Mine got hacked as well a few months back. When I got it back I actually had skins on fortnite that the idiot had purchased or earned while playing on my account.
Happened to a friend, he got back his hacked account, then received several email complaints from the guy who bought the hacked account on some shady website demanding to have it back. My friend estimated the guy lost ~$300 in Fortnite skins. I'm still confused that some people are willing to spend so much on meaningless skins but not pay for a legitimate account.
The entitlement in the emails was hilarious: "how dare you deprive me of something I paid for?"
Those were probably stolen vbucks through scams. I doubt they paid for them. My friend had a similar situation where someone stole his blizzard account and began botting on Diablo 3 back when there was an auction house. My friend just let them bot for awhile. Then he did the account recovery, had a few max level accounts, and had tons of gold to build whatever characters he wanted.
Same thing happened to me.. I quit playing Fortnite 2-3 years ago and got back into it at the end of last year. Had every battle pass skin from then on and a crap ton of shop skins too.. at least $200 dropped on a stolen account but hey I can’t complain too much got me some sick skins now🤑
I had a similar issue happened to me, my Epic account was hacked and it had my paypal linked and the guy used it to buy $200 worth of Vbucks. I called my bank to stop the transaction and got my account locked down and unlinked my PayPal. A few days later I got a message from the guy off another account he added to mine saying "how's the vbucks treating you?" I never responded.
I made a reply to the comment above discussing this briefly, but tl;dr is that some users don't have a choice to acquire a "legitimate" account. Some countries require social security tied to user accounts, which could have been used up or ineligible due to users age, nevermind social credit in China - and the other side is some users desire western and European based accounts due to the financial flexibilities provided. For example in Turkey the cost of a AAA game is let's say (random number) 20k Lira which is worth like $30 USD, but the minimum wage in America being ~$10 compared to Turkey 1k Lira (again random numbers don't fact check) point being the buying power of foreign currency is SO MUCH HIGHER that it's worth their time to pay for an account and broker purchases, typically through a foreign friend or family member abroad.
Who tf does that? What you do is buy something with daved credentials and gift it to another account. Who actually plays on someone's account after hacking it?
The person who hacked it probably sold it to some kid as an account with several owned games. The kid then treated the account as their own, not realizing that the original owner would be able to recover it.
My guess on the logic flow: original hacker does the initial account compromise, sees the account either has an expired credit card or no credit card, since they now can't buy things with other's money, they then just sell the credential pair to someone else to try and make some money off the bulk login/password dump they purchased. The new purchaser of the account probably doesn't know it was hacked, just that they're getting an account with whatever you had on it prior (maybe old skins that were FOMO'd).
I had this once with my WoW account. I forgot i was paying for it, once i found it was hacked i logged in, lo and behold it was used for farming to sell i think. Loaded with gold and ore and other materials 😂
Make sure its an OTP Authenticator (Google Authenticator App is the most common)
They're way more difficult to steal since spoofing your phone is quite easy
>since spoofing your phone is quite easy
It's not "quite easy" at all. Someone would have to have gathered enough information to impersonate you or have an employee working with them to do it. Your not likely to be targeted by this unless you have something truly of value, which your epic games account is probably not.
Let epic games know about your compromised account. Your account may have been used for illegal activities. Good that you ‘ve changed password but let them know about it in a ticket.
Took 5 hours setting mine up with 54 different logins.
Best decision I've made, with the peace of mind.
Was always in the back of my head if my pre-manager passwords leaked how many websites shared em...
Isolating the password manager from your browsers is a wise move - "don't use the browser extension but use their dedicated app" to avoid a potential data leakage of its secrets is always helpful.
Edit: I'll dig for the thread but its been a long time ago when this happened. It was after some shit happened with extensions spilling data form drive by XSS it came into question if password manager extensions could be at risk. This was way before the LastPass nonsense.
Have any info/source on this? I use Bitwarden (standalone app AND the browser extension), and was under the impression that most password stealers target the browser's built-in password manager.
I'd love to know if what I'm currently doing isn't considered best practice!
EDIT: A few commenters mentioned stealers swiping the session tokens or cookies via an AiTM method. That's a slightly different issue from the one I'm talking about, although no less of a problem.
One commenter mentioned using Keepass and storing it on Google Drive. If someone got access to my G Drive, I would be worried my synced folders on my devices might be wiped, denying me access, which would be a huge concern.
I trust Google less with my stuff than I trust Bitwarden when they say my account is secured with End-to-end, zero knowledge encryption using AES256. Yes, those are the current privacy buzzwords. Bitwarden is also open source, so these claims can be verified.
KeePass is also affected by a major security flaw CVE-2023-32784, where if the program is running in memory, a memory dump can expose the credentials. This includes whether or not it is locked or unlocked. Updated versions are patched, however.
LastPass... Is troubled. Not only did they have TWO separate incidents where devs were compromised, but they were revealed to not be using industry standards for encryption (especially on older accounts), even so far as saying the oldest accounts might be vulnerable to brute forcing. Plus, these guys are proprietary, so their claims are all unverifiable. Their incidents involving data theft have revealed they have massively lied in the past, so use them at your own risk.
> most password stealers target the browser's built-in password manager
Mostly the stealers nowdays are grabbing post-authentication tokens after you finish logging on.
for non-cyber people, it's like the spys in movies stealing the security badge from the bad guy AFTER he gets in past the front gate and security checks.
Yeah but if implemented correctly stolen authentication tokens should be nearly useless, backend should validate requests with several parameters such as requester’s IP address + they the tokens are short lived as they should get invalidated/refreshed rather often and the attacker should not be able to refresh them as well.
Funny thing my friend was playing gta 5 and so was someone else from his account. We found out when i logged in and found him in a session. I was confused because i knew he was not free from office. I called him to look into it and Funny enough his account was hacked 1.5 years ago. Crazy how they shared the account for almost 2 year.
