So ive been trying to get through bvg about my account being hacked. the person changed the lock code in the settings, my two factor authentification, and my email associated with my account. they took multiple rare items. Anyone have a take on this , how this should be handled? Sure if anyone on the bvg support team was in my shoes they would be just as angry and upset. years and years of accumlating items coins tossed down the drain, not even to mention the amount of real currency spent on yoworld itself. TIA.

As an IT pro, I am fascinated at how someone was able to "hack" 2FA. I've never heard of anyone being able to do that without getting access to your phone. Lock codes could be compromised with a key logger or a screen capture, but it is just not possible to compromise 2FA without your participation.

Ken (126579776) wrote:As an IT pro, I am fascinated at how someone was able to "hack" 2FA. I've never heard of anyone being able to do that without getting access to your phone. Lock codes could be compromised with a key logger or a screen capture, but it is just not possible to compromise 2FA without your participation.

room mates, siblings, lovers -- all people that would have access to your phone ... unless u took it to the shower w/ you. ---- in my case grand children are always looking over my shoulder, at their age I'm no fool I know they watch and can pick up on my codes. it's not hard to watch over someones shoulder and pick up the info required

oXWOLFYXo OW (161021000) wrote:So ive been trying to get through bvg about my account being hacked. the person changed the lock code in the settings, my two factor authentification, and my email associated with my account. they took multiple rare items. Anyone have a take on this , how this should be handled? Sure if anyone on the bvg support team was in my shoes they would be just as angry and upset. years and years of accumlating items coins tossed down the drain, not even to mention the amount of real currency spent on yoworld itself. TIA.

Im sorry youre coping with this - dont let them sweep this away and if your facebook is affected that might be in your favor, they will help you gain control of your account. (my first facebook account that I shuttered years ago is not recoverable anymore - because of facebook. But i'm guessing you are active on this account? - but wanted to toss that out there so u know it can happen. And it not be hacked)

Beatrice (178761483) wrote:

Ken (126579776) wrote:As an IT pro, I am fascinated at how someone was able to "hack" 2FA. I've never heard of anyone being able to do that without getting access to your phone. Lock codes could be compromised with a key logger or a screen capture, but it is just not possible to compromise 2FA without your participation.

room mates, siblings, lovers -- all people that would have access to your phone ... unless u took it to the shower w/ you. ---- in my case grand children are always looking over my shoulder, at their age I'm no fool I know they watch and can pick up on my codes. it's not hard to watch over someones shoulder and pick up the info required

When I figured out it was someone living in my house, they'll wish they weren't living there when I'm done with them. And they most likely won't be afterwards.

This reminds me about my rule about borrowing my yo stuff - if I can get my hands around your neck, you can borrow anything. Otherwise - no. LOL

Malibu Ken (126579776) wrote:

Beatrice (178761483) wrote:

Ken (126579776) wrote:As an IT pro, I am fascinated at how someone was able to "hack" 2FA. I've never heard of anyone being able to do that without getting access to your phone. Lock codes could be compromised with a key logger or a screen capture, but it is just not possible to compromise 2FA without your participation.

room mates, siblings, lovers -- all people that would have access to your phone ... unless u took it to the shower w/ you. ---- in my case grand children are always looking over my shoulder, at their age I'm no fool I know they watch and can pick up on my codes. it's not hard to watch over someones shoulder and pick up the info required

When I figured out it was someone living in my house, they'll wish they weren't living there when I'm done with them. And they most likely won't be afterwards.

This reminds me about my rule about borrowing my yo stuff - if I can get my hands around your neck, you can borrow anything. Otherwise - no. LOL

**I'm not being an ahole... I'm offering a helpful tip to those interested in it**

To add to this, someone closeby gaining access this way technically isn't "hacking". It's a common mistake, and most don't point it out regularly because that's an ahole thing to do (like grammar corrections, etc.) but I know many bitter IT people who claim to be so sick of people calling everything "hacking" (duplicating accounts, sending propagating links, etc.) that they just mentally shut down when people say, "I was hacked!" especially if the "hacking" occured because they gave/left someone access to their stuff.

