Currently, a bunch of accounts are compromised due to hidden linking. I'm making this topic to make a reference on who all got compromised. If you're viewing this topic and your account was compromised, then the best thing I'd recommend is to just make a new account for now.
Another good idea besides making mod accounts verified on PMs and the like is to add a confirmation box when adding accounts with a notice explaining why adding random users accounts is a bad idea.
Sessions could be made more secure by either verifying the current IP is the same as the one the session was generated under, although that could present issues with mobile, or by storing the user agent on login and verifying with each request, although if someone is using an identical browser the stolen session will work fine.
Hey everyone, I've got some news from Lucid. He fixed the spaces issue in usernames, and now he says that it's up to us to stop any further scams. Oh, he also says that he's going to try to think of a way to help us out and fix this problem permanently, but we'll see if he actually delivers.
Sims 7m 8s +1 if your account was compromised and you want it back, please email lucidrains @ gmail.com and tell him your account + how it was phished. thanks
In the scamming message that (nearly) got me, in the section of people who received it, it was me, Orcaa, and TyroneF. So Orcaa, and TyroneF both went down I think.
You can take Dreamquakes off this list. She isn't compromised anymore, I believe. She didn't give her pw/cookie session to anyone, I think she was hidden linked at the time or someone guessed her pw.