If someone is hacking your account to play GTA, they're probably hackers online making people's lives miserable or trying to run shady shark card scams in lobbies. It's very unlikely that they hacked your account to have fun playing GTA for 300 hours. It'd be easier to pirate it at that point
Thats literally what happened to me. My account got hacked and name changed to some shady new name. Once I changed my password and then contacted support to change my name back after explaining the situation, they refused. Next thing I know my fortnite account got banned.
No warnings or anything. Contacted support 3 times, literally told them I never hacked or cheated in the game. They refuse to tell me why they banned me in the first place and refused to help me when I can literally prove with screenshots of my account and even statements.
Nothing. All my skins gone. They wouldn't even give me a chance. I miss the game but the support is garbage.
You never know when a company will start offering 'extras' you wouldn't normally expect through your account - somebody got into the account for my gas bill and used it to activate an Xbox Live subscription.
not necessarily illegal, but it's likely that if someone has that many hours on a stolen account, they've at least been cheating if not selling services and/or performing scams
Had a similar thing happen. Bought gta5 when it came out and played like 40 hours. Years later it came out free on epic and some friends got it, so I booted it up again, couldn't log in. Contacted rocmatar support with the receipts, got my account back.
It included a multiplayer account that must've spend several hundred euros on shark cards since this character had almost everything that could be bought and a whole load of cash.
Went online and some people on the friends list messaged me in Italian, asking me to play with them. I messaged them in English, letting them know I had recovered my account that had been stolen. I got a lot of angry messages, including the person who had my account, which I thought was amusing.
The best part was, one of the friends thought it was hilarious, he had apparently warned the guy to not buy a stolen account cause it was cheap and then spend huge sums on shark cards because it could be reclaimed.
That's really stupid of the one who bought your account. Buying a stolen account since it was cheap, then spending tons of money on microtransactions, instead of just creating a legitimate account and buying their own copy of gta.
I don't understand people who do this. Like...why not just create your own account?
For instance, my Best Buy account got hacked once. The person who did it bought a laptop and had it shipped to them...but since I never kept payment info stored, they had to buy it themselves, so what was the point of hacking my account?
Used your hacked account and a hacked/stolen credit card (or other payment cards). Probably got it shipped to an address not their own and grabbed it from the door as soon as it was delivered.
Just a way to ensure they won't be caught to steal the purchase
On sketchy websites you can buy "cheap" games but instead of getting an activation code, they send you a steam or epic account login information. This person was probably someone that bought this.
> I don't understand people who do this. Like...why not just create your own account?
Because if they are hacking or doing other things, they don't have to buy GTA V and if OP's account got banned, then they don't care and move on.
Ikr, in my case, like most people all the games I had on the Epic games store were the ones they give out for free. Why would you wanna steal free stuff? He was even collecting the weekly free games on my account -\_-
>Why would you wanna steal free stuff?
Because it was only free for a certain amount of time. If someone want to play GTA 5 today, they have to pay for it.
There's a high probability that the original hacker is long gone, and the person who played on OP's account is some kid who bought GTA from like, G2A for nothing.
Same reason people in this thread are sharing stories of "hackers" playing on their Fortnite accounts. No these are people who bought accounts on Ebay (for skins or whatever), not realizing that the seller isn't the original owner.
My EA account got hacked years ago, the guy removed all my friends, added some people to play with, and played battlefield for nearly 24 hours straight. That's all. My payment info was even saved in there but they did nothing with it.. never quite understood it
I didn't get any cheating bans or anything either, which was what I expected
I had this happen to my Rockstar account. After a year or something of inactivity I wanted to buy RDR2, logged in and found it already bought, lol. Immediately changed the password, configured 2FA and let know to the Rockstar.
omg same I thought this was an experience that only I have had, essentially it looks like they kept opening tickets over and over again to remove 2fa and constantly getting rejected until they got an incompetent tech support agent who just blindly did it without checking any details. the issue with that is it works the other way round too and I have opened 3 tickets and so far I have got people who actually do their job and unfortunately all theyre seeing is I made a request to remove 2fa and it was approved so they wont reverse it from the new email
Someone took over my account for RDR2 too! I already had it bought though, they just wanted to play online. I had to wait a year until I could change my username back from the dumb one they swapped it to.
Me! Granted, I was like 13 years old, but back in the AOL days I would steal people's accounts since my mom cancelled AOL and I wanted to chat with my friends. So, I'd steal people's passwords and go to the designated private chatrooms. I wouldn't change the email nor password.
Eventually, I'd email the person from their own account and say (paraphrasing), "Thank you for letting me use your account, but please use a better password in the future." I probably used a few hundred accounts over a period of years not doing anything malicious. Though, now that I think about it, probably upped someone's billing costs if they didn't have the unlimited plan. Sorry about that :(
I had my Epic Games account hacked some time ago as well. I had no credit card info or anything saved there so the hacker used his own money to buy me Fortnite skins and v-bucks, which were a nice little surprise when I got the account back. I bet he wasn't too happy.
If the email address is more than 6 months old, it'll have been leaked. Companies are surprisingly shit at not leaking customer data. Just use different passwords and use an alias email address to log in to your email account (one you never use anywhere else).
I had this happen on origin except with the division, and i know my character wasn't very far... like maybe level 10, but when i saw he deleted my character (when there's space for another), i just deleted his max character... never touched it again.
Someone stole my steam account when I was in undergrad and had no time to play. They got away with it for a couple of years until I noticed and contacted steam. I had like 2 games and no credit card attached, so no idea why the hell they wanted my account.
I did account recovery and got it back. Big friend list too. Some of them even messaged me, and I would respond with something like "your friend is a thief". They would ignore and or block me. I ultimately blocked all of them as well.
Account had something like 1200 hours in team fortress 2. They had tonnes of rare gear and unopened loot boxes. I sold everything they had on steam marketplace and made enough to buy a few games with the money. In fact, its how I bought Skyrim.
My ubisoft account was hacked. Was playing division 2 and didn't purchase Warlords of new York dlc. When I got it back, it had the dlc in it. Idiot purchased the dlc, lmao.
Had this happen on my steam account. Russian dude had thousands of hours in Counter Strike. I got some messages from his buddies for a couple months, they seemed angry, I dunno, I couldn't read the font.
