By continuing to browse this website or by clicking on the X, you consent to the use of cookies that enable us to collect site-visit statistics and offer you videos, share buttons, personalized ads, and a chat feature. Learn more and set cookie preferences X

FR EN DE ES IT PT
Browse forums 
Ankama Trackers

Farewell Dofus and all our Dofus friends

By daSantaStalker - FORMER SUBSCRIBER - April 18, 2019, 01:14:50
AnkaTracker
Reactions 41
Score : 618

I'm sorry, and I mean this in the nicest way possible, but it's mind boggling that you're an IT specialist, yet so oblivious to how hacking works. You can repair your RJ45's for as long as you like, but if you fail to admit your own mistakes and learn from them, I've nothing to say..

The reason veteran players don't get hacked, as you put it, is because there is no such thing as getting hacked. We simply don't fall for these scams. So you're trying to tell me these hackers are targeting random players with a few bucks worth gear, when they could do the exact same to players with gear worth billions? And how is Ankama's security flawed? You're doing a huge disservice to Ankama and the community by spreading these lies, honestly. I agree types of phishing links and all that could use more recognition, many people still fall for them despite many warnings in-game. But you claiming there's flaws in the security, and that your password was given to hackers, is just complete, utter nonsense. If any player has questions about how these phishing links work, how to recognize them, as well as how they work mechanically, feel free to message me on Ankabox with any questions, I'll gladly answer all of them.
 

5 0
Reply
Score : 1123

As a long time veteran player as well I've never encountered any such issues, ever!
I think you must of clicked on something that made your account unsafe.
It can happen by accident. I would make sure to scan your computer because there is probably malware on there or a backdoor.

0 0
Reply
Score : 2

 


The point of having Shield or Authenticator is to provide an extra layer of security to your account to reduce the chances of it being hacked even if the person knows your account name and password. To me, at least.

The chances of someone knowing your password/username combo is impossible unless you've given it to them - in which case you have to deal with the possible consequences of that.
If you're being keylogged then shield or authenticator wont help. I am literally failing to see the benefit to 99% of players - can someone educate me?

 
Kait-Diaz|2019-04-26 13:14:14

As for Shield... well, if you’re being keylogged I don’t think it really offers any protection as it relies on your email to get through it, if memory serves.

Ah, thanks for that. Will now switch to authenticator.
0 0
Reply
Score : 545

If you don’t know how the authenticator works - it is a mobile app which requires you to have a secret answer to it and an email to activate/deactivate it with a code, and gives you a 30 second window to access your account. You can have 8 different accounts at a time on one single device but the authenticator can only be active for one account on one device at a time, so you cannot have the same account on authenticator for two different devices.
Basically, the only way someone would get past authenticator protection if if they got lucky during the 30 second window to access the account(which is possible, albeit probably not very likely especially if it is to log onto the game itself), as they cannot have it active on their mobile device if it’s already active on yours for the account in question even if they did have everything needed to activate/deactivate it. Unless for some reason you turned it off on your phone, and before you reactivated it they managed to activate it on theirs, which is a bit of a long shot, but it could also happen.

As for Shield... well, if you’re being keylogged I don’t think it really offers any protection as it relies on your email to get through it, if memory serves.

0 0
Score : 2992
0 0
Reply
Score : 398

I'm going to weigh in here @IDivideByZero @Gunnerwolfang @Kait-Diaz

You don't have to be the one who clicks on something to have your information leaked out. Nor do you have to share anything, nor do you have to do anything at all to have your information stolen from you.

https://haveibeenpwned.com/

This is an entire database of known/reported breaches that happen and whose information has been stolen. Some examples include: Adobe, Google Bitcoin, 8fit, Apollo, Avast, Town of Salem, and the list goes on.

@IDivideByZero you claim that hackers don't go after no-name things and a couple of bucks. Well, Town of Salem is an indie producer as Dofus is and they had a breach  containing "7.6M unique user email addresses alongside usernames, IP addresses, purchase histories and passwords" Have I Been PWND, 2018. It does happen to the little people too, and guess who's fault it is for the breach? Town of Salem, not the users, not the clients, they are.

Now we haven't had any information about a breach happening with Ankama, and why would we? In the US we have very minimal laws regulating what information has to be shared about breaches and when. I'm not an expert in French law, but assuming they are anywhere near ours they aren't required to report it, if it did happen.

You are adding your own predetermination of "guilty until proven innocent" because you assume anyone who gets hacked it is their own fault. I feel like that is an unjust way of thinking when it is widely known that your information gets leaked, sold, transferred constantly without your own permission. Take a look at Facebook.

@Gunnerwolfang Yes, they can rollback a character. They have full capabilities of doing so. Taking the save file they have from maintenance which they do every week, finding the file that contains the information about her account and copying it back in. Will it take time finding all that stuff? Yeah. I'm not saying it's a fast job, but it is doable and fully in their power.

BUT IT IS WITHIN THEIR POWER TO DO SO AND THEY ARE CHOOSING NOT TO DO ANYTHING.

@Ankama I would like to know why they never received any email notifications about: a change in password, a change in email address, a unknown user is logging in. Any and all of these would trigger shield to shoot an email to the user saying "Hey, is this you? verification code: 111111". Email addresses don't get changed randomly and without using the second verification of the secret answers that are set up with the account as well.

It is also on record that it was on Dofus' end that the mistake happened, in support tickets and in responses to the events that happened. And they are not acting upon it. If you are concerned about the influx of wealth and ruining of the economy, make the items linked, do a server rollback when the breach had happened. Too late for that now as so much time has passed, but within the week of this being reported it should have been dealt with. There are a lot of options other than ignoring your player base.

I would be more understanding had this come from a phishing website or if shield and authenticator weren't setup on her account. But they were setup, it wasn't from a phishing website, and there were no notifications about the changes happening on her account without her permission.

That is where I see a problem.

1 0
Reply
Score : 25627
"@Gunnerwolfang Yes, they can rollback a character."

Can Ankama determine what really happened if it was a breach, a phishing or a case of scam or a case of self steal?
If I create dummy accounts, transfer all my item to my dummy accounts (using a different computer with VPN) multiple times and report that someone stole my items, would they rollback my "innocent" account and also keep the items on my "innocent" dummy accounts?
I'm not saying that the OP is trying to scam Ankama, all I am saying is that Ankama cannot determine if someone is trying to scam them. If I successfully pulled a scam on Ankama, then what would stop me from doing it again multiple times.

The safest way to prevent this is to presume "guilty until proven innocent", simply because  it is technically impossible for Ankama to determine innocence. 

In an ideal dreamworld it would be fine and dandy to rollback an account and make everyone happy, but this is reality.



 
0 0
Respond to this thread