Hanging up the boots
-
- Dumbledore
- Posts: 5167
- Joined: 09 Apr 2013, 20:47
- FS Record: 2013/2014 FISO Hotshots league
- FPL:
- Contact:
Hanging up the boots
I think Im done.
Long story short, my account was hacked in the last week along with many other people.
Yes, Ive been a bit inactive the last month. Missed a lot of deadlines due to studying for professional exams and COVID cancellations has kinda ruined my season. Still salvageable with all the games to be made up. As of game week 22, I was still in the top 50k and a nice overall team value of 104.4 mill and 1404 points.
Fast forward a game week 990 transfers made at a cost of 3952 points leaves me on a whopping -2527 points and a position of 8.9 mill!!! My overall team value has lost 2.3 million in value and my bench boost was also activated.
Based on what Ive read on twitter, FPL towers don't seem to be doing anything. Next season they plan to introduce two factor security, game needs it now! My password was complex and I dont use third party apps for FPL, never have, never will.
Ill keep this updated, if I hear anything from FPL but Im not expecting anything to be fixed in terms of my team being reinstated. Im sorry to the side leagues that Im in that have been essentially ruined
Long story short, my account was hacked in the last week along with many other people.
Yes, Ive been a bit inactive the last month. Missed a lot of deadlines due to studying for professional exams and COVID cancellations has kinda ruined my season. Still salvageable with all the games to be made up. As of game week 22, I was still in the top 50k and a nice overall team value of 104.4 mill and 1404 points.
Fast forward a game week 990 transfers made at a cost of 3952 points leaves me on a whopping -2527 points and a position of 8.9 mill!!! My overall team value has lost 2.3 million in value and my bench boost was also activated.
Based on what Ive read on twitter, FPL towers don't seem to be doing anything. Next season they plan to introduce two factor security, game needs it now! My password was complex and I dont use third party apps for FPL, never have, never will.
Ill keep this updated, if I hear anything from FPL but Im not expecting anything to be fixed in terms of my team being reinstated. Im sorry to the side leagues that Im in that have been essentially ruined
Last edited by wizardoffire on 26 Jan 2022, 23:55, edited 1 time in total.
- TheRumourMill
- Grumpy Old Man
- Posts: 1432
- Joined: 03 Dec 2017, 23:15
- FS Record: FPL: Similar to Everton - haven't cracked the top 10k glass ceiling yet, neither have I had and sub 500k shockers either!
International tournaments: Better, 11k in WC 2018 and top 1000 way back at Euro 2012! - FPL:
Re: Hanging up the boots
Thats absolutely dreadful, sorry to hear that. Agree that 2fa was needed earlier, they got a warning when a load of hackings occurred in October (including of this very site!), and nothing was done. That was linked to Hub's rubbish security though so its alarming to hear you have been affected despite using no third party apps. They seem to be using scripts to do it which is beyond my level of computer understanding but it seems to be successful at disrupting large numbers of people unfortunately. Apologies again.
- RomynPG
- Dumbledore
- Posts: 9653
- Joined: 13 Oct 2005, 18:32
- FS Record: FPL 134 overall 06/07 ... never close since
- FPL:
Re: Hanging up the boots
Well that's a real bummer - so sorry that that has happened to you
Like TRM I'd also be interested in how this hacker is doing what they're doing - get a common denominator if it isn't 3rd party apps. Do you mind people asking questions or are you, understandably, too fed up to go into it any more?
Like TRM I'd also be interested in how this hacker is doing what they're doing - get a common denominator if it isn't 3rd party apps. Do you mind people asking questions or are you, understandably, too fed up to go into it any more?
- wahine
- Grumpy Cat
- Posts: 3458
- Joined: 01 Jul 2009, 07:58
- FS Record: Your life does not get
better by chance, it gets
better by change. JR.
♀️ - FPL:
Re: Hanging up the boots
aw no matter where your rank is at a particular time, a Bruno Captain one week can turn it all around.
Hope they can do something for you?
The glass is always full, would you like to play the last season league in Fiso Draft divisionals, I will give you a shout when time comes.
Hope they can do something for you?
