Got hacked. Need advice/help/miracle?

[pyrofyr]

That is horrible.

I'm going to tell you right now, I've also had my Gmail hacked in a similar manner ([email protected]) it was almost a year ago though. while I frequented forums I never downloaded hacks on the same PC I would play on, and I would check them up and down before running any of them, and anything dodgy wasn't worth my time.

With that said, contact Gmail proved fruitless, how did you manage to get YOURS back? I had contacted Gmail with all kinds of info including personal information and everything and got NOWHERE.

Now I do everything the way you've stated (and have been for over a year) where I keep all my stuff connected to my domain that has a password not written anywhere on my PC but only IRL.

I'm not sure how people manage to do these things, but I sincerely hope you can get this fixed Assault. If it was me I'd just boycott Nexon.

The only time I still use [email protected] is for MSN because it's secured with MSN without me having to own the actual account in question.


By the way, how was it you were able to get your Gmail account back? I tried their online form and that failed, but I found no other contact for them.

[Assault]

Yeah it seems Gmail sucks badly in terms of security. Unfortunately I was trying to do quite a few things at the same time, securing my passwords on other things (like PayPal, where my business goes through), sorting out Gmail, and trying to sort out my MS accounts, but I had too many things to juggle and it was impossible to keep an eye on the hacker while sorting out everything.

The way I got my Gmail back is that I made sure I had all the info written down for it... date of creation, some people that I e-mail regularly through it, the titles of my "folders" (I'd created some just for this purpose), and some other stuff, used their forms, and got it back within about 10 mins. They refused the first time, but when I reset the exact same info a second time, they reset it for me. I then deleted any extra info from it, set up pop access, and set my mail client to download and delete from server. It took about 40 mins but obviously this was my priority while the hacker was "busy" taking my MS items (which I could do nothing about anyway, so why bother). I then closed that Gmail account entirely.

I have 10 or so domains, with maybe 50 or 60 e-mail addresses set up on them, but only 1 forwarder per domain, so I had to go in and change all of those, which was my priority of course, which is how the hacker managed to slip by me and get into Gmail. I'd been sat there with the info window up (where it shows your last 5 IPs used to log in) refreshing it so I could kick them, but obviously I had to change windows to do other things, so I must have missed them during a couple of minutes.

It could have been avoided, but anyone with computer knowledge will know that it's a lot longer and harder to clean up a mess than it is to create one - so the hacker has the upper hand in terms of time. Fortunately, it was some slow script kiddie and I was able to protect myself mostly. Just a shame they managed to get my MS accounts.

I'm still e-mailing Nexon about it though. They're not being helpful yet but I hope if I keep on at them, everything will be fine. I had a problem a few months ago where I lost a few billion in items during a server check (my mushroom store closed, but the items never reached the NPC to get them back), and miraculously after Nexon refusing that there was anything wrong, the items turned up suddenly.

But telling me there's absolutely nothing wrong with their security, and that I must have either given out my info or had my info phished by one of the LOLFREENX.com websites is just insulting.

[pyrofyr]

Thanks for the info, it's still horrible that they got your account, but man, at least they didn't get anything else, because having access to your email and stuff can be like the worst.

To be honest I really wouldn't use gmail if it wasn't for the looks, because the security is **** which is why I normally just have it grab from my domain, but man I love the look.

Oh and as for Nexon being insulting, they always are, and it's like they don't' even realize it too, which is even worse. I hate dealing with tickets for anything because even if you need help they just insult you or don't even send a message back.

[MapleWolf]

Dang, I read your story Assault, hopefully NX can get the hacker and you can get some more back from NX.
Really sorry about all that crap you've had to deal with :/


Edit: I think im gonna think twice about all the questionable ms websites I've accesed lately, *_*'

[Assault]

I used Gmail since I have 10+ domains and wanted to be able to access my e-mails on my desktop, laptops and phone. Evidently that was a bad choice. Gone back to pop boxes and a normail e-mail client. If I'm out I'll just have to wait to check my mails............

If anyone has Gmail I'd highly recommend coupling it with pop access, downloading all your e-mails, and deleting anything "private" from your Gmail account in case anyone gains access. Apparently it sucks.

