Someone attempting to login as me on Doomworld

[HyperLuke]

I recently got an email that there were three failed login attempts from Warsaw, Mazovia, 02-523, Poland. 

 

I had something happen to me like that on YouTube a couple of months ago where someone successfully got into my accounted and started impersonating me. For both YouTube (a couple of months ago) and Doomworld just now, I have changed my password to something that couldn't possibly be hacked. 

 

If anyone has any idea of who it is, please let me know, since it's technically a crime (identity theft), and they should be brought to justice.

[Aliotroph?]

Stealing somebody's forum account is not identity theft. It certainly violates the site's TOS, and maybe whatever relevant American laws apply. You should use a different password on each site. The complexity/length only makes it harder to guess. Hacking is its own barrel of fun.

[HyperLuke]

I already know how to make a strong password. I was asking if anyone knew who it was.

[geo]

I got a few emails from Netflix last week saying someone changed my password, which didn't seem possible. No viruses, no malware, no one knows my password let alone my email to confirm a change being made. I spoke with tech support and they said it was probably changed due to failed login attempts as a security precaution.

[40oz]

ive seen that you can login to doomworld using a facebook or google account, youre not doing that are you? I dont know for sure but I always thought using facebook to google to connect to everything is pretty sketchy, and if a guy got in your YouTube account, I would assume he was able to get into your doomworld account too if youre doing that.

 

to answer your question, I dont know of anyone attempting to infiltrate people's doomworld accounts, except when dew went poking around in memfis' PM inbox (after memfis posted his password in public, of course.) I wouldn't suspect dew of doing that to you though.

[Fonze]

On 6/3/2017 at 11:24 PM, HyperLuke said:

I already know how to make a strong password. I was asking if anyone knew who it was.

Obviously not strong enough! Buh dum tss

 

Also @40oz, I don't think the 2nd paragraph of that comment is relevant, nor do I think it was a smart thing to type publicly, where people will see it, especially given your publicly known love/hate relationship with dew. It's not right to compare dew to people like shogun; there is no comparison, and your comment is awfully close to putting him in the same category... Bad look.

Edited June 6, 2017 by Fonze

[Gothic]

I got the same email 3 days ago but from Romania

[Bauul]

5 hours ago, 40oz said:

ive seen that you can login to doomworld using a facebook or google account, youre not doing that are you? I dont know for sure but I always thought using facebook to google to connect to everything is pretty sketchy

Funnily enough I had this exact discussion with a cyber-security expert just last week, and he was explaining that using something like Facebook or Google to sign into a site like this is actually very secure.  The reason is companies like Facebook and Google have some of the very best security systems out there: they're impossible to hack, utilize all sorts of two-factor security systems and crucially the API that connects the sites is also extremely well protected.

 

By comparison, Doomworld's forum software simply won't be as secure (not saying it's insecure, but it won't be the same) and there's research that suggests people are far less likely to fall for phishing attempts for major sites like Facebook than they are for smaller ones.

 

As long as your password to Facebook or Google is strong (i.e. 10+ long random list of characters including upper case, lower case, numbers and symbols) then apparently it's actually very secure to then use that to log into other sites (data sharing concerns aside).

[40oz]

That's cool, ive heard stuff in the news about peoples facebook accounts getting hacked, but not as often anymore I dont think. And it seems like there's a lot at stake with google accounts with emails, YouTube channels, and private videos and stuff. Much more than what you could get from an average dw internet handle, anyway. So I would naturally assume that facebook and google is bound to be broken by someone much sooner than dw would. I suppose that's not always true though.

[wildweasel]

It sounds as if Doomworld's forum software will report failed login attempts to you via email - if you've received those, you might be okay, but changing your password (or login method) can only be a benefit in this case. Given the pattern, though, I have a sneaking suspicion of what's going on and who might be trying to do this, and the best advice I can give is to just make sure you have a really secure password that can't be brute-forced.

[torekk]

My advice for good passwords: Come up with some idiotic phrase, that's so silly you'll remember.

 

Like: mydadgrowspurpletomatoesonmoon

(according to HSIMP that takes 2 septillion years to crack)

 

Spice that up with some l33tsp34k and you got a decent password already:

 

myd4dgr0w5pu2p13t0m4t0350nm00n

(this already takes 39 octillion years to crack)

 

I never got why people would use anything that somebody could find out just by small talk as their password. If I learned one thing from hacker movies, it's that social engineering still is the best thing to do, as humans are the weakest point in security.

