License account hacked?

Today I was checking the activated Nuendo 12 licenses on my account on the Self-Service page. I noticed that is shows that my N12 license has been activated on three computers. But I have only installed N12 on a two computers (MacBook Pro and on a Mac Studio). There is a computername showing that I don’t recognize: “Nick’s Mac mini (2)”. I have never activated a license


on a Mac mini with that name, nor have I allowed anyone else to use my licenses.

A colleague of mine at our studio facility noticed the same issue on his account. Anybody else have the same issue? I contacted Steinberg but still waiting their response. By the way, I am not attempting to activate a license on a third computer, but I wonder if this would work when it seems that all three licenses have been activated.

1 Like

Presumably you have 2FA turned on? (Of course, this will not solve the issue, but it will stop you from worrying in future).

For this issue I think you will need @Martin.Jirsak

1 Like

I turned 2fa on today. (It wasn’t turned on before). Probably should have done that earlier. I hope Steinberg will reply to my support ticket. I really wonder what happened here.

My account is safe, but thanks for the info about the 2FA. Don’t know why I forgot to turn it on.

Yes. It is a sickening feeling, isn’t it? I haven’t seen much on the Nuendo side, but Cubase has a dedicated thread where @Matthias_Quellmann is constantly deactivating user’s authorizations.

I discovered an illegal authorization on my account early on. Luckily, I am in the US with decent email support. I was told that the only way this could happen is if someone had access to my Steinberg account. Yeah, right …

Anyway, there needs to be some serious work done on the “dongle-less” licensing if any professional users are to trust Steinberg at this point.

I have never encountered such issues with any other software supplier.

Cubase 12 activations limit and releasing, Steinberg Team - Cubase - Steinberg Forums

I love my (4) USB-eLicensers and already miss the secure feeling I had while using them.

5 Likes

Well this is interesting… I checked my activations. I have 2 computers, a MacBook Pro and a Mac mini. Both run N12 (different versions though). When I look at the activations I see 2 licenses active. One is on my Mac mini… the other is on Eden’s MacBook Pro…
So either my MacBook Pro is running on another persons license, or is unlicensed but still running. Or it is is misnamed in the database that Steinberg runs… Either way, if I were Steinberg I’d take this very very seriously.
Regarding 2FA: I had not activate it yet as I have extremely strong passwords… but I did now and will deactivate the 'Eden’s MacBook Pro" license. Let’s see if my own MacBook Pro still runs N12 after that…

1 Like

That is strange indeed. My studio colleague had a similar thing but was still able to run 3 computers with N12. Naming of the activated licenses is weird, my two computers are registered as some hexadecimal number. Anyway, I was helped extremely fast by Mattias Quellmann who deleted the false computername, leaving only my two registered computers on the license.

1 Like

I just realized I can’t remotely deactivate a license… that is uhm weird? why would I not be able to do that?
also, you can change the name of the licensed computer in the settings of activation manager. go to settings in the app.

I must be blind. Where do you see “Settings” in the Activation Manager …? 8-/

That’s what I would like to know. No settings in the Activation app…

Your Activation Manager is outdated, the current version 1.4.0.843 has the settings link.

Run the Download Assistant so that you get the latest updates.

1 Like

Oh, thx. I thought that all those portal apps would auto-update, nowadays. :sunglasses:

1 Like

Well, that is what I would expect too. For now just launch the Download Assistant occasionally and you get the latest releases. :slight_smile:

1 Like

Those thinking of not activating 2FA because you already have strong passwords: Please avoid this way of thinking.

Please do a little research if you need to.

A “strong” password is weak when compared to a password +2FA.

If you take nothing else from this entire thread, at least please enable 2FA on your accounts immediately.

ha ha well, that is a bit of a strong statement. a strong password is still a strong password. :smiley:
but i agree that 2FA is necessary and more secure.
let’s rephrase the statement: only using a (strong) password is weak security, with 2FA it becomes strong security.

Sorry. But it’s an accurate statement. Considering it’s one line of words.

Please do some research. There are many ways people can easily get your password, no matter how “strong” you think it is.

Of course nothing is impossible to break. But 2FA goes a long way to help. What if someone gets your un and pw by whatever means? A friend. Another studio. An accident. Fake url. etc. They still can’t login if you have an auth required.

No need for further replies though and no offence intended or taken.

In the end choice is up to the user.

yes this is a reply, simply because i’m eager to learn, not to get into a flamewar or anything, but
this is a forum for sharing knowledge, please tell me why it is inaccurate and provide some links. The only reason i would say a strong password is weak, would be because if and when quantum computing arrives all passwords are futile… but my research tells me that is far away from today still.
i’m honestly interested phil, enlighten me.

Password-Phishing Emails, Spear-Phishing Emails, and so Account and Password-Stealing are these days the most dominant attack variants of Cybercrime guys. With this approach, it is of no value, whether a password is strong, weak or just stupid.

The extreme of this Cybercrime approach is Account HiJacking or even Identity Theft. Just think of this for a few minutes. Those fellows have become very professional these days. They are no longer the kind of script-kiddies.

Two-Factor-Authentication (2FA) has become very important if to protect your internet accounts with substantial values in it. Tools for it are easy to use (app runs on smart phone; register via QR-code). Using it takes perhaps an additional second or two to enter the so-called token, which changes every 60 seconds.

And to close this: Missing user awareness about this all is the greatest weakness.

For additional reading. Just search for “Cyber Kill Chain” to get an understanding of this whole subject, and where best you can increase your security

LG, Juergi
(working in a SOC)

PS: Sorry, got a bit longer than I had in mind.
PPS: For me, Steinberg earned some big points once they introduced 2FA. E.g. Native INstruments hasn’t got it as of yet.

1 Like

Yup, the long version of what I already said. :slight_smile:

Short version:

Medium version:

But all good. Very clear and hopefully some more folks will simply adopt 2FA rather than arguing about it. :slight_smile:

How do I turn on 2FA on my Steinberg account?

Thanks.