Frozen!?!

[Masaryk]

I had hardly been on Neopets today, which was a stark contrast to a normal day. When I finally made it home, I checked all my pages, and everything was fine. I came back to my computer an hour or two later, and refreshed the Kad board, and it brought me to the login page. I've been randomly logged out before, so I wasn't too worried, but when I logged on again, my account was frozen. with the following message:

 

This account has been FROZEN for the following reason:

 

You may have either fallen for a scam or submitted your account information to a fake login page. If you have submitted your account information to a "Neopets Moderator" or "Admin" scam page, just know that we will not be unfreezing the account. If you would like information on getting your account back, please contact us by clicking here.

 

 

If you think the above reason was applied to you by mistake, please contact our support staff by clicking here. Don't forget to include your USERNAME and explain why you think your account should not have been frozen. If you DID break the rules, please do not contact us again. Your account will NOT be unfrozen and you will not get your Neopet or items returned. But, you are welcome to create a new account, as long as you follow the rules.

 

I was kind of worried this was coming. The other day, I got an email from TNT, telling me my login information. I filled out the abuse form for this, since I had sent no requests for login info. I immediately changed my password, but that evidently didn't help, since someone stole my new password.

 

I'm currently running a spyware scan to see if I picked up something malicious, but I'm generally a VERY safe net user. I've never had a major trojan, keylogger, virus, or anything else, so it seems unlikely that it would happen now. I don't understand... :(

[̊ ˉˉ ̊]

Wow.

 

I hope you get it back. (but if you can't, I still have a few things of value left on my neopets account I could give you)

[lazycrazykitten]

Oh no!!!! Not another one. Man, people are getting their accounts stolen left and right. Then again, maybe it's good that you got frozen and hopefully not anything to bad has happened to your account. Hopefully you'll get it back soon. :crying_blow:

[antiaircraft]

Aww man, I'm sorry to hear about that. :( Neopets crackers and scammers... seriously, they're just pathetic.

 

Unfortunately, there are many ways in which your password can be stolen, and not all of them involve malicious software on your computer... you might want to take a brief look at the 'Things to watch out for' section of this article.

 

Good luck getting your account back! If you do need help starting up again, I can always toss a few things your way. :yes:

[hrtbrk]

OH! That's horrible *hugs*

I remember you mailing me about this haha. Good thing you sent in a report about being scammed. Hopefully they'll give it back to you!

Remember as much as you can when you send your request!!

 

 

EDIT: I just checked at it looks like frostgleam is still attached to your account!

[Sapphy the Swamp Witch]

That's just awful :(. I really hope you get it back, I'd hate to have that happen to my account. Good luck.

[Ashbash]

I'm very sorry to hear this, I hope everything gets sorted out and you get your account back.

[Masaryk]

Thanks for all of your support, guys! I've always said that the people here are my top reason for sticking with this forum, and you you guys are proving yourselves again as being great and wonderful!

 

I ran two different spyware scans and a virus scan, and both came up clean, so at least my system is safe. I'll have to check my mum's computer, since it's the only other computer I've logged into Neopets from in the past few months. The only other thing I can think of is the inident that heartbr3ak mentioned: a couple weeks ago, I got a random "Can we be friends?" neomail from someone. So I checked out their lookup, and they seemed to be not horrible, so I neomailed them back and told them that they could neomail me. They sent me a normal neomail, immediately followed by a "check out my pet!<insert link>" neomail. I did not follow their link, but I went back to their user lookup, and things were different. Their "about me" was completely different, one of their pets had been abandoned, and I think that their shield had changed to reflect a very different account age from 5 minutes earlier. I reported them, just to be on the safe side.

 

Then, two days ago, I got an email from Neopets, giving me my account information, which I hadn't requested. So, thinking that my account had been compromised, I sent in the abuse form to TNT. I was immediately advised to change my password, which I did. I also set a PIN for everything, but if someone hacked my new, two-day-old password, I'm sure my PIN was useless protection too.

