Monday, April 19, 2010

Hacker warning!

You can get hacked just by going to another website outside of stardoll or by clicking a photo or link on a blog or website outside of Stardoll.

Make sure you are logged out and your cookies are cleared/deleted before visiting any other site than Stardoll.

Let us get a few terms straight. Scammers are not hackers. Scammers are con artists tricking kids into giving passwords. There are 2 ways that usually happens. This is the most common. A scammer will convince an owner of an account (we will call that person a sucker) to share her password. Scammers offer many different things, some as simple as a "make-over" of a medoll, a presentation or a room in the sucker's suite. The scammer may say she knows a "cheat" that will get the sucker free stuff superstar or stardollars. A lot of girls on this site are young and trusting. Scammers don't have to much more than lie and they can get the sucker's password and anything else they want.

All you have to do to thwart a scammer is to refuse to give your password.

Hackers are more dangerous. They use weaknesses in the website computer code to break into accounts. This is very bad.

Stardoll uses tiny snippets of programming language called cookies. When you log on, you create a cookie automatically. It contains your password information.

There are programmers who have ways to steal this cookies right off your computer! This information is widely available to hackers. Just google "cookie stealing" and you will find out exactly how to do it. It's not easy for most of us, but some people are good at computer language, and if they just follow the steps, they can steal accounts.

From what I understand, a cookie logger (that is what these hackers are called) can log in, but only if you are logged in. Then they hijack your session. They If you want to be safe, only visit other sites and blogs when you are NOT logged into stardoll. And then make sure to clear out your cookies and quit the browser. Then launch it again and log in to stardoll. I can't guarantee you will be competely safe, but you will be safer.

If you suspect that you have gone to a cookie stealing site and you were logged in, you can try this right away. If you act quickly, you may be able to minimize the damage. Log out right away. If you log out before the hijacker changes your password, you may have escaped any harm. Then clear your cookies and log back in and change your password.

Make sure you create a strong password. More about that later.

This is the story of how debbiecat4 was hacked. Please read all about it and learn how to protect yourself. It started with flattery. Someone contacted debbiecat4 and told her she loved her designs and had written about her in her blog. And to see it, all she had to do was to click a link that she provided. Debbiecat4 says it was ego that led her to click the link. But when she did, there was no blog. The web address was set up for what is called cookie stealing or cookie logging. Things got bad very fast. Debbiecat4 logged out. She didn't realize there was a problem until she tried to log back on and her password didn't work. The hacker started to take all of debbiecat4's stardollars by buying stuff using her account. While this was going on, debbiecat4 logged into her daughter’s account and started alerting friends to get help.

I went into debbiecat4's closet room. The hacker was buying a lot of stardesigned items at 60 each. I’m sure she was buying them from an account that had been set up just to have these items on sale. The money has probably passed thru many accounts to try to make the theft untraceable. But this is the way the hacker got a lot of debbiecat4’s stardollars. The hacker gots her starbucks, which is a shame. But debbiecat4 can buy and earn more. Call it an expensive lesson. But if the hacker had been able to sell her rares they might have been impossible to replace. That’s the one part where friends can help. If someone you know is being hacked, this is what you can do to help. You can make it very difficult for a hacker to strip an account of valuable and irreplaceable items.

The friends of debbiecat4 watched her bazaar, ready to pounce. If they had seen a rare on sale, they were ready to buy it right away and keep the hacker from getting it. The idea was that when debbiecat4 got her account back, her rares could be sold back to her. A whole team needs to help, because if one doll already has that particular rare, she cannot buy another. Someone who does not have it would have to step in and buy it. In this case, the hacker was busy getting the money from the account. Since there was a lot of money, that took a lot of time. The hacker did not get to start selling the rares before debbiecat4 managed to get her account back. But while the account was under the control of the hacker, the hacker sent messages by doll mail to every one of debbiecat4’s friends saying debbiecat4 needed help and asking for passwords!

