Zenimax policy on hacked accounts

martinhpb16_ESO · October 2017

Recently a member of my trade guild has his account hacked. From the forums It seems that other accounts were also hacked within a few days.

The guild-mate lost millions in gold and resources. He asked Zeni to investigate the resources where the gold and items were sent to, an obvious request. Zeni's reply was that they are under no obligation to investigate hacked accounts. They also failed to restore his items and gold, giving him a nominal amount of mats as compensation.

This policy needs a serious review.

In LOTRO when there was a spate of accounts hacked Turbine would restore all of the players materials and gold. Why does Zenimax not restore a players items and gold?

Many guilds carry multiple millions in gold in their guild banks. What happens when a GM or officers account is hacked and this money is stolen?

I would suggest that Zenimax need to be clear about their policies on hacked accounts and fully compensate players.

Thanks

ThePrinceOfBargains · October 2017

How did he get hacked?

CalydorEstalon · October 2017

Wait, under no obligation to investigate hacked accounts?

So ... if you hack someone's account, nothing happens to you for taking all their stuff?

Well THAT policy surely will never backfire.

martinhpb16_ESO · October 2017

My post is not about how he got hacked it is about Zenimax policy of not restoring items from hacked accounts.

If you look through forum posts you will see a lot of speculation about how accounts get hacked. Some people say hacking is easy, some say its difficult.

The fact is that there are enough hacked accounts to demonstrate that hacked accounts are a genuine problem.

The issue is Zenimax's policy o hacked accounts. Other games refund the stolen items, why not ESO?

People have all their gold and materials stolen. Guild banks emptied and items deconstructed for mats. Everything gone with nothing restored.

Thats not good enough.

Standard Zenimax reply to hacked accounts taken from a forum post

Hello Again,

We cannot restore items that are lost due to an account being compromised.

We are willing to offer you a one time gold compensation in order to get you back to playing again.

Please review your account and provide us with what you believe to be a fair amount of compensation. I will then review your request and decide on a final number of gold to compensate the account with.

Again, please be aware that no items will be restored due to an account being compromised. We are only able to offer you a one time gold compensation.

Account security is ultimately up to the customer, so be sure to keep your account details secured at all times in order to avoid any intrusion to your account.

Asardes · October 2017

How do people get their accounts hacked? For example if I try to login the game account from another address - I sometimes log on the web site from work - I get a prompt to input the code received in mail. If someone had their game account hacked then almost surely the also had their mail hacked. Which is their own fault.

martinhpb16_ESO · October 2017

Asardes wrote: »

How do people get their accounts hacked? For example if I try to login the game account from another address - I sometimes log on the web site from work - I get a prompt to input the code received in mail. If someone had their game account hacked then almost surely the also had their mail hacked. Which is their own fault.

Ahh so when people are hacked they deserve it? They were just asking for it to happen because of their own negligence? They deserve everything they get? We have no way of knowing how accounts get hacked unless Zenimax tell you.

I read on forums that In WOW when an account is hacked, Blizzard get back to you within hours, restore all your items and tell you how your account was hacked. In LOTRO they also restore all your items.

There are threads about how accounts get hacked. I cant answer that for you.

https://forums.elderscrollsonline.com/en/discussion/373263/my-account-has-been-hacked-and-sold-out/p1

This thread is about Zenimax policy on hacked accounts.

Morgul667 · October 2017

Their policy does not seem right

Elsonso · October 2017

martinhpb16_ESO wrote: »

Zeni's reply was that they are under no obligation to investigate hacked accounts. They also failed to restore his items and gold, giving him a nominal amount of mats as compensation.

This policy needs a serious review.

Many guilds carry multiple millions in gold in their guild banks. What happens when a GM or officers account is hacked and this money is stolen?

I would suggest that Zenimax need to be clear about their policies on hacked accounts and fully compensate players.

