PURPOSE
Whenever somebody's account is compromised, the PC seems to erupt into a chaotic frenzy of people running around as if their hair is on fire and screaming that the CGs are coming. As entertaining as this is to watch, these very same people that refuse to visit any shops, petpages, userlookups, and petlookups also occasionally find themselves with stolen accounts, which leads to more panic and mass hysteria. Yes, I do often troll such people. However, I also feel that many Neopians are oblivious as to how ridiculous they are - they hide from the rarest form of account compromisation but leave themselves wide open to the easiest and most common methods. This page's purpose is to inform Neopians as to the methods which are used to steal their accounts and also to teach Neopians how to better protect themselves. This is not a how-to guide, nor is it a page of useless information or bashing of TNT. This is what TNT should be telling us, since it actually shows that most accounts lost are at the fault of the player and not the administration of the site (not to say that they couldn't do much better, though...).

OVERVIEW
These are four methods employed to steal a player's account, and each will be discussed in turn, along with steps that Neopians can take to prevent their accounts from being lost from those specific methods. Afterwards, some helpful tips to preventing account theft and ensuring that, in the case of theft, the account can be proven to be yours will be discussed. I will also briefly skim over what to do once your account has already been stolen before concluding with a Frequently Asked Questions section.

GLOSSARY
cg - a method discussed later on in the page; cookie grabber
g - rhymes with poogle
mail - add an "e" beforehand; whenever this is discussed, I am referring to the one attached to your account
pc - pound chat; refers to the neopian pound board
purge - whenever any site cleans out commonly unused accounts
self-ice - the removal of one's account by themselves (using this link); often employed to protect an account if one senses that it is being lost
shell - an anonymous account used by a thief to contact people or secure things; they can either be blank accounts or accounts with some pets and trophies depending on the thief and purpose of the shell
thief - a person that steals accounts
unreg - a method discussed later on in the page; specifically refers to a mail account that is currently unregistered
word - the secret word that is used to sign into places
more terms will be added as the need for them arises

Before reading any further, please understand that I, 0llyness, am in no way affiliated with the process of compromising accounts. All of my knowledge comes from paying attention over the past several years and help from random people who are more informed with this process than myself.

This page has been kindly translated into Portuguese by lucasmac9 and can be found here. It has also been translated into Spanish by infinitelysick and can be found here.

CGs. Oh, CGs... how infamous you are. CGs, or Cookie Grabbers, are the method most people expect for thieves to use, but are actually the most uncommon form because they are difficult to use. They were made notorious several years ago, but recent coding changes have made them become rarer and rarer. Despite what the random frightened mob on the PC may say, there is probably not a CG wave going on right now (and if there is, it'll be over within a day or two). In case I have not stressed this enough yet - CGs are rare.

RECOGNITION
You know that it is a CG wave when dozens of people lose their accounts within days of each other. This is not one or two people a week - this is a lot of people in very little time. People that understand how coding is supposed to look can often visit source coding and spot a suspicious line of code, being the CG.

LOCATION
Contrary to popular belief, CGs are not only possible on petlookups, shops, userlookups, and so forth. There was a wave in 2011 which contained a CG located on a board, and I have actually had a thief inform me that CGs are theoretically possible wherever a user has the option to input a string of characters. This includes shops, galleries, userlookups, petlookups, boards, neomail, and even trading post lots. Luckily, the latter has never been reported.

KNOWLEDGE
The way that CGs work is by grabbing your current log-in information to an offsite place, where the thief can use it to log into your current session. This is not only for Neopets - they steal your cookies for every site that you are currently logged in on, which might even include bank account information! The code changes periodically, based on TNT's new filters (yes, you can blame CGs for most of the coding restrictions we have), but can be recognized in source coding as a string of suspicious code that seems to serve no purpose. Avoid these at all costs...

PROTECTION
Because CGs catch only the current log in information on your own browser, use a separate browser for Neopets. For example, I use Chrome for everything but Firefox for Neopets. Also, be sure to always log out from important things like bank accounts before accessing Neopets. Change your Neomail Settings in your preferences to Plain Text only to avoid Neomail CGs. If there is a current CG wave, just hermit for a while - play games, work on petpages, whatever - but avoid other players at all costs. If you have been CGed, keep logging out and back in in order to clean out your session and change everything immediately.