I'm still not sure if I will continue playing. I'm not gonna simply boycott Nexon since that's cutting off my nose blahblahblah, since it's still a fun game and friends play it. I'm sure me not buying any NX won't have much effect on them. I've been refunded $290 of NX though (still not sure what the hell for, they didn't mention it), so I might even just pump that back into gacha to fund myself and make a Corsair. We'll see how Nexon replies and how pissed I still am in a week or two lol

[F50 NOS]

F50, thanks for the advice, but I did not have a Trojan, keylogger, nor a virus. I think I made that quite clear in the first post! :) I'm not new to computer security. All of this happened through Nexon.net exploits, brute force, and bad security on behalf of sites like Gmail. If I was keylogged, the hacker would simply have logged into my account rather than having to take the time to use exploits and break into my e-mails. They would also have known about other accounts I had, and not only the two on which I charged NX.

I don't know whether you were keylogged or not. All I know is that there is something on your computer stealing data from you. A Gmail password uses a minimum of 8 characters. Almost 100 (98 to be exact) characters can fit in those spaces. That makes AT LEAST 98^8 possible combinations assuming you ONLY use 8 spaces. In the timeframe that you provided, it would be IMPOSSIBLE to gain access to your Gmail account by BRUTE FORCE. So clearly, something is going on.

Nexon.net is pretty bad, or so I hear. I cannot validate that. However, I can say that Gmail is fine.

Oh, ads and exploited websites can install malware on your computer just by simply downloading the web page. Just something to think about.

[emailbox]

I don't know whether you were keylogged or not. All I know is that there is something on your computer stealing data from you. A Gmail password uses a minimum of 8 characters. Almost 100 (98 to be exact) characters can fit in those spaces. That makes AT LEAST 98^8 possible combinations assuming you ONLY use 8 spaces. In the timeframe that you provided, it would be IMPOSSIBLE to gain access to your Gmail account by BRUTE FORCE. So clearly, something is going on.

Nexon.net is pretty bad, or so I hear. I cannot validate that. However, I can say that Gmail is fine.

Oh, ads and exploited websites can install malware on your computer just by simply downloading the web page. Just something to think about.

Unless his password is a random string of symbols, I'm pretty sure it would be a word/number or combination of these, in order to be able to remember it well. I don't know about you, but I pick passwords that I'd be able to dig up simply by looking back in my memory.

[Assault]

I don't know whether you were keylogged or not.

I wasn't.

All I know is that there is something on your computer stealing data from you.

No, there wasn't.

A Gmail password uses a minimum of 8 characters. Almost 100 (98 to be exact) characters can fit in those spaces. That makes AT LEAST 98^8 possible combinations assuming you ONLY use 8 spaces. In the timeframe that you provided, it would be IMPOSSIBLE to gain access to your Gmail account by BRUTE FORCE. So clearly, something is going on.

My original password was 12 characters with a combination of letters, numbers, and special characters. The guy still got into it. I changed it, and he got in again (after about 15 mins), changed it again and he took another 20-30 mins to access it again. He even came onto MS and whispered me on a character saying that he was trying to get into my Gmail (this was while I was sorting other stuff out). There's clearly something wrong with Gmail. If I was keylogged, it wouldn't take him 20-30 mins to get into it. He would simply type the password in.

Oh, ads and exploited websites can install malware on your computer just by simply downloading the web page. Just something to think about.

I don't visit dodgy websites, I have ads off, and most flash etc not displaying. If I was keylogged I would just say "bah" and move on, since it would be my own fault, but I've been using the Internet since I had a 2400 baud modem and there were hardly any websites, and I've never once been hacked.

[F50 NOS]

Being around the Internet for so long, I'm sure you heard of other ways of gaining data. Keyloggers are not the only way of compromising your e-mail. Not once did I mention keyloggers specifically. I just mentioned malware. There are things like trojan horses that can compromise your e-mail. More specifically backdoors and packet sniffing to name a few.

Also, I'm sure you're aware that even legit sites have been exploited before, and malware had been uploaded. A famous one I remember was USA.Asus.com/. And back then, there weren't even any ads on the site. Simply opening up the web page was enough to download malware unknowingly.

The point I'm trying to make is that Gmail isn't at fault here. If Gmail was so flawed that a password could be retrieved in 20-30 minutes, a lot more accounts would be compromised, not just yours, and Gmail would be getting a lot of heat right now.

[Assault]

This thread isn't for arguing with me about whether or not you think I was keylogged etc. My Gmail was compromised, but that wasn't even the main problem, since nobody should even be able to request a new password for my MS accounts without knowing all of my information.

I'm not discussing it any more. It's annoying enough that this happened, without having to have an Internet argument about the semantics of the situation.