A better/generic way to state most things is "My data has been compromised." and then explain what you mean.

Cookie Monster (4327680) wrote:

Malibu Ken (126579776) wrote:

Beatrice (178761483) wrote:

Ken (126579776) wrote:As an IT pro, I am fascinated at how someone was able to "hack" 2FA. I've never heard of anyone being able to do that without getting access to your phone. Lock codes could be compromised with a key logger or a screen capture, but it is just not possible to compromise 2FA without your participation.

room mates, siblings, lovers -- all people that would have access to your phone ... unless u took it to the shower w/ you. ---- in my case grand children are always looking over my shoulder, at their age I'm no fool I know they watch and can pick up on my codes. it's not hard to watch over someones shoulder and pick up the info required

When I figured out it was someone living in my house, they'll wish they weren't living there when I'm done with them. And they most likely won't be afterwards.

This reminds me about my rule about borrowing my yo stuff - if I can get my hands around your neck, you can borrow anything. Otherwise - no. LOL

**I'm not being an ahole... I'm offering a helpful tip to those interested in it**

To add to this, someone closeby gaining access this way technically isn't "hacking". It's a common mistake, and most don't point it out regularly because that's an ahole thing to do (like grammar corrections, etc.) but I know many bitter IT people who claim to be so sick of people calling everything "hacking" (duplicating accounts, sending propagating links, etc.) that they just mentally shut down when people say, "I was hacked!" especially if the "hacking" occured because they gave/left someone access to their stuff.

A better/generic way to state most things is "My data has been compromised." and then explain what you mean.

Gen Pop has referred everything to the hacking category as long as I've been in the field. Ohhhhhhh I had to reset my password - hack. I had to do an update - hack. I listened to an IT help desk's recorded lines on an audit once and decided I needed a drink to calm down. Those poor guys taking those calls.

A smart IT guy once told me - we make people get a license to get married and to drive a car - but we'll let any fool with $1000 buy a computer and go online. LOL

Malibu Ken (126579776) wrote:Gen Pop has referred everything to the hacking category as long as I've been in the field. Ohhhhhhh I had to reset my password - hack. I had to do an update - hack. I listened to an IT help desk's recorded lines on an audit once and decided I needed a drink to calm down. Those poor guys taking those calls.

A smart IT guy once told me - we make people get a license to get married and to drive a car - but we'll let any fool with $1000 buy a computer and go online. LOL

Yup. And I'd love to think everyone remains professional and accepts tit as part of the job they signed on for, but I've encountered too many who tell me how they mess with people when they get really sick of it.

Cookie Monster (4327680) wrote:

Malibu Ken (126579776) wrote:Gen Pop has referred everything to the hacking category as long as I've been in the field. Ohhhhhhh I had to reset my password - hack. I had to do an update - hack. I listened to an IT help desk's recorded lines on an audit once and decided I needed a drink to calm down. Those poor guys taking those calls.

A smart IT guy once told me - we make people get a license to get married and to drive a car - but we'll let any fool with $1000 buy a computer and go online. LOL

Yup. And I'd love to think everyone remains professional and accepts tit as part of the job they signed on for, but I've encountered too many who tell me how they mess with people when they get really sick of it.

Having been a support person I can tell you -- if you want to mess w/ a person spending money with your company it's time to get another job --- I have never spoken to a person that didnt have a right to not only be worried but upset in some cases -------- I found that you dont let people carry on, you tell them up front - i'm going to fix this and then move heaven and earth until the person that gave your company money feels heard and will return to do business with us again --------- bvg doesnt get that (trained by the person who was vp of the Sear's credit card division - i worked on his retirement project)

how many been hacked so far? is it the whole game hacked or individgual type of hack like someone got an axe to grind.

This thread is from two years ago

But I need to say that YES, someone can hack /compromise another's account with 2FA by bypassing the 2FA requirement! Your phone is NOT needed. So everyone, please don't think that your account is safe just because you use 2FA!

Anything that humans can do, humans can also undo.
Except death. We humans cannot undo death. At least, not for now, lol.