SIDE NOTE
CGs are the only method that can be blamed on TNT, but in order to get rid of them entirely, TNT would have to block all semblance of customizable coding. That would be a very sad day indeed. Luckily, however, CGs are incredibly rare. Yes, they are disastrous when they occur, but running around screaming that the CGs have come helps nobody, especially when most account thefts occur by using the next two methods I will discuss.

Exploitation of unregs is the most common method used by thieves because it is by far the simplest and easiest. Furthermore, most Neopians are oblivious to its existence and thus do absolutely nothing to try to prevent this... and, as frightening as this may seem, TNT can do nothing to stop this.

RECOGNITION
If several people lose their accounts over some period of time, but the timing appears sporadic and not clustered, it is probably the use of unregs - such as one every few days or so. Most account thefts are the result of unregs.

KNOWLEDGE
Unregs are possible because mail providers often purge accounts that have not been accessed for several (usually three) months. The exception to this, at the time of writing this guide, is the G provider. There are two types of unreg thieves - those that target specific accounts and those that just try their luck. The type that target will attempt to guess the mail attached to your account, and will create this mail in hopes that it has purged. Sometimes, they will go to your art place (or any other offsite place, like the book of faces) account and look for your email there, assuming that it is the one attached to your account. They will keep creating various mail accounts in order to try to request your word, and, if successful, will infiltrate your account. Unreg thieves that don't target also create a lot of mail accounts, blindly testing them in the Neopets database after creation in an attempt to get lucky. Please note that, if the thief has access to your mail account, they also have your pin and (probably) your birthday. Sorry to say this, but if you lose your account to an unreg (and if you lose your account, it's probably to an unreg), it really sort of is your fault.

PROTECTION
Not only does G rarely purge, but it also offers this wonderful service called 2-step verification, which makes it necessary to type in a code sent to your phone before you can log into the account. Take advantage of this and create a separate mail account on G for Neopets (and only Neopets). Don't forget to check it, though! Also, be sure to have a random mail name in it, such as ice_queen_12pharoah or whatever to help prevent the thief from guessing what your email is.

Hashes are the method used to get into accounts otherwise protected. These are the most difficult to prevent and often occur due to your accounts on other websites.

RECOGNITION
Hashes generally occur in clusters, and are the method used to get the accounts of people otherwise protected. If you keep on getting word requests sent to your mail, you can assume that somebody is trying to hash you.

KNOWLEDGE
Hashes typically contain a username, mail, and word. The word tends to be jumbled up. Technically, the word hash refers to the jumbled up word. After cracking the encryption on the word, the thief tries to plug the word into the mail and username. If successful, they steal your account. If not, they typically give up (unless your account is amazing, in which case they try to keep going by going through the mail account if they manage to access it). Hashes are dumped by various websites, the most notorious of which was the recent drops from a certain J Neopets help site and another pet site, which cost many people their accounts.

PROTECTION
Refer back to the tips about unregs and create the separate mail account for Neopets, but also create another for fansites and whatnot. Use 2-step verification for both. Also, whenever you get a word request you did not send, contact TNT with a ticket informing them that your account may be compromised soon and change all of the information on your accounts that you can while also ensuring that you have all of the needed information for retrieving your account.

SIDE NOTE - STORY TIME
One of my sides was once compromised, but I was incredibly lucky. The method used by the thief was hash-cracking, so, despite all of my knowledge, I had fallen victim to this method. At the time, I had separate mails for each of my accounts, and on one I happened to sign up for my J fansite account. When those hashes leaked, so did my account. I realized that I had lost access to the mail and immediately contacted TNT and tried to change my mail (the system was also slow that day). I ended up submitting a ticket telling TNT to return the account to my main, when I realized that the thief had sent me a mail to my main (from a shell) telling me that they had gained access to my account but, upon realizing that it was mine, decided that it was pointless to take, since I would rally up enough PC support to have my pets returned to me and I had clearly started to set up the quick retrieval of my account. Although I wish the same luck onto the readers of this page, I highly doubt that another thief will act in such a way.

