phaolo: I don't remember and I can't find it again, sorry.
apehater: i can't remember too, that a known forum user account was hacked. that only new accounts are hacked is suspicious and reminds me of the "witcher removed from account" threads one month ago.
It has not been just new accounts, its been new and old accounts, but most of them are relatively inactive accounts. A lot of them seem to be users who have "come back" for TW3 only to discover their account has been hacked. The most likely scenario seems to be the "same password used on multiple sites" issue, combined with a compromise of a different unrelated site that exposed those passwords.
Ciris: Hi!
First off, I'd like to apologise to all who have experienced account hacking on our site over the past couple of days. We're hard at work to make this less of an issue and less likely to happen - but I understand how frustrating it must be to lose access to your games.
Having said that, there's a new measure that will help us pick up on hacked accounts more easily.
If your account e-mail changes, you will get an automated message.
It
that looks like this and has the new e-mail address, the old one, the IP currently in use (together with estimated location), and the OS and browser of the current user.
If you get such a message and it wasn't you who changed the email address, contact us.
Use the link at the end of the message ("contact our support team") to let us know it happened. You'll be redirected to our
contact form -
here's an example of how to fill that in.
We do our best to get back to hacked account emails as soon as possible, and to change the e-mail addresses as quickly as we can and restore the fully functional accounts to their rightful users.
IMPORTANT: 1) When contacting us regarding a hacked account, you
must replace the e-mail address with one you have access to - otherwise, our reply will end up at the hacker's e-mail address, which you have no control over or access to.
2)
Please do not send multiple requests to support - if you do, your request is pushed to the back of the queue again. If you feel the need to add more details to your support request without getting bumped back, you can do so by replying to the automated support reply you will get with your Ticket ID.
3) As soon as you get access to your account back,
please change your password. It may be a simple thing, but please don't forget. It will mean the hacker once more lost access to your account for sure.
This is a great start, but the bigger problem is you guys seem to reset the password back to its original when restoring an account. If the real account owner is not sitting on their E-mail waiting for the password, the hijacker can just get right back in. You need to institute a system of resetting the password to something random instead of re-using the old password. You also need to get serious about two-factor authentication. No major site these days doesn't at least offer that as an option.