To be fair, we have no idea what the circumstances surrounding the above hack are, and what global policy ZOS has about investigating and restoring the "property" in a recovered account. I have heard that they offer to restore a reasonable amount in a single gold payment, but not the items themselves.

ZOS seems chronically understaffed in all areas customer facing. It would not surprise me at all that they don't restore items, or do much investigation into the circumstances around an individual hack. They probably don't have time to do all that.

ThePrinceOfBargains · October 2017

The only way I could see someone getting hacked is if they literally give out their account or email password to someone. I don’t agree with ZOS’ policy, but I’m not exactly sweating sympathy for such ridiculous levels of stupidity.

Elsonso · October 2017

TheMaster wrote: »

The only way I could see someone getting hacked is if they literally give out their account or email password to someone. I don’t agree with ZOS’ policy, but I’m not exactly sweating sympathy for such ridiculous levels of stupidity.

This statement sort of reads like it is always the fault of the account holder, and there is more to it than that.

martinhpb16_ESO · October 2017

Asardes wrote: »

How do people get their accounts hacked? For example if I try to login the game account from another address - I sometimes log on the web site from work - I get a prompt to input the code received in mail. If someone had their game account hacked then almost surely the also had their mail hacked. Which is their own fault.

TheMaster wrote: »

The only way I could see someone getting hacked is if they literally give out their account or email password to someone. I don’t agree with ZOS’ policy, but I’m not exactly sweating sympathy for such ridiculous levels of stupidity.

you have no information on how accounts are hacked, just making assumptions. Read some of the other threads and you will see it is more common than you think.

This thread is about Zos policy on hacked accounts in comparison to other games and the expectations of their customers, some of whom have played for years and have lost everything.

ThePrinceOfBargains · October 2017

lordrichter wrote: »

TheMaster wrote: »

The only way I could see someone getting hacked is if they literally give out their account or email password to someone. I don’t agree with ZOS’ policy, but I’m not exactly sweating sympathy for such ridiculous levels of stupidity.

This statement sort of reads like it is always the fault of the account holder, and there is more to it than that.

Again, what other situation is there? ZOS’ security is pretty damn tight, annoyingly so sometimes. Not paranoid like SWTOR’s, but still cautious. The only way someone could get into another account is if they got that person’s password or other private information somehow.

Danikat · October 2017

I'm surprised by this. Every other game I've played had a system in place where they'd reset your account to some time before it was hacked. The only time I've heard of them not doing that was when it had been a very long time - for example someone came back after 2 years and realised he had been hacked and Support told him they couldn't restore it because they only kept 6 months of backups.

This sounds like ZOS don't have any kind of backup for account data, which is a little concerning.

ThePrinceOfBargains · October 2017

martinhpb16_ESO wrote: »

Asardes wrote: »

How do people get their accounts hacked? For example if I try to login the game account from another address - I sometimes log on the web site from work - I get a prompt to input the code received in mail. If someone had their game account hacked then almost surely the also had their mail hacked. Which is their own fault.

TheMaster wrote: »

The only way I could see someone getting hacked is if they literally give out their account or email password to someone. I don’t agree with ZOS’ policy, but I’m not exactly sweating sympathy for such ridiculous levels of stupidity.

you have no information on how accounts are hacked, just making assumptions. Read some of the other threads and you will see it is more common than you think.

As far as how someone could’ve gotten into an individual ESO account without getting the person’s private info, no I don’t. I thought I made that clear in my post. Problem is, clearly you don’t either since you have yet to tell me how this could’ve happened. If dude just gave out his password like an idiot, I’m really not all that concerned. The concept of “natural selection” can loosely apply here.

Shardan4968 · October 2017

Being hacked is one of my biggest nightmares and fact that ZOS don't help hacked accounts is terrible. No matter If it was account holder's fault or not, he/she deserves all items and gold back. Zenimax as company should support the customer, even If customer is just stupid. I also doubt that those "hackers" even know how to code.