 

I just hope I can get my account back. I don't really care about the neopoints, or most of my stuff, but I want my pets back. I also what all of my site trophies back (plots, DD, Gamesmaster Challenge) and KQ tokens. Neopoints can be earned again, and there's only a couple items I had that I really cared about (only because they were plot prizes). And then there's the matter of all my avatars. Game avatars are hard enough to earn once (sometimes), and that's a lot of collateral for lending to earn again.

 

Well, I guess I've been considering a side account for a while now. I best get to work on that...

[Deepti M.]

Aww. :( That's horrible. I hope you get your account back. Random neomails are weird, and freaky. That's why I send them. :P But, I do hope you get your account back. Seems like you put a lot of work into it.

[Masaryk]

Well, I made a new account to keep me busy until I (hopefully) get my account back. I won't be changing my account information here just yet, though. I'm remaining optimistic that I will get my old account back. How long does it usually take to get a response back from TNT on these matters? This would have to happen right at the beginning of the weekend. I miss my pets! At least it's good to hear that Frostgleam wasn't stolen.

[antiaircraft]

Well, TNT's response time is mostly dependent on luck... they sometimes respond pretty quickly, and they've also been known to never get round to responding. Generally it's somewhere in between though - with a bit of luck, it should be within the next week. :)

[Lia Seeya]

Oh my, I'm so sorry about your account! :( I do hope TNT gets back to you soon.

 

Nuu! Frostgleam! D: At least she's still there. *crosses fingers and hopes the account is returned soon*

[Lion]

Aw. :(

 

It sounds like your account could of been CGed or something. That's just IMO though.

 

I sure hope you get it back soon.

[lovedwallflower]

my goodness these people are really sad! its just a game, why dnt they let everyone else enjoy it?? jeez.

 

anyways hope it all gets sorted out for you :)

[Xepha]

GL with the suppot woes.

 

:(

 

If anything, change your EMAIL password. That's how they got you, most probably. Oh and the secret question as well.

[antiaircraft]

Also, one commonly used trick to keep control of compromised accounts is to set their password reminder e-mail address (or whatever equivalent) to an e-mail inbox controlled by the cracker. If you get your account back, you might want to check that's set properly as well. :yes:

[Masaryk]

Thanks for your support again everyone. I'm trying to enjoy my new account as I (im)patiently wait to hear back from TNT. But I really do miss my pets. I WANT FROSTGLEAM BACK!!!!!

 

V: Thanks for the suggestion. I've emailed my mail admin to see if my account has been acceseed and to ask for a password change.

 

AA: When I changed my password the other day, I checked my email address, and it was correct. I'll be sure to check again when (fingers crossed) I get my old account back.

 

 

EDIT: There was no suspicious activities on my mail account. I changed my mail password anyway.

[onime_no_kai]

Ugh, I'm so sorry that happened to you!! The same happened to my old main at the beginning of March (same as my UN here, onime_no_kai.) And after 3 months I STILL haven't figured out how it happened.

 

I'm a 22-year-old honest player, I'm not dishonest/greedy/naive enough to give out my password or any account info, or to click any suspicious links. My pass was not an easily-crackable one. I use only my personal laptop to log in to Neo; I use Firefox with the AdBlock and NoScript add-ons plus the immunize function of Spybot S&D, and I'm just generally a pretty careful internet user, I'm no "computer expert" but I know enough to keep myself reasonably safe. And even with all that -- I was home for spring break, went to bed with my account intact and woke up to find it stolen (still active, but I couldn't log in, and whoever stole it not only had my PIN but actually got into my email, disassociated my email from Neo entirely, and deleted the evidence -- only reason I knew about that bit was that I could still get into my sides and I had a message from TNT about the email being removed from Neo.) Unlike you I *did* have something on my comp, which makes me strongly suspect it was a keylogger -- I ended up having to change my passwords on a whole bunch of RL stuff as well as my Neo accounts and reimaging the computer to make sure it was gone. And I don't know where the thing came from. All I can think of is that it *had* to be somewhere on Neo itself, because I KNOW I didn't go offsite from Neo, and if I got it from an unrelated site why on Earth would they care about my Neopets account? o_O

