takarifreak Posted July 26, 2010 Share Posted July 26, 2010 So I login today (after being logged out for some reason, though firefox went through an update), to find my active pet has changed...okay. I log into my other account on another browser to find one of my beloved pets is GONE, and replaced with another, and is currently on someone else's account. Now, I am the only one who lives here, and thus the only one with access to my account. My computer could not have been hacked indirectly, as in the time I was gone, my computer was completely powered down and unplugged! Nothing else seems to be amiss...so how the heck could this have happened? I've changed my password just in case, but even if I send a report in, will my pet be returned? This happened sometime in the past 10 or so hours, and it was one of my favorite pets too! Anyone else ever have this happen? Quote Link to comment Share on other sites More sharing options...
Spritzie Posted July 26, 2010 Share Posted July 26, 2010 You said you had been logged out. So I'm assuming you mean you left it logged in and left the computer for an amount of time, to come back and find yourself logged out? That could be the result of a CG, which would explain how they got your password.(But I'm not sure. I'm not real well informed with the ways of CGs.) Do you have a PIN on anything on your account? My guess as to what happened, if someone accessed your account, it looks like they traded pets with a different account. I've never heard of this happening, though when someone accesses someone's account, they could do anything they wanted. Quote Link to comment Share on other sites More sharing options...
takarifreak Posted July 26, 2010 Author Share Posted July 26, 2010 My computer gets entirely powered off at night via a power switch (which includes everything attached to it). No one else has access to my computer as I live alone, and since the entire thing was powered down, there is no remote access to my PC while I'm not at it. I was not entirely shocked at first when my account was logged out when I returned from work, as firefox was updating at the time (which has, on occasion, kicked me from a login on a site in the past). I did notice a small amount of NP taken from my account (my bank interest rate went down by 100 NP), but other than that and the pet change, my account appears to be completely untouched. That's what really gets me...if someone really did hack into my account, they could have done whatever they wanted with it! I did send a report, hopefully I get a response. This really stinks too, since she was one of my prized pets! I can't ever get it back either, since she was a grandfathered Plushie Aisha! Unless a miracle happens and they return my pet, I'm totally out of luck : ( Quote Link to comment Share on other sites More sharing options...
Spritzie Posted July 26, 2010 Share Posted July 26, 2010 If someone used a CG, it wouldn't require your computer to be on, to get onto your account. Once they had your information, they could log in whenever. And since you're missing NP too, that kinda reinforces that someone messed with it. And if you had an UC pet, that is a big reason someone would focus on that, instead of messing with anything else on the account. You never know. I don't know what TNT would do in these circumstances, but I'd like to think they'd freeze the person who took it, and hopefully return it to you. Quote Link to comment Share on other sites More sharing options...
Lamppost Posted July 26, 2010 Share Posted July 26, 2010 What's a CG? I also live alone and frequently leave myself logged in, so now I'm concerned that a similar thing might happen to me, or that I might be subjected to a CG. Quote Link to comment Share on other sites More sharing options...
Viridian Posted July 26, 2010 Share Posted July 26, 2010 What's a CG? I also live alone and frequently leave myself logged in, so now I'm concerned that a similar thing might happen to me, or that I might be subjected to a CG. (I am not a professional, but this is what I know) CG is short for Cookie Grabber. Neopets stores your login information (username, password) in a cookie, so that you can stay logged in over the time that you are playing. Cookie Grabbers are little pieces of code, a program so to speak, that downloads the cookie from Neopets from your computer. Mean people hide them in stores, petpages, userlookups .. etc. Neopets is trying to fight Cookie Grabbers, but as soon as they find a way to stop them the CGers find a new method of getting the Cookies. The easiest way to defend yourself against Cookie Grabbers is have a plugin installed which blocks all scripts... http://noscript.net/ < works for firefox. It blocks all scripts, which includes those of Cookie Grabbers... You will have to allow scripts to work on other sites though. I personally do not use it anymore, but people have recommended it to me before. (I have used it before, but I am too lazy to allow all the scripts from other sites all the time :P ) Quote Link to comment Share on other sites More sharing options...
