HACKED ACCOUNTS (UPDATED) - INFO ABOUT ISSUE, DATA COLLECTION, KIND REQUEST FOR ZOS TO FIX THIS

altemriel

Dear ZOS, pls do not ban me for this. My intention is not to question your decisions, but to gather more info about this issue and to ask you for your official stance to this issue.
Also at least some official info about your investigation in this area would be helpful and highly appreciated. We could at least use it to prevent this to happen again.

I know that the devs, or admins can not solve this, but using just support tickets is not helping at all, there has to be a way to peacefuly ask ZOS to give this issue a higher priority and move it to the respective managers to improve this.

Here is my opinion on what needs to be improved on the side of ZOS about this:
https://forums.elderscrollsonline.com/en/discussion/comment/4736948/#Comment_4736948

@ZOS_GinaBruno @ZOS_KaiSchober @ZOS_JessicaFolsom @ZOS_CoriJ


in summary:
- multiple accounts got hacked, most of them were using steam to connect to the game
- more of these accounts got hacked multiple times, even after changing all login details to e-mails, steam, all having proper antivirus installed on the comp, no account data sharing
- stuff worth millions of gold were stolen
- reply from zos was that they can not recover anything which was stolen, only the offered gold for compensation
- some people got their accounts permabanned, because of alleged "account sharing", which was not the case, but was the case of the hacker (other person logging to that account)


This is my proposed fix for this issue: https://forums.elderscrollsonline.com/en/discussion/comment/4737711/#Comment_4737711


1. Was anyone`s else`s account hacked?
2. Were you logging in trough steam, or directly trought the game client?
3. How was your case handled?
4. Any more info about your case?

Pls no trolling nor shaming, we need more serious info to move this issue forward!


Any constructive replies are highly appreciated.


Please read the original tread about this from my guildie:
https://forums.elderscrollsonline.com/en/discussion/373263/my-account-has-been-hacked-and-sold-out/p1

Tandor

This wasn't an isolated case as I recall, it was part of a series of hacked account reports from players in the Czech Republic. I suspect we know even less about the circumstances involving those players than we usually do when someone speaks up for someone they have met on the internet. Players are responsible for their own account security and the fact that the account has apparently been hacked "multiple times" speaks volumes.

Liferefugee

As an IT professional I can say that while logs show many things, they do not show user intent. If user A logs in from home 99% of the time, then logs in from somewhere else (or masks the IP with a VPN) pulls out everything and transfers it just to claim they were hacked to get a duplicate of everything. I know this requires a negative view on people and intentions, but people will surprise you with the BS they try to pull off. Even if this is unlikely in this case, the fact that it is a their word only situation will prevent anyone from doing anything. Sorry it happened, and hope it doesn't happen to others. Never share your passwords, use different passwords for everything, and make them diificult to guess. A phase is actually the best kind of password.

notimetocare

Keep yourself secure. Being hacked multiple times, in a game that requires email code verification anytime you log from a different IP, shows that your passwords on many levels are not secure. Or option b, is that you are lying. It's harsh and being hacked sucks if it's true, but it's hard to expect somebody to believe you multiple times with the system ESO has in place

Takes-No-Prisoner

I am always thankful Sony put up a 2-Step Verification for PS4. I turned that on the day it came out.

Omnia

This is scary and sometimes I wonder if maybe ZOS was compromised and account info leaked.
(Like when your credit card company has this problem they offer you one year of ID theft protection etc.)

I once received a forum message from a gold seller (on forums, not in game). What I noticed when I reported and then went to remove my name from the distribution list, is that EVERY other person's name on the list, started with the first 3 letters of my real name. Obviously it doesn't start with Omn, and that is a bit much to be coincidence.

Also,
I have several alt accounts that I opened years ago before craftbag and increased bank space was a thing, so that I could mail stuff to my alt account for holding. I also added all these alts to my personal guild. (Hubby and I opened one with all the alt accounts we had for guild bank purposes.)
These alt accounts were also added to my friends list.

One day I noticed that a few of my alt accounts had been logged in like 1hr before I was even online. Well, it wasn't me that was logged into them...I immediately told my hubby and got on all my accounts and started furiously changing passwords. I keep an eye on these accounts now because I am scared they will get a hold of my main account.

When a game starts to feel like a second job...smh.