The glass is always full, would you like to play the last season league in Fiso Draft divisionals, I will give you a shout when time comes.
- Oxford NZ
- Dumbledore
- Posts: 6982
- Joined: 06 Jan 2017, 03:35
- FS Record: They think it's all over!
- FPL:
Re: Hanging up the boots
You will be ok in the divisional champs as I can edit the data manually.
- Smurphy Paw
- FISO Knight
- Posts: 14700
- Joined: 17 Aug 2006, 17:48
- FS Record: Mediocre, apparently
13/14: FPL 1792; FIFA 14 Top 700.
17/18: FPL 696th; loads of mini-League wins and side game promotions
18/19 1FC Köln 5AS Champions
#1 Spring Super League regular season 19/20 & 20/21 - FPL:
Re: Hanging up the boots
Sorry to see this. Really frustrating. Fingers crossed that FPL Towers undo the damage done to you and others
- Aldershot Rejects
- Dumbledore
- Posts: 9597
- Joined: 03 Aug 2011, 17:15
- Location: Kent
- FS Record: 5th Metro (2010-11); 146 - Sky (2015-16); 218 - Sky (2014-15); 386 - Sky (2020-21); 636 - FPL (2017-18); last 16 Sky Cup (2018-19)
- FPL:
Re: Hanging up the boots
That sucks. I wonder how many people have to be hacked before FPL take this seriously.
Hope FPL do something, but like you I won't be holding my breath.
Hope FPL do something, but like you I won't be holding my breath.
- murf
- FISO Viscount
- Posts: 109611
- Joined: 13 Oct 2005, 18:28
- Location: here
- FS Record: Once led TFF. Very briefly.
- FPL:
- Contact:
Re: Hanging up the boots
I thought the 'hack' was just them using passwords stolen in breaches on other sites. Is it worse than that?
- Ruth_NZ
- Grumpy Old Gorilla
- Posts: 9156
- Joined: 25 May 2015, 22:46
- FPL:
Re: Hanging up the boots
Bloody pain in the ass. Honestly don't understand what satisfaction anyone gets from ruining the innocent hobby of a random person that they don't know.
- Neath boy
- Grumpy Old Man
- Posts: 4290
- Joined: 13 Oct 2005, 18:32
- Location: Watching the Swans
- FS Record: Egg Cup Premier league champions 2011-12 and 2012-13. Fiso H2H PremierLeague champion 2015/16. FISO Super League regular season champion 2016-17.
- FPL:
Re: Hanging up the boots
What a bummer!
Anyone have any idea how they hack with a complex password and non use of third party sites?
Anyone have any idea how they hack with a complex password and non use of third party sites?
- hayesag
- Dumbledore
- Posts: 6593
- Joined: 22 May 2006, 21:45
- Location: https://freecash.com/r/easypie
- FS Record: piss poor
- FPL:
Re: Hanging up the boots
fantasy football hub i believe is where it all started That site coupled with using the same password on other sites. People were warned to change all linked passwords as soon as it all kicked off. So if you didnt take note of the advice given then im sorry but u should yourself ask the question why didnt you?
anything beyond that your guess is as good as mine.
- ajcairns
- Grumpy Old Man
- Posts: 1237
- Joined: 05 Oct 2016, 14:40
- FS Record: Still Decidedly Average.
- FPL:
Re: Hanging up the boots
Sorry to hear that's happened to you wizard. I'd be interested to hear how the password was made complex as it's clearly been brute forced if you hadn't used it on a third party. Could be useful intel for FPL Towers (if they were interested).
- Bob Newhart
- FISO Knight
- Posts: 13236
- Joined: 13 Oct 2005, 18:43
- FPL:
- Contact:
- Neath boy
- Grumpy Old Man
- Posts: 4290
- Joined: 13 Oct 2005, 18:32
- Location: Watching the Swans
- FS Record: Egg Cup Premier league champions 2011-12 and 2012-13. Fiso H2H PremierLeague champion 2015/16. FISO Super League regular season champion 2016-17.
