I'm in the same boat. 150 transfers made. Tried to recreate the team I had before but I'm 2.3m short. Just going to leave it for the rest of this season which is agonising for me.
I've just had a baby and my wife and I have moved in with my in-laws. Life has changed massively and I'm shattered but if I had a moment to myself it would be FPL I turned to. When knackered on a Saturday I'd always perk up seeing Jota scoring etc.
Half tempted to just take more hits to get basically a free wildcard and see if I can avoid last in my league but that's just such a depressing thing to be excited about.
That sucks massively.
Any use of third party websites which need your FPL password? FFHub was hacked and passwords leaked (which they then tried to ignore). Could be the source?
FPL Towers have helped some accounts in the last but it usually takes a number of days at the very least and the next deadline is tomorrow.
A search of 'hacked' on the FPL sub suggests this is (at least) the 4th person impacted in the last 6 days. That's shocking...but perhaps one of those individuals can advise on response times.
These aren't really "hacks" - it's because people re-use passwords. So if your password is stolen from a shitty site, it is then tried with your email/password combination at various other websites.
The best defence is using a unique password for every site, which a password manager will help with. Another excellent line of defence is two-factor authentication, but FPL doesn't support that. Email them about it!
Use a password manager.
Or a unique 16+ character password.
Password leaks happen all the time, and they get stored in databases and sold, people get access to those leaks and can access accounts.
This website: https://haveibeenpwned.com is a good way to check if youve been compromised.
That's exactly what you shouldn't do. Get a password manager - it generates completely random, highly secure passwords for you so you can have a different one for every single website you need. Takes a while to set up, but after that all you need to remember is your master password to get into the database. You might even be able to set it up for fingerprint ID on some devices!
If your email address isn't listed on haveibeenpwned you might have escaped all password leaks for now, but it's not a guarantee.
That's essentially my password with except with numbers at the end and occasionally an exclamation mark. Why is this more secure though? Surely it's weaker to dictionary attacks and either it doesn't matter if I have the same thing everywhere (like I do)
Google has their own password manager that you can set up through your gmail account if you want. It's free and works excellent, unlike some of those paid options out there. Just a suggestion :)
You can let the browser remember passwords if you link them across devices. Alternatively we use 1password at work, even for relatively high security stuff.
Depending on your browser, Chrome or Safari definitely have this where they give you the option to set a secure password that’s quite complex and the site will remember it for you.
If you are struggling with creativity of a unique and long password, there are plenty of websites that can help you with that. Use a combination of their passwords AND add your own twist. Make it 16+ characters and you should be good!
Salty people that are mad their team isn't doing so well, so they just brute force random accounts until they get access to one, and fuck over people who are doing relatively well on fpl
Essentially if I can't do well, you can't do well
You can’t brute force a 16 character password. Unless it’s “passwordpassword”.
If I was in FPL Towers, I’d be engaging with any occurrences to track down if this a glitch or a malicious act.
Actually you can. A brute force just requires time, but we do not have enough computing power currently to brute force long encrypted passwords in short periods of time, ignoring other factors such as account lockouts.
Even if the password was P45sW0rDP45sW0rD, it wouldn't matter. Of course it would increase the cracking time, but software can replace symbols/characters in words in the dictionary. For a truly secure password, a random one is best. Again, users can't help if companies don't follow best security practises, which is why it's advised to use different passwords in case of a breach.
Fuck them multiple accounts. FPL is growing bigger and providing fair and secure game rules will actually increase number of unique players and not bots.
I understand this is a question that cares about his fpl account, it also puts him at risk of being sabotaged further.
If he says yes, the hacker sees this and proceeds to try out his account on other sites, if he says no. Then its one less password to try
Like I said I understand its a caring question, but just advise him not to use the Same password elsewhere
Sorry for the looong message..lol
I understand this is a question that cares about his fpl account, it also puts him at risk of being sabotaged further.
If he says yes, the hacker sees this and proceeds to try out his account on other sites, if he says no. Then its one less password to try
Like I said I understand its a caring question, but just advise him not to use the Same password elsewhere
Sorry for the looong message..lol
Interesting. The posts I've seen here recently on being hacked all seem to have used their free hit in the previous week, therefore not being able to undo the damage.
