Account Got Hacked.. PROTECT YOURSELF

  • Hey Everyone!


    I'll get right into it here is the quick short version let me know if you guys are interested in clarifying any points.


    In the beginning of the month after several failed attempts to log in because it said password was wrong i requested the email, got the email, changed the password. Didn't think much of it really but when i was playing i noticed my gear wasn't equipped.


    Starting to get a little weird after i couldn't find it in my inventory especially since i had been playing three days before that. Checked storage it wasn't there either. Guess what no gems either..


    That's when i realized i was hacked and basically everything of value gone.


    To clarify i have never in the 10 years of playing this game shared my password or had anyone log into it. I have not been on any fishy websites where i entered my accounts details and password ( None for that matter). I literally play once a week for fun and this randomly happened.


    Contacted support and they said they couldn't find anything to support my claim on their end. I asked them what kind of support they were looking for such as IP address logins? They got back to me with a robotic response that just said they can't help.


    I talked to some GMs and they confirmed they look at my IP address to confirm if the account was hacked. Well if that were the case unless my mother decided she wanted to start playing fiesta and hack me that is the only way someone logged in from my IP address and stole the items. So the proof must be there?


    Yet this entire time i just get the same response back from online support so i've given up and i know nothing is gonna happen.


    My question then is if i start playing again and gifting to get my gears and money back what is stopping someone from just hacking me again and losing everything? I've lost a lot of trust in the game and GMs have mentioned this has been happening quite a lot recently.


    Let me know what you guys think i also strongly recommend changing your password to something very difficult.


    *Weird Side Note* - I never got an email which requested my password to be changed when i was having a difficult time signing in. Also when i changed my password i put in the one that i have been using for the last 10 or so years and it said i can't use previous used passwords which means the one i was entering was correct the entire time. Someone was able to change my password without an email being sent to the email address connected to the account? The person also did not change the email address connected to my account. Really weird lol must be russians.

  • To clarify i have never in the 10 years of playing this game shared my password or had anyone log into it. I have not been on any fishy websites where i entered my accounts details and password ( None for that matter).

    keylogger? too weak pasword? using the same pasword for too many accounts (example other games, fb, etc)?

    Also when i changed my password i put in the one that i have been using for the last 10 or so years

    its never recommended to use 1 kind of pasword for that long period

    dont get me wrong I totaly understand that u are mad cause supports didnt do anything in that situation

    but at some point its your own fault too that this happened... I mean I saw several players getting "hacked" while it was more like a scam/their own mistake

    the support team has their own tools to see some importand details (for example: someone hacked that acc or knew the pasword and loged in without any problem) and probably thats why you got "robotic respons"

  • keylogger? too weak pasword? using the same pasword for too many accounts (example other games, fb, etc)?

    its never recommended to use 1 kind of pasword for that long period

    dont get me wrong I totaly understand that u are mad cause supports didnt do anything in that situation

    but at some point its your own fault too that this happened... I mean I saw several players getting "hacked" while it was more like a scam/their own mistake

    the support team has their own tools to see some importand details (for example: someone hacked that acc or knew the pasword and loged in without any problem) and probably thats why you got "robotic respons"

    Yes of course i put the blame on myself i'm not that sad over it just don't have too much trust spending more money on the game that's all.


    If the person was able to get onto my account without any issues like if they knew the password why did i have to change the password in order to log in? I also received no email to the linked email account requesting the password to be changed. They also needed a username such as my email how were they able to obtain that?


    I understand at some point it's my fault but if my only fault is i kept my password the same for too long lol come on. That password was only used on fiesta no other account emails or games. It still means my account was hacked and they should be able to have evidence of that especially since they logged in from a different IP address.


    As far as account security goes i did my job in ensuring i didn't compromise my account, Gamigo didn't hold onto their side of the deal by ensuring a hacker couldn't get through their system.

