Quote from RegisAreus;1238073:
How do you even get hack?
I made a pretty big post about this on nexon forums that outlined some of the possible ways. Quoting myself (and the person I was responding to).
Quote from Jazneo;10454184:
it very true they won't admit to it because if they do then think get nothing back. or they really stupid enough to download a file they believe is a cheat for mabinogi that has a key logger in it.
there many ways lose account without being hack.
1. give out your username and email
2. download a file you believe was something for Mabinogi when it was not
3. make to simple password anyone can figure it out
big ones is think your friend wont steal from you if you give out your password and username to them.
Right, well I guess I'll expand on your list a little. Sometimes (mainly number 2) can be a bit more tricky than simply "downloading a file relating to mabinogi". Technically you don't have to be classified as an idiot to have fallen for one of these, though you seem to be under the impression that the only way you get hacked is by giving out your login information, and getting keylogged for someone to non-consensually steal your login information isn't getting hacked? Well whatever. I'll expand on some of the dangers. I'll say ahead of time though, that most of these are an issue on maplestory. Mabinogi players typically don't need to be too wary of the majority of these issues, but there's nothing really stopping the people with ill intent on using their "tactics" on the mabinogi community if they so desired.
1. Getting keylogged (as you somewhat mentioned)
Contrary to popular belief, a modern day keylogger will typically be able to screenshot or whatever anything on your computer. Thus rendering the additional pin system (the keyboard typing part) useless if one of these is on your system. Typical keyloggers will simply be blocked by modern day antivirus though. However, there are a couple variations of keylogging (I guess I'd call them variations..) known as a "RAT" and a "Java Driveby"
2. RAT
RAT's are remote administration tools, remote access trojan, whatever you want to call them. They are bad. They are nasty. They are typically FUD (Fully undetected). As the name implies, it gives the attacker, in a sense, remote access to your machine.
3. Java Drive By
These are pretty scary, and the scariest of them all in my opinion. Though I'm not sure whether or not these are classified as its own keylogging device, or just a method of getting the keylogger on your machine. Those things at the top of websites, or things that pop up on websites that request that you run java can install keylogging software on your computer. Here's where the stupidity part you mentioned may not have to come in to play -- these aren't as obvious. You and I have likely ran these before, and they were legitimate processes. Some people do some scary things with java drive bys. There is a tool called a website cloner, that will, as its name implies, clone a website (almost) entirely. I ran into a scary one a while back. There's a website called basilmarket.com. It's a legitimate maplestory fansite. Some guy made a tumblr post saying he was selling some item. If you clicked the image, it redirected you to a website that had a couple not obvious letters in the basilmarket URL switched around, and it was cloned. The website was also embedded with a java drive by. That's the closest I've ever come to being hacked by one of these things, and what led me to simply disable java.
4. "Remote Attacks"
I put this in quotes because I'm really not sure what to call this one. I've only seen it a couple times since I've played maplestory, but it's pretty scary. If you are running on windows XP, there are (apparently) tools designed to assist in hacking this operating system. Especially if you don't follow windows updates. The attacker needs your ip address, which typically isn't that hard for someone with knowledge of how to initiate these attacks to obtain. They then use the tools to establish a remote connection to your computer and can do welp whatever they want I guess. This also applies to unupdated windows operating systems. Update your operating system son. That stuffs worth the once a month restart.
5. database leaks
Okay so I've only seen maplestory's database get leaked a couple times. One of the guys who has access to it (The most recent) only uses it to get cool in game names from long time inactive players, so no sweat. No, I'm not talking about the MTS username leak. Anyway, this typically isn't a problem for nexon. However, this is a problem for other websites. Using basilmarket as an example again, there have been various basilmarket database leaks. If your nexon account information matches your basilmarket login information, you've just given someone with a database leak access to your account. This is why people are told to use different login information for different websites. And it's typically not considered stupid to share the same information across multiple websites.
6. Fake account reset request
If you sign up with all real information on your nexon account, it makes it susceptible to an account reset request. I edited this in due to the post about social engineering on the next page. A "friend" or whatever can end up knowing the majority of your personal information simply by having a conversation with you. If they know your nexon username, or guess it (say, it's the same as your public skype email address), they can request nexon to reset your account on the premise of "I lost my account, help!" Or something similar. This has been happening a lot more recently. They will ask you for your personal information to "confirm" you're the owner of the "lost" account. If you've given it to your "friend", they have all the power in the world to do this.
There are some more I'm sure, but they are not coming to me at this very moment.
Quote from Jazneo;10454184:
True hacker wont bother with people accounts. they would hack the packet to dub items in the game
lol, I'm not sure if I should even give this part a serious response, but I'll keep it short. Different people have different mindsets and intentions, and you have no idea what one person could be planning as opposed to another. Also packet editing and hacking an account are two completelyyyyyy different realms.
TLDR:
It could be as simple as trusting an untrustworthy person with account information, or getting tricked by someone with ill-intent