|
|
Quite some time ago, an account that I barely use was hacked. I was not exactly
mad, I got it back from the parental email address, but I was confused. How had
I gotten hacked?
I had never given out my password, and I seriously doubt anyone could have
guessed it. All I had done the day I was hacked was go to Ackbar's, and sit at
the Bazaar for about five minutes. In that five minutes, all I did was talk to
some girl who was quitting Whyville, and the girl gave me her account.
And that is where I messed up! I accepted this girl's account, went onto it, and
changed the password.
Bad idea.
After recovering my original account, I figured out what had happened. Pay
attention! This can easily happen to you!
1. The hacker made a new account and raised the salary up to a pretty nice
amount.
2. The hacker told citizens that he/she was quitting and gave the account away.
3. I logged onto the account and CHANGED THE PASSWORD. I had one main password
that I used for all my accounts (stupid, I know!) ... AND I CHANGED THE NEW
ACCOUNT'S PASSWORD TO THE SAME PASSWORD THAT I USE ON MY USUAL ACCOUNT!!! (Bad,
bad, bad)
4. The hacker then used had the password that I changed in the account they
"gave" to me sent to the account's parental email address -- them.
5. The hacker then tried the "new" password on the account that they saw me on,
the one that I accepted their account on, and lo and behold, it let them in!
Grrr! This way of hacking is especially troublesome, because the Unsuspecting
Victim does nothing that they think is wrong. By using this way of password
stealing, these lousy hackers can steal older accounts, ones that would know
better then to just give the account away.
I was surprised to learn that giving away accounts *is* actually against
Whyville rules, for just this kind of reason. Don't accept any "quitters"
accounts, and report anyone you see giving away their account!!
Toodles!
8Dyay8D
|