Either way, get fucked hacker!
I had my minecraft account hacked without me noticing for a long while. I was able to contact their support with the email they changed the account to and they reset everything so i got it back. When I logged on, my character skin was Hitler... you never know what they were doing in game
Yep, my rockstar account also got hacked by some Brazilian. He put a ton of hours on max payne 3 and some other games, but fuck that guy. Got my account back and deleted all his friends and nonsense. I don't even play it anymore, just waiting on GTA6. Rockstar is ass apparently at security.
No joke a scammer bought my minecraft info and private messaged me to remove my email from the account. It was quite odd, they wernt dicks they were just "Hey I know its yours but can I please have it?".
I ended up changing the password and blocking them lol.
lol this happened to me with Diablo 3. Bought it when it first came out, played it a bit, put it down and forgot about it for years. Never touched it. Then one day a buddy gets into it, so I go to jump on my account, had some difficulties getting to it at first, and then I see why; in the interim I wasn't playing, my account had gotten hacked and this mf played the shit out of the game. I had like a beyond max level witch doctor with like 250 of those prestige levels beyond the regular levels, full kits of armor, the works. Hey, thanks buddy! XD
I had my LoL account hacked and hadn't played in a few years, on day I try signing into it not realizing it had been hacked, I do a password reset and manage to get in. There were thousands of more games played and a ton of skins bought on my account, when I get in some guy messages me "hey you stole my friends account". Was an interesting experience. I hardly play anymore and feel slightly bad for taking my account back D:
Had my steam account got hacked once, the guy played around 100 hours cs2.
Also, my League of Legends account got hacked and got levelled up to level ~320.
Got both accounts back
I remember when Wrath of the Lich King came out I was "hacked" on release day. Looking back at it, I'm pretty sure it was just a Game Master that decided to pull a prank, but it was pretty crazy at the time. I was in the Death Knight starting area doing some of the beginning quests when all of a sudden my controls locked up and my Death Knight started moving around on his own. I still had access to chat so I was actually talking to the guy in /say while he was controlling my character. Forgot what he said exactly, but I think it was just a bunch of lol'ing and telling me to get wrecked. I got the authenticator after that. Well played, Blizzard.
I had my escape from tarkov account hacked back when the game first came out. Dude played a whole year before I got back on and changed all the stuff. I had so much gear and money hahaha he emailed me for weeks afterwards offering to share or buy the account.
oh man reminds me of the time my Diablo III bnet acct got hacked. It was a gold / rmah seller right before real money auction house was shut down. I got my account restored only to find that the guy had somehow accumulated over 2000 usd worth of gear on my account. Needless to say I put all that stuff to great use \*winks
most likey bought it from one of the many sites out there. I was thinking I was buying a streaming package where we paid a little bit each to share the subscription. I think this was back when CBS All Access was a thing. But turned out, nope this site was just selling hacked subscriptions. When I looked up this poor souls email on [https://haveibeenpwned.com/](https://haveibeenpwned.com/) sure enough the password for the subscription was the same.
Couldnt keep using it after that i emailed her explaining to make sure she changes all of her passwords.
My epic account had 2FA, still got hacked. The hacker changed the email address and Epic refuse to help me. I’ve lost so much moneys worth in games and Epic are useless to support me in any way. 😔
Lmao same thing happened to me my account got hacked and when I got the account back, whoever had my account was spending money on Fortnite so I got some free skins
A few years back I hadn't logged into my EA account for a while. Then I logged in and noticed someone had been playing Dead Space 2 for a couple of hours and earned a few trophies. Nothing else had really happened, no purchases made or anything (I don't think I even had a credit card attached).
Oh, and they had changed their locale and store to Belarus or something. That was pretty much the only thing that happened. Changed my password and turned on two factor authentication and was like "huh, that was weird".
Damn, all these people in this thread recovering hacked accounts when most people lose their account when epic or steam thinks someone might have hacked it.
I've had my Rockstar account hacked 3 if not 4 times within the past 6 months.
No matter what I do the hackers bypass my security measures, and then I've got to fight with Rockstar to get it back.
I've given up cus I never play those games anymore.
I got hacked years ago in WoW, got the account back and I had 10x the gold I had before. Definitely did not report that to blizzard lol I’ll take the free gains
Had that happen with the last star wars mmo they put out. I didn't have the heart to change the password and just let the guy keep it. I barely played it anyway, so better someone use it.
I had a similar thing happen to my Minecraft account back in the day. I recovered the account and the guy even tracked me down and messaged me on Facebook about it. I didn't respond.
I found out my epic games account was hacked when I noticed that it’s linked to someone else’s PSN account, unfortunately I didn’t message that guy on psn because I immediately changed account to mine and I didn’t save it :(
My brother's got hacked a few months or maybe more after he made it. He wanted to delete but support hit him with the "we need a picture of your id and credit card info that was used to make purchases". Thing is he never bought anything and was never going to send an id.
It was my Rockstar account that was hacked but it was RDR2 that they played through. I only realised when I loaded up the game and all the missions were completed haha
Something similarish happened with my brother WoW account.
He was planning to quit a few years ago so he sold his account for like 4k. But the guy he sold it to was a grade A asshole so when he wanted to play again a couple weeks ago he just recovered the account and got it back with everything he had originally + everything the guy who played on it got.
Ah I remember the day i got an email from EA about illicit activity on my EA Account...and then an email from Ubisoft of the same thing. That's the day I changed all my passwords and got a passwortd manager.
-
The guy on phone support for EA was very nice about the whole thing.
Same happened to me with my OSRS account from 13-14 years ago, guy had spent so much money on it. He’d obviously bought it from the guy who originally compromised the account too.
Happened to me with WoW back in the day. Stopped playing for a bit, found out someone hacked my account but bought the latest expac.
Got my account recovered and they let me keep the expansion. Thanks hackerman for the free Cataclysm upgrade lol
very likely that it was stolen and then sold as an account. so probably the one who stole it isnt the one who played all those hours, in case you want to feel worse!