  • No. No. No. I am not giving gamigo my phone number. IF this ever got implemented it would HAVE to be optional. One NOT everyone has a cell phone, or even a house phone. Two, I AM NOT GOING TO DO THIS EVERY FUDGING TIME I BIN.

    You know...that's the thing with DAL...It normally is 100% optional. Calm down. :rolleyes:

    In no way shape or form affiliated with Gamigo games. Do not DM me asking for personal assistance regarding forum or in-game accounts.

  • You know...that's the thing with DAL...It normally is 100% optional. Calm down. :rolleyes:

    It's also highly impractical with this game given it's age and declining playerbase.

    Why would the company invest in Dual Auth when it would cost them more ?

  • Google Authenticator

    Works like a charm for many of the games I play, and here's the kicker...It WORKS!

    I've had thousands of attempted login's over the course of YEARS requesting authentication...

    Gamigo might wanna look into this nifty lil addition and change up the client some.


    Game Loads, Login Screen, player logs in and gets a popup asking for your "code" and with an option to trust for 30 days (no further requests required for a month). OR! If a player is playin' at a friends house...well...I wouldn't suggest that. Just bring your laptop or whatever.


    TL;DR

    Getting hacked sucks.

    Changing your password on a regular basis is a good idea.

    TIP: Launch safe mode with networking, fire up chrome with incognito, and if you use advanced system care...well, there ya go. Change your passwords for anything and everything vital to ya...cause if they got your 10 yr old password for this game...pretty sure they got your others too if you've been keylogged...or worse, mirrored (a ransomware on the rise sadly...).


    But fiesta needs Authenticator. Will save us headaches.

    ~ :evil:Quite possibly one of the most Outspoken & Disliked Forum Dwellers to Date:evil:~

    ^^Play Fiesta from a USB Stick or Memory Card! Click Here for more info!^^

    8)Gold Sink Idea - Benefits EVERYONE - Click Here8)

    supernatural-mouths-open.gif

  • Actually most websites to not allow you to not do it. though usually its through email. still annoying, i dont get my email on my phone. and logging in every time i want to play fiesta is freaking ridiculous.

    Authenticator 100% must be implemented.


    Runescape which is at the lowest point of it's gaming existence has recently implemented it and i've never been hacked on that game previous to it ( Passwords been the same for more than 10 years lol). It was and is optional to activate. It wouldn't cost them more it's an investment. They've lost my business for now ( Not saying that's a big deal to them) But if it continues to happen others won't be as invested in it either if they risk losing everything each time they do.


    I also highly doubt if any of you were hacked you would think it would be annoying to activate it at every log in. You also should probably be ready to be hacked as there was no way i was keylogged or mirrored i only use that specific computer to log in and don't use it for anything else.


    Also TWO big mystery's : How they got that email address to log in? That email is specific to the fiesta account and i don't use it anywhere else?

    SECOND: All the evidence proved someone else logged in which means the IP address MUST be different yet Gamigo can't see that?


    All would be solved with an authenticator. Anyone who is against it simple - Don't use it. Until of course you get hacked then at least you have the option to.


    P.S: If you don't have a cell phone how are you even operating? You literally need it for the simplest tasks lol.

  • could easily be a keylogger, all people have to do is to send a file and u download it and they are in, like a picture or something, happen to a friend of mine aswell.

    fx, if they upload a picture to ur discord group and more than 1 person download the file, then they already got inside more than 1 persons computers

    wysiwyg image

    RIP Pagel ;( started on Isya :wacko:

    Lets see if its worth to Return :/

  • Well it could be optional but dual authentication normally only kicks in when you're logging in from another IP address anyways. So your concerns when looking at the bigger picture are quite minimal.


    Honestly, it would just fix alot of problems & save gamigo time and resources since if someone logs into your account when there is a dual authentication in place via a phone confirmation/app the only person to blame is the account holder @ that point.

  • Well it could be optional but dual authentication normally only kicks in when you're logging in from another IP address anyways. So your concerns when looking at the bigger picture are quite minimal.