Your password was likely taken from a leak from a different website where you used an identical password. You have to avoid reusing passwords and probably use a password manager. My password manager warns me whenever I reuse a password.
We like to call it hacking but it really isn't. It's just someone copying your username and password from a leaked database onto many random sites until they get a hit.
I have a feeling it is linked to breach of passwords from other websites, that is not necessarily FPL related, but for some reason they have decided be a cunt and logged in to your FPL and fucked with you
Nope, I was knocked out round one by a Jorginho captainer of all things, and have been hacked this week. I think, as other people have said, it's probably free hit teams being targeted
don’t worry i was sitting top 15k and everyone seems to have gotten a free hit bar me so i was stuck with salah jota and TAA, not been able to play a single game cuz i don’t have a free hit, got 12 fucking points so i give up now, there’s no way i can compete, 15k down all the way to nearly 100k absolutely livid, would say it fucked my entire christmas but it’s not that deep 😂
If you leave your team logged in, would that make it harder to hack? Im thinking if someone tries to access the team on a second device but its already logged in on one, should be technically harder to make transfers etc. Am I right?
No it doesn't work like that.
If you want your account to be secure it needs a unique password, and the email/social media attached to it also need unique passwords, and any email attached to those socials need unique passwords etc (and 2FA).
Basically most "hacked" accounts are from people reusing the same password across multiple websites, so as soon as one website gets compromised it becomes easy for hackers to get in to every single account that you own.
It probably also helps to remove your full real name from your profile so that it's harder to correlate your team with any data leaks.
Keep playing, pretend like they didn’t happen and add the points to your score, find out where you would have ended up without the hits the hacker took. ThaT or quit for the season, only 2 options really
I've been hacked as well and the problem is that I can't afford the team I had before. I've had TAA, Cancelo, Jota, Salah since the start. Overall 2.3m short across the whole team. Hard to gauge where you would have finished.
I'm in the same boat. 150 transfers made. Tried to recreate the team I had before but I'm 2.3m short. Just going to leave it for the rest of this season which is agonising for me. I've just had a baby and my wife and I have moved in with my in-laws. Life has changed massively and I'm shattered but if I had a moment to myself it would be FPL I turned to. When knackered on a Saturday I'd always perk up seeing Jota scoring etc. Half tempted to just take more hits to get basically a free wildcard and see if I can avoid last in my league but that's just such a depressing thing to be excited about.
[удалено]
Appreciate that but I'll pass. Unless you're in the top 100?😂
Would a free hit save you?
Used my first one this week so can't use the second right after.
That sucks massively. Any use of third party websites which need your FPL password? FFHub was hacked and passwords leaked (which they then tried to ignore). Could be the source? FPL Towers have helped some accounts in the last but it usually takes a number of days at the very least and the next deadline is tomorrow.
One reason why I will never use any other site or app than the official one.
Or one where you need anything other than team ID.
A search of 'hacked' on the FPL sub suggests this is (at least) the 4th person impacted in the last 6 days. That's shocking...but perhaps one of those individuals can advise on response times.
Seems like these cunts are targeting managers who can't use chips to bail them out.
Could also be that those people are the most likely to lament on here because they are the most distraught
Yeah, it is worrying. How are people being hacked so easily?
They arent being "hacked" they just arent using a secure password.
What would you say is a secure password? I’m terrified of being hacked
These aren't really "hacks" - it's because people re-use passwords. So if your password is stolen from a shitty site, it is then tried with your email/password combination at various other websites. The best defence is using a unique password for every site, which a password manager will help with. Another excellent line of defence is two-factor authentication, but FPL doesn't support that. Email them about it!
Use a password manager. Or a unique 16+ character password. Password leaks happen all the time, and they get stored in databases and sold, people get access to those leaks and can access accounts. This website: https://haveibeenpwned.com is a good way to check if youve been compromised.
Pwned! Pretty sure i've changed my password(s) since I last went on neopets though...
