Forum Vulnerability Discussion Thread

  • They deleted my character after they stole my account and robbed my items. They send message 'include bad words' to support how can be this possible can we solve this problem someone help me please i send message to support im worry about they dont help me what should i do ?
  • skycerberus wrote:

    They deleted my character after they stole my account and robbed my items. They send message 'include bad words' to support how can be this possible can we solve this problem someone help me please i send message to support im worry about they dont help me what should i do ?
    In order to log-in to your account, this person/these people also needs access to your email or need to be told the log-in code by you. In addition to that, the data breach we communicated above does not contain usable passwords in the first place, and even if it did, again, log-in to the game won't be possible without access to your email account as well.

    Our logs show that your account was used by somebody else who lives in the same country as you. That person also has been playing Albion since a long time. We see these log-ins even before the data breach happened.

    That person is likely somebody that you actively shared your log-in with in the past or that has obtained your log-in by getting access to your email account or because you let your log-in and password pre-saved on somebody else's PC / Internet cafe.

    Our customer support is looking into your case to see what can be done about it.
  • Korn wrote:

    skycerberus wrote:

    They deleted my character after they stole my account and robbed my items. They send message 'include bad words' to support how can be this possible can we solve this problem someone help me please i send message to support im worry about they dont help me what should i do ?
    In order to log-in to your account, this person/these people also needs access to your email or need to be told the log-in code by you. In addition to that, the data breach we communicated above does not contain usable passwords in the first place, and even if it did, again, log-in to the game won't be possible without access to your email account as well.
    Our logs show that your account was used by somebody else who lives in the same country as you. That person also has been playing Albion since a long time. We see these log-ins even before the data breach happened.

    That person is likely somebody that you actively shared your log-in with in the past or that has obtained your log-in by getting access to your email account or because you let your log-in and password pre-saved on somebody else's PC / Internet cafe.

    Our customer support is looking into your case to see what can be done about it.
    Unlike you in my mail address, a code is sent to my phone, so even if no one can enter it, there is no way you do nothing but excuse here. Nobody has a password. You had a security breach and asked everyone to change their password, but I have been absent for 3 days. Do you want to help me or save yourself ? I think tell people that all their passwords should be changed twitter twich mail instagram all of them. Why are you closing the topic I opened in the forum ?

    The post was edited 1 time, last by skycerberus: I apologize for my bad english ().

  • Korn wrote:

    skycerberus wrote:

    They deleted my character after they stole my account and robbed my items. They send message 'include bad words' to support how can be this possible can we solve this problem someone help me please i send message to support im worry about they dont help me what should i do ?
    In order to log-in to your account, this person/these people also needs access to your email or need to be told the log-in code by you. In addition to that, the data breach we communicated above does not contain usable passwords in the first place, and even if it did, again, log-in to the game won't be possible without access to your email account as well.
    Our logs show that your account was used by somebody else who lives in the same country as you. That person also has been playing Albion since a long time. We see these log-ins even before the data breach happened.

    That person is likely somebody that you actively shared your log-in with in the past or that has obtained your log-in by getting access to your email account or because you let your log-in and password pre-saved on somebody else's PC / Internet cafe.

    Our customer support is looking into your case to see what can be done about it.
    wait, it you can see from logs that active account sharing is done, with people that play long..

    Why do you support this instead of ban it?

    Does it mean it is now okay to share account?
  • Hollywoodi wrote:

    wait, it you can see from logs that active account sharing is done, with people that play long..
    Why do you support this instead of ban it?

    Does it mean it is now okay to share account?
    Pretty sure it always has been a at your own risk type of thing since it can be monitored and you do need to provide access to the other user the first time they log in with the code from the e-mail.

    If it isn't, that could actually kill the way the economy of some guilds completely since officers of the guild manage guild crafting/refining alts that make income for the guild.
  • Deathskills wrote:

    Hollywoodi wrote:

    wait, it you can see from logs that active account sharing is done, with people that play long..
    Why do you support this instead of ban it?