- FPL:
Re: Hanging up the boots
He said he never uses third party sites such as FFH.hayesag wrote: ↑28 Jan 2022, 17:17fantasy football hub i believe is where it all started That site coupled with using the same password on other sites. People were warned to change all linked passwords as soon as it all kicked off. So if you didnt take note of the advice given then im sorry but u should yourself ask the question why didnt you?
anything beyond that your guess is as good as mine.
- Magic
- Grumpy Old Man
- Posts: 2390
- Joined: 16 Jul 2017, 08:29
- FS Record: Improving
- FPL:
Re: Hanging up the boots
Exactly. It was a dumb question to be honest. Obviously they did it just for the hell of it because they could.
- Multiple Scorgasms
- Grumpy Old Man
- Posts: 2713
- Joined: 29 Dec 2009, 00:30
- FPL:
Re: Hanging up the boots
They still haven't sorted it, Brothers account hacked and nane changed to Ben Crillen.
Seems anyone can be a target, not just top 100k etc
Sent from my SM-A515F using Tapatalk
Seems anyone can be a target, not just top 100k etc
Sent from my SM-A515F using Tapatalk
- Multiple Scorgasms
- Grumpy Old Man
- Posts: 2713
- Joined: 29 Dec 2009, 00:30
- FPL:
Re: Hanging up the boots
They activated BB so he can't even WC put of the hits.
Sent from my SM-A515F using Tapatalk
Sent from my SM-A515F using Tapatalk
- Malrom
- FISO Knight
- Posts: 16524
- Joined: 13 Oct 2005, 18:43
- Location: Feet in Switzerland, Football heart in Leeds
- FPL:
- Contact:
Re: Hanging up the boots
FISO is probably a small community compared to the 9'00'000 players, but maybe an email from Admin could wake them up to do something!
Just a suggestion and not sure if it would make a difference!
Just a suggestion and not sure if it would make a difference!
-
- Dumbledore
- Posts: 5167
- Joined: 09 Apr 2013, 20:47
- FS Record: 2013/2014 FISO Hotshots league
- FPL:
- Contact:
Re: Hanging up the boots
Sorry for the late reply... real life has somewhat taken a priority.
They did finally reply. Not a very encouraging message.
I sent them a response back so will see what happens. In particular calling out the very few exceptions. I mean this isn't someone getting drunk mass transferring their team and then triple captaining a player and then contacting them saying I meant to make these changes and actually my triple captain was meant to be this player who just happened to score a hat trick.
There are thousands of accounts out there all in the same boat and they just dont seem interested in putting in the effort to resolve these accounts.
The audacity to suggest that they hope I continue playing FPL and enjoy the remainder of the season as best I can is a JOKE! Im not even going to get back to zero. Fixing my team is going to basically take my wildcard, won't be able to get the team back to what it was due to the loss in value and now its behind the trend as then I dont have the means to react further down the road. Its just down the drain unless there is some form of fix. The motivation really has gone :'(
They did finally reply. Not a very encouraging message.
Email suggests they are washing their hands of the matter. Little digging shows the account used was involved in a data breach that I was not aware ofDear Fantasy user,
Thank you for getting in touch. We’re sorry to hear this has happened to your FPL team.
We believe what has happened is that you’ve used the same email address and password combination on another online account which at some point in the past has been involved in a data breach, leaving your FPL account exposed. We published this article related to this issue - https://www.premierleague.com/news/2462999
To secure your account, it’s important you now change the password to a strong and unique one which you don’t use on any other websites or apps. You can do this by logging into your account or by using the ‘Forgot your password?’ link on the login page.
We frequently receive requests from FPL managers for a variety of reasons to reinstate transfer points and chips played. In fairness to all managers and to apply consistency across the game, we’re unable to grant these requests with very few exceptions.
We understand this is disappointing but hope you’re able to continue playing FPL and enjoy the remainder of the season as best you can.
Kind regards,
Fantasy Premier League Support
I sent them a response back so will see what happens. In particular calling out the very few exceptions. I mean this isn't someone getting drunk mass transferring their team and then triple captaining a player and then contacting them saying I meant to make these changes and actually my triple captain was meant to be this player who just happened to score a hat trick.
