well, im fucked.
Forum Vulnerability Discussion Thread
This site uses cookies. By continuing to browse this site, you are agreeing to our Cookie Policy.
-
-
Question
Where can i change my email for my account ?
Can someone help pls -
They deleted my character after they stole my account and robbed my items. They send message 'include bad words' to support how can be this possible can we solve this problem someone help me please i send message to support im worry about they dont help me what should i do ?
-
skycerberus wrote:
They deleted my character after they stole my account and robbed my items. They send message 'include bad words' to support how can be this possible can we solve this problem someone help me please i send message to support im worry about they dont help me what should i do ?
Our logs show that your account was used by somebody else who lives in the same country as you. That person also has been playing Albion since a long time. We see these log-ins even before the data breach happened.
That person is likely somebody that you actively shared your log-in with in the past or that has obtained your log-in by getting access to your email account or because you let your log-in and password pre-saved on somebody else's PC / Internet cafe.
Our customer support is looking into your case to see what can be done about it. -
Korn wrote:
skycerberus wrote:
They deleted my character after they stole my account and robbed my items. They send message 'include bad words' to support how can be this possible can we solve this problem someone help me please i send message to support im worry about they dont help me what should i do ?
Our logs show that your account was used by somebody else who lives in the same country as you. That person also has been playing Albion since a long time. We see these log-ins even before the data breach happened.
That person is likely somebody that you actively shared your log-in with in the past or that has obtained your log-in by getting access to your email account or because you let your log-in and password pre-saved on somebody else's PC / Internet cafe.
Our customer support is looking into your case to see what can be done about it.
The post was edited 1 time, last by skycerberus: I apologize for my bad english ().
-
Sending email ingame would be a good ideaMy YT channel - Solo greataxe killing everything https://www.youtube.com/user/DhaosNK/video=7
-
Korn wrote:
skycerberus wrote:
They deleted my character after they stole my account and robbed my items. They send message 'include bad words' to support how can be this possible can we solve this problem someone help me please i send message to support im worry about they dont help me what should i do ?
Our logs show that your account was used by somebody else who lives in the same country as you. That person also has been playing Albion since a long time. We see these log-ins even before the data breach happened.
That person is likely somebody that you actively shared your log-in with in the past or that has obtained your log-in by getting access to your email account or because you let your log-in and password pre-saved on somebody else's PC / Internet cafe.
Our customer support is looking into your case to see what can be done about it.
Why do you support this instead of ban it?
Does it mean it is now okay to share account? -
Hollywoodi wrote:
wait, it you can see from logs that active account sharing is done, with people that play long..
Why do you support this instead of ban it?
Does it mean it is now okay to share account?
If it isn't, that could actually kill the way the economy of some guilds completely since officers of the guild manage guild crafting/refining alts that make income for the guild. -
Deathskills wrote:
Hollywoodi wrote:
wait, it you can see from logs that active account sharing is done, with people that play long..
Why do you support this instead of ban it?
Does it mean it is now okay to share account?
If it isn't, that could actually kill the way the economy of some guilds completely since officers of the guild manage guild crafting/refining alts that make income for the guild.
Is that granted & safe? -
Please. Give. Us. 2FA. Please. I don't like losing my personal information to some low lifes. Super unacceptable from a company as yours thriving the way you are. Especially not implementing 2fa yet.
-
Hollywoodi wrote:
Korn wrote:
skycerberus wrote:
They deleted my character after they stole my account and robbed my items. They send message 'include bad words' to support how can be this possible can we solve this problem someone help me please i send message to support im worry about they dont help me what should i do ?
That person is likely somebody that you actively shared your log-in with in the past or that has obtained your log-in by getting access to your email account or because you let your log-in and password pre-saved on somebody else's PC / Internet cafe.
Our customer support is looking into your case to see what can be done about it.
Why do you support this instead of ban it?
Does it mean it is now okay to share account?
account sharing is of course not okay - and very risky on top of that.
In our system, we of course cannot see directly that different actual people were using the account, we can see that the account was used on multiple different devices (which per se, is not a problem as people obviously often use multiple devices, play from somewhere else etc). However, in this case, unless the user in question "stole" from himself, it's obvious that somebody else than the account creator accessed the account. As stated above, when looking into this further, we can see that the account in question had quite a large number of different devices in the past. This happened already prior to the data breach, and again, the data breach does not contain usable passwords and even if it did, an attacker would still require access to the associated email account to do log-in to the account. -
@Korn
Is the file uploaded on 3rd party website containing databases passwords to puppet, jenkins, wiki, website, apis, albion_xxx databases and tokens fake or not?
If yes, then is it possible that attacker could have create and download dumps of that databases? Don't these databases contain more data about players than forums database?Make HCE lvl 15+ BZ only -
Wydoyolo wrote:
@Korn
Is the file uploaded on 3rd party website containing databases passwords to puppet, jenkins, wiki, website, apis, albion_xxx databases and tokens fake or not?
If yes, then is it possible that attacker could have create and download dumps of that databases? Don't these databases contain more data about players than forums database?
while we can't go into the technical details, we have no indication that any additional databases were compromised. -
Korn wrote:
skycerberus wrote:
They deleted my character after they stole my account and robbed my items. They send message 'include bad words' to support how can be this possible can we solve this problem someone help me please i send message to support im worry about they dont help me what should i do ?
Our logs show that your account was used by somebody else who lives in the same country as you. That person also has been playing Albion since a long time. We see these log-ins even before the data breach happened.
That person is likely somebody that you actively shared your log-in with in the past or that has obtained your log-in by getting access to your email account or because you let your log-in and password pre-saved on somebody else's PC / Internet cafe.
Our customer support is looking into your case to see what can be done about it.
-
I'm still waiting for someone to take care of me now. How long do I have to wait?
-
Well, got my email, change my password and checked my account just in case...
Everything seems to be fine now...
Also, +1 to 2FA petition
Im planning to go back to this game as soon I have some more free time -
Guys, i get stupid spam mail on this email account.
I have no clou, if it is cause of the breach or whatever
nevertheless i would really like to change my email on this account...
As you obviously had an issue with my email adress and i feel no more safe with it, can you support changing it? -
Hollywoodi wrote:
Guys, i get stupid spam mail on this email account.
I have no clou, if it is cause of the breach or whatever
nevertheless i would really like to change my email on this account...
As you obviously had an issue with my email adress and i feel no more safe with it, can you support changing it?
-
skycerberus wrote:
I'm still waiting for someone to take care of me now. How long do I have to wait?
will get in touch with support to enquire about the status of your case. They'll get in touch with you shortly.
@Hollywoodi please contact our customer support in order to change your email. -
Are you aware that the threat actor is claiming to have compromised more than the forum/forum databases?
twitter.com/UnderTheBreach/status/1317561761579569156
(shoutout to @Creen)
How exactly did you find the root cause / confirm that the threat has been contained / ruled out lateral movement to other systems/assets?
-
Share
- Facebook 0
- Twitter 0
- Google Plus 0
- Reddit 0