Shardan4968

People can say that it's all her fault because they know better, but it isn't normal that developer does absolutely nothing about it and allows the hacker to steal even more things like all gold from guild banks, like she claimed. If Zenimax can't check where someone was hacked and all they have to say is one time gold compensation, then they really look poorly when you compare them to Blizzard, which gives player every information on how/when/where she/he was hacked and gives all stuff back. I can't believe that these series of hacked accounts in Czech Republic was in fact some Czech gang trying to duplicate all their items.

altemriel

Shardan4968 wrote: »

People can say that it's all her fault because they know better, but it isn't normal that developer does absolutely nothing about it and allows the hacker to steal even more things like all gold from guild banks, like she claimed. If Zenimax can't check where someone was hacked and all they have to say is one time gold compensation, then they really look poorly when you compare them to Blizzard, which gives player every information on how/when/where she/he was hacked and gives all stuff back. I can't believe that these series of hacked accounts in Czech Republic was in fact some Czech gang trying to duplicate all their items.

exactly this!

at least the developer should take responsibility for giving the player the info how it happened and provide info to other players how to prevent it.

but in my opinion there is no reason why they can not return all the stolen items back and delete them from that account who stolen it - they should see the logs in the in-game mail client - to where all these stolen items were transfered

zaria

Liferefugee wrote: »

As an IT professional I can say that while logs show many things, they do not show user intent. If user A logs in from home 99% of the time, then logs in from somewhere else (or masks the IP with a VPN) pulls out everything and transfers it just to claim they were hacked to get a duplicate of everything. I know this requires a negative view on people and intentions, but people will surprise you with the BS they try to pull off. Even if this is unlikely in this case, the fact that it is a their word only situation will prevent anyone from doing anything. Sorry it happened, and hope it doesn't happen to others. Never share your passwords, use different passwords for everything, and make them diificult to guess. A phase is actually the best kind of password.

Well WOW has an standard procedure for rolling back and restoring hacked accounts.
Its an skill issue, much like not getting killed by mudcrabs.

Just looking at interaction between you and the receiver of your gold will tell if this was an setup.
An "friend" or professional gold sellers, if last receiver will get lots of gold he send on.
Anyway WOW should have an way to handle it to.

WildWilbur

Not knowing anything about this hacking issue.

But I just can't believe that ZOS are not able to reproduce to WHOM the gold and/or items has been transfered. The stuff certainly won't vanish in hot air...

altemriel

WildWilbur wrote: »

Not knowing anything about this hacking issue.

But I just can't believe that ZOS are not able to reproduce to WHOM the gold and/or items has been transfered. The stuff certainly won't vanish in hot air...

this!!

LordSemaj

zaria wrote: »

Liferefugee wrote: »

As an IT professional I can say that while logs show many things, they do not show user intent. If user A logs in from home 99% of the time, then logs in from somewhere else (or masks the IP with a VPN) pulls out everything and transfers it just to claim they were hacked to get a duplicate of everything. I know this requires a negative view on people and intentions, but people will surprise you with the BS they try to pull off. Even if this is unlikely in this case, the fact that it is a their word only situation will prevent anyone from doing anything. Sorry it happened, and hope it doesn't happen to others. Never share your passwords, use different passwords for everything, and make them diificult to guess. A phase is actually the best kind of password.

Well WOW has an standard procedure for rolling back and restoring hacked accounts.
Its an skill issue, much like not getting killed by mudcrabs.

Just looking at interaction between you and the receiver of your gold will tell if this was an setup.
An "friend" or professional gold sellers, if last receiver will get lots of gold he send on.
Anyway WOW should have an way to handle it to.

Even WOW eventually bans the account. My account was hacked multiple times because I refused to get an authenticator and the hackers had gotten ahold of my CD key. One of the ways to obtain access to the account was through a call to Blizz with the CD key for the game, the original one tied to the account. My account was permanently banned amidst this.

Adernath

I really hope that ZOS has some sort of hacking restoration procedure in place and if not, they start to do it asap. In particular the last part @altemriel mentioned, namely that her account was not available anymore, is really scary!

I mean, spending many hours of playtime into the game, perhaps even hundreds of $, and then getting robbed without any means of recovery measure would simply be unimaginable.

zaria

LordSemaj wrote: »

zaria wrote: »

Liferefugee wrote: »

As an IT professional I can say that while logs show many things, they do not show user intent. If user A logs in from home 99% of the time, then logs in from somewhere else (or masks the IP with a VPN) pulls out everything and transfers it just to claim they were hacked to get a duplicate of everything. I know this requires a negative view on people and intentions, but people will surprise you with the BS they try to pull off. Even if this is unlikely in this case, the fact that it is a their word only situation will prevent anyone from doing anything. Sorry it happened, and hope it doesn't happen to others. Never share your passwords, use different passwords for everything, and make them diificult to guess. A phase is actually the best kind of password.

Well WOW has an standard procedure for rolling back and restoring hacked accounts.
Its an skill issue, much like not getting killed by mudcrabs.

Just looking at interaction between you and the receiver of your gold will tell if this was an setup.
An "friend" or professional gold sellers, if last receiver will get lots of gold he send on.
Anyway WOW should have an way to handle it to.