There are thousands of accounts out there all in the same boat and they just dont seem interested in putting in the effort to resolve these accounts.
The audacity to suggest that they hope I continue playing FPL and enjoy the remainder of the season as best I can is a JOKE! Im not even going to get back to zero. Fixing my team is going to basically take my wildcard, won't be able to get the team back to what it was due to the loss in value and now its behind the trend as then I dont have the means to react further down the road. Its just down the drain unless there is some form of fix. The motivation really has gone :'(
- wahine
- Grumpy Cat
- Posts: 3458
- Joined: 01 Jul 2009, 07:58
- FS Record: Your life does not get
better by chance, it gets
better by change. JR.
♀️ - FPL:
Re: Hanging up the boots
It's a poor response, surely they know when they have been hacked?
The chaos to the team could only be through malicious means.
With the so called twitter experts getting early team news advantage, and the probability that a good proportion of those nearly "9 million players" being multi entries, game could seriously be in trouble moving forward with that attitude.
what other troubleshooting could they be doing during the season that they don't have time to check out the obvious.
Yep a grumpy Kiwi again and it wasn't even my team - yet.
I hope you get a better response WOF - sigh
The chaos to the team could only be through malicious means.
With the so called twitter experts getting early team news advantage, and the probability that a good proportion of those nearly "9 million players" being multi entries, game could seriously be in trouble moving forward with that attitude.
what other troubleshooting could they be doing during the season that they don't have time to check out the obvious.
Yep a grumpy Kiwi again and it wasn't even my team - yet.
I hope you get a better response WOF - sigh
-
- Dumbledore
- Posts: 5167
- Joined: 09 Apr 2013, 20:47
- FS Record: 2013/2014 FISO Hotshots league
- FPL:
- Contact:
Re: Hanging up the boots
Seems FPL sent a generic email out to all accounts over night
The integrity of FPL has been ruined because teams have been affected that were competing. I was top 50k and well placed for a final season push.
Make what you want of that but this email almost contradicts the email I shared yesterday. They said they can make exceptions but here they arent budgingDear FPL manager,
We are writing to all Fantasy Premier League (FPL) managers who have had their FPL account compromised in recent weeks.
Firstly, and importantly, we are very sorry this has happened to your FPL team and that your season has been impacted in this way. We understand that recent events have been deeply frustrating for users who invest significant time and effort in FPL and derive a great deal of enjoyment from the game. To that end, we would like to provide you with further detail so you can better understand how and why your FPL team has been compromised and how to mitigate the risk of future attacks.
Credential Stuffing
Over recent weeks, an increasing number of FPL accounts have been compromised. We believe the attacker has gained access to these accounts through a process known as ‘credential stuffing’. This is a type of cyber-attack where an attacker obtains a list of stolen login credentials from historic third-party data breaches. The attacker then systematically uses these credentials to attempt to login to another website or app. Most of these login attempts will fail, but where a user has adopted the same email address and password combination across multiple websites or apps the attacker may succeed and gain access to a user’s account. Internal investigations and analysis of our data logs have revealed behaviour that is consistent with credential stuffing.
The typical activity we have seen from the attacker once they have gained access to another FPL manager’s account is to change the team’s name, make multiple transfers resulting in a significant points deduction, add teams into new mini-leagues, and in some cases change the manager’s name.
We appreciate this is of little consolation to you now, but we have been actively trying to stop these attacks and have been successful in many instances.
Our systems
In response to the attacks, we have carried out robust internal system checks and there is no evidence of a security breach on our systems. This is in addition to various independent penetration tests carried out over the course of the last year.
Moving forwards, we will continue to maintain robust security defences as well as looking to identify new technological solutions that can help to bolster our existing security defences. We have also committed to offering all FPL managers two-factor authentication for the 2022/23 season onwards.
What you can do
If you have not done so already, please change the password on your FPL account as soon as possible. This is very important to ensure you secure your account and mitigate the risk of any further attacks. You can do this by logging into your account or by using the ‘Forgot your password?’ link on the login page. Please create a unique password that is not used elsewhere. It is also prudent to create a strong password that would be hard for an attacker to guess. In addition, we strongly encourage you to update your password(s) on other websites and apps to prevent you being targeted in the same way.