 

So, yeah, over 4 years hard work down the drain; and though I contacted TNT, they froze it too late to prevent most of my good stuff being stolen and my Draik from being pounded (I did get *very* lucky on that one thing; the person who adopted him was innocent and when I explained the situation was willing to return him. I will always be grateful to that kind person.) Then when I did an account recovery form, TNT sent me a form email basically just telling my why my account was frozen, and I was like, duh, I know *why* it was frozen you idiots, I *asked* you to freeze it for me and it took you too long! :grrr: And somehow...after it had been hacked into, I just didn't really want it back anymore, it was kind of ruined for me anyway. So I made my current account because I want to keep playing, but I don't think I'll ever be able to play Neo again without worrying -- not to be a fear-mongerer or anything, but I honestly think someone's found yet another coding loophole and TNT either refuses to admit it or hasn't bothered to do anything about it. I certainly don't go to user-editable areas of the site any more than I can help anymore, because the only thing I can possibly think of that I went to was someone's UL that seemed a bit off somehow. Most people who fall for scams do indeed trap themselves with their own greed; but there are people like you and I who honestly didn't do *anything* whatsoever wrong and there's no way to prove it, and that really bothers me.

 

Anyway, the moral to my rather long and rambling story is this: I know what it's like, and I really hope you can get your account back. I wish you the best of luck; and I would recommend keeping a very close eye on your accounts as well as any RL stuff you do on the comp, on the off chance there *is* something on your computer like there was on mine (my AV didn't catch whatever I had either, but my computer started running like molasses and it threw a fit when I tried to update Spybot.)

[linder_angel]

Wow I really hope you get it back :( I can't believe people HAVE to cheat and steal on neopets. It's a game and kids play this game.

[Masaryk]

It really is sad that there are people who feel the need to steal other peoples' pixels. It's not like certain other online games where virtual stuff seems to have some RL monetary value. This is a Flash games site, with cute pets.

 

Onime_no_kai, I'm sorry to hear that this has happened to you too. But I'm glad to hear that you got your account back, and, especially, your Draik. I think that it' really important that people share their hacked account experiences. Other people need to know that this is something that can happen to anyone, regardless of age, account age, computer experience, etc. This isn't just something that happens to newbies and people with no computer skills.

 

And it may have been my "fault" that I got hacked. I have recently visited ULs to try to gauge the trustworthiness of people neomailing me. Maybe there was some bad script in there. I also recently borrowed a Meowclops from someone on the Avatar boards. That may have gotten me targetted because some lurker thought that I might have lots of neopoints (I had close to 7 million). I will definitely be watching what I do from now on, which basically means no more neoboard until I get Premium and ignoring every neomail and neofriend request from anyone I don't know.

 

So, right now, I'm sitting here with my new account, wondering how much I should be doing on it, because all I can think about is getting my old account back. I don't want to build this account up too quickly, since I have hope that I'll get my old account back soon, but there's no point in just letting my new account sit there either. For the other unlucky people like me whose accounts have been hacked, how much effort did you put into your side accounts while waiting to hear back from TNT?

[onime_no_kai]

Agreed wholeheartedly about some peoples' need to steal pixels. :P And actually, I *didn't* get my old account back (the Draik is waiting on my oldest side until my new account ages enough to send him there.) But then again I didn't try too hard; after getting the pointless form letter *after* pretty much everything had been cleaned out, I was just so upset that I didn't even send in anything else, my faith in TNT was pretty much shot. And while I do sometimes miss my old av count and trophies, I think just starting afresh was the right decision for me. But it isn't for everyone, so I really do hope you get your account back. From what I hear persistence is key, so if you want your account keep trying, and send mails consistently until you get some kind of actual response (not so many that it gets annoying, but maybe one or two a week -- I've known several people who got no response until they pretty much bombarded TNT with emails.)