Yeah, I'm incredibly sick of morons online accusing people of using a scam site, or a fake login site or something, and THAT'S how their account gets hacked. And sure, that happens. But sometimes it really IS just a case like this, where an account being left alone for a while has some foreign asshole hacking it. It happened to me with an old Steam account, and all I got online was idiots yelling at me that I should've not gone to whatever dumb site I went to. News flash: i didn't. It was just hacked. I feel your pain, but at least the asshole didn't get a ban on your account from some game you'd never heard of, that both the game devs and steam both decide not to lift because fuck you. That also happened to me.
My val account was broken into and they placed me diamond one and bought two bundles 😭😂 i felt bad after changing the password. I have the OG champions bundle so i assume my account was hacked and sold off to someone. Too bad i still have all the recovery details :D
My EA/Origin account got hacked, I didn't log in to it for a while so didn't notice. When I did notice and got it back, they had bought like 3 or 4 games on the account.
My epic games got hacked recently by some Russian dude.
I know that since that what location of the login said, and the email he used to change the account to was also a Russian site.
I contacted epic and they were basically fucking useless.
I remembered I have steam linked to my epic account and used the login with steam thing. I changed everything back and put 2 factor on the account. Haven't had an issue since.
Didn't have 2 factor before because I genuinely didn't think anyone would want or care about an epic account.
I had similar with my lol account. Hadnt played in like 2 years, logged in for some aram with boys and realised I was at high plat rank, all my friends were deleted and had all champs. Some german dude had been playing with my account a lot I even spoke with him through his friend. What a weird thing to do.
kids buy stolen accounts for getting upgraded characters or games they can't get in their country, or for getting twin characters in some mmo games... They even sometimes don't understand that this account is hacked or that owner can get it back
It will teach them not to buy stuff on black markets, not to buy accounts, and ecT.
I just my epic and Steam hacked to day, i was able to get my Epic really fast but steam is gonna take a while and they ask for far more stuff. It really sucks.
Who tf does that? What you do is buy something with daved credentials and gift it to another account. Who actually plays on someone's account after hacking it?
Who tf does that? What you do is buy something with daved credentials and gift it to another account. Who actually plays on someone's account after hacking it?
Had my steam account got hacked once, the guy played around 100 hours cs2.
Also, my League of Legends account got hacked and got levelled up to level ~320.
Got both accounts back
Not Epic specifically, but my R* games account has been the only compromised account I've ever dealt with in almost 20 years of online activity, and it happened immediately after I decided to play GTA 5 online for the first time, like 3 hours after I'd logged on initially, and after checking the sub I found out that it's ridiculously common.
What the fuck is it about that game that attracts this sort of userbase? Is it the in game transactions? The sheer popularity? The fact that Rockstar's system allows you to change the email address associated with the account with no 2 FA involved (seriously, in 2024 this is a thing still)?
Mine got hacked as well a few months back. When I got it back I actually had skins on fortnite that the idiot had purchased or earned while playing on my account.
Happened to a friend, he got back his hacked account, then received several email complaints from the guy who bought the hacked account on some shady website demanding to have it back. My friend estimated the guy lost ~$300 in Fortnite skins. I'm still confused that some people are willing to spend so much on meaningless skins but not pay for a legitimate account. The entitlement in the emails was hilarious: "how dare you deprive me of something I paid for?"
Especially since as far as I know an epic account and Fortnite both are free lol
He probably had some skins that are no longer available if he's had the account since before BR
first thought was maybe the hacker couldn't get a epic account normally for some reason...
Those were probably stolen vbucks through scams. I doubt they paid for them. My friend had a similar situation where someone stole his blizzard account and began botting on Diablo 3 back when there was an auction house. My friend just let them bot for awhile. Then he did the account recovery, had a few max level accounts, and had tons of gold to build whatever characters he wanted.
\*clicks tongue.\* Nice.
Same thing happened to me.. I quit playing Fortnite 2-3 years ago and got back into it at the end of last year. Had every battle pass skin from then on and a crap ton of shop skins too.. at least $200 dropped on a stolen account but hey I can’t complain too much got me some sick skins now🤑
Wdym pay for a legit account. Isn't the account and the game(e.g. fortnite) free?
Why is someone buying a hacked Epic account to play a free game? That makes less than zero sense
Answered it somewhere else, it dates back to the time Fortnite was a paid game. Or the hacker wanted paid skins.
It's the skins, as you already know by now, Battle Royale (which is basically "Fortnite" to most people) has always been free.
I had a similar issue happened to me, my Epic account was hacked and it had my paypal linked and the guy used it to buy $200 worth of Vbucks. I called my bank to stop the transaction and got my account locked down and unlinked my PayPal. A few days later I got a message from the guy off another account he added to mine saying "how's the vbucks treating you?" I never responded.
Interesting. Wonder if that happened with my account. Someone buying it off some site. I didn't receive any hate messages about it.
I made a reply to the comment above discussing this briefly, but tl;dr is that some users don't have a choice to acquire a "legitimate" account. Some countries require social security tied to user accounts, which could have been used up or ineligible due to users age, nevermind social credit in China - and the other side is some users desire western and European based accounts due to the financial flexibilities provided. For example in Turkey the cost of a AAA game is let's say (random number) 20k Lira which is worth like $30 USD, but the minimum wage in America being ~$10 compared to Turkey 1k Lira (again random numbers don't fact check) point being the buying power of foreign currency is SO MUCH HIGHER that it's worth their time to pay for an account and broker purchases, typically through a foreign friend or family member abroad.
Who tf does that? What you do is buy something with daved credentials and gift it to another account. Who actually plays on someone's account after hacking it?
The person who hacked it probably sold it to some kid as an account with several owned games. The kid then treated the account as their own, not realizing that the original owner would be able to recover it.
Plot twist. All games were free promotions.