Points, chips and teams
We have received requests from FPL managers to reinstate transfer points, restore teams to how they appeared in previous Gameweeks, and return chips played or provide additional chips. Whilst, of course, we would love to be able to do this, it would be inconsistent with our policy in respect of such matters. In fairness to all FPL managers, in order to protect the integrity of FPL, and to ensure that we adopt a consistent policy across the game, we are unfortunately unable to grant these requests. This is as difficult a decision as it is disappointing for you, and we sympathise with your situation.
Again, we deeply regret the impact that this has had on FPL managers. We hope you can overcome it and continue playing FPL this season or return to play in the future.
Kind regards,
Fantasy Premier League
The integrity of FPL has been ruined because teams have been affected that were competing. I was top 50k and well placed for a final season push.
- Mav3rick
- FISO Jedi Knight
- Posts: 20858
- Joined: 20 Jul 2009, 20:35
- FS Record: FPL: 1082, 1201, 1800, 10203
The stats are dark and full of errors.
Re: Hanging up the boots
I don't really see how restoring a team selection, points and chips to a point before the unauthorised access is damaging the integrity of the game.
I can see that they don't want to have to judge when a player claims they were hacked and just regrets their wildcard, but in cases like the above where hundreds of points hits were taken its clearly not been done deliberately, I can't see an integrity issue.
I can see that they don't want to have to judge when a player claims they were hacked and just regrets their wildcard, but in cases like the above where hundreds of points hits were taken its clearly not been done deliberately, I can't see an integrity issue.
- murf
- FISO Viscount
- Posts: 109611
- Joined: 13 Oct 2005, 18:28
- Location: here
- FS Record: Once led TFF. Very briefly.
- FPL:
- Contact:
Re: Hanging up the boots
So where do you draw the line in the sand in terms of number of transfers? When does drunken idiocy become clear hacking?Mav3rick wrote:I don't really see how restoring a team selection, points and chips to a point before the unauthorised access is damaging the integrity of the game.
I can see that they don't want to have to judge when a player claims they were hacked and just regrets their wildcard, but in cases like the above where hundreds of points hits were taken its clearly not been done deliberately, I can't see an integrity issue.
- Mav3rick
- FISO Jedi Knight
- Posts: 20858
- Joined: 20 Jul 2009, 20:35
- FS Record: FPL: 1082, 1201, 1800, 10203
The stats are dark and full of errors.
Re: Hanging up the boots
That's my point, I can understand why FPL don't wanna have to make those decisions.
It's like VAR, you clear up the howler but then you get bogged down by armpits and toenails...
It's like VAR, you clear up the howler but then you get bogged down by armpits and toenails...
- murf
- FISO Viscount
- Posts: 109611
- Joined: 13 Oct 2005, 18:28
- Location: here
- FS Record: Once led TFF. Very briefly.
- FPL:
- Contact:
Re: Hanging up the boots
But there has to be a line in the sand to define something where it isn't clear and obvious whether something is clear and obvious ir not.
- Mav3rick
- FISO Jedi Knight
- Posts: 20858
- Joined: 20 Jul 2009, 20:35
- FS Record: FPL: 1082, 1201, 1800, 10203
The stats are dark and full of errors.
Re: Hanging up the boots
I think we are agreeing!
It's "obviously" an error in wizardoffire's case, and if we were being fair about this one case only then we can easily justify a correction on instinct. But do that for one manager and you have to make a rule, at which point the edge cases get blurred you'll get someone with a -8 who says it was a hack and wants it reverted.
I don't have a problem in saying wizardoffire's case is obviously unfair and should be reverted, but I cant define a boundary and I understand why FPL don't want to either, and hence the blanket "no correction" response.
It's "obviously" an error in wizardoffire's case, and if we were being fair about this one case only then we can easily justify a correction on instinct. But do that for one manager and you have to make a rule, at which point the edge cases get blurred you'll get someone with a -8 who says it was a hack and wants it reverted.