Elsonso · October 2017

TheMaster wrote: »

lordrichter wrote: »

TheMaster wrote: »

The only way I could see someone getting hacked is if they literally give out their account or email password to someone. I don’t agree with ZOS’ policy, but I’m not exactly sweating sympathy for such ridiculous levels of stupidity.

This statement sort of reads like it is always the fault of the account holder, and there is more to it than that.

Again, what other situation is there? ZOS’ security is pretty damn tight, annoyingly so sometimes. Not paranoid like SWTOR’s, but still cautious. The only way someone could get into another account is if they got that person’s password or other private information somehow.

What you just said is different from what you originally said. Getting the password "somehow" is different than if they "literally give out" the password. The latter implies deliberate intent. The former allows for malicious forces preying on an innocent.

As for whether ZOS is secure, all I can say is that there has been no evidence of a breach. Three and a half years of watching how ZOS works gives me reason to pause. ZOS develops features until they are "good enough". It is some sort of studio law. That worries me, from an account security perspective. If ZOS was meticulous about quality and fixing problems, I would have less reason to worry.

I see the larger point of this thread being that ZOS takes the middle ground regarding account hacking. They don't investgate the hack, so the people who do it are not identified and punished. They don't recover the account, which means that innocents who lost their account through no direct action or intent lose what they have. A "fair compensation" rule allows some measure of recovery for the innocent, while providing a measure of reward for those who are not.

LegendaryMage · October 2017

If someone's going to take over your account, first they need to know which email address you use with that account. Then they need to break into that email account, and then on top of that, they need to break into your game account that probably has a different password as well.

So we're talking 2 password cracks and you must know the email address in the first place, which won't be easy if you don't go around and tell everyone about it all the time.

Use a different email for your ESO account, and a different password. If you get compromised, someone was very good at phishing and you fell for it.

edit; Zeni's policy is not good either, incredible that they don't want to help with this.

amir412 · October 2017

Honestly that policy is pretty damn stupid, considering they let ANY1 in the game to see ur account name, lol.

Slick_007 · October 2017

martinhpb16_ESO wrote: »

I read on forums that In WOW when an account is hacked, Blizzard get back to you within hours, restore all your items and tell you how your account was hacked. In LOTRO they also restore all your items.

unless its changed, thats not correct. friend of mine was hacked while we were playing WOW. i even tried to get GM attention as my friend was logged in while he was at work, and he wasnt responding. i rang his home looking for him to ask him how come he was at home and was told nope, hes not here. GMs told me nothing they can do about it at the time even with a live hacked report.
fairly sure he did not have all items restored. they did not tell him how his account was hacked either. and you saying they CAN tell you means you made this up. How the hell would blizzard know that someone hacked your email for instance and got your password from that. (yes, people use the same passwords)

Hi ZOS, i sent all my stuff to my friends account, err, got hacked. can i have my account restored please.

Slick_007 · October 2017

Slick_007 wrote: »

martinhpb16_ESO wrote: »

I read on forums that In WOW when an account is hacked, Blizzard get back to you within hours, restore all your items and tell you how your account was hacked. In LOTRO they also restore all your items.

unless its changed, thats not correct. friend of mine was hacked while we were playing WOW. i even tried to get GM attention as my friend was logged in while he was at work, and he wasnt responding. i rang his home looking for him to ask him how come he was at home and was told nope, hes not here. GMs told me nothing they can do about it at the time even with a live hacked report.
fairly sure he did not have all items restored. they did not tell him how his account was hacked either. and you saying they CAN tell you means you made this up. How the hell would blizzard know that someone hacked your email for instance and got your password from that. (yes, people use the same passwords)

Hi ZOS, i sent all my stuff to my friends account, err, got hacked. can i have my account restored please.

edit: half my wow guild got hacked. i did not. i was using an authenticator. also had one for swtor. THAT is something ZOS should bring in.

