SC Account Lost/Hijacked :(

Slysi

Admiral
Aug 11, 2015
20
38
800
RSI Handle
Slysi
Update: The saga continues...

I've passed the security checks and the game support team have returned my ship and email address back to my account for me to do a password recovery.

Unfortunately I'm unable to do a password recovery because it looks like the sneaky &%*%&* who stole my account also activated 2 factor authentication on the account.

The recovery emails I'm receiving at the moment don't contain an authentication code so I'm still unable to take back control of my account.

I have just emailed the great guys and girls at game support to help me with this last issue regards the authentication code so hopefully I should have my account back soon :)
 

AstroSam

Barrista
Mar 8, 2016
5,884
19,636
1,525
RSI Handle
AstroSam
Damn, what a sneaky sleazy asshole that is :( Hopefully that you'll receive your account back finally.
 
  • Like
Reactions: marcsand2

mromutt

Duck Army
Staff member
Oct 14, 2014
6,631
25,704
3,035
RSI Handle
mromutt
Hey fellow testies its been a while ! :)

I was watching the Star Citizen live stream tonight and saw some new features in the game updates i thought id check out so i fired up the launcher and tried to sign in but got the following message:

Sign in failed: you many have entered the wrong credentials or the account does not exist, or has not been activated.

Hmm thats odd as I store my account details in Keepass so i know they are correct.

Lets try the RSI website, same issue cant sign in - same message.

Ok lets do the password recovery ... receive the email and it says theres no account associated with my email address - oh crap.

Check my yahoo email and sure enough recent activity shows a whole bunch of activity that wasn't me :(
Yahoo email password reset to very strong password.

Looks like my original account creation email and auth email have also been deleted.
Last email i have from RSI is "Chairman Returns" on the 23 Sept 2016

Luckily I do still have my original payment details as i did that through a separate email address.

Have sent an email detailing the above to [email protected]

Just wondering if you had any further advice.
Once you are all set back up make sure to turn on two factor authentication :)
 
  • Like
Reactions: marcsand2

mromutt

Duck Army
Staff member
Oct 14, 2014
6,631
25,704
3,035
RSI Handle
mromutt
Update: The saga continues...

I've passed the security checks and the game support team have returned my ship and email address back to my account for me to do a password recovery.

Unfortunately I'm unable to do a password recovery because it looks like the sneaky &%*%&* who stole my account also activated 2 factor authentication on the account.

The recovery emails I'm receiving at the moment don't contain an authentication code so I'm still unable to take back control of my account.

I have just emailed the great guys and girls at game support to help me with this last issue regards the authentication code so hopefully I should have my account back soon :)
oh poop :(
 
  • Like
Reactions: marcsand2

Slysi

Admiral
Aug 11, 2015
20
38
800
RSI Handle
Slysi
Once you are all set back up make sure to turn on two factor authentication :)
Most definitely !!
Once I get it back I will be changing it over to another email provider and activating 2 factor

Thanks
 

Slysi

Admiral
Aug 11, 2015
20
38
800
RSI Handle
Slysi
Final update: I have my account back ! :D

Support just removed the hijackers MFA and I'm back in ! :D

Everything's restored back to as it was and i'm so happy - RSI Game Support Rocks !

Email provider changed, RSI account associated with new email address, MFA on mobile activated - Account locked down tight :)

Many Thanks for your support and help along the way guys and girls !

Now to download and try out the the latest update :)
 

Havrek

Space Marshal
Sep 10, 2016
151
427
2,360
RSI Handle
Havrek
Glad to hear you have possession of your account again!

On another note isn't two factor authentication tied to a phone? The reason I bring this up is if the hacker pulls this with another account, CIG should be able to spot this scheme real quickly. Or if he has already tied other to his phone they should see them. Not an expert in it by any means.....just enough to be dangerous so to speak.
 
Last edited:

Slysi

Admiral
Aug 11, 2015
20
38
800
RSI Handle
Slysi
Looked like the the MFA can be tied to a phone or an email address when I did mine.

I didnt have MFA setup on my account before and it was the large yahoo hack/leak that caused me this trouble.
 

Cyril

Space Marshal
Donor
Feb 13, 2016
82
215
2,210
RSI Handle
Cyril
Glad to hear you have possession of your account again!

On another note isn't two factor authentication tied to a phone? The reason I bring this up is if the hacker pulls this with another account, CIG should be able to spot this scheme real quickly. Or if he has already tied other to his phone they should see them. Not an expert in it by any means.....just enough to be dangerous so to speak.
If you use their app maybe. if you use any of the other TOTP clients no. All that happens in setup is the shared secret is sent to the app you are using alone with some meta data like user name etc. The verification is just to use the OTP to verify there was no corruption of the key. If you wanted you could run your authentication code app on a completely offline device as long as the time is set correctly its just easier on a smart phone because everyone has one these days.
 

Speedkills

Admiral
Oct 4, 2016
123
467
800
RSI Handle
Speedkills
This is great to hear. I've had good experiences with CIG support, though I never had to deal with something as serious. I've always used an authenticator on any game that had it available - well worth the extra time to type in the code.
 
Forgot your password?