Warning about graalians.com
 

It seems that several accounts were hacked by user "Velox Cruentus", so people were losing items on Kingdoms and eventually on other servers. It seems he was using graalians.com to get the emails and passwords of people (people often use similar passwords for their email account). It is recommended to change the password of your email account and your graal account, or any other service where the password is the same like on graalians.com.
Here is the list of Graal accounts which seem to be hacked, although it can be more:
(all account names with first login time and last login time)

NPC Code:

---

Ithica1          | 2005-10-25 09:36:43 | 2005-11-03 05:43:16

atomask          | 2005-10-21 10:40:22 | 2005-11-05 17:38:01

raiden0899       | 2005-10-21 10:35:59 | 2005-10-22 19:13:46

Magadal          | 2005-10-21 10:36:19 | 2005-11-05 17:37:16

Sage_Shadowbane  | 2005-10-21 10:38:13 | 2005-11-05 17:40:41

Nitkizi          | 2005-10-21 10:38:42 | 2005-10-23 12:07:30

Genesis          | 2005-10-21 10:40:00 | 2005-11-05 17:40:11

criter           | 2005-10-21 10:41:06 | 2005-10-22 19:10:29

LadyDarkwolf     | 2005-10-22 19:51:39 | 2005-10-23 03:16:32

corny20          | 2005-10-22 20:45:57 | 2005-10-22 20:45:57

8balla           | 2005-10-22 20:46:11 | 2005-10-22 20:46:11

chickenfriedcake | 2005-10-22 20:46:25 | 2005-10-22 20:46:25

Drumguy1         | 2005-10-22 20:46:53 | 2005-10-22 20:46:53

gm2000           | 2005-10-22 20:47:03 | 2005-10-25 22:04:02

powerash         | 2005-10-22 20:47:15 | 2005-10-22 20:47:15

StalePhish96     | 2005-10-22 20:47:29 | 2005-10-22 20:47:29

sukuru1          | 2005-10-22 20:47:40 | 2005-10-22 20:47:40

TigerCub1992     | 2005-10-22 20:47:50 | 2005-10-22 20:47:50

ericku           | 2005-10-22 20:48:02 | 2005-10-22 20:48:02

HINKLE           | 2005-10-22 20:48:15 | 2005-10-22 20:48:15

GeforceIX        | 2005-10-22 20:48:29 | 2005-10-22 20:48:29

Gene_Starlet     | 2005-10-22 20:48:43 | 2005-10-22 20:48:43

imawesome999     | 2005-10-27 18:31:53 | 2005-10-27 18:31:53

scoobsonwhat     | 2005-10-28 19:44:51 | 2005-10-28 19:44:51

Draenin          | 2005-10-28 14:03:51 | 2005-11-04 10:24:09

sage_scooby      | 2005-10-28 19:45:05 | 2005-10-28 21:49:33

Riven2           | 2005-10-29 02:17:32 | 2005-10-29 07:10:13

XenticKnoble     | 2005-10-29 03:19:38 | 2005-10-29 03:19:38

Jamilla          | 2005-10-30 05:38:56 | 2005-10-31 05:20:50

LilNiglet        | 2005-10-31 16:44:51 | 2005-11-05 17:38:50

Lylic            | 2005-11-02 13:48:35 | 2005-11-03 18:03:21

Tuoni            | 2005-11-03 01:29:07 | 2005-11-03 01:29:07

Spazzykins       | 2005-11-03 01:35:36 | 2005-11-03 01:35:36

Chett            | 2005-11-03 01:38:20 | 2005-11-03 01:38:20

Shabangizzle     | 2005-11-05 01:18:49 | 2005-11-05 01:18:49

Cassy            | 2005-11-05 04:29:10 | 2005-11-07 10:16:34

Aflack3          | 2005-11-05 17:35:46 | 2005-11-05 17:35:46

Riland           | 2005-11-05 17:36:35 | 2005-11-05 17:36:35

smashatakk       | 2005-11-05 17:37:00 | 2005-11-05 17:37:00

OrigitalTrial    | 2005-11-06 21:25:01 | 2005-11-06 21:25:01

Hypo182          | 2005-11-07 05:32:17 | 2005-11-07 05:32:17

---

...

Wow. A lot of players on the list have access to major playerworlds.

Change e-mails and passwords quick!

Now I never would've expected that from Velox, quite sad, actually.

