123456 is still the most used password, incredible as it may sound. It is something that I keep remembering and that my own Computer Systems Administration professors stressed, laughing, about the importance of creating a secure password, such as with alphanumeric characters, the use of different symbols and without following an easy pattern to follow. find out with the naked eye, wow.
In my case I use different mnemonic rules of the most elaborate that only I know, but there is nothing that guarantees 100% security. Not even with two-step authentication. And if not, let them tell our fellow SamaGame Mario Merinowski, who yesterday they hacked his account at Epic Games to later sell it on a Russian website for a paltry 3 euros.
Your password was changed successfully
Last night at 11 a.m. I received an email from @EpicGames that my password was changed successfully. I haven’t played anything on Epic for more than a month. pic.twitter.com/cd1cIBMv4v
– merinowski (@merinowski_) August 16, 2020
The first point that suggests that Epic Games still needs to improve its security, is that Mario received directly a notice to your email saying that his password had been changed correctly, without even giving him prior notice that someone from Russia had connected to access his own account.
Both on Google and on Steam or Netflix, to name three different services, every time I access from a computer that is not registered, I always get a notification to the email with the IP data and which city it belongs to (although this can be masked using a VPN, but that’s another matter), in case there is a access to our account without our permission in order to notify the company that provides this service immediately. It would be the ideal, of course.
However, as we say, this did not occur in Mario’s case, so he first asked his colleagues in a WhatsApp group if it was a general failure, since it is not the first time that there are problems with security and users are asked to change their password. The difference is that in this case, the password was changed directly without Mario’s consent, who made it clear that he had “more than a month without playing anything from Epic Games.” This smelled of scorch. And just a day later he received an email from a certain Barsuchiy Niktar.
When you discover the cake. You have to laugh
The mail was in Russian, Polish, Ukrainian … I don’t know. Some eastern language that I don’t know. So I thought: “? bah, typical email to catch passwords or that they donate an estate of $ 1,000,000 to me because the husband dies of cancer” pic.twitter.com/DxPVEqNnSI
– merinowski (@merinowski_) August 16, 2020
That person, who did not seem like the typical bot considering the name of his account and the domain of the registered mail, contacted Mario to demand the new password, surprised that he had bought it from a Russian page (epicgames.su, like explained in a later conversation) by the paltry amount of 259 rubles (2.99 euros) and without being able to access the account.
The reason? When Mario smelled the cake, after the notice of his colleagues, he entered the Epic Games website to give “I forgot my password” so that another could be generated and that it reached his own email, to change it later and activate the password again. two-step authentication. And we insist, it was already activated in the first instance.
Hence, this barsuchiy niktar, after having bought Mario’s account on a Russian website, could not access said account because he had a different password. And that is why he demanded Mario himself to tell him what the new password was because “he had just sold the account and it is unfair” that he could not play Fortnite with his new account, for something paid to have a hundred skins.
The conversation continued, Google Translator through, in an ironically civilized way, but between Mario’s disbelief at such a surreal situation, explaining to Barsuchiy Niktar that he had bought his account illegally, urging him to contact the aforementioned website Russian in case they returned the amount of your purchase. Because even barsuchiy niktar begged him to give him the password because he was “very fond” of said page. But not even with those, of course.
In the end everything was a scare for Mario, but it reminds us again of the need for security measures to be strengthened, even if we have two-step authentication activated. And no 123456, please.
