Keep Getting Hacked

Hello,

I've sent three messages to KANO support asking for help. They dont seem to be getting there.

I also understand this might be in the wrong subforum, however I dont have rights to post in the correct sub-forum for some reason.

My acct. is http://www.myspace.com/games/play/1...thod:user,param_1:486389766","language":"en"}

For the last 3 days he has entered my acct and listed people, declanned people, thrown people out of my armada and today sold off my property and listed people with it. I went from a profit of just over 40 billion down to 18 billion. It took me over a year to get where I was and have no interest in starting over. I believe I know exactly who it is but will not reveal it here so that I am not violating any rules.

I have changed my password three times on myspace, ran 3 scans and cleared my cache. I have no idea what else to do but if he can do this to me, he can do this to many more and he plays all of your apps on myspace and facebook. I hope something can be resolved I enjoyed playing this game and you guys are normally wonderful but this is just not acceptable. any help is appreciated.

Thank you,
Wendy

 

yes i strongly agree with who you think it is.its suspicious.

 

yes, especially after when he logged on this morning, he attacked me then whipped me so I did it back and killed him, he then proceeded to sell off everything, declanned my closest mates and then listed them repeatedly as well as my rivals. i just wish people wouldnt take this game so serious and just have fun with it.

 

Unfortunately since the login & password information is done on MySpace, they are the ones that this will need to be directed to.

For accounts that have been hacked or phished please click this link: http://www.myspace.com/help then click on 'Contact MySpace' at the bottom right corner. ​

 

just a tip'

if the 'hacker' has acsess to your email account you are just going around and around.

if you change your myspace info it will send a email to your email account telling you your new info (open to the hacker) and wam bam thank you mam, the hacker has your new info the second you do...

so change your "back up questions & password" for 'BOTH' email & myspace in order of Email then myspace.

hope this helps in any way

ps. remeber that if a hacker is in your email account ANY website you are connected to can possibly be at victem as well (main way of acsess- hackers look for membership email that bypass the log-in)

 

Thanks, hopefully that helps. He was back in it today playing it as if it's his game. lol I guess his character sucks bad enough it made him want to take mine.


and thank you vampyrss, Kano got back to me shortly after posting this and hopefully after i get him out of the acct we can work on restoring things. I've sent myspace a couple emails and now posted a thread in their forum that might or might not find some solution. hope so

 

hated is right

I know exactly what happened.

hated is right they look for a way to bypass log in this does just that

 

This is a very serious security loophole and needs to be fixed to keep the game fair for everyone. I've just learned how the hacker was able to bypass the login and changing myspace and email passwords will not work. It bypasses both of them and goes straight to the game. One possible solution to eliminate the loophole that was exploited here is to implement a game specific password system separate from myspace. i.e. when you start the game it asks you for a password that you set.....or Kano could just eliminate the loophole from functioning on their end.

 

the best option would be to set a session id or variable of similar design, that would be compared against a one of the many variables passed along by facebook. that is how i would approach the loophole, if i am understanding this correctly.

my implementation would be to store a passed variable as the md5 hash of said variable. then to check the md5 hash of the passed variable in the future. since it would have to be the same variable or similar, it wouldn't be hard to work out, since a lot of the variables passed are fairly constant.

just some ideas off the top of my head, lol.

 

i havent tested this on facebook yet.this is happening on myspace.but ill bet same trick works on FB too.

 

the same should be able to be done for myspace and hi5, since account information has to be passed to the game, in some form or another, afterall.

the idea was based on facebook's setup, since i know how it works, for the most part. I have no experience for myspace or hi5.

 

If you have a strong password and have not shared your account info with other users to your game is secure.

For those that have had their MySpace account hacked and access compromised their seems to be a period of time that an intruder may be able to continue to access your game account. I have logged a question on the MySpace developer forums since this security issue lies on their end as we depend on them to tell us that the user logged in is who they say they are and this technique can be used against every app/game on MySpace.

Facebook and Hi5 authentication is handled differently and follow the authentication instructions provided by those networks.

And just so we are very clear, users found hacking into other users accounts will get banned.

A support issue has been logged for this incident and we will proceed to handle it though that channel. Protect your social network password.

This thread is now closed.