Skip to main content

Browse GamesGame JamsUpload GameDeveloper LogsCommunity
Indie game storeFree gamesFun gamesHorror games
Game developmentAssetsComics
SalesBundles
Jobs
TagsGame Engines
itch.io Community » itch.io » Questions & Support

[Again]Someone has stolen my account and published adult games.

A topic by UseForGetBack created Sep 24, 2023 Views: 558 Replies: 10
Viewing posts 1 to 3
UseForGetBack1 year ago

The following content is entirely translated by ChatGPT:

I'm using this title because I posted the exact same content ten days ago. So, I hope that people who have seen that article can recall it.

This is my compromised account: 

https://hgsc.itch.io/ 

The situation is that someone hijacked my account and posted adult games on it. I logged into my account on September 12th and discovered this situation. So, I changed the password and added TOTP verification. I also posted an article in the community, asking what I should do next to explain to those who follow me.

However, when I logged in again on September 23rd, I found that I couldn't access my account, and the hijacker had deleted the "account hijack explanation" article I had previously posted. I think this was done to eliminate evidence of "this account was once hijacked."

My original username was "hgsc," which is actually an abbreviation of my name. However, the hijacker changed it to "Hentai Gaming and Sex Commission." This is both disgusting and laughable because I've been using the "hgsc" username for over three years, and I have never purchased or posted any Hentai Games. "hgsc" could not possibly be an abbreviation for "Hentai Gaming and Sex Commission."

I reached out to itch.io support via email yesterday and am now awaiting a response. I have some email correspondence with itch.io in my inbox, hoping that it can prove that I once owned this account. 

Nevertheless, I want to leave a record here, stating that this account was once hijacked.

The whole situation is very bizarre because my account originally had no followers, and I have no idea why someone would want to hijack it. If it's just a prank, it's still very strange. I also don't understand why, even with TOTP verification enabled, it turned out this way, and my computer didn't detect any viruses. If I changed my password while the hijacker was online, would they be forced offline, or could they still maintain an online status?

Reply
leafoAdmin1 year ago (1 edit) (+2)

A hacker may try to take over an existing account to publish malware because they believe that an established account is less likely to be caught by our automated systems than a brand new account.

If I changed my password while the hijacker was online

Changing your password will disable all other active sessions for the account. But, if the hacker has installed malware on your system to steal your session, password or email, then they can just get access to your account again.

If you account keeps getting hijacked then it’s likely you have some kind of malware on your computer that they are using to take over your sessions constantly.

Reply
UseForGetBack1 year ago

May I ask if there are any methods to detect such malicious software? Because the antivirus software I already have on my computer hasn't been able to find anything...

Reply
redonihunter1 year ago (1 edit)

An intersting read about the topic.

https://news.sophos.com/en-us/2022/08/18/cookie-stealing-the-new-perimeter-bypas...

The gist, there might not be malware after all on your system. Your credentials could have been stolen at two separate incidents.

Unless this was a prank of naoughty mousemates, you can boot your system with a rescue disk/usb to better find root kits and such.

What worries me, is, that the attacker could change your password. The totp should be requested for such a change.

Reply
UseForGetBack1 year ago

Thank you for sending the link; this looks quite scary.

In fact, I just discovered something myself. My email address that I use for receiving itch.io emails has had some issues. After August, all emails from itch.io automatically go into the "Deleted" folder (not spam or promotional emails). So, even if there is unusual activity on itch.io, my email won't immediately show it. But I haven't figured out how this is being done yet.

Reply
redonihunter1 year ago(+1)

It is. Making 2fa seem rather pointless, if they can just take your whole credentials and the host does not notice it. And it get's worse, especially on itch, because their system allows malicous publishers to be indexed and they lack the staff to act on reports in any short enough time frame. There is stuff that gets removed after months, if at all. Such things could do a one time grab of credentials and other stuff. No need to fall for any try my game on discord scam. They just need to bait people with real looking (stolen) games and descriptions and fake profiles. Itch need only require a security deposit to be able to publish, to remove most of this. Scammers that can produce fake money transfers could just keep the money themselves, instead of paying such a deposit to post their stuff on itch. But I digress.

I do not know what email client you are using, because you did not tell, but for mails to get deleted, and not get put into spam folder by heuristic mail client, there needs to be a manual filter setting.

If you did not activate such a filter, someone else did, and I am sure you will know what that means.

But depending on your client, you could have activated such a filter by accident.

Or are you speaking about mails stored on the mail host and you log in to there on a web site? Regardless, there needs to be a filter that sorts those mails into a different folder.

Auto deleting the mails that might notify you of your stolen account is of course what an account theft would like to do.

Reply
UseForGetBack1 year ago (3 edits)

Thank you for your reply.

 I just visited the email website and checked my mailbox. Finally, I found an option called "Incoming Mail Classification" in a hidden place that allows for the categorization of emails from different sources. Naturally, emails from itch were set to "Read" and "Deleted" by default. 

I believe I didn't accidentally set it this way myself cause it's a bit complex for me, LOL. 

The email issues and the account theft happened around the same time, so it's safe to say they are related in some way.

Anyway, I've changed the email password. Thank you for your assistance.

Reply
redonihunter1 year ago(+1)

Since those incidents were for websites, you should change something about your browser. Starting with sanitizing your current one as much as possible and is conventient.

All the big browsers support multiple profiles. You might want to consider splitting off different activites to different profiles, or even different browsers.

Like checking mail on one, doing internet stuff on the other, at the very least. It is harder to steal credentials from a browser, if the credentials are not in the active browser. Also third party cookies can't be accessed.

As long as you have no clear indication how it happened, it could happen again. "Best" case, your credentials while being logged in, were somehow stolen, by visiting a malicious site. Twice. Worst case, your system has a root kit and is still part of a bot net and someone has remote access and is messing with you.

Reply
UseForGetBack1 year ago

Thank you for your advice. I will give it a try.

Reply
Suspended account1 year ago
Show post...

bonjour, je me suis fais hacker mon compte j'ai l'impression que depuis je suis shadowban de itch.io

Reply
No Time To PlayModerator1 year ago

I can see your posts just fine, but please make your own topic!

Reply
This topic has been auto-archived and can no longer be posted in because there haven't been any posts in a while.
AboutFAQBlogContact us
Copyright © 2024 itch corp · Directory · Terms · Privacy · Cookies