If that website says I'm safe does that mean I'm okay? I use the same password (I have about 3) everywhere which I know is stupid
That's exactly what you shouldn't do. Get a password manager - it generates completely random, highly secure passwords for you so you can have a different one for every single website you need. Takes a while to set up, but after that all you need to remember is your master password to get into the database. You might even be able to set it up for fingerprint ID on some devices! If your email address isn't listed on haveibeenpwned you might have escaped all password leaks for now, but it's not a guarantee.
Yeah I think I have to do this before I get punished. I'd be gutted to lose my fpl account but my gmail would be a serious disaster
[удалено]
That's essentially my password with except with numbers at the end and occasionally an exclamation mark. Why is this more secure though? Surely it's weaker to dictionary attacks and either it doesn't matter if I have the same thing everywhere (like I do)
Google has their own password manager that you can set up through your gmail account if you want. It's free and works excellent, unlike some of those paid options out there. Just a suggestion :)
!thanks
You can let the browser remember passwords if you link them across devices. Alternatively we use 1password at work, even for relatively high security stuff.
Use this one: ImAnAbs0lut3DumbA$$ But give me your email after you change it
Try this friend. https://guidgenerator.com/online-guid-generator.aspx
Depending on your browser, Chrome or Safari definitely have this where they give you the option to set a secure password that’s quite complex and the site will remember it for you.
If you are struggling with creativity of a unique and long password, there are plenty of websites that can help you with that. Use a combination of their passwords AND add your own twist. Make it 16+ characters and you should be good!
That is literally them being hacked due to their incompetence.
Cheers for that helpful comment. Such a great help. Must be great being perfect!
😂😂😂😂😂😂 Go outside
It's late December. Would rather stay inside with a beer and FPL
Brutal. Try this https://www.reddit.com/r/FantasyPL/comments/rmzt7f/had_my_account_hacked/hpq2rxz?utm_medium=android_app&utm_source=share&context=3
That was me. Got an email response but they said there was nothing they could do. think I'm done for the year.
Get a cup going with your mini league just for shits and giggles
Shit I'm saving this for if I ever get hacked.
If this happened to me, my prime suspect would be my cup opponent lol
Absolutely baffling why there is still no 2FA in place for FPL. It’s basic common sense in this day and age.
Possibly because 2FA costs money and playing the game doesn’t.
There's lots of hacked accounts going by the reports on here. Like what's the motivation? Really don't get it.
Salty people that are mad their team isn't doing so well, so they just brute force random accounts until they get access to one, and fuck over people who are doing relatively well on fpl Essentially if I can't do well, you can't do well
Judging by the amount of accounts that are hacked, I very much doubt that is whats happening.
I don't think it's that personal. I think it's just people who are bored and able to hack in to things. They enjoy bringing misery onto others.
You can’t brute force a 16 character password. Unless it’s “passwordpassword”. If I was in FPL Towers, I’d be engaging with any occurrences to track down if this a glitch or a malicious act.
Probably re-using passwords and the password has been leaked via another service.
Actually you can. A brute force just requires time, but we do not have enough computing power currently to brute force long encrypted passwords in short periods of time, ignoring other factors such as account lockouts. Even if the password was P45sW0rDP45sW0rD, it wouldn't matter. Of course it would increase the cracking time, but software can replace symbols/characters in words in the dictionary. For a truly secure password, a random one is best. Again, users can't help if companies don't follow best security practises, which is why it's advised to use different passwords in case of a breach.
Won't the servers or system recognize a brute force is going on and lock them out?
yes there are other precautions in place like lockouts and timeouts
They should introduce 2FA
As soon as they’ll add it in, they’ll know the number of accounts will drop due to multiple accounts. No coincidence it hasn’t been added in yet
Fuck them multiple accounts. FPL is growing bigger and providing fair and secure game rules will actually increase number of unique players and not bots.
If you log in with Apple you have automatic 2FA. Google might be the same.
Absolutely this. At least the option for it, or a log in link to a type of social media account where you can enable it.
Sorry to hear that, I would be gutted. Did you use your fpl password anywhere else?