Nor I. I must admit, I'm disappointed.

Wow... x_x

And PWAs!!111.

I agree completely, I was JUST talking to him on AIM while he was at school... He told me he was being framed, but the evidence is overwhelming...

What evidence is there?

The thing is, why'd he save the passwords in plain text if not for using them himself?

Funny, when you sign up with the site, you get this message.

Please do not forget your password as it has been encrypted in our database and we cannot retrieve it for you.

...wow.
Didn't see this coming.

What are you, an idiot? There's paypal logs of him stealing money, Stefan shows logs, what more do we need?

:eek: Woah, Freaky.

I wouldn't class that as a log, it shows someone logging on there account and back off. That proves alot, idiot.

- IPs matching on most of those accounts, e.g. Draenin is using the same ip for several weeks, only one day the ip was different, and was matching the ip of the account Velox Cruentus; it was the day when he got reset and lost his items
- v4 computer id database, from which the above list was generated. The computer has been used around 300 times for Velox Cruentus, and 1-13 times for those accounts listed
- some items of hacked accounts have been found in his house on Graal Kingdoms
- paypal logs, money has been transferred to Velox Cruentus without the ok from the (real) owner, see the thread of Draenin on the Kingdoms forum

wow. That's real evidence Tig.
x-x. I'm ashamed.

Why did you know him in real life? For all you know he is some 45 year old guy who lives in his parents basement.

He's not.

I worked with him on Era. I hired him as a scripter, then I quit and gave manager to him. That's why I'm ashamed.

I've known him for years or so -.- I can't believe he did this. He's a great guy..

I've notified the Era players about this in an anouncement. Quite afew are from Era too. x-x

Kind of clever actually...
But still a shock.

Man... This is astounding. I knew I hadn't gotten up in the middle of the night and /reset myself. But still... Wow. That's a lot of accounts.

Yeah, you know, a few days ago I sold him 2 gold keys because he didn't have enough dias to buy any more. And then the day after he had 100 dias and bought five, and I was like "What the heck? How'd he get so many dias in a day?"

Maybe it wasn't his fault. I mean, there aren't any good independent Graalian sites, and he had made one. It seems the wonderful world of irony has taken our son.

I had a feeling that he knew the passwords because he was able to make everyone who had an account on graalians.com to have an account on his forums (with the same password).

I'm lucky I used a password that is not associated at all with my 'main' one.

Same.

He got the password to my spam gmail account, oh darn.

I am glad that we've gotten down to the bottom of this, or else there'd be more of a crisis than there already is. My best suggestion for now is to post warnings about it wherever possible. Some of the key administrators for a lot of servers are on there, and if they aren't warned, there could be major issues afoot.

That is entirely possible without knowing the password if both of the login thingy use the same password hashing. Magic of the internet!
(not saying that your feeling was not right, just that it could have been otherwise)

Also, anyone that has their password/E-mail set the same on graalians.com as they do on their actual Graal account should change it. Just because these are the only accounts that have been hacked doesn't mean that he doesn't have more that he can give out.

He hacked LadyDarkwolf's account. And Ithica1's. And Cassy's. :eek:

True, but that also makes it entirely possible for him to get the passwords. Especially since his main site is custom made.


Yikes

Wow. Mos def not a gr8 thing to hear. I actually know one guy from that list. =[

Poor Cassy. :frown:

He's breaking one of the 3 CMU act. Is CJ going to be taking legal actions?

I don't think CJ can.
He didn't actually "hack" anything.

He broke:
Unauthorised access with intent to commit or facilitate commission of further offences
This builds on the previous offence. The key here is the addition of ‘intent to commit...further offences’. It therefore includes guessing or stealing a password, and using that to access, say another person’s on-line bank account and transferring their money to another account. For this offence the penalty is up to five years’ imprisonment and/or a fine.

I'm also sorry to hear you were taken advantage of like this, but i have to wonder, after reading about how this happened where did the common sense you people had go for the few minutes you took signing up for this website?

That's all that confuses me, you are all really great people and don't deserve to lose anything, but the common sense that you SHOULD use a different password for safety reasons seems to have taken a vacation at that time for those listed. x_x

One could almost argue that it was the player's fault. x_x

We're all not aware of the computer dangers Emily.
http://forums.graalonline.com/forums...ight=Graalians
Yesterday....all my troubles seemed so far away!