Hello

some german player have received an email from lfs tech today with the account informations, the question is is this a fake or real.

A screenshot have been added to see the mail.

Fake IMO, its worded wrong, 'Hereby we send you' isn't correct gramatically, I would say it's fake mate.

Just email the devs and attach the mail you recieved to make sure.

[OT] Post 2,000! [/OT]

I'd advise both of you to change all of your LFS passwords, just to be sure. The e-mail doesn't look very authentic to me

you can always look in the header of the email to see from which server the mail originated. If it's 213.40.20.2 (lfs.net) then it's correct.
It's probably someone who knows your email address and entered it there. But that's kinda pointless because only you will receive the email. Not the person who entered the email address.

The mail comes from "Received: from [213.40.20.2]" ...

the only other way is to click the forgot password link and see if you get the same email again

Was just about to say the same trebor, thats the only way to test it AFAIK.

the same happened to me....but i didn´t ask for a password........

View full hearders, and check the return-path.

Ok i have click the "password forget" button and the mail looks same as the email before.

i think anyone has click this button and has entryed my email adress and the email adresses from all others players...

If it is real then that standard email needs re-wording a little bit i would say.

I got this Email yesterday at 22:25 and today at 12:02
Received from lfs.net ([213.40.20.2])
I checked my mails at ~12:30 so i got both emails at once.

I tried to log me in at lfs.net and it said that my password is wrong.
Ingame the same. So, my WEB and GAMEpasswords are changed.

The button for retrieving the login details didn't worked becaus the Email, which i entered in my profile, and where the two emails are send to, didn't exist anymore in the system.
So i asked the lfs team via the contact form on lfs.net for help.
I was lucky, that my account could be reseted and can use it now again.

The same problem had the user "Sven" today. He is an old teammate from me which i know personally. He got this email, with his ecatly login details. He tried to login on lfs.net... and it said: "wrong password"
I can't say right now if he got his account allready back.

And also today I met my also old teammate, i know him personnaly too, "SyniX" online. The first time for about a year or more. I asked him if it is realy him... And he was not.
The person who used this account told me, that he changed his old steam account with the lfs account. But the name of the person from which i got it didn't seemed to be the real SyniX.
I still wait for him(SyniX) to get online in ICQ so i can ask him, if he really changed this Account for CS:S. But i can't image that he would do so. Even if dint' play for more than one year.

WTF this smells fishi im now going to be real carefull of what i do in the futher!! do we talk a lfs robery? :O

edit: yay post nr. 100 free sodas for everybody how lives 5 miles from me :P

I was on a server earlier and some talk got going of one of the drivers using a "public hacked account".

http://www.lfsforum.net/member.php?u=60268

That's what the driver was using, and apparently its an account that got hacked and the password/username is out to the public - which is obviously against the TOS.

I checked the LFS world stats on that username and there has been significantly more laps done on the demo combo's compared to many others, another clue - perhaps?

Yes, very strange considering that the IP addresses in the email headers are checking out OK, very odd indeed.

Not that im suggesting anything or trying to speculate, but if these emails are indeed coming from the correct LFS IP, then surely there is a chance that there maybe could have been a breach of some sort, do we know why everything went down the other night/morning?

Quote from danthebangerboy :

do we know why everything went down the other night/morning?

i heard something about peering issues.

a network problem at Cogent, so noone could get a route to our servers.

regarding the accounts that got their passwords changed - I'm thinking more along the lines of that their mailboxes got 'hacked' (figured out the password) and then they used the password retrieval to obtain the lfs password.

I'm open to suggestions, but at this point i don't see how otherwise the retrieve-emails would have any effect at all to hacking an account. You get the email, so the person who requested the mail cannot read it, unless he has access to your email.

It is not that i say "it can't be that my mail account is hacked"(to be honest this was my first thought. but i wondered that i still could login to this account), but if my mail account, the one from sven and, if synix comes online(in icq) soon and can confirm that he not 'saled' his lfs account(or at least the person who used it to tell, that he 'got' this account today), his mail account are hacked at the same day.(just the two, because that are persons who i really know) all from different mail providers...

This just seemes quite.. interesting(or at least unique)to me.

Passwords are THE MOST important thing ever when on the web, you have to make them unguessable and as long as possible, you really do.

My shortest password for anything web wise is 16 characters and has numbers and a mixture of uppercase and lowercase letters.

It is SO important to get the most basic things right, it really is, the web is full of idiots, don't make anything easy for them!

Don't EVER use the same password for everything either, yeah i know its easier to remember just one, but on the other hand, someone only needs to guess that one and there they are, they have everything.

I have learned from experience a few years back, the hard way!

well, I'll keep a closer eye on things. Maybe some pattern will show.

ok well something's going on anyway.

I have reason to believe synix and sven's account passwords have been changed. One of the IP's used was http://radiostreame.de/ which is a hacked website.

will keep looking ...

I dont think that anyone are hack 5 different email accounts on 5 different websides, i have changed all my passwords and i dont use the same password on 2 or 3 pages.

I use on every page or forum or game a other password and my passwords are have 12-16 letters mixed up with letters, numbers and other keys.

Can you check my account victor?

stayx is the account name.

looks good to me, yes.

it seems that only german accounts are involved. can i also assume that these people are in the german forum as well and used the same email?

could it be that the retrieve pw function is bugged?