By idiocy, I am referring to people that send others their words believing that they will sign in to find 1 million NP on their accounts or fall for fake mails from TNT asking for their words. This section will be short, as I have very little to say on this matter.

TNT will NEVER ask for your personal information; they have access to it. Also NEVER give your word to anyone - friend or stranger.

That's it.

Oh, and this came to me via neomail - be sure not to visit those WHAT IS YOUR BIRTHDAY boards, or WHAT IS YOUR FIRST PET'S NAME and so forth. Those are, though sometimes innocently made, notorious for having thieves lurking and using that information to get your mail (via Secret Question).

1. Make a separate mail account just for Neopets. Do not use this for anything else, but be sure to check it regularly so that it does not purge. G is recommended, used along with their 2-step verification.
2. Have a different word and pin on every account This might not help much, but when it comes down to it, it might just save your other accounts. Some users even have different mails attached to each account.
3. Do not keep all of your riches in one place. If you have millions of NP, store a decent amount on your sides. If you have a lot of UCs, spread them out along sides instead of having just one "superaccount". This may reduce targetting.
4. Change words and pins regularly. Not all who gain access to accounts act on this regularly, and sometimes you can protect yourself simply by changing your word and pin. Granted, if they have access to your mail this will not help much, but for this reason you should change your mail's word regularly as well. Don't use the same words you use for Neopets for anything else, and make sure that they are not easy to guess.
5. Keep record of everything. This is important in case you lose your account. Create a document in Excel with a row for each section of the ticket you would have to submit to reclaim your account, and make the columns be all of your accounts. Update this regularly, paying close attention to any NC codes redeemed.
6. If you're suddenly signed out, log in and out. This often happens during a CG, and if you sign in and out two or three times and then change all of your account information, you should be fine. It's also a good idea since it will knock any thief currently on your account off of it, and might save your account.
7. Use birthday verification. It does not necessarily help all the time, but it can be useless. Granted, making a secret question would have been a better idea on TNT's part, but the effort they put forth is appreciated all the same.
8. If it's too good to be true, it probably is. This is more pertaining to the movement of stolen and sold pets and items, but true in most cases. A 1 NP expensive item in a shop might be a CG, an up for quick adoption higher end unconverted pet (or one over-offered on your pet) is probably stolen (or sold), and so forth. Trust your instincts.
9. Secure your own accounts. Emails, words, pins - everything. I stated this earlier, but be sure that you can prove that your accounts are yours.

Alas, even if you do all of this, it does not guarantee that your account is safe; there is a lot of luck involved as well. The best that you can do is be prepared for the worst.

Alas, protection and prevention are not always enough. Once an account is lost, however, it is not always the end. You can always try to reclaim your lost neoproperty through the tedious and grueling ticket system.

IF YOU STILL HAVE ACCESS TO YOUR ACCOUNT
Change all of your information immediately and then send in a ticket to TNT saying that you think your account is being compromised and to please return it to you, including something that will tell them that it is indeed you. Afterwards, self-ice to protect your belongings. You will now have to submit a ticket to continue the process, which will leave you in more or less the same sitation as one with a stolen account (except that your account will hopefully still be intact).

SENDING IN A TICKET
Be sure to be polite and explain everything in as much detail as possible. Do not send in multiple tickets, and do not be frantic (at least not at first). Include as much information as you can, and try not to seem frantic. If you are a premium member or spend a lot on NC, it is crucial to mention that as often as possible. If you know another language used on Neopets, it would be recommended to use it to submit the ticket, as you are likely to get a faster response.

WAITING
On average, it takes TNT months to answer a ticket. Sit around and twiddle your thumbs during this time, building awareness for your case. Once TNT replies, you will either get your account back, be informed that you will not be getting it back, or be asked for additional information. This is the point at which you can play various bargaining games, though it is still recommended to be polite.

BOARD MAKING
One of the things that you can do while waiting is make boards raising awareness for your case - especially if you have had any pets stolen. When doing so, be sure not to post exact names or name formats (Xxxxxx +/- 1 letter is better than Hxxxx if the pet's name is Humor who is owned by me]), or your board may be deleted. Never provide enough detail to identify the pet, but provde just enough so that you will be contacted if somebody sees a pet which may be yours floating around. If less people trade for the pet, you have a higher likelihood for having that pet returned to you, so it is good to build awareness. Furthermore, people knowing might just help your case in the long run. Sadly, there is never a guarantee of having everything (or anything) returned.