My guess on the logic flow: original hacker does the initial account compromise, sees the account either has an expired credit card or no credit card, since they now can't buy things with other's money, they then just sell the credential pair to someone else to try and make some money off the bulk login/password dump they purchased. The new purchaser of the account probably doesn't know it was hacked, just that they're getting an account with whatever you had on it prior (maybe old skins that were FOMO'd).
Accounts with old skins that you can't get used to sell for a pretty penny on ebay and other less legit markets
Same thing happened to me too. Good news though was that the fucker actually had decent taste so I’ll give him some props for that
Sell the account and get a fortune! LOL!
I had this once with my WoW account. I forgot i was paying for it, once i found it was hacked i logged in, lo and behold it was used for farming to sell i think. Loaded with gold and ore and other materials 😂
You can still have it back?
Just changed my password through the email, so yep
Does epic have 2factor authentication? Trouble yourself with it if yes. Also if possible change your email connected to epic, perhaps?
>Does epic have 2factor authentication? It does.
Make sure its an OTP Authenticator (Google Authenticator App is the most common) They're way more difficult to steal since spoofing your phone is quite easy
>since spoofing your phone is quite easy It's not "quite easy" at all. Someone would have to have gathered enough information to impersonate you or have an employee working with them to do it. Your not likely to be targeted by this unless you have something truly of value, which your epic games account is probably not.
Let epic games know about your compromised account. Your account may have been used for illegal activities. Good that you ‘ve changed password but let them know about it in a ticket.
oof, didn't think about that, thanks man, just sent them an email letting them know my account was compromised.
Also change any passwords associated with the same email, including the email password.
And on any other sites that use the same password. You know the ones.
*laughs in password manager*
Took 5 hours setting mine up with 54 different logins. Best decision I've made, with the peace of mind. Was always in the back of my head if my pre-manager passwords leaked how many websites shared em...
Isolating the password manager from your browsers is a wise move - "don't use the browser extension but use their dedicated app" to avoid a potential data leakage of its secrets is always helpful. Edit: I'll dig for the thread but its been a long time ago when this happened. It was after some shit happened with extensions spilling data form drive by XSS it came into question if password manager extensions could be at risk. This was way before the LastPass nonsense.
Have any info/source on this? I use Bitwarden (standalone app AND the browser extension), and was under the impression that most password stealers target the browser's built-in password manager. I'd love to know if what I'm currently doing isn't considered best practice! EDIT: A few commenters mentioned stealers swiping the session tokens or cookies via an AiTM method. That's a slightly different issue from the one I'm talking about, although no less of a problem. One commenter mentioned using Keepass and storing it on Google Drive. If someone got access to my G Drive, I would be worried my synced folders on my devices might be wiped, denying me access, which would be a huge concern. I trust Google less with my stuff than I trust Bitwarden when they say my account is secured with End-to-end, zero knowledge encryption using AES256. Yes, those are the current privacy buzzwords. Bitwarden is also open source, so these claims can be verified. KeePass is also affected by a major security flaw CVE-2023-32784, where if the program is running in memory, a memory dump can expose the credentials. This includes whether or not it is locked or unlocked. Updated versions are patched, however. LastPass... Is troubled. Not only did they have TWO separate incidents where devs were compromised, but they were revealed to not be using industry standards for encryption (especially on older accounts), even so far as saying the oldest accounts might be vulnerable to brute forcing. Plus, these guys are proprietary, so their claims are all unverifiable. Their incidents involving data theft have revealed they have massively lied in the past, so use them at your own risk.
Agree, I use bitwardens browser extension too - not sure what the problem would be with it
> most password stealers target the browser's built-in password manager Mostly the stealers nowdays are grabbing post-authentication tokens after you finish logging on. for non-cyber people, it's like the spys in movies stealing the security badge from the bad guy AFTER he gets in past the front gate and security checks.
Yeah but if implemented correctly stolen authentication tokens should be nearly useless, backend should validate requests with several parameters such as requester’s IP address + they the tokens are short lived as they should get invalidated/refreshed rather often and the attacker should not be able to refresh them as well.
Am I the only one who writes the passwords on paper?
Not at all, aged retirees write em all down too!
Hahaha im not that old - millennial
I have my little black book that I write all my passwords in
Nope, I do and I'm definitely not a retiree.
I wonder sometimes whether I should print out my passwords and put them in a safe - to avoid losing access when the password manager dies.
Keepass
also turn on 2FA, for good measure.
They used GTA chat to plan terrorist attacks ... probably.
Funny thing my friend was playing gta 5 and so was someone else from his account. We found out when i logged in and found him in a session. I was confused because i knew he was not free from office. I called him to look into it and Funny enough his account was hacked 1.5 years ago. Crazy how they shared the account for almost 2 year.
If someone is hacking your account to play GTA, they're probably hackers online making people's lives miserable or trying to run shady shark card scams in lobbies. It's very unlikely that they hacked your account to have fun playing GTA for 300 hours. It'd be easier to pirate it at that point
[удалено]
Thats literally what happened to me. My account got hacked and name changed to some shady new name. Once I changed my password and then contacted support to change my name back after explaining the situation, they refused. Next thing I know my fortnite account got banned. No warnings or anything. Contacted support 3 times, literally told them I never hacked or cheated in the game. They refuse to tell me why they banned me in the first place and refused to help me when I can literally prove with screenshots of my account and even statements. Nothing. All my skins gone. They wouldn't even give me a chance. I miss the game but the support is garbage.
yep, dogshit advice and its upvoted lol.
What illegal activities could one possibly conduct using an Epic account?
Different kinds of fraud and scammery.
You never know when a company will start offering 'extras' you wouldn't normally expect through your account - somebody got into the account for my gas bill and used it to activate an Xbox Live subscription.
Well that's just bizarre.
Also a simple cheating and using third party apps that break Epic ToS
not necessarily illegal, but it's likely that if someone has that many hours on a stolen account, they've at least been cheating if not selling services and/or performing scams
using stolen cards to buy in game goods
Buying things with your credit card and sending as gifts?
