HELP, MY ACCOUNT IS GONE: A Guide For the Next Steps to Take
Oct 19, 2016 20:09:57 GMT -5
Jitterbug, Gelquie, and 9 more like this
Post by Jae on Oct 19, 2016 20:09:57 GMT -5
Okay first of all, breathe. Don't panic. Take a nice, deep breath.
In.
Out.
Good.
Now that you're calm, your next step depends on what has happened.
You may have been hacked. Again, take a deep breath. And then, do the following:
You could have been hacked and frozen for your protection.
TNT could have thought you were compromised and froze you.
TNT could have made a mistake.
It sounds scary, but if you've been hacked, having your account frozen is the best case scenario. The quicker they freeze you, the less stuff a thief can steal from your account.
And! Most importantly, you have the advantage over the thief. They don't know all the little details about your account that you do. Once your account is frozen, there's no real rush to act. Obviously don't take a year, but take a few days to settle down and let the emotions run their course. You have a much better chance of getting a stolen account back if it's been frozen.
Now: Take some time to think of facts pertaining to your account. The birthday on your account, Neopets you've created, Neopets you've traded/transferred, any odd items you can remember are in your SDB, people on your NF list, people you remember having NM conversations with recently, TP transactions, books and gourmet foods on your pets' lists. If you start feeling the panic creep in because you can't remember these, take another deep breath.
The most important fact of all, from multiple sources here and on the Help boards, appears to be to know your original email (if you are reading this and have not been compromised, it might be worth jotting the email down now). The other info is nice and the more info you give the more likely TNT will believe you are the real account owner, but the email you used to create your account is vital information. We have had many success stories of people who recovered their account by knowing their original email.
All hope is not lost. For all we lay into TNT for being incompetent at times, they are not malicious. They want to give stolen accounts back to their real owners.
Once you have your information, it's time to send a ticket. For this, you will need a side account. If you don't have one, make one. Doesn't have to be anything fancy; with all the account freezings we've been seeing lately, TNT is probably quite used to tickets coming in from new accounts, so don't worry about it looking sketchy or anything.
I know the ticket page is finicky, but if you want your account back you have to exhaust all options. This really isn't the time for giving up after one thing didn't work.
If it doesn't work in Microsoft Edge, download Chrome.
If it doesn't work in Chrome, download Firefox.
If it doesn't work in Firefox, download Safari.
If it doesn't work in Safari, download Opera.
Try clearing your browser cache, browsing history, and cookies. Make sure parature is whitelisted if you have addons like NoScript, RequestPolicy, etc... (more on this later)
If it doesn't work on your regular PC, try your phone or a tablet, or a library computer or work computer (if it's not blocked).
(For what it's worth I've never had an issue getting the ticket page to load using Firefox on both Mac OS X and Windows 7/10.)
If you've tried everything and it still doesn't work, you can try to contact TNT via email using support@neopets.com however I am not sure how often their email gets checked. Regardless, this is the much slower option. Try to send a ticket when possible.
In your ticket or email, put all the information I told you to pull above. Explain what happened. Tell them the last time you had access to your account. Let them know anything suspicious, if anything, you've seen since your account was compromised. Don't forget the all-important original email address you created the account with.
After you submit your ticket or email, it's the waiting game. In order to speed up the process, post your ticket number on their Facebook page as they try to acknowledge people there. If you don't have a FB or don't want to use your regular FB for privacy reasons, make sure to use a dummy account with a real name (Facebook has a weird policy about requiring real names) like Ryan Smith or Anna Brown.
There is also a Frozen Account Waiting Board on the Neopets Help chat if you want to commiserate with other people who are in the same situation.
Just don't let it get you too down. I know most of us have spent years on this site, and losing something you've invested that much time in is hard. I know that. I get it. Be upset, but don't let it defeat you. You can beat the stupid hackers, you can remember all your information, you can get that account back!
In.
Out.
Good.
Now that you're calm, your next step depends on what has happened.
IF YOUR ACCOUNT IS NOT FROZEN, BUT YOU CANNOT ACCESS IT -
- Request a password reset from the login screen and complete the steps
- Log in and change your password
- Clear your browser (cookies and cache) so that the thief can't steal your new password
- Log out to log the thief out as well
- Log back in
Time is of the essence here, since the thief will be attempting to work against you.