WHY DO PEOPLE STEAL ACCOUNTS?
Though this may be difficult to believe for some, stealing accounts is actually quite profitable. There is a black market for Neopets, items, Neopoints, and even Neocash, from which some people can earn thousands of dollars by selling stolen online merchandise for real money. Although TNT tries to crack down on this, they more or less fail to do so.

HOW DO YOU KNOW THE STUFF ON THIS PAGE?
After stumbling along the Neopian Pound Chat for several years, some people began to recognize me. I paid attention to what knowledgeable people said and remembered it, passing on the information whenever I felt the need to. This attracted the attention of some people involved in the so-called Black Market of Neopets, some of whom befriended me. Much of what is on this page I learned from them, and I actually had to contact one of them and ask questions while writing this. Several additional remarks have been made by readers who have read this page and felt that there was something I needed to add.

HOW DOES ONE RECOGNIZE A SOLD OR STOLEN PET?
If it is too good to be true, it probably is. High end pets are rarely gifted, and if one is randomly gifted to somebody (who refuses to give details about its origin), then it may be assumed that there is something odd about this transaction. Likewise, sometimes trades that are too good to be true occur, which may also seem suspicious. However, before harassing someone, please remember that there is such a thing as luck and that many people are actually innocent.

MY ACCOUNT WAS FROZEN FOR SUSPICIOUS ACTIVITY / FOR MY OWN PROTECTION. WHAT DOES THIS MEAN?
TNT suspects that your account has been or may be stolen and has frozen it before you lose what is on it. Submit a ticket and wait - it is all that you can do at this point.

WHY DO YOU BELIEVE THAT UNREGS ARE USED THE MOST COMMONLY?
They are by far the simplest method, and often yield wonderful results. Furthermore, this was told to me by several of the people that gave me information relevant to writing this guide.

I DON'T NEED TO CHANGE MY WORD AND MY ACCOUNT IS SECURE BECAUSE I HAVE A PIN. NOBODY WILL EVER GUESS EITHER, SO I SHOULD BE SAFE.
A person might not, but a program might. Remember, readers, that there are programs to do almost anything these days.

DO YOU FEAR HOW CHEATERS MAY REACT TO THIS PAGE?
Honestly? Not really. I did not explain any of the in depth methods as to how they steal accounts (simply because I do not know them) or signal any out in particular. Furthermore, it is not as if CGs and hashes will suddenly stop being successful due to this page - the most effect that might occur due to this page's existence would be a slight decrease in the number of successful unregs. After all, it's not as if TNT will proudly parade this page everywhere, and I did not reveal anything that was not provided (with the full knowledge that it would be on this page) by a thief themselves.

WHY IS THIS PAGE A RIDICULOUSLY LIGHT COLOR?
It is supposed to be relaxing so that you stop running around as if your hair is on fire.

If you have any questions not answered by this page, please feel free to contact 0llyness via neomail and ask.

Links Back

	<a href="/~Rei"><img src="http://i43.tinypic.com/eq12ys.gif" border="0" title="{h.a.c.k.} helpful account compromization knowledge"></a>
	<a href="/~Rei"><img src="http://i.imgur.com/Nuw2h.gif" border="0" title="{h.a.c.k.} helpful account compromization knowledge"></a>
	<a href="/~Rei"><img src="http://i44.tinypic.com/9kru6t.png" border="0" title="{h.a.c.k.} helpful account compromization knowledge"></a>
	<a href="/~Rei"><img src="http://i44.tinypic.com/vpzu2r.jpg" border="0" title="{h.a.c.k.} helpful account compromization knowledge"></a>
	<a href="/~Rei"><img src="http://i43.tinypic.com/fu4dap.jpg" border="0" title="{h.a.c.k.} helpful account compromization knowledge"></a>

Preview buttons are linked to their creators.
More buttons would be appreciated!

Helpful Sites


Sites by Olly


Listed At

(Recommended)	(Just Listed)