Account hacked?

[maldoror122]

I just logged in today, and I could already tell something was wrong when they actually asked me for my password to log in (usually when I open the neopets page I am already logged in as I use the same computer every day obviously)

 

So I had a bad feeling and the first thing I did was go to my bank account and when I saw the big shiny 1 np interest per day, I knew I was screwed. :rolleyes_anim: I had 475k (so that not much, really), but still :crying: At least the hacker was nice enough to leave me with 615 npts :rolleyes_anim:

 

I also checked my stockmarket portfolio, also cleaned up :sad01_anim: (had 220k invested, hoping to get the sell sell avatar in the long run)

 

So how did this whole thing happen? (something with cookie grabbers, I guess?) And can I do anything about it? I suppose I should send a ticket on the help page? :angry:

[Masaryk]

CGers are annoying!!!!

 

Unfortunately, the only thing you can do about it is change your password and start earning back your lost neopoints. If you send in a ticket, there is a chance that TNT will freeze your account temporarily to keep the scammer from accessing it again. You won't get your neopoints back.

[thehka]

would adding a pin # to everything help prevent this? im just wondering cause im so paranoid about that stuff hahah :guiltysmiley:

[Viridian]

I would say it would help, but maybe a pin gets saved in your cookies as well.

 

Safest advice? Don't click on links that go somewhere outside of neopets, and if you see really cheap items (codestones for 1np), it may be too good to be true.

[maldoror122]

I would say it would help, but maybe a pin gets saved in your cookies as well.

 

Safest advice? Don't click on links that go somewhere outside of neopets, and if you see really cheap items (codestones for 1np), it may be too good to be true.

Still trying to figure out how it happened :crying: I did not buy any cheap items recently and I don't recall being sent to a link outside of neopets. Oh well.

[Viridian]

maldoror, they can also be hidden on petpages and whatever not.. It's a mean business. If you can't get your account back, you can always start all over again and ask for help from your friends :) There are several members on this forum who had to do that.

[maldoror122]

maldoror, they can also be hidden on petpages and whatever not.. It's a mean business. If you can't get your account back, you can always start all over again and ask for help from your friends :) There are several members on this forum who had to do that.

Oh, well, the person didn't change my account password or anything, so I just got myself a new password and will probably get myself a PIN for all my stuffs too :king: I only lost my money, and they didn't touch my pet, so I am not too upset.

 

Thanks for the support :laughingsmiley:

[Vixensykerd]

If you get a pin then it shouldn't be stored in your cookies, but just in case I clear my cookies every time I close down my cookies (or, at least, I have my options set to do it for me). In firefox thats under "tools", "Clear recent history".

 

Like Viridian said, its a really mean bussiness - they can be hidden in shops, petpages, petlookups, and even websites that some people post on these kind of forums! If you ever see anything pop up and then dissapear quick, clear your cookies and change your password as soon as you can. And from now on? Just work on getting your stuff back :(

[maldoror122]

If you get a pin then it shouldn't be stored in your cookies, but just in case I clear my cookies every time I close down my cookies (or, at least, I have my options set to do it for me). In firefox thats under "tools", "Clear recent history".

 

Like Viridian said, its a really mean bussiness - they can be hidden in shops, petpages, petlookups, and even websites that some people post on these kind of forums! If you ever see anything pop up and then dissapear quick, clear your cookies and change your password as soon as you can. And from now on? Just work on getting your stuff back :(

 

Can you explain this again? Are you saying every day before you turn off your computer you go clear the recent history under tools? I just did that, but was wondering if there was a way for the computer to automatically delete cookies after every so and so time. :)

[Guest Lost Deserter]

No no no, don't get all paranoid about CG'ers. Look, the BEST advice I can give you, IF you suspect CGs (this is not be done after you got "cleaned out", but before) on a petpage or somewhere else, be sure to immediately log out of the account, and then log back in. You see, the CG will take the old cookie, and when you log out, it invalidates that session (aka the cookie). When you log back in, a new cookie will be created. So even if they get your old cookie, they can't do anything with it since it's invalid.

 

It works something like this: imagine the login page, you log in. The code is this:

 

<?php 
@session_start;
?>

 

That's for creating the cookie when you log in successfully.

 

On EVERY single page of Neo there is a @session_start; line of code. This is to not only create your session, but validate it. Every page needs to see if you're logged in. The act of creation of the session is only once (log-in page), but that line of code does two things: if the session is already created, it validates it.

 

The logout page has this:

 

<?php
@session_start;
@session_unset;
@session_destroy;
?>

 

This validates to see if you're logged in and then destroys the session cookie. Most of the times there is a $_COOKIE['any_variable_name_here']; to validate cookies as well, but that's more technical PHP code. This is the basics of creating a log in system and how I assume they do it (I'm a web developer).

 

And remember, ONLY CG'ers on Neo can take your Neo cookie. Only those, not another site.

[maldoror122]

Thanks so much for the advice!

 

That seems very logical. :laughingsmiley:

[dragonlady]

Actually yes, there is a way to make your browser automatically do that for you...

 

In firefox, you go to Tools, then Options-under the Privacy tab you will see your settings for cookies. There is a spot that says "Keep Until" and a dropdown menu, you can make the selection "when firefox closes". I believe the default setting here is "until they expire".

If you choose to change this, you'll have to log in the long way every time you go to neopets and other sites, but it does automatically clear your cookies every time you close the browser. It's been a long time since I regularly used a browser other than firefox, but it's a similar process to make these changes to IE, etc :)

 

I should have been doing the same for my browser, I haven't because it makes me have to go through a lengthy process of identification every time I go to my banking site. In retrospect I should have, because now I have to worry about what other private data they acquired.