After this is done (if you were successful) consider taking a break from Neopets and Neo-related content until you can pinpoint where the break-in may have occurred. Sometimes it's random, but more often than not, you will have stumbled onto a cookie grabber or other vulnerability somewhere. Try to isolate that or download browser addons to protect yourself from them (more on this later) before you immediately jump back into playing.
IF YOUR ACCOUNT IS NOT FROZEN, BUT YOU CANNOT ACCESS IT, NOR CAN YOU RECOVER YOUR PASSWORD FROM YOUR EMAIL -
You may have been hacked. Again, take a deep breath. And then, do the following:
- Report the account as compromised.
- Ask friends to report your account as compromised.
- Monitor your pets, trades, auctions, and gallery and make a note of everything that you can see that goes missing. TNT might not give items back, but that's info worth mentioning in the ticket. They've been known to reverse pet trades at least.
- This likely means that the thief was able to access your actual email account. Shut down that as well; change any other sites you use this email on to another email (which you shouldn't be using your Neopets email for multiple sites) to prevent this from spreading.
After TNT has frozen your account for protection, proceed to the next step to actually begin the recovery process.
IF YOUR ACCOUNT IS FROZEN AND YOU 100% KNOW YOU DIDN'T DO ANYTHING AGAINST THE RULES -
You could have been hacked and frozen for your protection.
TNT could have thought you were compromised and froze you.
TNT could have made a mistake.
It sounds scary, but if you've been hacked, having your account frozen is the best case scenario. The quicker they freeze you, the less stuff a thief can steal from your account.
And! Most importantly, you have the advantage over the thief. They don't know all the little details about your account that you do. Once your account is frozen, there's no real rush to act. Obviously don't take a year, but take a few days to settle down and let the emotions run their course. You have a much better chance of getting a stolen account back if it's been frozen.
Now: Take some time to think of facts pertaining to your account. The birthday on your account, Neopets you've created, Neopets you've traded/transferred, any odd items you can remember are in your SDB, people on your NF list, people you remember having NM conversations with recently, TP transactions, books and gourmet foods on your pets' lists. If you start feeling the panic creep in because you can't remember these, take another deep breath.
The most important fact of all, from multiple sources here and on the Help boards, appears to be to know your original email (if you are reading this and have not been compromised, it might be worth jotting the email down now). The other info is nice and the more info you give the more likely TNT will believe you are the real account owner, but the email you used to create your account is vital information. We have had many success stories of people who recovered their account by knowing their original email.
All hope is not lost. For all we lay into TNT for being incompetent at times, they are not malicious. They want to give stolen accounts back to their real owners.
IF YOU'VE DONE THE STEPS ABOVE AND ARE READY TO SEND YOUR TICKET -
Once you have your information, it's time to send a ticket. For this, you will need a side account. If you don't have one, make one. Doesn't have to be anything fancy; with all the account freezings we've been seeing lately, TNT is probably quite used to tickets coming in from new accounts, so don't worry about it looking sketchy or anything.
I know the ticket page is finicky, but if you want your account back you have to exhaust all options. This really isn't the time for giving up after one thing didn't work.
If it doesn't work in Microsoft Edge, download Chrome.
If it doesn't work in Chrome, download Firefox.
If it doesn't work in Firefox, download Safari.
If it doesn't work in Safari, download Opera.
Try clearing your browser cache, browsing history, and cookies. Make sure parature is whitelisted if you have addons like NoScript, RequestPolicy, etc... (more on this later)
If it doesn't work on your regular PC, try your phone or a tablet, or a library computer or work computer (if it's not blocked).
(For what it's worth I've never had an issue getting the ticket page to load using Firefox on both Mac OS X and Windows 7/10.)
If you've tried everything and it still doesn't work, you can try to contact TNT via email using support@neopets.com however I am not sure how often their email gets checked. Regardless, this is the much slower option. Try to send a ticket when possible.
In your ticket or email, put all the information I told you to pull above. Explain what happened. Tell them the last time you had access to your account. Let them know anything suspicious, if anything, you've seen since your account was compromised. Don't forget the all-important original email address you created the account with.