Lamppost Posted July 26, 2010 Share Posted July 26, 2010 (I am not a professional, but this is what I know) CG is short for Cookie Grabber. Neopets stores your login information (username, password) in a cookie, so that you can stay logged in over the time that you are playing. Cookie Grabbers are little pieces of code, a program so to speak, that downloads the cookie from Neopets from your computer. Mean people hide them in stores, petpages, userlookups .. etc. Neopets is trying to fight Cookie Grabbers, but as soon as they find a way to stop them the CGers find a new method of getting the Cookies. The easiest way to defend yourself against Cookie Grabbers is have a plugin installed which blocks all scripts... http://noscript.net/ < works for firefox. It blocks all scripts, which includes those of Cookie Grabbers... You will have to allow scripts to work on other sites though. I personally do not use it anymore, but people have recommended it to me before. (I have used it before, but I am too lazy to allow all the scripts from other sites all the time :P ) Wow, that's positively awful. So the only way to defend it is to block scripts? And you decided it's not that big of a risk? Perhaps I won't worry about it then. Quote Link to comment Share on other sites More sharing options...
takarifreak Posted July 26, 2010 Author Share Posted July 26, 2010 This account has been FROZEN for the following reason: Due to potentially suspicious activity on this username, it has been frozen for the owner's protection. This can include falling for a scam or entering information into a fake login page. If you would like information on getting this account back, please contact us by clicking here. The person who 'stole' my Aisha has ALSO been frozen. This certainly seems to be a good sign. I'll wait a day or two before I send in the frozen account form just so I can give them time to work their stuff and whatnot, and so I'm not harassing them. I'm shocked as it is it took less than 8 hours to get something to happen! I pretty much used all the characters in the form to explain what happened, including the timeframe in which it occurred (which was only 11 hours) and what the only IP I accessed my account from, as well as the fact I was the original creator of the pet 9 years ago and that she never has been moved; info I know they can verify. That probably made it a heck of a lot easier to research on their end. I've been helping a friend of mine on an alternate account we share finish NQ II anyway (she was in an auto accident years ago and is now mentally disabled), so I do have a way to spend my time in the interim. The only thing I CAN'T tell, however, is which account the Aisha is now on, since both accounts are frozen. Hopefully they can move her back to my account. It's obviously they believed me enough to investigate at least. I'm still wondering how the heck this happened. My account has never been compromised before, and due to the PC being off, I know it was not remote hacking, so that pretty much leaves cookie grabbing...but I've been using firefox, which I thought was immune to such threats (or so was the case years ago). I am careful where I browse. The only think I can think of is that maybe they had a cookie grabber in their shop (if that's even possible), since I have been buying about 8 codestones a day for training. A few of them have been insanely underpriced (I refresh the shop wiz so often I'm shocked I haven't been shop wiz banned, if they even still do that), so I suppose I could have been sucked in on accident, and the fact that I have (well, had) two grandfathered pets made me even more of a possible target once the info was gotten. It's possible I was not the only victim of this person...all 4 of their pets were grandfathered pets, yet their account is not old enough to have obtained those pets on their own. Of course, I have no way of knowing WHEN they got the other 3 pets so I'm just guessing. I'll keep you guys posted on any updates. Quote Link to comment Share on other sites More sharing options...
Spritzie Posted July 26, 2010 Share Posted July 26, 2010 Just so you know in the future, I don't believe there is any browser that is immune to CG. So you just have to be extra careful in the future. I hope they straighten it out, and you get your Aisha back. Quote Link to comment Share on other sites More sharing options...
bears54fan Posted July 26, 2010 Share Posted July 26, 2010 Good Luck! I hope you get it back! That is really strange that is all they took, a few NP and the pet! It sure is scary out there! Quote Link to comment Share on other sites More sharing options...
Viridian Posted July 26, 2010 Share Posted July 26, 2010 Wow, that's positively awful. So the only way to defend it is to block scripts? And you decided it's not that big of a risk? Perhaps I won't worry about it then. It's not much of a risk to me, because my neopets activity is limited to my dailies... I hardly ever go to pet lookups or the like. And yes, it is aweful. To stay on topic. You can send in the form now, the sooner the better! Good luck getting your account unfrozen :) Quote Link to comment Share on other sites More sharing options...
