Jump to content

AOL/AIM account security


ixfd64
 Share

Recommended Posts

Last December, someone cracked into my AIM account (which I rarely use these days) in an attempt to steal my RuneScape account. I had linked my AIM account to my Facebook account, and the person was asking my Facebook friends questions about me in order to guess my recovery answers. Luckily, I was able to recover my AIM account and lock the "hacker" out before he was able to do more damage.

 

But about two weeks ago, my AIM account was cracked again. I could tell it was the same guy because he changed my real name to "D. Willis" (under the AOL account settings) both times. The strange thing is that my AOL account log shows that my password and recovery answer were "modified" (and not "reset"), meaning that the person knew what they were. This is very strange because my password and recovery answer were designed to be extremely hard to guess. Normally the only way to find them out would be to use a keylogger, but I don't think I have one on my computer because 1) I did several virus scans, and all came back clean, 2) I could find no unusual processes running on my computer, and 3) if the person did put a keylogger on my computer, he would have just accessed my RuneScape directly instead of going through all that trouble.

 

So my question is: how else was the "hacker" able to find them out? Sure, it's theoretically possible that he actually hacked into the AOL servers and brute-forced the hashes, but I doubt real hackers in the league of Anonymous/LulzSec/etc. would be interested in someone's online game account.

 

Edit: I'm aware that someone did hack into AOL and do a partial database dump a couple of months ago, but the last time I changed my password and recovery question before the "hacker" got ahold of them was after the dump happened.

ixfd64.png

 

ARENAscape:

 

Baratus [AS] max hit: 166 with Moon Battle Hammer

ixfd64 [AS] max hit: 116 with (untitled spell #2)

Link to comment
Share on other sites

What I would do is unlink your facebook and rs accounts from that AIM account for added security and link it to another account/new AIM account. I would keep that old AIM account for security purposes, but it would make it harder for that person to get your information.

 

As for how he's able to get into the account, is your password longer than 8 Characters? There are ways, but I'm not familiar with them, except for the passwords shorter than 8 Characters in Windows.

Link to comment
Share on other sites

My password was 14 characters long, so I highly doubt it was brute-forced. Not to mention that it would have had to be done over an Internet connection, which is much slower than, say, brute-forcing a hash.

ixfd64.png

 

ARENAscape:

 

Baratus [AS] max hit: 166 with Moon Battle Hammer

ixfd64 [AS] max hit: 116 with (untitled spell #2)

Link to comment
Share on other sites

Consider activating 2-step verification on Facebook as well. That would help prevent malicious access,

612d9da508.png

Mercifull.png

Mercifull <3 Suzi

"We don't want players to be able to buy their way to success in RuneScape. If we let players start doing this, it devalues RuneScape for others. We feel your status in real-life shouldn't affect your ability to be successful in RuneScape" Jagex 01/04/01 - 02/03/12

Link to comment
Share on other sites

Well I know how easy it is to get the password hashes for the Windows passwords, that's why I was suggesting the 8 character lenght, but if it was 14 characters long, then it's very unlikely that it was the method they used.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.