I don't have a problem in saying wizardoffire's case is obviously unfair and should be reverted, but I cant define a boundary and I understand why FPL don't want to either, and hence the blanket "no correction" response.
- murf
- FISO Viscount
- Posts: 109611
- Joined: 13 Oct 2005, 18:28
- Location: here
- FS Record: Once led TFF. Very briefly.
- FPL:
- Contact:
Re: Hanging up the boots
Have to agree - especially as this 'hack' is not in the slightest down to anything FPL have done wrong.
-
- Dumbledore
- Posts: 5167
- Joined: 09 Apr 2013, 20:47
- FS Record: 2013/2014 FISO Hotshots league
- FPL:
- Contact:
Re: Hanging up the boots
even in a drunken stupor, firstly is anyone going to make 990 transfers? I've never gotten drunk so cant really speak from experience but I can't imagine anyone is capable of doing that. They might make what 15 transfers thinking they were wildcarding but forget to activate it and take the hit. These transfers were mass planned and Im fairly confident the same transfers were done across all affected accounts at the same time to get to the hackers final desired team.
I think I have said before Id happily be given a score of zero for the affected gameweek and still have my chips and team intact, than be left with this mess.
Re: the boundary of drawing a line... clearly something this excessive and making 990 transfers is enough to make an exception?
I think I have said before Id happily be given a score of zero for the affected gameweek and still have my chips and team intact, than be left with this mess.
Re: the boundary of drawing a line... clearly something this excessive and making 990 transfers is enough to make an exception?
- Mav3rick
- FISO Jedi Knight
- Posts: 20858
- Joined: 20 Jul 2009, 20:35
- FS Record: FPL: 1082, 1201, 1800, 10203
The stats are dark and full of errors.
Re: Hanging up the boots
I agree and as I said, in your case when you look at the situation as a human you can see its a hack and that the team, hits and chips should be reverted to the state before the hack, with either 0 points or just scoring as if you never changed the team. You just know intrinsically that is the fair and proportionate response.
The issue just comes when you codify the rules to cater for everyone in a objective way, say you set the limit at 100 transfers, well the hackers will stop at 99, but 99 is still unfair, so maybe you stop at 50 or 20 or 10. Then someone will regret a -8 and make another 6 transfers to reach the boundary, so you have to look at logs and judge if you think it was actually the same user or not. But many people legitimately use VPNs so you'll not know the difference, it's just messy, time consuming and ultimately unenforceable, so the default position is that nobody gets a reset, except in presumably some extremely high profile cases (did FFS' Andy get his team re-instated, I think so from memory).
The MFA is a good response (shame it wasn't in play sooner) and as individuals, we can do more to protect ourselves too (Bitwarden as a password manager I can thoroughly recommend).
I do honestly think you should get your team and points reverted, but I can understand why FPL don't want to poke the hornets nest.
The issue just comes when you codify the rules to cater for everyone in a objective way, say you set the limit at 100 transfers, well the hackers will stop at 99, but 99 is still unfair, so maybe you stop at 50 or 20 or 10. Then someone will regret a -8 and make another 6 transfers to reach the boundary, so you have to look at logs and judge if you think it was actually the same user or not. But many people legitimately use VPNs so you'll not know the difference, it's just messy, time consuming and ultimately unenforceable, so the default position is that nobody gets a reset, except in presumably some extremely high profile cases (did FFS' Andy get his team re-instated, I think so from memory).
The MFA is a good response (shame it wasn't in play sooner) and as individuals, we can do more to protect ourselves too (Bitwarden as a password manager I can thoroughly recommend).
I do honestly think you should get your team and points reverted, but I can understand why FPL don't want to poke the hornets nest.
- andybarrell
- Dumbledore
- Posts: 9003
- Joined: 13 Oct 2005, 18:26
- Location: Southend-on-Sea
- FS Record: 2013 Licence to Kill Winner
2019 S15 R2 Championship Winner
2020 FISO H2H League 1 Winner
2020 5aSide Champions (Falcons) - FPL:
- Contact:
Re: Hanging up the boots
Still top of the League......................all still to play for
You do not have the required permissions to view the files attached to this post.
View Latest: 1 Day View Your posts