Popular Post hrtbrk Posted July 19, 2015 Popular Post Share Posted July 19, 2015 Hi everyone! It's that time again where we like to send a friendly reminder on account security and how you can protect your account. Over the past week, there have been an large amount reports of accounts being broken into, affecting people who view the Neoboards, pet pages and neomails. But fret not, there are a few ways you can protect yourself! Always remember to log out. This is an important, and easy step in preventing your account from being compromised. Doing so issues you a new cookie, which is something that remembers you every time you go back to the website. It is what account thieves steal from you in order to gain access to your account, so by logging out and logging back in, it makes the cookie that the thief may have become obsolete and unable to gain access to your account! Frequently change your password/do not use the same password for every account.While cookie grabbers cannot gain access to your password, it it still a wise choice to update your password every few months. Make sure you choose something that is not easy to guess, and have it contain a string of different numbers, letters, and characters. Put a PIN on everything.Making sure you have a PIN on everything that is important to you will help prevent any items, neopoints - or worse - pets - from being removed from your account. Turn OFF Advanced Neomails, NeoHTML and other fancy font effects. It is suspected that cookie grabbers (CGers) are being embedded into Neomails as well as on Neoboards. It is recommended that you enable Plain Text Neomails in your user preferences as well as going into your neoboard preferences and disabling the fancy text as well as hiding Neo-signatures. This should block any malicious script that is hidden in these features. NOTE: If you receive a suspicious neomail, it has been advised to not open it up. Use other browsers and their plugins!If you absolutely have to view a pet page, it is suggested to do so on a browser that you do not use for Neopets. It is also being suggested that if you MUST view the Neoboards to do so on a side account so your main won't become compromised. Additionally, a lot of browsers offer plugins that will allow you to block requests from websites other than Neopets. Doing so will stop the cookie grabber exploit from happening. Popular plugins to do this are NoScript and RequestPolicy (any script blocking plugin will do). If you choose this option, remember to white list requests from Neopets ONLY. Additionally, always make sure your browser and their plugins (including Flash) are up to date. If something is too good to be true, it probably is.A lot of compromised accounts have had their expensive, rare, pets thrown into the pound as well as their galleries emptied into the Money Tree. Remember that if you see these things that it is probably too good to be true and you should not be tempted by cheap items appearing around Neopia as they came from a compromised account. It could be a trap or could end with you being reprimanded for it. We hope these small tips and practices can help protect you around Neopia. For an extensive look at account security, please view our guide! weezieb3, Spritzie, Scoobert_Doo and 9 others 12 Quote Link to comment Share on other sites More sharing options...
Dawn* Posted July 19, 2015 Share Posted July 19, 2015 I was just thinking the other day that a lot of people have come on here saying they can't log in, and then comes out they have been forzen! Thanks for the reminder! I just set a PIN for bank, pets, etc. Quote Link to comment Share on other sites More sharing options...
GayAlbinoRobot Posted July 20, 2015 Share Posted July 20, 2015 Man, that isn't good at all to hear. I put a PIN on everything, hopefully that'll keep me a bit safe. Quote Link to comment Share on other sites More sharing options...
dicegrrl Posted July 20, 2015 Share Posted July 20, 2015 Another tip I found was to put your favorite pet's petpet in Grave Danger as they can't be adopted or transferred while the petpet is being used for that game. Quote Link to comment Share on other sites More sharing options...
Oquendof Posted July 20, 2015 Share Posted July 20, 2015 I don't understand this: "If you absolutely have to view a pet page, it is suggested to do so on a browser that you do not use for Neopets. It is also being suggested that if you MUST view the Neoboards to do so on a side account so your main won't become compromised." I mean, are we in danger if we see someone else pet page?? Or by going into the neoboards?? Quote Link to comment Share on other sites More sharing options...
hrtbrk Posted July 20, 2015 Author Share Posted July 20, 2015 I don't understand this: "If you absolutely have to view a pet page, it is suggested to do so on a browser that you do not use for Neopets. It is also being suggested that if you MUST view the Neoboards to do so on a side account so your main won't become compromised." I mean, are we in danger if we see someone else pet page?? Or by going into the neoboards?? Yes, you are in danger if you view someones pet page or go onto the Neoboards without taking these preventive measures. It is suggested to view the boards on a side account, as if it becomes compromised, you will not lose your main account as it is typically more valued than a side account in several ways. Mouseykins 1 Quote Link to comment Share on other sites More sharing options...