After you submit your ticket or email, it's the waiting game. In order to speed up the process, post your ticket number on their Facebook page as they try to acknowledge people there. If you don't have a FB or don't want to use your regular FB for privacy reasons, make sure to use a dummy account with a real name (Facebook has a weird policy about requiring real names) like Ryan Smith or Anna Brown.
There is also a Frozen Account Waiting Board on the Neopets Help chat if you want to commiserate with other people who are in the same situation.
Just don't let it get you too down. I know most of us have spent years on this site, and losing something you've invested that much time in is hard. I know that. I get it. Be upset, but don't let it defeat you. You can beat the stupid hackers, you can remember all your information, you can get that account back!
HOW TO PREVENT THIS FROM HAPPENING (AGAIN) -
So you got your account back? Yay!
Haven't lost your account at all but want some tips on account security? Also yay!
There are a few steps you can take tobuild a wall between your account and the hackers and make the hackers pay for it! make your account more secure. Some of these are browser specific. I am most familiar with Firefox so I can give first-hand recommendations for those, although I know a few Chrome addons by name. I am more than willing to edit this post, so please if you have recommendations (especially for Chrome because I know that's popular) let me know either by posting here or by PM.
- Clear your cookies regularly. A cookie grabber can't take what isn't there. You'll probably have to log in again after every time you clear, but that's preferable to not being able to log in at all.
- Change your password regularly. The Neopets database is not 100% secure. We know that some break-ins have been caused by people whose login info was stolen from TNT's end. However, if you change your info regularly, there's a good chance you'll leave a hacker with incorrect info. Unless you have an amazing account and are well-known and rich, someone who gets a batch of accounts isn't going to take time to try and guess one account out of the hundreds they stole. So the simple act of changing your password could spare you the trouble.
- Use different passwords for all your Neopets accounts and your associated emails. You should be using different passwords everywhere, but on Neopets it is especially important. You don't want someone to get access to your main account because they know your side account info.
- Use a unique email just for Neopets. Don't use it for anything else, especially anywhere like here or JellyNeo that could be traced back to your Neopets account. Most providers like Google, Microsoft, and Yahoo don't charge for email accounts and you can have multiple, unaffiliated accounts. Make one just for Neo and change that to your associated Neo address (but don't forget to write down your original email first!)
- Have a good antivirus. I'm not going to make suggestions because I know that's just going to start the bickering, but there are a lot of options out there. Having one is better than not having one. Obviously if you get a virus, your Neopets account is the least of your concerns, but many of the better ones have integrated browser protection as well.
- Turn click-to-play Flash on. Flash is piece of Swiss cheese. By the time Adobe fills one hole, hackers have found three more. Neopets has had Flash infections. Shut that off at the source by not letting Flash load at all unless you tell it to.
In Chrome, navigate to the menu, click Settings, click Show Advanced Settings, click Content settings (under Privacy), scroll down to Plug-ins, and select Click to play. (May be listed as 'Let me choose when to run plugin content' instead depending on your version - this is the same thing)
In Firefox, click tools, then click Addons, then click Plugins, and change the Flash dropdown bar to 'Ask to Activate.'
In Internet Explorer, click the gear icon on the Internet Explorer toolbar, then click Manage Addons, select Toolbars and Extensions, click Show and select All addons, right-click on the Shockwave Flash object under Adobe Systems Incorporated, select More Information, click Remove All Sites. This will prevent Flash from loading automatically on any site.
In Opera, click the Opera menu button, click Settings, then click Websites on the Settings page, check the Click to play option under Plug-ins.
In Safari, open the Safari menu, click Preferences, click the Security icon, click Manage Website Settings (to the right of Internet Plugins), select Flash, click the When Visting Other Websites box and select Ask.
The bonus from this is that Flash won't load at all when it's outdated so you will never be at risk of having a vulnerable version run on your computer.
- Get some security add-ons:
FIREFOX
CHROME
Haven't lost your account at all but want some tips on account security? Also yay!
There are a few steps you can take to
- Clear your cookies regularly. A cookie grabber can't take what isn't there. You'll probably have to log in again after every time you clear, but that's preferable to not being able to log in at all.
- Change your password regularly. The Neopets database is not 100% secure. We know that some break-ins have been caused by people whose login info was stolen from TNT's end. However, if you change your info regularly, there's a good chance you'll leave a hacker with incorrect info. Unless you have an amazing account and are well-known and rich, someone who gets a batch of accounts isn't going to take time to try and guess one account out of the hundreds they stole. So the simple act of changing your password could spare you the trouble.