I just lost 16 million to a cg'er over the weekend myself. Masaryk_the_Mad is correct-I submitted a ticket and tnt did immediately freeze my account, I have yet to hear back from them after a couple of emails so I'm guessing it's going to take awhile to get it back. I didn't know that they didn't ever return any losses, or I wouldn't have bothered filing a ticket either :sad01_anim:

 

I didn't have anyone ask me for any account info, and I didn't click on any links that took me off the neopets site-I didn't even view anyone's lookup or petpage-the only thing I know of out of the ordinary is that I replied to a strange neomail from someone I didn't know asking if I was online. I get neomails from strangers regularly about battles and trades, if I can't answer those without fear of a scammer I have no idea how to handle high-value trades.

[IrishLiz]

Actually yes, there is a way to make your browser automatically do that for you...

 

In firefox, you go to Tools, then Options-under the Privacy tab you will see your settings for cookies. There is a spot that says "Keep Until" and a dropdown menu, you can make the selection "when firefox closes". I believe the default setting here is "until they expire".

If you choose to change this, you'll have to log in the long way every time you go to neopets and other sites, but it does automatically clear your cookies every time you close the browser. It's been a long time since I regularly used a browser other than firefox, but it's a similar process to make these changes to IE, etc :)

 

I should have been doing the same for my browser, I haven't because it makes me have to go through a lengthy process of identification every time I go to my banking site. In retrospect I should have, because now I have to worry about what other private data they acquired.

I just lost 16 million to a cg'er over the weekend myself. Masaryk_the_Mad is correct-I submitted a ticket and tnt did immediately freeze my account, I have yet to hear back from them after a couple of emails so I'm guessing it's going to take awhile to get it back. I didn't know that they didn't ever return any losses, or I wouldn't have bothered filing a ticket either :sad01_anim:

 

I didn't have anyone ask me for any account info, and I didn't click on any links that took me off the neopets site-I didn't even view anyone's lookup or petpage-the only thing I know of out of the ordinary is that I replied to a strange neomail from someone I didn't know asking if I was online. I get neomails from strangers regularly about battles and trades, if I can't answer those without fear of a scammer I have no idea how to handle high-value trades.

 

Weird. I thought that neomails and trades were still okay.

 

Man, this whole CG thing is complex!

[Octopus]

Sorry to hear that, but hey, 475K will be back before you know it :).

 

*sigh* Why do people have to mess with other people's accounts? They really should try to do the hard work of earning NPs, trophies, etc. themselves!

[Guest Lost Deserter]

Sorry to hear that, but hey, 475K will be back before you know it :).

 

*sigh* Why do people have to mess with other people's accounts? They really should try to do the hard work of earning NPs, trophies, etc. themselves!

 

For profit. Most of the they don't want to keep the account, just take away some funds here and there and resell them to buyers for whatever currency strikes their fancy. Middlemen, so to speak.

[Secre]

It seems like one heck of an effort to go to for virtual money...and yet a sure way to really upset people when you take into account the amount of time we put into accounts...

[Viridian]

Some people sell NP for real life money though, it's probably hardly for Virtual money at all.

[Guest Lost Deserter]

Some people sell NP for real life money though, it's probably hardly for Virtual money at all.

 

Exactly right. Virtual money is traded, sure, but it mostly relies on USD and other real life currency.

[GyniE]

I really hate the mentality that they can buy 1 mill NP for $10, so they use USD to buy NP. Because they make $20-$50/hr working, they think that they can get 2-5mill NP/hr. Instead of spending one hour on Neopets, they spend an extra hour working and buy NP.

 

That is a stupid mentality, because Neopets is suppose to be fun, and most of the Neopoints sellers, steal them or buy very cheap from the thieves and then resell, i.e. middlemen.

 

So by buying from them you are supporting these thieves who are stealing from you and your friends in the first place. Never trust them as you might get scammed or worse frozen.

 

Never ever buy NP.

[maldoror122]

Exactly right. Virtual money is traded, sure, but it mostly relies on USD and other real life currency.

That's kind of, uh, pathetic. :guiltysmiley:

 

Seriously, it's just a gaming website. Way to ruin the fun for everyone. <_<

[youber12]

Just be sure to have the add-on no script and keep it updated. Also do not click on cheap codestones or map pieces in user shops without checking the link first to make sure it is a neopets link. If you do these two things, you should be safe.

[Nyssa]

I feel really bad for you :( thank god you still have your account.

 

Rebuilding is less hard to actually do than how it feels. Good luck!

 

And yeah people can be really really pathetic..

[quit]

I'm sorry you NP got stolen. At least they didn't transfer any pets away, right? I guess that's not much of a consolation... but I would rather someone steal my points than my pets.

[Bloom]

I'm sorry that happened to you. D: It definitely must be very painful to see hard work go to waste. D:

 

I would recommend pin numbers. If you think about it, it will be twice as hard for a hacker to get in. They would have to search not only your real password but your pin number too. And to be honest, I don't think the pin number is really stored in your cookies. If so, then just clean it out once a week. (:

[Spritzie]

I would recommend pin numbers. If you think about it, it will be twice as hard for a hacker to get in. They would have to search not only your real password but your pin number too. And to be honest, I don't think the pin number is really stored in your cookies. If so, then just clean it out once a week. (:

 

Just to add, PINs are NOT stored in cookies. So I agree 500%. Add a PIN. Don't be afraid to add it to everything. You'll get used to having to enter it after awhile.