Forum

Please or Register to create posts and topics.

The TRUTH about Mobile Legends account hacking, please read four your safety.

THE TRUTH ABOUT ACCOUNT HACKING, HOW COME SO MANY ACCOUNTS GOT HACKED, AND HOW TO MAKE YOUR ACCOUNT MORE SECURE

OKAY, BECAUSE A LOT SAY THEIR TOO LAZY TO READ THIS, HERE IS THE SHORT VERSION, IF YOU WANT MORE IN DEPTH AND DETAIL YOU CAN READ THE FULL VERSION BELOW.

  1. Your account is at risk even though nobody knows your password, and you never used any malicious app or website.
  2. The hacking proccess is so easy, anyone can do it. It only requires to change the config file inside the mobile legends folder.
  3. You do that by replacing the jsondevice id key of yours, with other account's jsondevice id. Usually these jsondevice ids are compromised by a malicious app, and leaked to the internet.
  4. But, even if you dont have any jsondevice to paste to the config, you can replace it with RANDOM number and it will take you to a random person account.
  5. A compromised jsondevice id can change. That means a jsondevice id belongs to account A can now belongs to account B.
  6. So, for example ACCOUNT A is the user of malicious app, then his jsondeviceid is compromised and leaked to the internet. But after sometime, that jsondevice id will "refresh" or change, and is now belong to ACCOUNT B, which never used any malicious app.
  7. You get it right ? So, now if a hacker copy the LEAKED jsondevice id that previously belong to ACCOUNT A (MALICIOUS APP USER), now he will enter ACCOUNT B (NEVER USED MALICIOUS APP). See ? This is the Big problem, so now account B is compromised even though he never use any malicious app. How unfair.

BELOW IS THE FULL, MORE DETAILED VERSION OF THIS ARTICLE

Hello, in this post i will inform you the truth about accounts getting hacked over and over again. The game's security system is really bad and for now, i recomend you not to spent a single penny on this game until moonton fix this huge flaw. I hope moonton see this post and rework their entire security system, because this has been going on for so long, and NOT FIXED until now.

In this post i will explain how accounts kept getting hacked and also what can you do to at least get your account a little more secured.

First, there is a believe that if your account got hacked, you must have been using some malicious app or "phising" website. This is NOT TRUE (i will show you why later in this post).Even if you never download malicious app or use some fake diamond website, your account still at risk for hacking.

So, how do these accounts kept getting hacked like crazy, there are two method that i know :

First is the JsonDevice id hack, i know it have been posted multiple times in this reddit section but i want to make it more clear how your account can be hacked using this method even though you never used any malicious program.

As you guys probably know, this jsondeviceid hack is done by changing the config file in the mobile legends folder (i dont have to specify here, theres hundreds of tutorial in youtube on how to do it).

The popular way to do this is by using jsondevice id obtained from a logger (planted inside a malicious app), so this this application (usually in the form of hack like maphack, chat spam hack, etc) will secretely copy your jsondeviceid and send it to their server (the person who make the malicious app). So now he has access to thousands of jsondeviceid and all he needs to do is choose one and copy it to his ml config file. Boom, he enter the person account without even having to login. Somehow this key leaked to the internet leaving thousands of account at danger.

Now, How can this jsondeviceid method affect people who played the game FAIRLY and NEVER USE ANY MALICIOUS APP ?

  • First problem, you can enter a RANDOM NUMBER instead of a key, in the config file. Yes people, this is true. Instead of using a key obtained from a logger, the hacker can enter random numbers like 1, 2, 3, etc in the config file, and it will take them to random account. It is so easy that a 10 years old can do it. Even though its random, it is still other person account, and most likely the person getting hacked NEVER use any malicious app. He/she is just unlucky that his account can be accessed using the random number method. This number changes often. For example, today you enter number 1, it takes you to account A. Tommorow, you enter number 1 again, it will take you to account B.

Here is a screenshot that i took from a youtube video explaining this method, and the video has over 200k views. As you can see the jsondevice id is replaced with just a RANDOM number. And by doing it he can enter a random person account. I don't want to post the link of the vid because it might be against the rule.

