Velox Phishing Crisis

From Graal Bible

The Velox Phishing Crisis refers to Velox Cruentus gaining access to several Graal accounts through an advanced phishing method. This was the worst breach in Graal security since the Christmas Password-Theft Crisis in December of 2001.

Graalians.com

In late September, 2005, Velox posted a thread stating he had created a new website, Graalians.com, which allowed Graalians to create elaborate profiles, post screenshots, and post server reviews. This was a factual statement. There was not a single person who expressed suspicion and most of the replies to the thread were positive, with James205 calling the website, "probably the best Graal website I've seen."

The Phishing Crisis

Registration at the website required the user to state their Graal account name, provide an E-Mail address, and create a password. Some members used the same password for Graalians.com as they used for their Graal accounts and/or their E-Mail accounts. This allowed Velox to get the passwords to several Graal accounts. Either because the member had used the same password for both Graal and Graalians.com, or by accessing their E-Mail and requesting the password, or finding it in an undeleted E-Mail from Cyberjoueurs.

Velox was also able to gain access to the PayPal accounts of Draenin, Cypher and Tupper by accessing their E-Mail accounts and requesting the PayPal password.

Velox put this information to use in early November, 2005, by stealing several items from accounts on various servers, often resetting the accounts when he was done.

He also transferred $350 (USD) out of Cypher's PayPal account and $450 (USD) out of Tupper's, a serious criminal offense.

Damix was the first to realize that something was wrong when his roomate, Lylic, realized his account had been accessed. Damix connected the security breach to Graalians.com and Velox. He then informed Stefan via RC.

Draenin was the first person to blow the whistle on the crisis by posting a thread on the Graal Kingdoms forum. About three hours later, Stefan posted a thread explaining what had happened.

Velox's Apology

Velox used one of the stolen accounts, WeedDigger, to post the following message

"Well... You banned all my accounts, so here I am, on another...

I gave Lyndzey the full list, so don't bug me about it. For Stefan... That list isn't even half what I got.

For Sage (Cypher) and Tupper, I'm trying to fix your financial problems as much as possible.

I'm sorry for what I did, and I'm trying to fix most of it.


Ugh. I deserve what I got none-the-less. Good Day.

I was thinking of making a better talk, but... I guess it's not my place."

List of Accounts Velox Gained Access to

  • Termina_Owner
  • GeforceIX
  • Vaappolan
  • Gene_Starlet
  • Rance_P2P
  • LadyDarkwolf
  • sage_scooby
  • Lylic
  • Draenin
  • Cassy
  • Aflack3
  • Riland
  • smashatakk
  • Magadal
  • atomask
  • Ithica1
  • LilNiglet
  • Genesis
  • Sage_Shadowbane
  • Nitkizi
  • XenticKnoble
  • scoobsonwhat
  • criter
  • raiden0899
  • corny20
  • 8balla
  • chickenfriedcake
  • Drumguy1
  • Drumguy
  • gm2000
  • powerash
  • StalePhish96
  • sukuru1
  • TigerCub1992
  • imawesome999
  • Riven2
  • bart_rocks
  • bealfeal
  • DarkFireSword
  • flash777
  • homerexe
  • inkpot
  • kaoticgunman
  • larso da king
  • lionkid321
  • master_josh
  • megamanexe11
  • MoonWars
  • Nadithan
  • poopyman
  • psychobadger
  • Soccerfreak2
  • Tommys
  • WeedDigger
  • zach3805
  • Shabangizzle
  • ericku
  • Hinkle
  • Chett
  • Tuoni
  • Spazzykins
  • Amanda11
  • DrkDestroyer
  • ericku
  • FroggyLordv
  • Haloheros
  • jevon121
  • partyboy56794
  • OrigitalTrial
  • Hypo182

In total, 70 accounts were compromised in the crisis. A considerable number as there were only 215 accounts created on Graalians.com, though clearly some accounts (such as Drumguy and Drumguy1) belong to the same person.