Issue Resolved - Account Compromised

jopeymonster

EDIT: ZOS is working to restore my account.

I'm a beta player/early access account. I've been active on the forums here and Reddit. I've championed for ZOS, I've cursed them, but even though I generally don't agree with the way much of the gameplay is going, I was always pretty happy with the customer service... until I actually needed them.

Through the majority of February, I was actively playing on PTS, testing builds and stomping bugs. This past weekend, I find out that my account was hacked and 2 guilds I was apart of were compromised. There was a very short time frame from when the hack happened to when I notified ZOS, so I figured that the process would be relatively painless, given that this likely isn't the first account hack, and won't be the last.

I was wrong. Instead of my character being restored, I am being offered 150,000 gold for the loss of my items, and 100,000 gold to compensate my guild. Anyone else know how fast you can burn through 100,000 trying to make V14 yellow level gear? I had 3 full sets before I was hacked. Enchanting mats are cheap right? I had a stack of Kura alone that I could have sold for far beyond what ZOS could offer as gold compensation. I have maxed out professions, which mean I have tons of materials from all professions. You think 150k gold is compensation for the loss of stacks of yellow, purple, gems, provisioning, herbs, and everything else I had accrued over the past year?

I understand that the hack is solely my fault. Who else can be held responsible since ZOS would ever really "catch" the hacker? So here I am, playing the part of the fool, less the victim, since I will now be punished for another persons greed.

Anyone else that has been hacked, were you granted a restore, or did they buy you out?

yodased

You mean you shared your password with someone and they stole your crap right? Cause if you were actually "hacked" we are all in some serious trouble.

Rosveen

How did they hack you?

yodased

They didn't. ESO is pretty solid on hacking. If they see a login attempt from a different IP address they send an email to the on-file email with an unlock code.

So if you are at your friends house you would have to access your webmail to get it. Even if they have your password, they would have to literally go into your email and authorize the login from a different location.

So it was from the same I.P. address with the password?

I just don't understand how you could possibly get 'hacked' in this game with the way they have it set up.

Panda244

yodased wrote: »

They didn't. ESO is pretty solid on hacking. If they see a login attempt from a different IP address they send an email to the on-file email with an unlock code.

So if you are at your friends house you would have to access your webmail to get it. Even if they have your password, they would have to literally go into your email and authorize the login from a different location.

So it was from the same I.P. address with the password?

I just don't understand how you could possibly get 'hacked' in this game with the way they have it set up.

It's possible, but that means his email would also be compromised, the only time I've ever used another account is when my friend left for Basic, and wanted me to keep getting his hireling mail, damn guy and his chefs... He was obsessed with making sweet rolls. He's going to be pissed when he comes back to the game and realizes all of his sweetroll stacks are gone

Anyways, in order for someone to hack an ESO account, the email associated with said account would also of been hacked, meaning no matter what, even if you change your account password, they'll always have access to your account. I dunno if changing the security question will help but it might, also contact Support and ask them if the can switch the account to a new email, and call your bank to make sure no outstanding purchases were made, because your billing info is also screwed if they got into your account.

Tandor

I love these posts. They offer 1 per cent of the story and leave the other 99 per cent to our imagination...

jamesharv2005ub17_ESO

Im shocked they offered anything at all. Seems to me your account is your responsibility.

Suntzu1414

the IP check emails. no longer occur every time.

They typically occur now at patches, or when you exceed password/change password.
As a person that travels for work, I use VPN quite often...

This change in ident protocol happened around December last year (thank god).
at least for me...

So hacking accounts (if my experience is true)
Wouldn't be that difficult..anymore.


Kill Well
ST

jopeymonster

Thanks for the vote of confidence guys, I expected this type of response from the players, and I'm glad victim shaming is as obvious here as it is in the real world.

I didn't want to type up the 99% of the story since it really had no bearing on the question at hand (getting restored), and the added wall of text would have been an inconvenience to the readers, but here is what happen:

I did not share with anyone else. No one knew my login information other then my name. My password was very secure (Ra1lr0ad7r1An) so the likelihood of someone guessing it was very remote. My security questions as well, all very hard to guess. So where was the compromise?

https://www.anthemfacts.com/

http://www.nytimes.com/2015/02/07/business/data-breach-at-anthem-may-lead-to-others.html?_r=0

This is my work's healthcare provider. When I initially signed up for it, as is normal, they require online access for certain things, so I setup my account. This was done in 2013 and I have never needed to sign on or login to the account since I first set it up. At this point, you can likely take a guess where the issue lies, that I did use my same login and email for both ESO and this Anthem login. No other instance of any of my logins are shared anywhere other than these 2 accounts, and given that one was hacked right before the other, this is the likely source of my compromise.

So, there you have it. Was it stupid? Yes. Is anyone else to blame other then the hacker? Yes, me. I am, in no way saying that it was not my fault that I was hacked. What I am saying is that the solution to the problem that has been presented forth is patronizing. I don't need to be taught a lesson about internet security. I had a single instance of foolishness (who really checks their work HR logins every month?) and now, thanks to ZOS and, per the responses of this thread, part of this community, I am being told that I should just suck it up and move on. Which is probably what I will do.

Imagine for an instance that everything you worked for since launch was robbed. Everything on all your characters, your personal bank, your one man guild bank, and two of your guilds banks are empty. You'd be embarrassed that now, many of your online friends can't trust you. Regardless how well they know you and know that you wouldn't betray them, they can't trust you. Especially since things can't be brought back to normal. The damage cannot be undo. And you get your character back, naked, with a fraction of the value of your character, in gold, that barely touches the actual amount of gold that was on your account when robbed.

It doesn't matter the circumstances that I was robbed. I was, and if you were in my situation, would you be happy?

DHale

ZOS, did you a solid, I had 107 (not a typo) Kuda's stolen from me. I put them in a guild bank for about three minutes just to log out one toon and log into another toon. My bank was full and I wanted to transfer them from one toon to another. It was 3 am so I thought no one will be in the guild bank at this time and only one person from the now defunct guild was on line. So I know who did it so to speak as it appears he was in the guild bank at the same time in some strange fluke so the moral of the story the Kudas are gone and ZOS told me they cannot do anyhting about it as the guild bank is for the guild and he is part of the guild. ZOS can see he pulled them out but they are techncally his now and I can ask him for them back which he feigned no knowledge of what I was talking aobut. I got nothing and it was my fault entirely. I am not happy and guess what I wont do it again.

Tandor

I wouldn't be happy no, but my unhappiness would frankly be aimed more at me than at the hacker or my fellow players, however unsympathetic they may seem. Your explanation simply underlines what we were getting at, namely that most hacking incidents are the fault of the player for sharing information - whether with other people, or as in your case between appications. I assume, incidentally, that it wasn't just the account name and email address that were the same, but also the password.

No-one ridiculed you, or for that matter criticised you. What we said was that there was usually a story behind these incidents, and you have confirmed that there was indeed such a story in this case. In such cases, some developers are able to replace individual items while others simply provide compensation for the lost items. Either approach would seem fair in the circumstances.