  • **Second Problem, the Jsondeviceid of an account CAN CHANGE!!**Your account's device id can change, so that huge list of thousands of jsondeviceid key from the logger after a while it can take you to DIFFERENT account than what its originally logged.

OK, i will explain to you more so you understand. For example, there are 2 accounts, A and B

Account A - Jsondeviceid key is : abcdef123456 - This account have used malicious app in the past

Account B - Jsondeviceid key is : 654321fedcba - This account never used any malicious app

So, now account A's jsondevice id is stored in the malicious app server and LEAKED to the internet.

Account B must be safe right, because the user of this account never used any malicious app.

WRONG!!!

After a while, the jsondeviceid can change. So the jsondevice id abcdef123456 can now take us to OTHER account. Maybe account B, C, D, E, Who knows.

Lets say its account B. So now, account B is hacked USING JSONDEVICEID THAT PREVIOUSLY BELONGS TO ACCOUNT A (THE USER OF MALICIOUS APP)

How fcked up is it ? So now account B is hacked even though he never use any malicious program.

Here is 2 screenshots of a pretty recent video (August 9th). I can't post the link because it might be against the rule.

First, take a look at the jsondeviced that this guy copied from the log file of the malicious app. The user id ends with "5090". He copied the jsondeviceid of that user, which is a MALICIOUS APP USER.

THAT IS THE JSONDEVICE ID THAT GET LOGGED BY THE MALICIOUS APP AND LEAKED TO INTERNET. Take a look at this screenshot (red arrow).

But wait a minute, after the guy pasted that jsondevice id to the config file, and open ML, it takes him to a DIFFERENT ACCOUNT, not the one that got the jsondevice id logged and leaked.

Take a look at this screenshot, the account that he enters, the ID ends with "98395".

So now, the jsondevice id of that MALICIOUS APP USER belongs to this OTHER ACCOUNT, which might never use any malicious app.

You see the problem here, YOUR ACCOUNT STILL AT RISK EVEN THOUGH YOU NEVER DOWNLOAD OR USE MALICIOUS APP.

Again, this is totally fcked up, so now even though the owner of this account never use malicious app, his account can still be hacked.

Second Method, the "Checker" MethodThe Hacker take a huge list of email + password combination, and using a "Checker Software" they can automatically check wether a particular email + password combo have a moonton account with the same password + combo.

There can be only one thing that caused this, you enter an unsafe website, where a hacker stole your password, and unfortunately you use the same email and password for the moonton account.

*NOW, HOW TO MAXIMIZE SECURITY OF YOUR ACCOUNT\*

To avoid "Checker" Method hack, change your moonton password immidiately, make it a unique password that u never use before. Afther that, turn on 2 steps verification on your mobile legends account. Or if you want to be extra safe, make a completely new email, new password, then change your moonton email to that new email. Do those steps and you will be safe from the Checker hack.

Now, to avoid the jsondevice id hack.

  1. Bind all platforms, and use a different password for each one. This will ensure even though your account hacked by jsondeviceid, the hacker cannot bind it to his own platform. Its even better if you can bind to other platform. For example, if you are android user you can borrow a relative's iphone to bind to apple id. And vice versa, if you iphone user borrow relative's phone to bind to google play games. Turn on two steps verification for each platform.
  2. Do not download any external app or script, or anything malicious. The makers of these apps and scripts most likely will steal your jsondeviceid and store it on their servers.
  3. Only reload directly from the game. This will ensure that the transaction recipe goes directly to your email and in case your account hacked, this can help when u contact customer service. Or even better, if you can find the FIRST transcation recipe you did in mobile legends, screenshot it immidiately. Or if you just first reload in the game, screenshot that first reload.
  4. Use the logout from all device feature.

At the end of this post, i want to say that i really love this game and i have been playing since season two.

I wish more users aware and stop downloading malicious app and scripts, and i wish moonton step up their security.

I have spent a lot of money on this game, but for now i wont after knowing this facts, and i reccomend you not to, until moonton came up and fix this issue.

Thank you for reading my post and have a good day.

--Redditor1237799