this issue again... so... Maybe you need to look also at your employees and how you guys handle these issues... My other account should have never been given out to another individual without all the answers to the questions you guys ask.. However you guys gladly gave it out with my personal information... Just pointing this out as you can blame and point the finger at everybody else.. However you may want to look internally as to why you guys give out accounts and personal information without getting all the answers to the account or account details in question...I also..can tell you if my account is not resolved this time I can also take legal action for your company giving out my personal information as well.. I know you will probably delete this message because of course your name / business cant take much more bad publicity... But again... I say...You guys aren't making this any better by giving out accounts without properly verifying the true account holder and leaving the true account holder's personal information at a security risk..
Advertisement

tatadracula

Rank 0
tatadracula
Joined
29 Jun 2012
Posts
18
Location
Italy
PostedApr 22, 2013 4:42 pm
What about using phone number to redeem lost/changed pasword (like in WoT). And another thing, is to easy to change e-mail adress ,i think it will be bether to have a permanent e-mail adress on aeria accounts (only if the e-mail provider close the web,we should be able to change it). I saw ,that if you want to change the e-mail ,aeria sends verification on the new adress ,not on the current e-mail like it should be! Anyway ,think about it and let us know Smile

Cheers ,DrackulA *,..,*

xXLynxReXx

Rank 0
xXLynxReXx
Joined
25 Jan 2013
Posts
101
Location
Norway
PostedApr 24, 2013 9:03 am
What about IP lock ? That only The IP address to the one owning the account can log on it ? I see allot of games have that now

Posted By Aeria Mobile

silverpelt13

Rank 2
silverpelt13
Joined
13 Jan 2011
Posts
595
Location
One of the Territories of United States
PostedApr 24, 2013 9:59 am
xXLynxReXx wrote:
What about IP lock ? That only The IP address to the one owning the account can log on it ? I see a lot of games have that now  


Personally, I find this as a bad idea, because a lot of people who play uses different computers ((I sometimes use my brother's, my school's and my computer) and What if their computer breaks down and they get a new one or they move somewhere else (I am soon) which also changes ip address. It might cause more problems.

It's a Strange Land here.........

xXLynxReXx

Rank 0
xXLynxReXx
Joined
25 Jan 2013
Posts
101
Location
Norway
PostedApr 24, 2013 11:38 am
silverpelt13 wrote:
xXLynxReXx wrote:
What about IP lock ? That only The IP address to the one owning the account can log on it ? I see a lot of games have that now  


Personally, I find this as a bad idea, because a lot of people who play uses different computers ((I sometimes use my brother's, my school's and my computer) and What if their computer breaks down and they get a new one or they move somewhere else (I am soon) which also changes ip address. It might cause more problems.  


they can add a IP Lock In ur account settings u Can add the IP for Home/Work/Multi Computer

i know one game that has it (runescape) and it works pretty well u just add the IP u want ur account to logg, on each IP u add u gotta Vertify it whit Mail =)

billdoor

Rank 5.1
billdoor
Joined
05 Aug 2008
Posts
6436
Location
Foldereid Norway
PostedApr 25, 2013 2:40 am
From the Kapersky findings:
 
In the autumn of 2011, a Trojan was detected on a huge number of computers – all of them linked by the fact that they were used by players of a popular online game. It emerged that the piece of malware landed on users’ computers as part of a regular update from the game’s official update server.  

Hummm...wonder which game that was. As far as I recall, the first instances of mass compromising of AP at Aeria happened after Eden Eternal was released? EE went open beta June 15th 2011. And from what I recall the first mass compromised AP was spent on EE items in October/November that year (I remember that well enough from being a Shaiya GS at the time, dealing with several players this happened to, myself included).

Not saying EE was the spreader of the plague, there were probably other popular MMOs being released around the same time. Just made me go hmmm...

SeasonsEnd/MadManMoon/Uigeadail - retired from Shaiya as of May 10th 2014.

nav13

Rank 5
nav13
Joined
12 Aug 2009
Posts
3967
Location
New York City United States
PostedApr 25, 2013 9:14 am
Mystic155 wrote:
Well one thing you can do to boost Account security is.

1:Email Change Verification(As in order for you to change your email, you have to verify it first on your original email that you are planning to change email)

Because if we do password change it would probably have to do it through email. But if they change your email and then try to do password change through email they would have access to it. Does this make sense?  


+1 was just talking to guildies about this.

nav13

Rank 5
nav13
Joined
12 Aug 2009
Posts
3967
Location
New York City United States
PostedApr 25, 2013 9:16 am
xXLynxReXx wrote:
silverpelt13 wrote:
xXLynxReXx wrote:
What about IP lock ? That only The IP address to the one owning the account can log on it ? I see a lot of games have that now  


Personally, I find this as a bad idea, because a lot of people who play uses different computers ((I sometimes use my brother's, my school's and my computer) and What if their computer breaks down and they get a new one or they move somewhere else (I am soon) which also changes ip address. It might cause more problems.  


they can add a IP Lock In ur account settings u Can add the IP for Home/Work/Multi Computer

i know one game that has it (runescape) and it works pretty well u just add the IP u want ur account to logg, on each IP u add u gotta Vertify it whit Mail =)  



Good idea here too.

xybolt

Rank 5.2
xybolt
Joined
10 Sep 2008
Posts
15077
Location
Balegem, flemish region Belgium
PostedApr 25, 2013 2:29 pm
silverpelt13 wrote:
xXLynxReXx wrote:
What about IP lock ? That only The IP address to the one owning the account can log on it ? I see a lot of games have that now  


Personally, I find this as a bad idea, because a lot of people who play uses different computers ((I sometimes use my brother's, my school's and my computer) and What if their computer breaks down and they get a new one or they move somewhere else (I am soon) which also changes ip address. It might cause more problems.  


there is a flaw in such security systems because in most countries, even in mine, ISP's are providing dynamic IP address to provide better security and services.

soon, those IP locks will bring problems at client side.

signature of xybolt

explosiveone

Rank 0
Joined
07 Apr 2013
Posts
134
Location
Netherlands
PostedApr 25, 2013 3:27 pm
runescape's programmers jagex got a new system where you can add pc's to trusted.
its optional.
you can set 5 security answers which never can be changed.
when you want to log in from another pc you get a pop up that its protected by that system and you get redirected to a screen which gives 3 questions out of the five at random.

if all 3 are correct you can add the device (that pc) to trusted list, for a specific time or permanent. you can also delete it.

maybe something like that here would work as well.

and indeed the email idea mentioned above.

Forum account of ExplosiveOne
Display posts from previous:   Sort by: