Admin/mod comment
Changed misleading title /DC DC Admin Online
First of all: Thanks for reporting this incident!
That someone managed to log in into accounts of others is no proof that the security of Unreal Software in general is insufficient or that there are any security leaks or vulnerabilities. In most known cases accounts were hijacked because users chose weak passwords or used the same password for different online services.
It is strictly forbidden to register, own and / or use more than one single account. You violated the rules of Unreal Software.
I banned the compromised accounts. Note that I won't unban illegal multi accounts.
You still have your current account. Keep using it. I also highly recommend to change your password to a secure password. Same for the password of the connected e-mail account. Make sure to use entirely different passwords for all online services you are using. Look how he fucked me.
He fucked me with your usgn too
..............................
And he gave usgns to cs2d players for free DC Admin Online
Please watch your language.
He didn't login into my account on the website.
Faking U.S.G.N. IDs is easy under the right circumstances & conditions. This still doesn't necessarily mean that there is a serious vulnerability or that he's able to manipulate arbitrary accounts.
Of course I will investigate this incident nevertheless. I am not sure but I think my Gmail account also hacked and then I am getting Gmail error 007 what should I do now can anyone suggest me, please? My friends reported too, they said our accounts got hacked.
Now time to you DC
Your game got hacked
All of cs2d usgn will be hacked soon
Please do something
If you make this website secure all of us will be happy I ain't no one special but I'm sure that you purely complaining that your accounts got hacked wont help you much.
I'm pretty sure your accounts got hacked just IN-GAME and not on the website since this had happened before with the Gayos (or whatever his name was) case.
@ bean545: That website you've linked is an advertisement website, it is completely unrelated to GMail.
Reasons as to why you'll end up there:
You've been linked to it through one of your mails.
You have some type of AdWare on your computer that attached itself to your browser.
You got a different error and thought that website that you somewhere found is the explaination to it.
Ways to secure your account from your end:
Run a complete Avast! Free Anti Virus scan on all of your drives.
Run a complete Malware Bytes scan on all of your drives.
Maybe run CCleaner afterwords just to patch any registry issues (better safe than sorry).
Change your password to something secure such as (do not use this one it's just an example): i12fGJe=341
But make sure you don't save it anywhere to prevent password theft.
Ways to secure your account from DC's side? There aren't many, because if there were he had done it already by now.
DC (afaik) does not know what is the cause of this otherwise he would've started to fix it.
But those are my two cakes. @ Mami Tomoe: You are sure our accounts got hacked just in game? Then how our accounts passwords changed?
And i think its easy for DC to he make this website secure @ Ranu: see, this is where you're wrong. It's not easy to make things secure. There are so damn many attack vectors to attack a webpage, you can't secure them all. No way. Then if DC don't make this website secure early, Like i said "All of unrealsoftware usgn will be hacked soon" and cs2d history will finish. @ Ranu: Well, do you have any suggestions to make the website more secure? Is the problem with the website or the people behind the accounts? Is it a poor choice of password and/or using the same password for multiple websites? I get that someone can spoof their USGN ID in-game and @ DC: said he would investigate the issue.
And I guess he could add extra precautions where you'd have to verify with your email address whenever you change the password. And if for some reason they still manage to change the password, then the problem isn't really with the website. @ TrialAndError: I think unrealsoftware moderators already offered him before me to make that website secure, but DC didn't accept that deal. How that kadir hacked more than 30 usgn accounts? It means the problem is with unrealsoftware.de and if today kadir is hacking our usgn accounts, tomorrow another one will do it too, There is a way to finish kadir from hacking our usgn accounts. If a website not secure, easy to crack that website passwords.
At now i changed my password to strong password with symbols/numbers. If he hack my ranw-x account too then everyone can understand unrealsoftware.de usgn accounts got hacked.
If my ranw-x account got hacked and after i tell DC to backup it for me, he won't do that because how he trust me that i am ranw, then i lose that account forever. edited 3×, last 21.01.19 12:15:39 pm
@ Ranu: if kadir had found a real security problem in unrealsoftware itself, he wouldn't have hacked Quote
more than 30 accounts
, he would've hacked all of them. Including the account of @ DC. The fact that he was only able to hack ~30 accounts means that he's done it using a different approach - like guessing / phishing your passwords.
My guess is that kadir took one of those password/email dumps and tried to login using those combinations. With far more than 130.000 users on unrealsoftware and most humans being dumb, chances are high that he gained access to ~50 accounts that way. DC Admin Online
@ Ranu: Of course this website has been developed with security in mind. There are no critical vulnerabilities I'm aware of - otherwise I would take care of them immediately.
Unfortunately I was not able to find out how people were able to log in into other accounts in this case. Therefore there is no reasonable way for me to make things more secure. Someone would have to tell me how this person or these people were able to hijack the accounts and if they did so using a vulnerability in the website.
As said before: In the vast majority of account hijack scenarios in the history of UnrealSoftware.de, the accounts were hijacked either because of weak passwords, because of careless people ignoring the most basic security and password guidelines or via claiming and re-registering inactive e-mail addresses. ohaz has written
phishing your passwords.
Sometimes people use cheat programms in combination with their US accounts. Little do they know that most of these programms are equipped with the ability to send your account ID and your passwort to a database where the cheat creator has access to all of them. No way... but @ DC: if my account got hijacked after what i do to you backup it for me? Can i do anything at now? DC Admin Online
You have multiple accounts and violated the rules that way. I do not support people who violate the rules and create multiple accounts. Ranu has written
No way... but @
DC: if my account got hijacked after what i do to you backup it for me? Can i do anything at now?
Change your EMail and USGN password on your phone to something secure that you've never used anywhere, then continue to ask your friends if your account is being used. AND DO NOT USE YOUR ACCOUNT AT ALL.
Slowly track down if the so called hacker has the ability to hack just "not so smart" people or everyone. @ Mami Tomoe: I already did it
That kadir is hacked usgn: @ PHENOM:, And that usgn was a good person usgn <.>
And kadir hacked an usgn for Mouad and that usgn is @ minos: