Since Zynga made all the good loot non-giftable, I've been feeling safe and haven't worried much about my account being hacked for the purposes of stealing loot. This changed when I found out that one of my mafia members recently had this happen to him. ADon Steve is one of the smarter members of my mafia and I know he follows all the security advice that is out there. It's ironic that ADon Steve has a very popular note written by David Reedy titled How to stop hackers from getting your account posted on his notes.
I asked him if he had any idea how it could have happened.
"I don't know how it happened. I had a message from Facebook asking me if I changed my password. My password wouldn't work for Facebook (or Gmail). I checked my inventory and saw a lot of my loot was missing. I don't know how they got my password. One thought is through all the tinyurls that we use for mystery bags."/ADon Steve
ADon Steve also stated that he did not have his Facebook Security Option enabled. This feature is annoying but necessary. Anytime somebody logs into your account from a computer you haven't registered, you will get a e-mail notification. For instructions on enabling this feature, see my article titled Facebook Security Option.The problem I have with this feature is whenever I restart my computer, it doesn't remember the computers I've registered. Every time I log into my account, I get an e-mail notification. I've gotten used to it but it would be nice to find a solution to this problem. I'm sure it has something to do with my browser settings in regards to history and cookies.
This feature may not save your loot but you will know that it's happening. The problem here is that using The Chucker requires one to unframe your Mafia Wars game. In an unframed state, access to your Mafia Wars account will not be shut off by losing access to your Facebook account. Currently a game will stay unframed for about 12 hours. Unless your hacker is worried about Zynga's TOS and opts not to use The Chucker, changing your Facebook and e-mail passwords won't stop him in his tracks. If you are aware your loot is being chucked somewhere by somebody other than you, it's possible that Customer Support could do something about it. This would only work if The Live Chat feature was available at the time.
Bossy Don of Top Mafia.Info recommends that if this happens to you that you should jump on The Chucker, set the delay to 2, and start chucking your crappy loot. If you and the hacker are chucking at the same time, the gifting will be too fast and this will stop all gifts from leaving your account.
ADon Steve reported his hacking incident to Zynga Customer Support and below are the Live Chat transcripts and E-mail messages. There isn't much that Zynga will do for ADon Steve because they say this type of thing is a Facebook issue. The incident has been reported to a "higher source" and ADon Steve is frustrated.
(Click images to enlarge)
Since Zynga told Adon Steve this was a Facebook issue and they couldn't do anything for him, he next went to Facebook. We all know Facebook doesn't have a Customer Support system like the one Zynga has. All ADon Steve could do was search the Facebook Help Center. He didn't find an answer specific to Mafia Wars but did find a FAQ about Stolen Zynga Poker Chips. The advice Facebook gives is to contact the developer of the application.
"Despite the unfortunate circumstance of the invasion of your personal social network account, it is, regrettably, not a Zynga issue. This is why Zynga always strongly advises their customers to never give out any of their personal information. Due to our Items Restoration Policy, we are unable to make any adjustments to your account." Response (Kirk H.)08/27/2010 06:50 PM
ReplyDeleteItems Restoration Policy? well, as long as its the policy i guess its ok then. lol.
------
I gave up when they asked for an alternate email. Just scratched my head and wondered what that would accomplish and thought that this is already far more trouble than it is worth. I would forget about it and then get another response and get mad all over again.
I would keep on trying.. thats a lot of look to loose. If you get it back- great if not at least you are making those jokers do some work.
ReplyDeleteYes Steve, keep trying! It may be a positive sign that they want a secondary e-mail. Maybe they need to verify you aren't the hacker trying to get even more loot. Anyways if you keep plugging, I can write a "Part 2" to this article!
ReplyDeleteSteve, I imagine they want you to change the FB registered email address from the one that was on there when it was hacked, and that English is not their first language. Sorry to hear about this, I'd be gutted too. I figure your password was strong one, right? In which case a brute force attack would not have had a chance. Same question for the email account that was registered to your FB account at the time? Would it have been possible for the hacker to discover your DOB? Bearing in mind he could've been a FB friend, or a contact or friend on some other social networking site you're on, etc?
ReplyDeleteat least medium password. 8 digits but there is some repetition. after reading the note about strong passwords which i had ironically reposted in my notes i removed my email from showing and removed my birthdate and everything. but i'm in the habit of putting fake dob since id thieves want it. Nobody knew that password. Nobody knows my bank pin number. its not written on a piece of paper taped under my desk or in my wallet. lol. my password isn't the name of my cat or something stupid. lol. i think the most likely is i got tricked by entering my password on a fake facebook login screen, but i'm so skeptical! i assume everything is a scam. i thought zlotto was a scam til i researched it. but anyway, i'm thinking it was a fake login page, brute force, or some kind of programming hack. but don't really know.
ReplyDeletealso, the reason i've been reluctant to push it to far is i fear too much scrutiny. i'm a little worried they might say, oh you used chucker?, say goodbye to your account. i was once banned from a site i loved for bitching too loudly. but if my account was closed, it would probably be the best thing for me as i waste to much time on mw! so thanks for the encouragement. i'm gonna keep pushing it. and i have been meaning to change my facebook email, because when i was a noobie i posted several addme pages. (so my email is still out there if that might have helped hacker). i still get a lot of random addme requests. i had heard by changing email the mass email lists i'm on won't touch me anymore.
They could have hacked your email account and used that to access your FB/MW account. Do not limit your suspicions on just FB.
ReplyDeleteFriend had valuable MW account and FB acount hacked and taken over by thief. Sent zynga screenshots, links, etc., lots of definitive proof of theft and they totally ignored it.
ReplyDeleteFacebook was even more useless.
Well I dont know how true it is about the poker chips not being returned....A friend of mine got his account hacked and zynga was able to track the hacker and also returned my friends poker chips within 24 hours....It was the first time that I would say that zynga was on top of it and helped my friend as one should be able to expect...In that instance they deserve an excellent rating, too bad its not that way all the time but maybe there is still hope yet....
ReplyDelete