ATTENTION TO ALL PLAYERS!
Recently we have a wave of account thefts happening in GUNROX. While I ban such accounts on timely manner, you must take precautions yourself.
Considering that all stolen accounts belong to children and I had no reports from serious mature people this comes to conclusion that these "hacks" are nothing but social engineering.
In other words - stop being naive in terms of your account security and stop trusting everyone you just met on the web
All people who's accounts were stolen were too naive in trusting to their online so-called friends and those "friends" stole their account easily by obtaining necessary information through conversation.
Here is the guide of what NOT TO DO in order to protect your account:
1. First and foremost - never tell your email/password to anyone
, ever, even if you are in the middle of the mega and urgently need to go - you might win that mega but loose your account. Don't tell them to moderators/admins too, moderators don't need it and will never ask your for it. If someone is asking you for email/password or any other personal detail telling he is moderator or admin or his friend - rest assured, that person is trying to scam you and steal your account.
2. Never tell your email
to other GUNROX players if you value your account security. When they know your email, they can just guess your password, especially if it's something simple like 123456. Here is the guide from Microsoft about how to create a strong password
3. Protect your email too.
If the malicious person can obtain your email, your GUNROX account is gone too, so even if your GUNROX account has password like "xFhg2Zy34h" and email password is 123456 you are in deep trouble too. If person have access to your email, he can then reset password to email and then using that password change the email associated with your account.
4. Don't add people from GUNROX to Facebook, Skype, other social networking sites
or change privacy settings so they won't see your personal info. Facebook, Skype, and other similar sites/services usually expose your personal information like your email and birthday and if so called "hacker" knows your account there or added there, it will be way easier to obtain your GUNROX password knowing your email and birthday.
5. Never enter your login/email/password anywhere except GUNROX game and forum.
Especially I am talking about so called "Free Enkord Cash" sites and "GUNROX hacks" sites. Don't be naive, those sites are nothing but scam and attempt to steal your account. There is no free cash or hacks and even if they appear, they are not lasting for a long time and people who are using it are banned quite soon. Don't get yourself in trouble trusting those sleazy guys. Are you seriously think they will be sharing their loopholes to obtain free cash to anyone, exposing their so-called free source of income?
Finally let's analyze how this "super hacker" stole the Killer_Man555 account. First of all he was added on skype to the actual owner. From skype he can see the birthday and email of the owner. That email was the same as in GUNROX account. Then he obtains access to the email account by guessing the password (it's not hard to guess by guessing programs if the password is not complicated, or he can 'recover' the email by answering the secret question - the answer to that question hacker might find out through conversation with account owner on skype). After he received access to email it becomes very easy - he uses GUNROX reset password feature by entering email and birthday and password is reset and sent to email to which he already has access. Then he uses that new password to change email and viola - account is stolen.
As you can see from the example above there is nothing extraordinary and does not require and special tech or "hacking" skills. It's nothing but manipulating people who are too naive and uneducated in terms of online security.
The scheme might be slightly different but the weak link is always the same - account owner was too naive and trusted the random person from the web.
So if you don't want to have your account stolen - DONT TRUST RANDOM PEOPLE.