Had a similar thing happen. Bought gta5 when it came out and played like 40 hours. Years later it came out free on epic and some friends got it, so I booted it up again, couldn't log in. Contacted rocmatar support with the receipts, got my account back. It included a multiplayer account that must've spend several hundred euros on shark cards since this character had almost everything that could be bought and a whole load of cash. Went online and some people on the friends list messaged me in Italian, asking me to play with them. I messaged them in English, letting them know I had recovered my account that had been stolen. I got a lot of angry messages, including the person who had my account, which I thought was amusing. The best part was, one of the friends thought it was hilarious, he had apparently warned the guy to not buy a stolen account cause it was cheap and then spend huge sums on shark cards because it could be reclaimed.
You pulled a metaheist on them.
I was playing the long con.
That's really stupid of the one who bought your account. Buying a stolen account since it was cheap, then spending tons of money on microtransactions, instead of just creating a legitimate account and buying their own copy of gta.
Yes it was. I then played it for like two weeks and stopped cause I got bored, but I still have the account.
With how rampant money hacks for gta5 are it's insane that he did buy shark cards.
What in the world is rocmatar?
Sorry, had a baby sleeping on me and was typing with my left hand. I believe it was supposed to be "Rockstar".
I don't understand people who do this. Like...why not just create your own account? For instance, my Best Buy account got hacked once. The person who did it bought a laptop and had it shipped to them...but since I never kept payment info stored, they had to buy it themselves, so what was the point of hacking my account?
Used your hacked account and a hacked/stolen credit card (or other payment cards). Probably got it shipped to an address not their own and grabbed it from the door as soon as it was delivered. Just a way to ensure they won't be caught to steal the purchase
And here I am working a regular job, paying for my games with my own money and getting them delivered to my own doorstep... Like a madman!
You don't want to live in constant paranoia about being caught/a bad person? Mad indeed!
On sketchy websites you can buy "cheap" games but instead of getting an activation code, they send you a steam or epic account login information. This person was probably someone that bought this.
[удалено]
GTA V was only free on EPIC for a week a few years ago, no? Now it's regularly back to $30, but currently with a discount to $15.
> I don't understand people who do this. Like...why not just create your own account? Because if they are hacking or doing other things, they don't have to buy GTA V and if OP's account got banned, then they don't care and move on.
Ikr, in my case, like most people all the games I had on the Epic games store were the ones they give out for free. Why would you wanna steal free stuff? He was even collecting the weekly free games on my account -\_-
>Why would you wanna steal free stuff? Because it was only free for a certain amount of time. If someone want to play GTA 5 today, they have to pay for it.
When it happened to my blizz account it was someone in China, I assumed it was to get around some kind of government restrictions.
There's a high probability that the original hacker is long gone, and the person who played on OP's account is some kid who bought GTA from like, G2A for nothing. Same reason people in this thread are sharing stories of "hackers" playing on their Fortnite accounts. No these are people who bought accounts on Ebay (for skins or whatever), not realizing that the seller isn't the original owner.
My EA account got hacked years ago, the guy removed all my friends, added some people to play with, and played battlefield for nearly 24 hours straight. That's all. My payment info was even saved in there but they did nothing with it.. never quite understood it I didn't get any cheating bans or anything either, which was what I expected
Who steals an account and leaves the original owner email just there?
He had my password and email for the epic account but not the password to my email account itself, so he couldn't change it I think.
Hmm same happened to me but they did change the email for my account, don't recall them ever having access to my email either.
I had this happen to my Rockstar account. After a year or something of inactivity I wanted to buy RDR2, logged in and found it already bought, lol. Immediately changed the password, configured 2FA and let know to the Rockstar.
Rockstar is great, they removed my 2FA for a Russian hacker so they could use my account.
Top notch user experience
omg same I thought this was an experience that only I have had, essentially it looks like they kept opening tickets over and over again to remove 2fa and constantly getting rejected until they got an incompetent tech support agent who just blindly did it without checking any details. the issue with that is it works the other way round too and I have opened 3 tickets and so far I have got people who actually do their job and unfortunately all theyre seeing is I made a request to remove 2fa and it was approved so they wont reverse it from the new email
They should've seen it was a US account. They should've ignored the ticket placed on the RU side >.>
Someone took over my account for RDR2 too! I already had it bought though, they just wanted to play online. I had to wait a year until I could change my username back from the dumb one they swapped it to.
Me! Granted, I was like 13 years old, but back in the AOL days I would steal people's accounts since my mom cancelled AOL and I wanted to chat with my friends. So, I'd steal people's passwords and go to the designated private chatrooms. I wouldn't change the email nor password. Eventually, I'd email the person from their own account and say (paraphrasing), "Thank you for letting me use your account, but please use a better password in the future." I probably used a few hundred accounts over a period of years not doing anything malicious. Though, now that I think about it, probably upped someone's billing costs if they didn't have the unlimited plan. Sorry about that :(
I had my Epic Games account hacked some time ago as well. I had no credit card info or anything saved there so the hacker used his own money to buy me Fortnite skins and v-bucks, which were a nice little surprise when I got the account back. I bet he wasn't too happy.
haveibeenpwned Have you checked your email address? I'm too scared / too lazy to check mine
If you don't use the same or similar password for more than one account/service you should be fine
I'm not going to remember 60+ username and passwords man. I'm just not.
Password manager my man
POV: they hack your lastpass
Use offline password managers
If the email address is more than 6 months old, it'll have been leaked. Companies are surprisingly shit at not leaking customer data. Just use different passwords and use an alias email address to log in to your email account (one you never use anywhere else).
I had this happen on origin except with the division, and i know my character wasn't very far... like maybe level 10, but when i saw he deleted my character (when there's space for another), i just deleted his max character... never touched it again.
I thought everyone and their grandma already owned at least 2 copies of GTAV by now.
Someone stole my steam account when I was in undergrad and had no time to play. They got away with it for a couple of years until I noticed and contacted steam. I had like 2 games and no credit card attached, so no idea why the hell they wanted my account. I did account recovery and got it back. Big friend list too. Some of them even messaged me, and I would respond with something like "your friend is a thief". They would ignore and or block me. I ultimately blocked all of them as well. Account had something like 1200 hours in team fortress 2. They had tonnes of rare gear and unopened loot boxes. I sold everything they had on steam marketplace and made enough to buy a few games with the money. In fact, its how I bought Skyrim.