Even WOW eventually bans the account. My account was hacked multiple times because I refused to get an authenticator and the hackers had gotten ahold of my CD key. One of the ways to obtain access to the account was through a call to Blizz with the CD key for the game, the original one tied to the account. My account was permanently banned amidst this.

You did not serial sell your account
Some has done that, played new expansion, get bored and sell account, new expansion so they roll back and restore account.
repeat.

Huyen

LordSemaj wrote: »

zaria wrote: »

Liferefugee wrote: »

As an IT professional I can say that while logs show many things, they do not show user intent. If user A logs in from home 99% of the time, then logs in from somewhere else (or masks the IP with a VPN) pulls out everything and transfers it just to claim they were hacked to get a duplicate of everything. I know this requires a negative view on people and intentions, but people will surprise you with the BS they try to pull off. Even if this is unlikely in this case, the fact that it is a their word only situation will prevent anyone from doing anything. Sorry it happened, and hope it doesn't happen to others. Never share your passwords, use different passwords for everything, and make them diificult to guess. A phase is actually the best kind of password.

Well WOW has an standard procedure for rolling back and restoring hacked accounts.
Its an skill issue, much like not getting killed by mudcrabs.

Just looking at interaction between you and the receiver of your gold will tell if this was an setup.
An "friend" or professional gold sellers, if last receiver will get lots of gold he send on.
Anyway WOW should have an way to handle it to.

Even WOW eventually bans the account. My account was hacked multiple times because I refused to get an authenticator and the hackers had gotten ahold of my CD key. One of the ways to obtain access to the account was through a call to Blizz with the CD key for the game, the original one tied to the account. My account was permanently banned amidst this.

Fun-fact: on the account-page of blizzard, you can only see the digital codes you used. Actual hard-copy cdkeys arent stored there. And hate to say it bud, but not using an authenticator (since a few years even on your phone) is the most stupid thing you can do and I hope ESO gets one soon too.

Slick_007

LordSemaj wrote: »

My account was hacked multiple times because I refused to get an authenticator

you kinda deserve it then. an authenticator was one of the best things. I was the only person in my small wow guild with one, and by the time i stopped playing, i think the only one not hacked.
got one with swtor when it was released - not hacked

It would be nice for ESO to have them but their extra email security is a step ahead of where wow and swtor were.

Azurya

altemriel wrote: »

Ok, so one of my guidies mentioned this issue has happened to her, her account was hacked multiple times, her stuff robbed, gear, crafting bag, gold, AP, and the only respond from ZOS support was, we are sorry, we actually can not do anything about it, here, have some gold as compensation?



Could anyone from ZOS pls comment on this?????



@ZOS_GinaBruno @ZOS_KaiSchober @ZOS_JessicaFolsom @ZOS_MattFiror @ZOS_RichLambert @ZOS_Finn

this is bad and leaves a bad taste, and I do hope ZOS will offer her anything better then just wishes.

notimetocare

Takes-No-Prisoner wrote: »

I am always thankful Sony put up a 2-Step Verification for PS4. I turned that on the day it came out.

ZoS has basically mandatory two-step auth if your IP is not the same

notimetocare

Jade1986 wrote: »

Slick_007 wrote: »

LordSemaj wrote: »

My account was hacked multiple times because I refused to get an authenticator

you kinda deserve it then. an authenticator was one of the best things. I was the only person in my small wow guild with one, and by the time i stopped playing, i think the only one not hacked.
got one with swtor when it was released - not hacked

It would be nice for ESO to have them but their extra email security is a step ahead of where wow and swtor were.

Classic victim shaming. Bravo.....

If you leave a car in the ghetto unlocked you are an idiot, not a victim

notimetocare

Shardan4968 wrote: »

People can say that it's all her fault because they know better, but it isn't normal that developer does absolutely nothing about it and allows the hacker to steal even more things like all gold from guild banks, like she claimed. If Zenimax can't check where someone was hacked and all they have to say is one time gold compensation, then they really look poorly when you compare them to Blizzard, which gives player every information on how/when/where she/he was hacked and gives all stuff back. I can't believe that these series of hacked accounts in Czech Republic was in fact some Czech gang trying to duplicate all their items.

Unlike WoW, ESO has built in account protection requiring a code for logging into a new IP. Unlike WoW, ESO has FAR less players and revenue. It would be nice if they did more, but its on the person hacked to show why exactly their email was able to he accessed for a code sent to them, no?

Slick_007

Jade1986 wrote: »

Classic victim shaming. Bravo.....

shaming? when someone gets hacked multiple times and REFUSES, its not that they didnt know, they actively REFUSED to take steps to secure their account. thats sheer stupidity and they deserve everything they got. Shaming? they should be ashamed. you are just trolling because i disagree with you in other threads.