    Honestly, it would just fix alot of problems & save gamigo time and resources since if someone logs into your account when there is a dual authentication in place via a phone confirmation/app the only person to blame is the account holder @ that point.

    And my argument DID NOT fall of deaf ears...go me!

    Google Authentication is at its prime as its used in SOOO many freakin' ways...I'd be lost without it honestly.

    DID you know that you can even set up authentication for your own devices with it?...literally.

    There are guides out there...use Google...(slaps you with a raw tuna, burnt tuna, cooked lobster and a burnt sailfish)...see what I did there?

    *coughs*


    Moving on.

    Jagex is doing a good job with runescape given its on a downward spiral...but at least they take better care of their game(s) than Gamigo is right now, and they're literally in the same freakin' region! SO!

    TL;DR

    We need 2-step authentication.

    Point, Case, Closed.

    PS...my iphone "bricked" itself a few days ago...im stuck suffering with an android ios 5...til I get it back from the repair centre >.< SHOOT ME!

    ~ :evil:Quite possibly one of the most Outspoken & Disliked Forum Dwellers to Date:evil:~

    ^^Play Fiesta from a USB Stick or Memory Card! Click Here for more info!^^

    8)Gold Sink Idea - Benefits EVERYONE - Click Here8)

    supernatural-mouths-open.gif

  • I have a cell phone but others do not. Also not everyone has unlimited text capabilities

    Google Authenticator Doesn't Text You...

    Something tells me minty that you have no idea what you're arguing about here with us

    ~ :evil:Quite possibly one of the most Outspoken & Disliked Forum Dwellers to Date:evil:~

    ^^Play Fiesta from a USB Stick or Memory Card! Click Here for more info!^^

    8)Gold Sink Idea - Benefits EVERYONE - Click Here8)

    supernatural-mouths-open.gif

  • If they don't have a phone, they can get an android emulator (Memu, Bluestacks, Nox etc.). They can then download the Google Authenticator apk and link your account. Easy.

  • If they don't have a phone, they can get an android emulator (Memu, Bluestacks, Nox etc.). They can then download the Google Authenticator apk and link your account. Easy.

    I too love middlemen it's not like they ever have issue or breaches.


    It would be fair more rational for people to just have good online practices and habbits as opposed to fretting over a now 11 year old games security.

  • Like i said...

    Authenticator or bust.


    If not that, then change your email pw and game pw regularly after doing a full system scan.

    I change my pw's frequently given my line of work...regardless if the email is personal or business.

    Never know when I'm checkin "work related materials" at home...some idiot might be sending me files that are malicious...

    HELL!

    If you know what you're doing, you can send a txt document with malicious code that upon loading infects your system.

    One and Done.

    ~ :evil:Quite possibly one of the most Outspoken & Disliked Forum Dwellers to Date:evil:~

    ^^Play Fiesta from a USB Stick or Memory Card! Click Here for more info!^^

    8)Gold Sink Idea - Benefits EVERYONE - Click Here8)

    supernatural-mouths-open.gif

  • I too love middlemen it's not like they ever have issue or breaches.


    It would be fair more rational for people to just have good online practices and habbits as opposed to fretting over a now 11 year old games security.

    Lol good online practices? I honestly hope you get hacked.


    Why did i say such a thing? Because i for sure wasn't keylogged or any other way that has been listed in this forum so far.


    I only use that one computer to log in and i have only used it for gaming on fiesta i don't play any other games and i use everything else on my laptop including disc etc. (It does not log into fiesta). Also had full scans on all computers -Nothing


    So there you go i can't and haven't downloaded anything or given out my password. If anyone else has ideas on how it happened i'm all ears as i'd like to know my self.


    Also no one has answered the main mystery on how the account password was changed without getting an email? That goes much deeper than a keylogger.


    I hope your good internet habits are better than my above ones otherwise i don't think your safe.