I think my account has been hacked

I tried to log in this morning, but got a message saying my password was not recognized - I tried a couple more times, then went to change my password, but was unable to do so.

Can a hacker change the account name, preventing you from doing anything?

How do I contact Portalarium to take care of the problem?

Thanx,

Dennis

 

Support@portalarium.com

 

It may have been due to the server being down this morning (at least it was for me). But... contact Port to be on the safe side.

 

If you were able to log into the forum or your account page on the website, then a down server may have been the culprit, as all three use the same credentials.

 

How did you log in to post this message? If you were hacked they would just change the password or delete the account. I don't think an account name can be changed. Regardless, you can log in now. If it makes you more comfortable, you should be able to change your password now that you can log in.

 

After logging in once you stay logged in to the forum for several days. Although the game, website and forum share credentials they have different session management.

 

For security reasons, even if you are 'logged in' for several days, it should still be double-checking your security token validity against a backend server for every interaction. Password changes should kill/expire the token.

 

Please do contact us right away and we will help you here! Thanks everyone for responding and sharing the support link.

 

That's only if you tell your browser to auto-log you I believe. I don't stay logged into anything. I don't have passwords saved or do the whole auto-log thing. However, this wasn't the case for the OP:

Yeah, I had to cut off the Steam Guard thing. Because of how I have my security set up on my PC it thinks I'm using a different computer/browser configuration every time and is constantly sending me to email to get a code to log back in.(endless loop) Just easier to cut it off! LOL

 

odd, just now i couldn't authenticate via steam - even though i did confirm i was in with steam by bouncing out and back into the service a few times. - i then saw that the steam client was asking me to re-validate my email address. once i did that and waited ten minutes, i was fine. so...not a sota issue for me.

 

Also make sure caps lock wasn't on, yeah yeah yeah, I know you probably checked, but it happened to me earlier

 

Actually,I've had the same thing happen to me on steam numerous times ..once i retry once or twice,it eventually logs me in. this only started happening since the latest release and only after launching sota.

 

Simple suggestion for everyone, not as bad as going to the dentist.... I know many people are like, "Oh <insert word choice>! Is my account safe?"

1) Don't be stupid and use the same password in more than one place.
2) Use 16 characters of complete and utter garbage random characters/numbers/symbols as passwords.
3) Use Lastpass or 1Password, seriously these services are the bomb and they completely remove the problem with making and especially using "great" passwords that have no meaning. They also make it much harder for spyware to grab your passwords. If you aren't using these, you are making a grave mistake in judgement that will someday cost you dearly.
4) Use the steam login for SOTA (with secondary authentication), especially since SOTA does not offer it.

Anyone that thinks the password they invented in their head is good enough is a fool. Hackers keep databases and can reverse crack nearly 100% of passwords less than 9 characters in seconds.

If you think I am blowing steam, try this search and be very afraid.

 

if this happens multiple times for me i'll file a bug report.. until then i just can't justify one myself, because it could be chalked up to it 'just being that time' for steam to do it sthing...but if it happens again anytime soon, i'm sure it has to do with some faulty wiring between steam and sota.

thanks for the heads-up

keepass is also very nice, and for those that need to be even more secure, the database is local and portable, so nothing is 'on the cloud', and the app itself is open source. it also has an option to save macros of sorts. i constantly have to write some fairly long BASH or powershell commands (just short enough to not be called scripts lol), and this will save them for ease of use for ya, too. that alone is VERY useful for any administrative duties.



i also have experience with lastpass. very user friendly, and easy as pie to use in linux (firefox addon), android, windows, and mac. as long as you have 'net access you will be fine.

 

No, it isn't. You login through the Wordpress based main site, this also logs you into the forum. The forum log on survives a browser restart, the Wordpress logon doesn't.

It's very rare for any federated identity or SSO system to work that way, the authentication is usually done once and then the app or site maintains the session after that. It's possible to still have an active session on the forum but not the main site, which is why posting on the forum isn't evidence that your logon to the main site or the game is currently working.

 

Yes, that's what I was saying. I was just trying to keep it general. Regardless of who approved the initial authentication, the individual applications create their own token and should be checking the veracity of that token when it is given back to them by the client. They would check against server-side data to make sure that their session is valid and hasn't been expired for any reason.

 

That's odd. If I'm auto-logged for days at a time, why do I have to input my account name and password every time I open the forum webpage? If they are tracking my logins already, I could save time if I didn't have to type in name/pw every time.

 

Do you open directly to the forums, or do you go through the website?

 

I log directly into forums...not from main page. I was just making the point that not everyone lets their browsers auto-log them into sites. Auto logging is dependent upon cookies/cache saving log-in info, unless something has entirely changed with regards to my understanding of how things work. I'm not up on my tech like I used to be, so maybe I am missing something.