Account Security | EVE Online

Account Security

2010-03-09 - GM Grimmi

RMT elements drain our resources with incessant account hacking. This is an Industry-wide problem and most MMOs are beset by non-stop issues with players' assets and hard work being stolen and sold off for real money by organized criminal networks, who will stop at nothing in order to profit.

Until last summer we experienced regular issues with mass hacking a couple of times a year, usually around Christmas and then again in the middle of summer. Nowadays, this is pretty much constant with hundreds of accounts being targeted every day. Many of those are old trial accounts or accounts that have been disabled for years and don't hold anything of value to the RMT types. Unfortunately, there are still a lot of accounts that do have assets and ISK that end up being cleaned out - even the characters themselves being sold off. The damages are sadly not repairable in some cases, regardless of valiant efforts by GameMasters to help the unfortunate victims. The cost in resources is high for Customer Support, with highly trained and experienced GMs working almost exclusively on hacking cases - good people whose time and talent would be much better spent on enhancing the gaming experience and increasing the quality of service we are able to give to our customers.

The methods the hackers use differ and constantly change but the result is always the same - your account is ruined. However, users can take steps to limit the chances of getting attacked and following is a list of things that can help make your accounts more secure.

Do not use the same usernames and passwords for different games Every day, we see countless attempts to log in with pairs of usernames and passwords, amongst them many usernames that don't exist in our systems. Obviously, those non-existing usernames have been harvested from somewhere else. They have been gathered via keyloggers, phishing sites, trojans, hacked forums and whatnot and long lists of such username/password pairs are traded between RMT types for use against gamer accounts all over the place. A good way to avoid problems with this is to simply use different login details for each game.

The same should also go for third-party sites and forums as those are quite often targeted by the hackers to harvest login details. Login details for such third-party sites may or may not be encrypted so keeping separate usernames and passwords for your gaming accounts is the way to go.

Change your passwords regularly
If your login details have been harvested, a regular change of passwords may prevent attacks from being successful.

Use strong passwords
Passwords should be complex and difficult to guess. Using a mix of numbers and small/capital letters can reduce the dangers from brute-forcing and lucky guesswork on part of the hackers. Avoid using common dictionary words and keep in mind that longer passwords are less vulnerable than short ones. A minimum length of 16 characters with a mix of lower case, capitals and numbers is strongly recommended for heightened security.

Do not share your login details with anyone If you give someone your login details, your security is only as good as his. If he is hacked, you are hacked - given that he won't simply use or sell your details himself.

Don't accept files from sources you don't know A lot of the mal-ware on the Internet specifically targets gamer accounts. RMT in online gaming is a huge racket - your login details are a valuable commodity and the pitfalls are many. Keyloggers and trojans - all geared towards the destruction of your accounts lay in wait, poised to strike when you open that file or go to that website. Phising schemes abound and social engineering is rife, on an Internet that often seems without law or consequence. One cannot be too careful - it's not paranoia when they're really out to get you.

Regularly scan your systems for security threats with up-to-date anti-virus software Protect yourself by running updated anti-virus software to find and fix security threats that may have found their way onto your systems.  There are many such programs available, some free and some not free, but definitely worth spending time to set up and the money to purchase. It's imperative to maintain a virus scanner and Operating System by actively checking for new updates and applying them, especially for the virus scanner. Using a firewall is also recommended as an optional measure.

Also see this forum discussion for more suggestions on better security.

By following the simple steps above you can make your accounts more secure and limit the dangers of being attacked by hackers who are after your stuff. Please be sure that we are not sitting idly by either - we are currently working hard on account security upgrades to get this problem under control. There are several items on the menu and the we hope to implement the first countermeasures in the next few weeks.  However, we urge all of you to step up your own security at home by following the suggestions listed above.

Together we will vanquish this evil monster!

-  CCP Grimmi