- Use different passwords for all your Neopets accounts and your associated emails. You should be using different passwords everywhere, but on Neopets it is especially important. You don't want someone to get access to your main account because they know your side account info.
- Use a unique email just for Neopets. Don't use it for anything else, especially anywhere like here or JellyNeo that could be traced back to your Neopets account. Most providers like Google, Microsoft, and Yahoo don't charge for email accounts and you can have multiple, unaffiliated accounts. Make one just for Neo and change that to your associated Neo address (but don't forget to write down your original email first!)
- Have a good antivirus. I'm not going to make suggestions because I know that's just going to start the bickering, but there are a lot of options out there. Having one is better than not having one. Obviously if you get a virus, your Neopets account is the least of your concerns, but many of the better ones have integrated browser protection as well.
- Turn click-to-play Flash on. Flash is piece of Swiss cheese. By the time Adobe fills one hole, hackers have found three more. Neopets has had Flash infections. Shut that off at the source by not letting Flash load at all unless you tell it to.
In Chrome, navigate to the menu, click Settings, click Show Advanced Settings, click Content settings (under Privacy), scroll down to Plug-ins, and select Click to play. (May be listed as 'Let me choose when to run plugin content' instead depending on your version - this is the same thing)
In Firefox, click tools, then click Addons, then click Plugins, and change the Flash dropdown bar to 'Ask to Activate.'
In Internet Explorer, click the gear icon on the Internet Explorer toolbar, then click Manage Addons, select Toolbars and Extensions, click Show and select All addons, right-click on the Shockwave Flash object under Adobe Systems Incorporated, select More Information, click Remove All Sites. This will prevent Flash from loading automatically on any site.
In Opera, click the Opera menu button, click Settings, then click Websites on the Settings page, check the Click to play option under Plug-ins.
In Safari, open the Safari menu, click Preferences, click the Security icon, click Manage Website Settings (to the right of Internet Plugins), select Flash, click the When Visting Other Websites box and select Ask.
The bonus from this is that Flash won't load at all when it's outdated so you will never be at risk of having a vulnerable version run on your computer.
- Get some security add-ons:
FIREFOX
- NoScript - This prevents scripts (Javascript, Java, etc...) from running without your permission. This is very important because hackers can find ways to inject malicious scripts into things and this will prevent them from loading unless you whitelist the site.
- AdBlock - Blocks ads. I still recommend this even if you have premium, because ads anywhere can be injected with malware. I used to get redirected to fake 'Click here to Download Flash' pages from Neopets without AdBlock on every browser.
- RequestPolicy - This forces you to okay browser 'requests'. Now this one can get a bit annoying to configure because every site makes a lot of requests. Without getting too technical, a request is when a site asks for information from a server. So if you post a direct image, the site you are posting on will send a request to the image host for the image info. This prevents hackers from accessing your information by requesting it. (Someone more skilled might be able to explain it better, but trust me when I say it's a good add-on to have).
CHROME
- uBlock Origin - It blocks adds and I've heard it also has functionality similar to NoScript.
- Adblock - Same as for Firefox. Prevents ads from showing.
- Ghostery - Gives you more control over what information you share with websites when you browse.
- And above all else, play safe. Put a PIN on everything. Hover over every link and see where the target URL is before you click. If you hear reports of people on the PC or TC or wherever going crazy and getting frozen right now run away in the opposite direction as fast as you can from that part of the site. Change your Neomail settings to Plain Text only. If you get a neomail you weren't expecting and the first couple of words on the preview page look suspicious (or appears blank), don't worry about being rude by ignoring it - just don't open that neomail. Go to your inbox and delete it. Don't make yourself into an easy target and do play like you want to keep your account.
Iiii think that's it. If anyone else has any suggestions, feel free to let me know!
If you are the victim of hacking, feel free to post here and our awesome community will help as best they can.
If you get your account back, let me know any steps you took that you think I should add! This is by no means a 100% comprehensive guide. Internet security is constantly evolving and adapting to hackers. If something works for you, let us know so that others can try it to.
Safe browsing, and good luck.
RABBIT!!!!