Dragath · October 2017

Slick_007 wrote: »

martinhpb16_ESO wrote: »

I read on forums that In WOW when an account is hacked, Blizzard get back to you within hours, restore all your items and tell you how your account was hacked. In LOTRO they also restore all your items.

unless its changed, thats not correct. friend of mine was hacked while we were playing WOW. i even tried to get GM attention as my friend was logged in while he was at work, and he wasnt responding. i rang his home looking for him to ask him how come he was at home and was told nope, hes not here. GMs told me nothing they can do about it at the time even with a live hacked report.
fairly sure he did not have all items restored. they did not tell him how his account was hacked either. and you saying they CAN tell you means you made this up. How the hell would blizzard know that someone hacked your email for instance and got your password from that. (yes, people use the same passwords)

Hi ZOS, i sent all my stuff to my friends account, err, got hacked. can i have my account restored please.

can tell you from personal experience:
one of my twink accounts, which didnt have good pw, because i didnt really care, was hacked in wow. totally my own fault. got everything back from blizzard. gold and items per mail. gm also told me the account was used by a gold seller to advertise. happened during wotlk.

Tavore1138 · October 2017

LegendaryMage wrote: »

If someone's going to take over your account, first they need to know which email address you use with that account. Then they need to break into that email account, and then on top of that, they need to break into your game account that probably has a different password as well.

So we're talking 2 password cracks and you must know the email address in the first place, which won't be easy if you don't go around and tell everyone about it all the time.

Use a different email for your ESO account, and a different password. If you get compromised, someone was very good at phishing and you fell for it.

edit; Zeni's policy is not good either, incredible that they don't want to help with this.

To be fair they only need your account access details - half of which is freely visible to everyone in the game. if they have those they can access you account and alter the email address to which the confirmation for a new IP: access is sent.

So really they just need to crack a password which given the average level of complexity many people use is probably just a numbers game - and even then we are assuming that ZoS have no security leaks either human or electronic at their end. It is not at all unusual for this sort of breach to be a disgruntled employee sharing details of accounts for cash.

Apherius · October 2017

So... if i'm hacked i have to remember the items i had in my bank ( X gold mats + X stack of 200 rudebite/silk/ect... ) then all the stuff i had that they descontructed ... then the gold i had , and take the fact that 1 temper = 5K and multipliate this by X ... WHAT THE HELL...

LegendaryMage · October 2017

Tavore1138 wrote: »

LegendaryMage wrote: »

If someone's going to take over your account, first they need to know which email address you use with that account. Then they need to break into that email account, and then on top of that, they need to break into your game account that probably has a different password as well.

So we're talking 2 password cracks and you must know the email address in the first place, which won't be easy if you don't go around and tell everyone about it all the time.

Use a different email for your ESO account, and a different password. If you get compromised, someone was very good at phishing and you fell for it.

edit; Zeni's policy is not good either, incredible that they don't want to help with this.

To be fair they only need your account access details - half of which is freely visible to everyone in the game. if they have those they can access you account and alter the email address to which the confirmation for a new IP: access is sent.

So really they just need to crack a password which given the average level of complexity many people use is probably just a numbers game - and even then we are assuming that ZoS have no security leaks either human or electronic at their end. It is not at all unusual for this sort of breach to be a disgruntled employee sharing details of accounts for cash.

What do you mean change the email of the account before you enter the access code? Access code comes first.

1mirg · October 2017

Apherius wrote: »

WHAT THE HELL...

Yeah, gotta agree with you on that. Zenimax's policy on hacked accounts is very archaic and isn't a practice you'd want in a MMO. Perhaps in a single player game this policy is fine but this isn't a single player game, it's a mmo. If they don't change this policy I can see this erupting into a huge PR problem for them.

@ZOS_JessicaFolsom or whoever is responsible for this policy might wanna get this part reworked into something more, modern.

N0TPLAYER2 · October 2017

I love how op is dancing around "how"

He likely gave out his info, got robbed and is now begging for Zos to save him.

Oh well lol

martinhpb16_ESO · October 2017

N0TPLAYER2 wrote: »

I love how op is dancing around "how"

He likely gave out his info, got robbed and is now begging for Zos to save him.

