Transmigration the Charming wrote:
That sucks, hope it gets fixed soon.
Any idea how it happened? Did you give your login info to anyone? Logged in to anything weird?
I really hope they didnt simply hack into the Lodestone again...
I've never logged in from another device other than my own PC.
No one knows my account information.
The only programs I have on my PC are WoW and ARR.
The only websites I access on this PC are ZAM, my e-mail, and my350z.com (lol).
I do not type my PW out, it's copy pasted.
I regularly sweep for malicious programs and keyloggers.
The last time I got an account compromised was about 5 years ago, so I'm not sure how it happened.
Most account compromises happen one of five ways in situations like this:
1> Phishing. You are, in some manner, convinced to enter your login credentials or other PII into a website run by a malicious intruder, often disguised as a legitimate website to which you'd normally login. For example, if someone knows you have a yahoo account, they may make a website that looks like yahoo and even contains the string "yahoo.com" in the url (such as "www.yahoo.com.malicious-jerk.com") and email or otherwise notify you that you need to visit it and login. Be careful what websites you visit, be mindful of the SSL certificates issued by the websites you're planning to enter any authentication details into, and don't click links in email purporting to be from someone you trust - you never know who really sent it.
2> Weak password. A lot of people use weak passwords that can be brute-forced by simply trying large amounts of strings in rapid succession, usually by way of an automated process. Others use passwords based on publicly-available information such as a spouse's, child's, or pet's name, birthday, etc. Instead, spice it up. Phrases are easy to remember and mathematically more secure than simple, shorters strings of random characters! https://xkcd.com/936/
3> Another account you have is compromised. This could be as bad as an email account, but you may have also unwhittingly signed up for a website or other service that stores your password in plaintext. If their database server has been compromised - and if they're storing passwords in plaintext, their databases probably aren't going to be secured properly! - those who compromise it would then have access to that password and anything else stored in that database such as your email address, etc. If you've used that password and username or email address combination elsewhere, it can easily be used to compromise more of your accounts as well.
4> Account resets. A lot of services provide a password reset mechanism whereby a malicious intruder can reset your password easily if they have access to your email account, or perhaps even simply to a variety of public-available personal information (such as those sites which ask for "security questions" like what school your went to, and use information which is frequently non-private.) Nonsense/false/non-guessable answers should always be used to answer these questions.
5> Your computer has been infected with malware. In this case, you're pretty well up a creek, as anything from key loggers to screen caps could've been employed against you in addition to things like simply grabbing files from your hard drive - and if you stored passwords in files that weren't encrypted, you're even further up a creek! The answer here isn't simple. Be careful what software you run, be careful what websites you visit. Anti-virus/anti-malware products are far less effective than their vendors would have you believe.