[Linguica]

My advice is to use a password manager so you can use a long random password and not have to remember it at all.

[dew]

On 6/6/2017 at 1:40 PM, 40oz said:

to answer your question, I dont know of anyone attempting to infiltrate people's doomworld accounts, except when dew went poking around in memfis' PM inbox (after memfis posted his password in public, of course.) I wouldn't suspect dew of doing that to you though.

How kind of you that you worded it in such a way, shithead.

[Jaxxoon R]

*soap opera sting*

[riderr3]

It's russian hackers. As always.

[Battle_Korbi]

Funnily enough, once I had to factory reset my phone, and as a result of some quite lengthy internal security procedures, it was determined by my phone, that I stole my own phone, and I had to await 72 hours for it to stop behaving like it has been stolen. Same password, same e-mail, everything was correct, but I somehow stole my own phone.

 

Amateurs steal phones from total strangers.

Professionals steal phones from friends and family.

Living gods steal their own phones.

 

I know what caused it and everything, no one needs to explain, I just like to use this anecdote as a joke or as a argument against smartphones.

[torekk]

19 minutes ago, Averagewalrus23.9 said:

Notepad works as a free alternative. (I know there are free password managers out there too, but everybody has notepad)

Theoretically yes, but not everyone keeps those text files on an encrypted partition of his harddrive.

 

Most password managers do encrypt the passwords they safe locally, so even if someone gets a hold of them, he'll have plenty of fun to get any use out of it.

 

KeePass is afaik completely free as well, and available on many platforms.

 

I might even consider finally to use one, seeing as How Secure Is My Password tells me my weakest password is crackable in 9 hours, while it was like a few years just 2 years ago.

 

Edit: The only thing that's holding me back is: 1. remembering on which sites I even got an account and 2. setting up an entry in the password manager for each of those sites. That's propably work for a week... And so far I had no serious problems. But knowing Murphy's Law it propably is better to do it now, you never know.

Edited June 7, 2017 by torekk

[Cupboard]

Sorry Hyperluke, I won't do it again!! :(

[Bauul]

I recently started using a password manager (LastPass) and feel much safer with it.  All my passwords are random 10 character combinations of number, letters and symbols, and even I don't know them.  Makes them pretty hard to crack either by brute force or by social engineering.

 

All I have to remember is the master password, which is also a string of seemingly random letters, but it's the only one I have to remember.  

 

It didn't take long to put all my regular site's passwords in, and now whenever I come across a site I forgot about LastPass prompts me to add it and change the password to something better, which I do.  So far everything's gone very smoothly.

[Phade102]

I dunno why someone would try to get into your account on here. it seems pretty pointless. Just change your passwords and relax, it will tell you if someone DID get in. I get login attempts on my hotmail.com account like, fifteen times a day from ten different countries. its hilarious, since its a 15+ Year old email and literally is only for junk.

[HyperLuke]

7 hours ago, wildweasel said:

It sounds as if Doomworld's forum software will report failed login attempts to you via email - if you've received those, you might be okay, but changing your password (or login method) can only be a benefit in this case. Given the pattern, though, I have a sneaking suspicion of what's going on and who might be trying to do this, and the best advice I can give is to just make sure you have a really secure password that can't be brute-forced.

Trust me when I say my passwords secure, I made it by blindly typing random characters, and then stored it on an external hardrive on a notepad doc. I dare someone to brute force or crack it any other way.

 

On 2017-6-7 at 2:01 AM, Fonze said:

Obviously not strong enough! Buh dum tss

Except my Doomworld password never got hacked. Buh Dum Tss.

 

On 2017-6-6 at 9:40 PM, 40oz said:

ive seen that you can login to doomworld using a facebook or google account, youre not doing that are you? I dont know for sure but I always thought using facebook to google to connect to everything is pretty sketchy, and if a guy got in your YouTube account, I would assume he was able to get into your doomworld account too if youre doing that.

 

to answer your question, I dont know of anyone attempting to infiltrate people's doomworld accounts, except when dew went poking around in memfis' PM inbox (after memfis posted his password in public, of course.) I wouldn't suspect dew of doing that to you though.

I have not logged in using facebook, google, or youtube.