Oh well lol

Love how you didnt read my post properly.

- A guildies account was hacked
- Lots of accounts hacked and plenty of forum posts speculating how they got hacked
- This thread is about Zenis policy, not how accounts get hacked. For how accounts get hacked go to other threads.

Thanks for throw-away comment with zero input.

kyle.wilson · October 2017

1mirg wrote: »

Apherius wrote: »

WHAT THE HELL...

Yeah, gotta agree with you on that. Zenimax's policy on hacked accounts is very archaic and isn't a practice you'd want in a MMO. Perhaps in a single player game this policy is fine but this isn't a single player game, it's a mmo. If they don't change this policy I can see this erupting into a huge PR problem for them.

@ZOS_JessicaFolsom or whoever is responsible for this policy might wanna get this part reworked into something more, modern.

@ZOS_GinaBruno, @ZOS_BrianWheeler, @ZOS_MattFiror, @ZOS_KaiSchober, @ZOS_Wrobel, @ZOS_RichLambert

Malic · October 2017

martinhpb16_ESO wrote: »

Recently a member of my trade guild has his account hacked. From the forums It seems that other accounts were also hacked within a few days.

The guild-mate lost millions in gold and resources. He asked Zeni to investigate the resources where the gold and items were sent to, an obvious request. Zeni's reply was that they are under no obligation to investigate hacked accounts. They also failed to restore his items and gold, giving him a nominal amount of mats as compensation.

This policy needs a serious review.

In LOTRO when there was a spate of accounts hacked Turbine would restore all of the players materials and gold. Why does Zenimax not restore a players items and gold?

Many guilds carry multiple millions in gold in their guild banks. What happens when a GM or officers account is hacked and this money is stolen?

I would suggest that Zenimax need to be clear about their policies on hacked accounts and fully compensate players.

Thanks

But they were clear, they said no. It might not be what you or your guild mate wanted to hear but its absolutely, with out question, crystal clear.

Why would they change the policy if you are going to play the game regardless? Your consumption is your leverage, thats it, thats all you have to compel any gaming company to act. You mentioned Turbine and lotro, I suspect they need, and needed every user they could get. ZOS maybe not so much.

Inhuman003 · October 2017

martinhpb16_ESO wrote: »

Asardes wrote: »

How do people get their accounts hacked? For example if I try to login the game account from another address - I sometimes log on the web site from work - I get a prompt to input the code received in mail. If someone had their game account hacked then almost surely the also had their mail hacked. Which is their own fault.

Ahh so when people are hacked they deserve it? They were just asking for it to happen because of their own negligence? They deserve everything they get? We have no way of knowing how accounts get hacked unless Zenimax tell you.

I read on forums that In WOW when an account is hacked, Blizzard get back to you within hours, restore all your items and tell you how your account was hacked. In LOTRO they also restore all your items.

There are threads about how accounts get hacked. I cant answer that for you.

https://forums.elderscrollsonline.com/en/discussion/373263/my-account-has-been-hacked-and-sold-out/p1

This thread is about Zenimax policy on hacked accounts.

That's why Blizzard will stay on top of their game they know how to treat the customer, Blizzard stay on top of their job they get rid of hackers Bots and scam artist they're in the game of all their games for example look at OverWatch.

Tandor · October 2017

martinhpb16_ESO wrote: »

N0TPLAYER2 wrote: »

I love how op is dancing around "how"

He likely gave out his info, got robbed and is now begging for Zos to save him.

Oh well lol

Love how you didnt read my post properly.

- A guildies account was hacked
- Lots of accounts hacked and plenty of forum posts speculating how they got hacked
- This thread is about Zenis policy, not how accounts get hacked. For how accounts get hacked go to other threads.

Thanks for throw-away comment with zero input.

How accounts get hacked is pretty central to the question of a developer's approach to such things. You can't really discuss one without the other.