TL;DR:
Due to recent events we are implementing poor mans 2 factor authentication: whenever a new ip / computer logs into your account with the correct username / password you will receive an email to grant access to this ip / computer and the launcher will show you an error message telling you to check your email to verify the access. Also changing your email address on the forum will from now on only be possible via contacting staff as being able to change your email would render this entirely pointless.
Over the last 3 days around 60 accounts where accessed by a few ips / computers transfering gold to other accounts (target accounts also among those 60 / also a victim) and / or deleting characters.
The incident is quite interesting and no clear source / commonality between the accounts can be found. The attack needed between 1 and 4 attempts until successful login but also had lots of accounts where it was attempted 4 times and then moved on without success. The small number + failures to access accounts points to there not being a breach but it also points to it not being a brute force attack as many of the 60 accounts were accessed on the first or second attempt. The current running theory is some phishing attempt via a fake launcher / loki / moras / radar / whatever but no evidence for that has been found yet.
In order to protect the accounts we will implement a form of 2 factor authentication, whenever a new ip / computer logs into your account with the correct username / password you will receive an email to grant access to this ip / computer and the launcher will show you an error message telling you to check your email to verify the access. This is obviously an inconvenience to many, especially when it comes to sharing accounts, but on the other hand this is volunteer work and dealing with potential "hacked accounts" is rather time consuming and therefore this is mandatory and not opt in / out.
Since our forum software values convenience over security when it comes to email changes we are going to disable this feature for users, if you want to change your email you have to contact the staff. In case people are curious what the forum does / would do with it enabled when the attacker changes your email: it just changes your email to the newly provided one, deactivates your account and sends an activation email to the new one: if someone has your username / password it would just be able to change the email and thereby render this email access granting scheme pointless.
For now whenever the authentication server restarts (for whatever reason) it will forget all access grants, currently it only needs restarts in case of updates which can be expected weeklyish but now, shortly after this new feature there might be a couple restarts needed in the next day or two to get it right.
As for the 60 affected accounts, we'll try to resolve that over the next few days, please bear with us here, while gold transfers are easy to follow and deletions can easily be reverted anything affecting items is a mess.
Due to recent events we are implementing poor mans 2 factor authentication: whenever a new ip / computer logs into your account with the correct username / password you will receive an email to grant access to this ip / computer and the launcher will show you an error message telling you to check your email to verify the access. Also changing your email address on the forum will from now on only be possible via contacting staff as being able to change your email would render this entirely pointless.
Over the last 3 days around 60 accounts where accessed by a few ips / computers transfering gold to other accounts (target accounts also among those 60 / also a victim) and / or deleting characters.
The incident is quite interesting and no clear source / commonality between the accounts can be found. The attack needed between 1 and 4 attempts until successful login but also had lots of accounts where it was attempted 4 times and then moved on without success. The small number + failures to access accounts points to there not being a breach but it also points to it not being a brute force attack as many of the 60 accounts were accessed on the first or second attempt. The current running theory is some phishing attempt via a fake launcher / loki / moras / radar / whatever but no evidence for that has been found yet.
In order to protect the accounts we will implement a form of 2 factor authentication, whenever a new ip / computer logs into your account with the correct username / password you will receive an email to grant access to this ip / computer and the launcher will show you an error message telling you to check your email to verify the access. This is obviously an inconvenience to many, especially when it comes to sharing accounts, but on the other hand this is volunteer work and dealing with potential "hacked accounts" is rather time consuming and therefore this is mandatory and not opt in / out.
Since our forum software values convenience over security when it comes to email changes we are going to disable this feature for users, if you want to change your email you have to contact the staff. In case people are curious what the forum does / would do with it enabled when the attacker changes your email: it just changes your email to the newly provided one, deactivates your account and sends an activation email to the new one: if someone has your username / password it would just be able to change the email and thereby render this email access granting scheme pointless.
For now whenever the authentication server restarts (for whatever reason) it will forget all access grants, currently it only needs restarts in case of updates which can be expected weeklyish but now, shortly after this new feature there might be a couple restarts needed in the next day or two to get it right.
As for the 60 affected accounts, we'll try to resolve that over the next few days, please bear with us here, while gold transfers are easy to follow and deletions can easily be reverted anything affecting items is a mess.