 

Also, if your account was stolen through something on Neo itself, that is absolutely NOT your fault -- it's TNTs for either not fixing the problem or refusing to admit there is one in the first place. Going offsite with a bad link because one's greed overrides good judgment is one thing; but it's another thing completely to innocently browse ULs and just happen to pick a malicious one. We should be able to be safe on Neo -- I should be able to visit ULs and shops without the least fear that something will happen, and I can't. I'm not somebody who normally badmouths TNT, I agree with or at least understand most of their policies; but I absolutely cannot understand their head-in-the-sand mentality about things like onsite scams. It's true that it's rare, but denying that it can ever happen is ludicrous (and a complete lie, it's happened at least once before in my time on Neo.) Supposedly their rationale is that they don't want to cause a panic or make people feel unsafe. Personally, I feel much more unsafe knowing how long it takes TNT to even admit to themselves that there's an actual problem, let alone go about fixing it; and that even if they do eventually figure it out and fix things, I as just another user won't have any way to know if it's still a problem, or ever be able to prove that I had no hand in the loss of my account. As long as TNT stubbornly pretends that no one could ever find a coding loophole and that *everyone* who ever gets scammed is unquestionably to blame for their own misfortune, innocent accounts will be lost and thieves will get away with their misdeeds.

 

As far as what to do with your current account -- IMHO, if you're really banking on getting your old account back soon, then it's probably best to be patient and treat your new account like a side in the short term. How long you're willing to wait is up to you; if it starts taking a while to get a response, then you might as well start using your new account as a main. If nothing else, if you suddenly do get your account back several months down the road (sometimes it does take that long), you can make the decision then whether to keep your new account as your new main, or whether to switch back to your old account and convert your new one to a side.

[Masaryk]

I got a response back from TNT about my account. The email claimed that they were not clear on what my problem was, which may be correct, since I was sending in the contact form at 3 am and I had been previously imbibing.

 

EDIT: I filled out the form and sent it back in again. This is the response i got:

 

Hello,

 

Thanks for your email. Unfortunately, the information you provided does not match any in our records. If you cannot give us the correct info requested, we will not release any information about the account in question.

 

If you cannot provide: the correct birth date for this username, previous passwords in the account that only the person who created it would know, provide or write from the email address that created the account, list pet equipment, stocks you have bought, active trades or auctions you have, names on your Neofriends list, etc ... we will have to consider this issue closed.

 

 

I am completely beside myself. I entered my birthday correctly, as many neofriends as there was room for, all of Frostgleam's equipment, every email address I have used with this account... I don't know what else to do. I guess I could submit another report with my previous passwords, but that's about it. Suggestions, anyone...please! I'm getting desperate.

[Sapphy the Swamp Witch]

That's TNT :(. Unless you're a premium member and fill out the special forms, they won't pay much attention to you, usually. I'm really sorry! -_- Try previous passwords, though, and double check all your information. Do you have records of previous trades too?

[hrtbrk]

...What? How does that even work out? You cannot change your birth date, so how could that be wrong? lol TNT is weird.

If it helps, we did a trade. I have no idea what I gave you or the price I offered though so it might be moot... haha

[antiaircraft]

Just remarking on a previous point: there's an inherent security risk incurred when you have a site which people can place their own code on. No matter what measures you put in place, somebody will almost always find a way to place a script of some sort, possibly even an exploit, on that site (unless you place impossibly ridiculous restrictions on that code). The ever-changing nature of internet specifications and differences in the way browsers conform (or don't conform) to those specifications serve to compound the problem.

 

Basically what I'm saying is that if somebody's found a loophole in TNT's system, TNT isn't necessarily to blame. To be frank, a browser should not give passwords (or even password hashes) to a script under any circumstances, bar the user explicitly saying so of course. Unfortunately, vulnerabilities exist. :(

 

May I know what browser you were using when you viewed those lookups by the way? If you were using a recent version of Firefox, you've likely found a security bug, and I'd appreciate it if you could point me to some of the lookups so I could poke around and perhaps refer them to the security team. :yes: