I appreciate the effort you guys are putting into this; and I hope everyone/everything settles well. Thanks for the update as well Garthic; best of luck to preventing anything similar from happening in the future.
Personally I think a two-step login authentication is what I'd reccomend, such as a login of the password followed by "what is your lucky number?" Or something similar being needed to complete the login. This would be an additional step added when making the account, possibly hand selecting a second-step question option from a drop down menu in order to add to the difficulty of someone being able to guess the answer. Some of these questions could be similar to "What is your mother's name?" "What is your maiden name?" etc. In order to ensure that the person would have to be known personally in order to answer the question.
In reference to the user in question, I've never interacted with them which is something I'm grateful for. I'd be disappointed to find how much money this person made off of myself. I feel if prompted with a secondary question such as this, the inability to respond with an answer without knowing the person personally would have stopped her entirely; or at least heavily limited her to anyone who's question selected was something more simple- such as "What's your favourite number?" or by guessing common first names.
I'd love some input on this idea and will openly welcome any responses in the form of posts and pms; and will happily edit this post if requested. Those affected are also more than welcome to speak to me if they feel I'm misinformed or they have other input to my suggestion.
Thank you for taking the time to read such a long post.
Account Breach incident
Forum Index > Core > Announcements > News Archive >
I saw some of the names that this person stolen their melans from, and I know one of them, as I trade with them before. I am just speechless that this person just...I just don't know what to say, other than it just disgusts me that people would do this and take what others had work so hard to obtain, or had been gifted to them from friend's of theirs.
*11/300 Fujin's Lamp
All avatar credit of Nathaniel the Natu goes to Sina142's joint art shop.
![](https://pokefarm.com/upload/Dragoncake/MELAN_BAIT/banner.png)
![](https://pokefarm.com/upload/Dragoncake/MELAN_BAIT/banner.png)
It's such a shame to recognise the name of the perpetrator, I remember seeing them in type race threads and I even remember when they hatched that melan Rayquaza, I wonder how much of the resources used in that hunt was actually theirs? So sorry to all affected, hopefully maybe the stolen melans in their account can be returned :(
Collecting: ![summon_zyg.png](https://static.pokefarm.com/img/items/summon_zyg.png/t=1476882294)
![summon_deo.png](https://static.pokefarm.com/img/items/summon_deo.png/t=1476882170)
![summon_zyg.png](https://static.pokefarm.com/img/items/summon_zyg.png/t=1476882294)
![summon_deo.png](https://static.pokefarm.com/img/items/summon_deo.png/t=1476882170)
I feel really bad, I had literally bought a lot of items from this user in form of Z Crystal , Shiny Charms, Melans etc. I should have got my bells ringing when they agreed to sell melans at much less than DP price. I even saw the history of a few melans history and saw that each and everyone was gifted, but it wasn't spontaneous i.e. it was like a month before so I never felt like that. Although it was still not so convincing how they got so many items.. Like I knew that she had atleast 50+ hoard of each and every summon item, it never struck me
I hope whoever has lost any items or pokemon due to this user gets it back and they should be given a good lesson for there work.
Edit: Also the fact that they went on a very very expensive Raquaza hunt and 2 days before, nobody would have heard there name in past....
![](https://i.ibb.co/6rpTQZr/IMG-0855.png)
Team Fire 2024 | Art by LilypadLife
Breakneck Blitz 3rd Place trophy by spidrenam (sprite usage)
PFP made bymøffkat
I always had my suspicions about the user in question. They were able to rise up so quickly, gather so many expensive resources in such a short time, but I never expected something like this.. nothing to this magnitude. I felt bad after obtaining a few special pokemon that were being gifted away by hacked users, but seeing just how high that cost really was is just.. unthinkable
I can't offer much, but if anyone affected needs someone to talk to, I'm here. If I can do anything to help don't hesitate to ask.
Avatar: Official Venti 2020 birthday Artwork, Edited by me
I've seen the user around when I was clicking. I don't remember if I've actually bought anything off them (I hope not). I'm going to be checking my shiny and albino hoard just to check, if only for my own peace of mind.
I deeply sympathize with anyone who had items stolen from them by this user, and I am grateful that Niet and the rest of the staff brought this up.
If there's a silver lining to this, it'll be making a lot of us more conscious about our account security
I am definitely against Security Questions being a form of two-step login because people answer these without thinking ALL THE TIME on those Social Media pics of "What's your Angel Name?" or whatever.
That said...Blizzard has a neat little two step, where every time you attempt to log in, it displays a code on the screen. That same code is displayed on the Verification App on your phone. And you simply tap "Accept" or "Decline" to verify that it's you logging in.
That would require members to sign up using their Mobile phone, and most people don't want to give out any personal info to sites (despite the fact that ALL of your info except passwords is public knowledge anyway). It would likely also cause problems for players who share a single Cell AND IP. Although, it could be sent to Email.
Overall, getting a decent two step authorization to work with everyone is going to take some thought.
The BEST method of protection is for people to use decent Alphanumeric Passwords, as they're much harder to crack. And I don't mean things like P455W0RD. That's easy. I mean things like...EtErnaL5thGuaRdiaN or something of the sort. It has Capitals, Lowercase, and a number. AND the mix of Upper and Lowercase would take considerable time to crack.
Aliit Ori'shya Tal'din || Tai'shar Manetheren!
SamanthaNBishop on Archive of our Own and Wattpad!
Gaming || Writing || Pokemon Fan Fic: Angel of the Shadows
Avatar of Trainer, Alexandria "Angel" Flamel, by Me
Banner for me by Furret on PokeHeroes. Do not use without permission.
![](https://pokefarm.com/upload/:ZfP/Kanto_and_Galarian_Trio_by_Furret_on_PokeHeroes.jpg)
![](https://pokefarm.com/upload/:ZfP/Kanto_and_Galarian_Trio_by_Furret_on_PokeHeroes.jpg)
QUOTE originally posted by Beetlejuices
![](https://storage.googleapis.com/pfq/Wish.png)
![](https://storage.googleapis.com/pfq/Wish1.png)
I appreciate the effort you guys are putting into this; and I hope everyone/everything settles well. Thanks for the update as well Garthic; best of luck to preventing anything similar from happening in the future.
Personally I think a two-step login authentication is what I'd reccomend, such as a login of the password followed by "what is your lucky number?" Or something similar being needed to complete the login. This would be an additional step added when making the account, possibly hand selecting a second-step question option from a drop down menu in order to add to the difficulty of someone being able to guess the answer. Some of these questions could be similar to "What is your mother's name?" "What is your maiden name?" etc. In order to ensure that the person would have to be known personally in order to answer the question.
In reference to the user in question, I've never interacted with them which is something I'm grateful for. I'd be disappointed to find how much money this person made off of myself. I feel if prompted with a secondary question such as this, the inability to respond with an answer without knowing the person personally would have stopped her entirely; or at least heavily limited her to anyone who's question selected was something more simple- such as "What's your favourite number?" or by guessing common first names.
I'd love some input on this idea and will openly welcome any responses in the form of posts and pms; and will happily edit this post if requested. Those affected are also more than welcome to speak to me if they feel I'm misinformed or they have other input to my suggestion.
Thank you for taking the time to read such a long post.
![](https://storage.googleapis.com/pfq/Wish3.png)
- -Wick
- -Chic
Name: Icey/Wick
I share IP with my sibling Hyuse
Bad Container in IDV, Good Student (busy at much)
Secretly i am "Prisoner" Lil Balsa =P
Current Avatar: By:Leon_albertus or @ghostpetrichor_ on twitter FTU Credits: . MY SHOP:KING OF THE BEASTS OPEN NOW!
Current Avatar: By:Leon_albertus or @ghostpetrichor_ on twitter FTU Credits: . MY SHOP:KING OF THE BEASTS OPEN NOW!
Progress to level 4
![](https://pokefarm.com/upload/Iceland/MHA_and_WT/JenandRugif.gif)
Tamakoma - 2 stan!!
Well, Ru out i will play with trainer see ya! (Art By: Gaelson)
![](https://pokefarm.com/upload/Iceland/MHA_and_WT/JenandRugif.gif)
QUOTE originally posted by Frezgle
E-mail notifications for if you've logged in from somewhere weird would be a plus also, if that's possible. That's uh, saved my butt on other sites/games a few times. I've made my password situation better since then, I swear :p
QUOTE originally posted by FireWolf1117
Blizzard has a neat little two step, where every time you attempt to log in, it displays a code on the screen. That same code is displayed on the Verification App on your phone. And you simply tap "Accept" or "Decline" to verify that it's you logging in.
Edit: went back. Bought with stolen money is just as gross.
⚢
Sylveon PFP from Pokemon Shuffle
Cannot post: Please log in to post