No one fell for that trick. Remember, don't give your password to anyone! At least debbiecat4 was aware that she was being hacked and could use another account to let her friends know. The hacker probably changed her password right away so debbiecat4 could not log in. I have been told that the following is the best thing to if you are hacked. Send proof to stardoll support right away that the account is yours. Forwarding an email receipt will do it along with a note asking for immediate help. Put “emergency--being hacked now” or something like that in the subject line. And send it directly to by regular email.

You can also fax stardoll. Use the information at the bottom of every page at under "kids privacy policy." The fax numbers are there. Debbiecat4 got her account back within hours because she faxed proof to Stardoll that the account was hers.

---------- I found instructions on how to create a cookie logger to hack people on the web. It's a shame that people do this. I googled this and found at least a hundred websites that had the step-by-step way to do this. So this is not new or secret information. Some of the posts about this were from 2002!

I am not going to post all the insructions, just the ones about what is going to happen:
Step 6: The victim sees the image u uploaded but when he clicks the image he has a Temporary Error and you will get his/her cookie.
Step 7: To get the access to the Victim’s Account you need to replace your cookies with the Victim’s Cookie.
Step 8: Go to the Website whose Account you have just hacked and you will find that you are logged in as the Victim and now you can change the victim’s account information.
Note: Make sure that from Step 6 to 8 the Victim should be Online because you are actually Hijacking the Victim’s Session So if the Victim clicks on Logout you will also Logout automatically but once you have changed the password then you can again login with the new password and the victim would not be able to login.

See in the note how it says that if the victim logs out the hacker will get logged out too. That is only until the hacker is able to change your password. So if you suspect you are being hacked, log out right away! It might work and prevent the hacker from doing much damage. Then clear your cookies (you should learn how to do this and do it often,) and log in and change your password. If that works, you have just saved yourself a lot of trouble.


For this method of cookie stealing, you need to be logged into Stardoll in order for the Hacker to steal your cookie. Don't go to any other websites while you are logged into Stardoll. But keep in mind that there are also ways to steal cookies still in your browser, even when you are not logged in, so clear/delete your cookies after you log out every time to be safe.

Don’t visit any other websites or blogs while you are logged into Stardoll. Think twice before you click any link someone sends you. Do you really know the person who sent it to you? You might not want to visit websites that look like bait for unsuspecting suckers, sites that offer stardoll cheats and loopholes and other things you know don't exist. Visiting hackers websites and blogs is risky. I recommend you try to refrain from doing so. I take lots of precautions, and I use a Mac, which adds a layer of extra protection. My router also provides a firewall, another layer of protection. I noticed my firewall gets pinged more than once every 20 seconds, so I am glad it is there protecting me. If you are confident that you are fully protected, then go ahead.

BTW, the second way most people get hacked is when they use an easy-to-guess password. Hackers already have your login name. So they just read the presentation and blog. Someone says her dog is named lucky. The hacker tries logging in using lucky as the password. And a lot of the time, it works, because people use common, easily guessed passwords. Make sure to have a password that is impossible to guess. Never never give your password to anyone. Okay, maybe your mom or dad if you are a kid. Ask yourself, "Would I let this person have the keys to my car? My house? My ATM card and pin number?" True friends will never ask for your password.

While you are thinking about it, change your password. It should contain letters, numbers and something called a "special character". "Special character" refers to symbols like @#$%^&*?, basically the stuff you can type on your keyboard that is not a number or a letter. Write it down and keep it in a safe, secret place. Somewhere you will remember. I like the idea of hiding things in plain site. Write it on the top of page 50 in a particular book. And don't use consecutive numbers or the same number or letter repeated. 123pass is too easy! Try something like r@3ty1. It has numbers, letters and a "special character." BTW, no one can hack you on Stardoll. There is a rumor that girls have been hacked by accepting a friend request. That is not true. No one will be able to hack you from any of the activities you may participate in on the site.

Please contact me if you have any questions. I have been told that the comments box does not work on this blog. Sorry. Please leave a note in my medoll's guestbook.