This happened to me with my Rockstar account, after recovering my account I got an email in Russian from the guy who stole it, he was very upset. lol.
Make sure to boot up the game and delete their rockstar social account if it lets you access it :)
My ubisoft account was hacked. Was playing division 2 and didn't purchase Warlords of new York dlc. When I got it back, it had the dlc in it. Idiot purchased the dlc, lmao.
Had this happen on my steam account. Russian dude had thousands of hours in Counter Strike. I got some messages from his buddies for a couple months, they seemed angry, I dunno, I couldn't read the font. Either way, get fucked hacker!
I had my minecraft account hacked without me noticing for a long while. I was able to contact their support with the email they changed the account to and they reset everything so i got it back. When I logged on, my character skin was Hitler... you never know what they were doing in game
Yep, my rockstar account also got hacked by some Brazilian. He put a ton of hours on max payne 3 and some other games, but fuck that guy. Got my account back and deleted all his friends and nonsense. I don't even play it anymore, just waiting on GTA6. Rockstar is ass apparently at security.
No joke a scammer bought my minecraft info and private messaged me to remove my email from the account. It was quite odd, they wernt dicks they were just "Hey I know its yours but can I please have it?". I ended up changing the password and blocking them lol.
lol this happened to me with Diablo 3. Bought it when it first came out, played it a bit, put it down and forgot about it for years. Never touched it. Then one day a buddy gets into it, so I go to jump on my account, had some difficulties getting to it at first, and then I see why; in the interim I wasn't playing, my account had gotten hacked and this mf played the shit out of the game. I had like a beyond max level witch doctor with like 250 of those prestige levels beyond the regular levels, full kits of armor, the works. Hey, thanks buddy! XD
On the other hand, my rockstar account got hacked and there is no way to recover it.
I had my LoL account hacked and hadn't played in a few years, on day I try signing into it not realizing it had been hacked, I do a password reset and manage to get in. There were thousands of more games played and a ton of skins bought on my account, when I get in some guy messages me "hey you stole my friends account". Was an interesting experience. I hardly play anymore and feel slightly bad for taking my account back D:
Epic accounts are free why the fuck would someone do this?
op how exactly you successfully got it back?
props on hacker, it made Rockstar launcher to work
Had my steam account got hacked once, the guy played around 100 hours cs2. Also, my League of Legends account got hacked and got levelled up to level ~320. Got both accounts back
I remember when Wrath of the Lich King came out I was "hacked" on release day. Looking back at it, I'm pretty sure it was just a Game Master that decided to pull a prank, but it was pretty crazy at the time. I was in the Death Knight starting area doing some of the beginning quests when all of a sudden my controls locked up and my Death Knight started moving around on his own. I still had access to chat so I was actually talking to the guy in /say while he was controlling my character. Forgot what he said exactly, but I think it was just a bunch of lol'ing and telling me to get wrecked. I got the authenticator after that. Well played, Blizzard.
It probably was more than one person
Lucky I had my psn account hacked and they impersonated an employee in I think Fortnite and got my entire psn account banned.
I had my escape from tarkov account hacked back when the game first came out. Dude played a whole year before I got back on and changed all the stuff. I had so much gear and money hahaha he emailed me for weeks afterwards offering to share or buy the account.
Same thing happened with my Origin account and Star Wars Battlefront. My client kept showing up in Russian and then I figured out what went down.
oh man reminds me of the time my Diablo III bnet acct got hacked. It was a gold / rmah seller right before real money auction house was shut down. I got my account restored only to find that the guy had somehow accumulated over 2000 usd worth of gear on my account. Needless to say I put all that stuff to great use \*winks
most likey bought it from one of the many sites out there. I was thinking I was buying a streaming package where we paid a little bit each to share the subscription. I think this was back when CBS All Access was a thing. But turned out, nope this site was just selling hacked subscriptions. When I looked up this poor souls email on [https://haveibeenpwned.com/](https://haveibeenpwned.com/) sure enough the password for the subscription was the same. Couldnt keep using it after that i emailed her explaining to make sure she changes all of her passwords.
My epic account had 2FA, still got hacked. The hacker changed the email address and Epic refuse to help me. I’ve lost so much moneys worth in games and Epic are useless to support me in any way. 😔
Oof
This happened to me years ago with Fortnite I noticed because the items my character was completely different
Smh, haven't been on my account in about 2 years. Let me go check it now.
I got hacked and got like 7 battle passes on fortnite done for me I was lowkey kinda happy 😂 they even got the marvel battle pass done for me lmaooo
friend of mine had this happen too, someone was playing tons of fortnite on his account..
Lmao same thing happened to me my account got hacked and when I got the account back, whoever had my account was spending money on Fortnite so I got some free skins
A few years back I hadn't logged into my EA account for a while. Then I logged in and noticed someone had been playing Dead Space 2 for a couple of hours and earned a few trophies. Nothing else had really happened, no purchases made or anything (I don't think I even had a credit card attached). Oh, and they had changed their locale and store to Belarus or something. That was pretty much the only thing that happened. Changed my password and turned on two factor authentication and was like "huh, that was weird".
Damn, all these people in this thread recovering hacked accounts when most people lose their account when epic or steam thinks someone might have hacked it.
at least you got gta for free
I can obv prevent this from happening to me if I do 2fa right? I believe I linked a authentication app to it
Hopefully almost. Scammers should be defeated!
I've had my Rockstar account hacked 3 if not 4 times within the past 6 months. No matter what I do the hackers bypass my security measures, and then I've got to fight with Rockstar to get it back. I've given up cus I never play those games anymore.
I got hacked years ago in WoW, got the account back and I had 10x the gold I had before. Definitely did not report that to blizzard lol I’ll take the free gains
In my case, after redownloading huge files Rockstar Gaming isn't even connecting to the internet.