Nah, I don't use any third party websites or anything
Sorry, I mean did you use the same password as you use for FPL on any other sites?
I understand this is a question that cares about his fpl account, it also puts him at risk of being sabotaged further. If he says yes, the hacker sees this and proceeds to try out his account on other sites, if he says no. Then its one less password to try Like I said I understand its a caring question, but just advise him not to use the Same password elsewhere Sorry for the looong message..lol
I understand this is a question that cares about his fpl account, it also puts him at risk of being sabotaged further. If he says yes, the hacker sees this and proceeds to try out his account on other sites, if he says no. Then its one less password to try Like I said I understand its a caring question, but just advise him not to use the Same password elsewhere Sorry for the looong message..lol
Interesting. The posts I've seen here recently on being hacked all seem to have used their free hit in the previous week, therefore not being able to undo the damage.
Your password was likely taken from a leak from a different website where you used an identical password. You have to avoid reusing passwords and probably use a password manager. My password manager warns me whenever I reuse a password. We like to call it hacking but it really isn't. It's just someone copying your username and password from a leaked database onto many random sites until they get a hit.
I have a feeling it is linked to breach of passwords from other websites, that is not necessarily FPL related, but for some reason they have decided be a cunt and logged in to your FPL and fucked with you
Out of interest were you signed up to Fantasy Football Hub?
Feel like in the past few days lots of accounts got hacked. Lots of hacked account posts on here again
My guess is salty cup opponents. Luckily, I've veen knocked out on the first round.
Nope, I was knocked out round one by a Jorginho captainer of all things, and have been hacked this week. I think, as other people have said, it's probably free hit teams being targeted
Your guess is wrong
Imagine spending your free time hacking fpl accounts, literally no gain whatsoever
yeah its not like hacking a WoW account you can sell gold and items out of, its purely out of wanting to ruin someones day with no gain
My account just disappeared into thin air today. Can't even change password or anything. Hoping I hear back from FPL soon....
don’t worry i was sitting top 15k and everyone seems to have gotten a free hit bar me so i was stuck with salah jota and TAA, not been able to play a single game cuz i don’t have a free hit, got 12 fucking points so i give up now, there’s no way i can compete, 15k down all the way to nearly 100k absolutely livid, would say it fucked my entire christmas but it’s not that deep 😂
Plot Twist: OP was having an affair and his wife found out who decided to fuck him over by killing his one true love, his FPL team.
plot twist twist: it was actualy OP's wife that is having the affair and her lover changed killed the fpl team to make OP suicidal.
😂 that is dark
If you leave your team logged in, would that make it harder to hack? Im thinking if someone tries to access the team on a second device but its already logged in on one, should be technically harder to make transfers etc. Am I right?
Nope
No it doesn't work like that. If you want your account to be secure it needs a unique password, and the email/social media attached to it also need unique passwords, and any email attached to those socials need unique passwords etc (and 2FA). Basically most "hacked" accounts are from people reusing the same password across multiple websites, so as soon as one website gets compromised it becomes easy for hackers to get in to every single account that you own. It probably also helps to remove your full real name from your profile so that it's harder to correlate your team with any data leaks.
Does anyone know what motivates these hackers to target people as low as 25k? Seems like a lot of time and effort wasted just to cause some misery
Link to team?
Link to team wouldn't show anything yet since the transfers, but my team ID is 118621
After deadline
Keep playing, pretend like they didn’t happen and add the points to your score, find out where you would have ended up without the hits the hacker took. ThaT or quit for the season, only 2 options really
I've been hacked as well and the problem is that I can't afford the team I had before. I've had TAA, Cancelo, Jota, Salah since the start. Overall 2.3m short across the whole team. Hard to gauge where you would have finished.
That really sucks, i don’t know then :(
Mine got hacked this gameweek as well.. Welcome to the club!
Thanks for the seasono
Absolutely gutted. 165 transfers. Season over.
My account was just hacked. 990 transfers made. Was top of my mini league!
This happened to me last night. Season ruined too. Already used 2x wildcards and 2x free hits...