I hope the OP had had a good resolution for this.

Stardust (186190305) wrote:This thread is from two years ago

But I need to say that YES, someone can hack /compromise another's account with 2FA by bypassing the 2FA requirement! Your phone is NOT needed. So everyone, please don't think that your account is safe just because you use 2FA!

Anything that humans can do, humans can also undo.
Except death. We humans cannot undo death. At least, not for now, lol.

I hope the OP had had a good resolution for this.

?
I've never read one technical paper indicating multifactor authentication can be "bypassed". Credentials are something we know, but creating something we are or something we have in real time hasn't been done yet as far as I know. So I'd be curious about anything you could share about how someone is bypassing 2FA for Yo?

Immortal (126579776) wrote:

Stardust (186190305) wrote:This thread is from two years ago

But I need to say that YES, someone can hack /compromise another's account with 2FA by bypassing the 2FA requirement! Your phone is NOT needed. So everyone, please don't think that your account is safe just because you use 2FA!

Anything that humans can do, humans can also undo.
Except death. We humans cannot undo death. At least, not for now, lol.

I hope the OP had had a good resolution for this.

?
I've never read one technical paper indicating multifactor authentication can be "bypassed". Credentials are something we know, but creating something we are or something we have in real time hasn't been done yet as far as I know. So I'd be curious about anything you could share about how someone is bypassing 2FA for Yo?

Good explanation in the link below. I have not goggled much, so if you like you can google it your self using keywords like "2FA2 and "bypass", or "2FA" and "hack". Or you can replace "2FA" with "MFA" if you like. I am sure there must be a lot of links out there about it since the implementation of 2FA and MFA.

How Attackers Bypass Two-factor Authentication (2FA)
https://zitadel.com/blog/2fa-bypass-attacks

One more:

Broken authentication: 7 Advanced ways of bypassing insecure 2-FA implementations
https://www.intigriti.com/researchers/b ... mentations

This one could be useful:
How to Stop Hackers from Bypassing 2FA
https://doubleoctopus.com/blog/threats- ... ssing-2fa/


Last one:
Ethical hacking: Top 6 techniques for attacking two-factor authentication
https://www.infosecinstitute.com/resour ... ntication/

Stardust (186190305) wrote:

Immortal (126579776) wrote:

Stardust (186190305) wrote:This thread is from two years ago

But I need to say that YES, someone can hack /compromise another's account with 2FA by bypassing the 2FA requirement! Your phone is NOT needed. So everyone, please don't think that your account is safe just because you use 2FA!

Anything that humans can do, humans can also undo.
Except death. We humans cannot undo death. At least, not for now, lol.

I hope the OP had had a good resolution for this.

?
I've never read one technical paper indicating multifactor authentication can be "bypassed". Credentials are something we know, but creating something we are or something we have in real time hasn't been done yet as far as I know. So I'd be curious about anything you could share about how someone is bypassing 2FA for Yo?

Good explanation in the link below. I have not goggled much, so if you like you can google it your self using keywords like "2FA2 and "bypass", or "2FA" and "hack". Or you can replace "2FA" with "MFA" if you like. I am sure there must be a lot of links out there about it since the implementation of 2FA and MFA.

How Attackers Bypass Two-factor Authentication (2FA)
https://zitadel.com/blog/2fa-bypass-attacks

One more:

Broken authentication: 7 Advanced ways of bypassing insecure 2-FA implementations
https://www.intigriti.com/researchers/b ... mentations

This one could be useful:
How to Stop Hackers from Bypassing 2FA
https://doubleoctopus.com/blog/threats- ... ssing-2fa/


Last one:
Ethical hacking: Top 6 techniques for attacking two-factor authentication
https://www.infosecinstitute.com/resour ... ntication/

Reading through those was like an exploration into the failures of humanity. LOL

Good to know none of them actually compromised 2FA. They are all work arounds using the compromise of other controls to gain access. 2FA itself works when properly implemented. I was worried there was a new problem to take to my IT Steering Committee. Thank you for the references.