IrishLiz Posted July 27, 2010 Share Posted July 27, 2010 This account has been FROZEN for the following reason: Due to potentially suspicious activity on this username, it has been frozen for the owner's protection. This can include falling for a scam or entering information into a fake login page. If you would like information on getting this account back, please contact us by clicking here. The person who 'stole' my Aisha has ALSO been frozen. This certainly seems to be a good sign. I'll wait a day or two before I send in the frozen account form just so I can give them time to work their stuff and whatnot, and so I'm not harassing them. I'm shocked as it is it took less than 8 hours to get something to happen! I pretty much used all the characters in the form to explain what happened, including the timeframe in which it occurred (which was only 11 hours) and what the only IP I accessed my account from, as well as the fact I was the original creator of the pet 9 years ago and that she never has been moved; info I know they can verify. That probably made it a heck of a lot easier to research on their end. I've been helping a friend of mine on an alternate account we share finish NQ II anyway (she was in an auto accident years ago and is now mentally disabled), so I do have a way to spend my time in the interim. The only thing I CAN'T tell, however, is which account the Aisha is now on, since both accounts are frozen. Hopefully they can move her back to my account. It's obviously they believed me enough to investigate at least. I'm still wondering how the heck this happened. My account has never been compromised before, and due to the PC being off, I know it was not remote hacking, so that pretty much leaves cookie grabbing...but I've been using firefox, which I thought was immune to such threats (or so was the case years ago). I am careful where I browse. The only think I can think of is that maybe they had a cookie grabber in their shop (if that's even possible), since I have been buying about 8 codestones a day for training. A few of them have been insanely underpriced (I refresh the shop wiz so often I'm shocked I haven't been shop wiz banned, if they even still do that), so I suppose I could have been sucked in on accident, and the fact that I have (well, had) two grandfathered pets made me even more of a possible target once the info was gotten. It's possible I was not the only victim of this person...all 4 of their pets were grandfathered pets, yet their account is not old enough to have obtained those pets on their own. Of course, I have no way of knowing WHEN they got the other 3 pets so I'm just guessing. I'll keep you guys posted on any updates. The most common way of being CGed right now that I've heard of on the forums and such is buying underpriced codestones in shops. You have to be super careful about what links you go to - if you hover your mouse over a link, the link should appear at the bottom of the browser window. I'm not even buying codestones right now because I don't want to take a risk. A RSer on the forums said that they were CGed from buying a codestone that wasn't even the cheapest on the wiz. I hope that everything gets straightened out. I have no idea whether TNT can get a pet back in this situation. I certainly hope so! At least they didn't mess with a bunch of other things. Quote Link to comment Share on other sites More sharing options...
takarifreak Posted July 27, 2010 Author Share Posted July 27, 2010 Well, I sent in a ticket with more details than I think they needed (I took like an hour to write it all and check it), hopefully I'll hear something back soon. Getting the account back shouldn't be a problem, but I'm worried I won't get my pet back : ( I've started to think of backup pets and names to fill her place if need be, but she will always hold a special place in my heart. At the very least, I still have old screenshots of her Fountain Faerie Quest. Quote Link to comment Share on other sites More sharing options...
Chic_Sammy Posted July 27, 2010 Share Posted July 27, 2010 Takarifreak- Be sure to keep us updated please. My account was frozen for my protection yesterday. I have no idea if anything was stolen, pets moved, etc. The more I investigate on the interwbs, the more and more I see frozen accounts and hopeless situations. :( I am silently mourning my account. I had this happen to me last year and did not get my account back. I tried relentlessly for two months trying to get Neopets to pay attention to my situation. All I got was robot generated emails everytime. With this new customer support thingy, with ticket numbers, I really hope they have fixed this problem. I am debating whether or not to just fly to California lol. Good luck, speaking as someone who has been though this before and now again, I really hope you get your account and your pet back. Quote Link to comment Share on other sites More sharing options...
quit Posted August 2, 2010 Share Posted August 2, 2010 Surely there must be something TNT can do about this. With all the coding they disallow on userlookups and shops why is this stuff getting through? TNT needs to think up some preventative measures. Instead all it is is freezing right and left. Some of it is 100% ridiculous, like the bad names freezing. Instead of freezing people who are supposedly using bad names, they should focus on important matters like the CGers. Quote Link to comment Share on other sites More sharing options...
Sheta Posted August 2, 2010 Share Posted August 2, 2010 Ok, now I'm scared of CGs...I didn't even know what they really were, I just knew they were dangerous...,I downloaded that noscript thing and I hope that it will help meD: I don't want to loose my accounts...Perhaps I should change my password for something different on all of my accounts... Quote Link to comment Share on other sites More sharing options...
Spritzie Posted August 2, 2010 Share Posted August 2, 2010 Ok, now I'm scared of CGs...I didn't even know what they really were, I just knew they were dangerous...,I downloaded that noscript thing and I hope that it will help meD: I don't want to loose my accounts...Perhaps I should change my password for something different on all of my accounts... I would definitely recommend having a different password for each account. Even if it's just varied by a few letters, or numbers... that's better than everything being the same. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.