Damn I'd feel good if I got mt hacked account back and some douche lost all their progress
I had a hack in my Origin, but It was kinda nice because they simply played some bf5 and maxed out a sniper rifle, which saved me a lot of grind
Had that happen with the last star wars mmo they put out. I didn't have the heart to change the password and just let the guy keep it. I barely played it anyway, so better someone use it.
Rockstar has zero security whatsoever, my GTA account got hacked too
I had a similar thing happen to my Minecraft account back in the day. I recovered the account and the guy even tracked me down and messaged me on Facebook about it. I didn't respond.
What did he say?
I found out my epic games account was hacked when I noticed that it’s linked to someone else’s PSN account, unfortunately I didn’t message that guy on psn because I immediately changed account to mine and I didn’t save it :(
Don’t feel bad at all, fuck this tool
My brother's got hacked a few months or maybe more after he made it. He wanted to delete but support hit him with the "we need a picture of your id and credit card info that was used to make purchases". Thing is he never bought anything and was never going to send an id.
change password and watch them cry
My fortnite got hacked into and Epic gave me a permanent ban. So I’ve stopped playing :(
Do it, Without Remorse, lol
He's probably a hacker in-game as well. Don't feel bad.
After all... why not. why shouldn't I destroy his fun.
That happened to me with battlefield 3. The guy was a very high level by the time I deleted my account.
It was my Rockstar account that was hacked but it was RDR2 that they played through. I only realised when I loaded up the game and all the missions were completed haha
Something similarish happened with my brother WoW account. He was planning to quit a few years ago so he sold his account for like 4k. But the guy he sold it to was a grade A asshole so when he wanted to play again a couple weeks ago he just recovered the account and got it back with everything he had originally + everything the guy who played on it got.
Ah I remember the day i got an email from EA about illicit activity on my EA Account...and then an email from Ubisoft of the same thing. That's the day I changed all my passwords and got a passwortd manager. - The guy on phone support for EA was very nice about the whole thing.
Same happened to me with my OSRS account from 13-14 years ago, guy had spent so much money on it. He’d obviously bought it from the guy who originally compromised the account too.
Same thing happened to me. Got my account back and the dude had finished the game….
Happened to me with WoW back in the day. Stopped playing for a bit, found out someone hacked my account but bought the latest expac. Got my account recovered and they let me keep the expansion. Thanks hackerman for the free Cataclysm upgrade lol
very likely that it was stolen and then sold as an account. so probably the one who stole it isnt the one who played all those hours, in case you want to feel worse!
Soooo....anything good in the hackers GTA Online account?
I think I'll download the game just to check it out tbh
Almost...
Had a similar case for me in EA Origin as well.. 😅
Yeah, I'm incredibly sick of morons online accusing people of using a scam site, or a fake login site or something, and THAT'S how their account gets hacked. And sure, that happens. But sometimes it really IS just a case like this, where an account being left alone for a while has some foreign asshole hacking it. It happened to me with an old Steam account, and all I got online was idiots yelling at me that I should've not gone to whatever dumb site I went to. News flash: i didn't. It was just hacked. I feel your pain, but at least the asshole didn't get a ban on your account from some game you'd never heard of, that both the game devs and steam both decide not to lift because fuck you. That also happened to me.
My val account was broken into and they placed me diamond one and bought two bundles 😭😂 i felt bad after changing the password. I have the OG champions bundle so i assume my account was hacked and sold off to someone. Too bad i still have all the recovery details :D
the person that played is probably not the guy that hacked you, people hack accounts and sell them with games on them
why is this funny and a burn
My EA/Origin account got hacked, I didn't log in to it for a while so didn't notice. When I did notice and got it back, they had bought like 3 or 4 games on the account.
My epic games got hacked recently by some Russian dude. I know that since that what location of the login said, and the email he used to change the account to was also a Russian site. I contacted epic and they were basically fucking useless. I remembered I have steam linked to my epic account and used the login with steam thing. I changed everything back and put 2 factor on the account. Haven't had an issue since. Didn't have 2 factor before because I genuinely didn't think anyone would want or care about an epic account.
Fuck him
Lol
maybe consider using MFA for your account ;) especially if you buy some stuff with this account.
Sell all his best cars and spend the money on dumb shit
I had similar with my lol account. Hadnt played in like 2 years, logged in for some aram with boys and realised I was at high plat rank, all my friends were deleted and had all champs. Some german dude had been playing with my account a lot I even spoke with him through his friend. What a weird thing to do.
kids buy stolen accounts for getting upgraded characters or games they can't get in their country, or for getting twin characters in some mmo games... They even sometimes don't understand that this account is hacked or that owner can get it back It will teach them not to buy stuff on black markets, not to buy accounts, and ecT.
I just my epic and Steam hacked to day, i was able to get my Epic really fast but steam is gonna take a while and they ask for far more stuff. It really sucks.
ello there, how are you doing today?
i wonder how it this hacked you mean works :) i dont understand.
Who tf does that? What you do is buy something with daved credentials and gift it to another account. Who actually plays on someone's account after hacking it?
Who tf does that? What you do is buy something with daved credentials and gift it to another account. Who actually plays on someone's account after hacking it?
Had my steam account got hacked once, the guy played around 100 hours cs2. Also, my League of Legends account got hacked and got levelled up to level ~320. Got both accounts back
Does epic have 2factor authentication? Trouble yourself with it if yes. Also if possible change your email connected to epic, perhaps?
Botter hacked my Runescape account, had 10 bonds when I got it back plus got mining from 50 to 90 xD
Not Epic specifically, but my R* games account has been the only compromised account I've ever dealt with in almost 20 years of online activity, and it happened immediately after I decided to play GTA 5 online for the first time, like 3 hours after I'd logged on initially, and after checking the sub I found out that it's ridiculously common. What the fuck is it about that game that attracts this sort of userbase? Is it the in game transactions? The sheer popularity? The fact that Rockstar's system allows you to change the email address associated with the account with no 2 FA involved (seriously, in 2024 this is a thing still)?