    Does it mean it is now okay to share account?
    Pretty sure it always has been a at your own risk type of thing since it can be monitored and you do need to provide access to the other user the first time they log in with the code from the e-mail.
    If it isn't, that could actually kill the way the economy of some guilds completely since officers of the guild manage guild crafting/refining alts that make income for the guild.
    amazing, did not know that is tolerated.

    Is that granted & safe?
  • Hollywoodi wrote:

    Korn wrote:

    skycerberus wrote:

    They deleted my character after they stole my account and robbed my items. They send message 'include bad words' to support how can be this possible can we solve this problem someone help me please i send message to support im worry about they dont help me what should i do ?
    In order to log-in to your account, this person/these people also needs access to your email or need to be told the log-in code by you. In addition to that, the data breach we communicated above does not contain usable passwords in the first place, and even if it did, again, log-in to the game won't be possible without access to your email account as well.Our logs show that your account was used by somebody else who lives in the same country as you. That person also has been playing Albion since a long time. We see these log-ins even before the data breach happened.

    That person is likely somebody that you actively shared your log-in with in the past or that has obtained your log-in by getting access to your email account or because you let your log-in and password pre-saved on somebody else's PC / Internet cafe.

    Our customer support is looking into your case to see what can be done about it.
    wait, it you can see from logs that active account sharing is done, with people that play long..
    Why do you support this instead of ban it?

    Does it mean it is now okay to share account?
    Hey there,

    account sharing is of course not okay - and very risky on top of that.

    In our system, we of course cannot see directly that different actual people were using the account, we can see that the account was used on multiple different devices (which per se, is not a problem as people obviously often use multiple devices, play from somewhere else etc). However, in this case, unless the user in question "stole" from himself, it's obvious that somebody else than the account creator accessed the account. As stated above, when looking into this further, we can see that the account in question had quite a large number of different devices in the past. This happened already prior to the data breach, and again, the data breach does not contain usable passwords and even if it did, an attacker would still require access to the associated email account to do log-in to the account.
  • @Korn

    Is the file uploaded on 3rd party website containing databases passwords to puppet, jenkins, wiki, website, apis, albion_xxx databases and tokens fake or not?
    If yes, then is it possible that attacker could have create and download dumps of that databases? Don't these databases contain more data about players than forums database?
    Make HCE lvl 15+ BZ only
  • Wydoyolo wrote:

    @Korn

    Is the file uploaded on 3rd party website containing databases passwords to puppet, jenkins, wiki, website, apis, albion_xxx databases and tokens fake or not?
    If yes, then is it possible that attacker could have create and download dumps of that databases? Don't these databases contain more data about players than forums database?
    Hey Wydoyolo,

    while we can't go into the technical details, we have no indication that any additional databases were compromised.
  • Korn wrote:

    skycerberus wrote:

    They deleted my character after they stole my account and robbed my items. They send message 'include bad words' to support how can be this possible can we solve this problem someone help me please i send message to support im worry about they dont help me what should i do ?
    In order to log-in to your account, this person/these people also needs access to your email or need to be told the log-in code by you. In addition to that, the data breach we communicated above does not contain usable passwords in the first place, and even if it did, again, log-in to the game won't be possible without access to your email account as well.
    Our logs show that your account was used by somebody else who lives in the same country as you. That person also has been playing Albion since a long time. We see these log-ins even before the data breach happened.

    That person is likely somebody that you actively shared your log-in with in the past or that has obtained your log-in by getting access to your email account or because you let your log-in and password pre-saved on somebody else's PC / Internet cafe.

    Our customer support is looking into your case to see what can be done about it.
    So when should I wait for my tickets to be answered? Will my erased character come back?
  • Guys, i get stupid spam mail on this email account.

    I have no clou, if it is cause of the breach or whatever

    nevertheless i would really like to change my email on this account...

    As you obviously had an issue with my email adress and i feel no more safe with it, can you support changing it?
  • Hollywoodi wrote:

    Guys, i get stupid spam mail on this email account.

    I have no clou, if it is cause of the breach or whatever

    nevertheless i would really like to change my email on this account...

    As you obviously had an issue with my email adress and i feel no more safe with it, can you support changing it?
    Along with 2fa we should be able to change our accounts email address to a valid email that is not being used as an Albion account without having to go through Support.