Mouseykins Posted July 20, 2015 Share Posted July 20, 2015 Another tip I found was to put your favorite pet's petpet in Grave Danger as they can't be adopted or transferred while the petpet is being used for that game. That unfortunately won't really do anything. If your account becomes compromised the password can be changed and your account can be emptied out. For your pet even though its petpet is in Grave Danger all they have to do is wait it out and then do what they wish. It's not a safety measure. The items listed in the first post on this thread are your best ways at protecting your account. :) Quote Link to comment Share on other sites More sharing options...
MysteryAF Posted July 20, 2015 Share Posted July 20, 2015 Actually I heard it's a bad idea to change your password because the new password goes to your cookies and the hacker obtains it immediately. Same with adding a PIN to everything. I guess NoScript would help with that though. Quote Link to comment Share on other sites More sharing options...
Mouseykins Posted July 20, 2015 Share Posted July 20, 2015 Actually I heard it's a bad idea to change your password because the new password goes to your cookies and the hacker obtains it immediately. Same with adding a PIN to everything. I guess NoScript would help with that though. That is completely incorrect! Please do not simply rely on everything you hear and classify it as the truth. With situations like this it's easy for people to panic and others like to spread false information that becomes misleading. The steps that we have listed in the top post are correct and will help to keep your account safe. Passwords and PINS that you set for your account do not get logged in your cookies. If you're worried about cookies being logged or whatever then just clear your cookies and cache, which won't really do much because every time you log out, you're issued a new cookie. Quote Link to comment Share on other sites More sharing options...
MysteryAF Posted July 20, 2015 Share Posted July 20, 2015 Well I'm super paranoid about losing my account so I didn't know what to believe.. >.< I think that a hacker will be able to get into pretty much any account they want to with brute force, but maybe I'm just being stupid again. .-. Quote Link to comment Share on other sites More sharing options...
mtsparky Posted July 20, 2015 Share Posted July 20, 2015 I had some security measures in place before now on lock down, but Im still a little freaked about shops. What about quests, feeding kads and the employment agency? Using sides, which is also against rules!? Why hasn't TNT made an announcement to inform, quell rumors and general paranoia? Do we even know if it was cookie grabbers? Quote Link to comment Share on other sites More sharing options...
Mouseykins Posted July 20, 2015 Share Posted July 20, 2015 Well I'm super paranoid about losing my account so I didn't know what to believe.. >.< I think that a hacker will be able to get into pretty much any account they want to with brute force, but maybe I'm just being stupid again. .-. The precautions listed above including not visiting petpages and the neoboards are the best ways to secure your account. If you visit those pages do them from a different browser and from a side account. :) I had some security measures in place before now on lock down, but Im still a little freaked about shops. What about quests, feeding kads and the employment agency? Using sides, which is also against rules!? Why hasn't TNT made an announcement to inform, quell rumors and general paranoia? Do we even know if it was cookie grabbers? Yes it was cookie grabbers causing the termoil and they're still out there. So far shops and userlookups have been safe. That may change yet as well. For now it's isolated to those two areas. The best thing is remember to log out each time or after you've been to an area where you're questioning it's security. Also NoScript or other script blocking browser add-ons are a good thing to have as well. :) mtsparky 1 Quote Link to comment Share on other sites More sharing options...
Dawn* Posted July 21, 2015 Share Posted July 21, 2015 How is visiting neoboards unsafe? What can people post in the neoboards that can compromise others' accounts? I mean, the filters are ridiculous... Quote Link to comment Share on other sites More sharing options...
hrtbrk Posted July 21, 2015 Author Share Posted July 21, 2015 They add a cookie grabber into their signature/post. Mouseykins 1 Quote Link to comment Share on other sites More sharing options...
Hannah. Posted July 21, 2015 Share Posted July 21, 2015 Does anyone know if it is possible for cookie grabbers to also get our PINs? My guess is probably not because I thin we just enter them in once and it doesn't store it. But I am not sure what the browser does or doesn't save. Quote Link to comment Share on other sites More sharing options...
hrtbrk Posted July 21, 2015 Author Share Posted July 21, 2015 CGers cannot get your pins, that it why it is a very crucial tool to prevent items/pets/nps from being stolen. Hannah. 1 Quote Link to comment Share on other sites More sharing options...
MysteryAF Posted July 22, 2015 Share Posted July 22, 2015 Why does Neopets seem to be the only website with this problem? I doubt it's the only site but it's the main one. If you search "how to stop cookie grabbers" on Google, about every link is about Neopets. There's clearly an issue with the security on Neopets. CGers cannot get your pins, that it why it is a very crucial tool to prevent items/pets/nps from being stolen. They also can't get your birthday either. Adding a birthday login is very useful for not getting your account hacked. Dawn* 1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.