WildWilbur

notimetocare wrote: »

Unlike WoW, ESO has built in account protection requiring a code for logging into a new IP. Unlike WoW, ESO has FAR less players and revenue. It would be nice if they did more, but its on the person hacked to show why exactly their email was able to he accessed for a code sent to them, no?

Actually, no! As i already stated in another thread a few months ago I'm playing from Germany with my desktop PC. When I am on vacation in the Netherlands (1-2 times a year in different flats) I can log in to my account and play with my Notebook without any account-protection-email. So it IS possible to access a account from a different IP. And I doubt that I am the only one.

Geroken777

This game needs a 2 factor authentication, this could fix a lot of things. (Im talking about phone authentication here, just like Steam or uPlay). Appls like Google Athentication could work well in this case.

Woeler

Nice caps lock

SisterGoat

Make sure your email has a 2-step verification. It's so easy to hack emails, as they do so by hacking the databases and stealing all account information linked to that email.

altemriel

Slick_007 wrote: »

Jade1986 wrote: »

Classic victim shaming. Bravo.....

shaming? when someone gets hacked multiple times and REFUSES, its not that they didnt know, they actively REFUSED to take steps to secure their account. thats sheer stupidity and they deserve everything they got. Shaming? they should be ashamed. you are just trolling because i disagree with you in other threads.

did you read all those 3 pages of her post, which I shared in my OP?

there is enough details for you, you would understand that it was in no way her fault

altemriel

WildWilbur wrote: »

notimetocare wrote: »

Unlike WoW, ESO has built in account protection requiring a code for logging into a new IP. Unlike WoW, ESO has FAR less players and revenue. It would be nice if they did more, but its on the person hacked to show why exactly their email was able to he accessed for a code sent to them, no?

Actually, no! As i already stated in another thread a few months ago I'm playing from Germany with my desktop PC. When I am on vacation in the Netherlands (1-2 times a year in different flats) I can log in to my account and play with my Notebook without any account-protection-email. So it IS possible to access a account from a different IP. And I doubt that I am the only one.

I think that only logging to eso account on the eso webpage, when you log in from a different IP address, then it sends an e-mail to your e-mail address with a code to verify if it was you. but not if you just log in to the game

Juju_beans

altemriel wrote: »

exactly this!

at least the developer should take responsibility for giving the player the info how it happened and provide info to other players how to prevent it.

but in my opinion there is no reason why they can not return all the stolen items back and delete them from that account who stolen it - they should see the logs in the in-game mail client - to where all these stolen items were transfered

Zenimax developers don't necessarily know how an account was hacked or even if it was hacked.

What if the player had a keylogger running on their PC ? How is Zenimax supposed to know what a user has on their home machine ? They don't know.

starkerealm

notimetocare wrote: »

Shardan4968 wrote: »

People can say that it's all her fault because they know better, but it isn't normal that developer does absolutely nothing about it and allows the hacker to steal even more things like all gold from guild banks, like she claimed. If Zenimax can't check where someone was hacked and all they have to say is one time gold compensation, then they really look poorly when you compare them to Blizzard, which gives player every information on how/when/where she/he was hacked and gives all stuff back. I can't believe that these series of hacked accounts in Czech Republic was in fact some Czech gang trying to duplicate all their items.

Unlike WoW, ESO has built in account protection requiring a code for logging into a new IP. Unlike WoW, ESO has FAR less players and revenue. It would be nice if they did more, but its on the person hacked to show why exactly their email was able to he accessed for a code sent to them, no?

No, you're thinking of these boards (and the support site). Those require you to respond to an activation email. That said, there were a rash of compromised accounts from somewhere in Eastern Europe (I keep wanting to say Belarus, but I'm pretty sure that's incorrect) earlier this year that make me suspect the vector was their email being compromised directly. Probably goldsellers, but it could have been some bored kid in the Ukraine hijacking accounts.

Given the circumstances, it's fairly likely that this hack really was due to factors outside their control.

altemriel

according to this guildie of mine, who was hacked 3 times this year, all the security measures from her side were ok, so it was not her fault at all

Serjustin19

notimetocare wrote: »

Jade1986 wrote: »

Slick_007 wrote: »

LordSemaj wrote: »

My account was hacked multiple times because I refused to get an authenticator

you kinda deserve it then. an authenticator was one of the best things. I was the only person in my small wow guild with one, and by the time i stopped playing, i think the only one not hacked.
got one with swtor when it was released - not hacked

It would be nice for ESO to have them but their extra email security is a step ahead of where wow and swtor were.

Classic victim shaming. Bravo.....

If you leave a car in the ghetto unlocked you are an idiot, not a victim

If you suddenly got mauled by someone, whilst leaving your car; unlocked. But was trying to lock the car, In the ghetto, than you are not an idiot, you are a victim. You should call the police, but would the police (ZOS, no offense) believe you, the victim?