My account was hacked!

nine9six

Jayman1000 wrote: »

Mrtoobyy wrote: »

Hi.
I tried to login to the game today but it says my password/account name was wrong. My fears were real... My account has been hacked, I can see in my hotmail removed objects there were mails regarding password change etc on Saturday March 29th. Everything seems ok on the account EXCEPT all of my in game gold are gone? I had like 300 k before and now I have 21. Is there any way to get this gold back? Can one see to wich player this in game gold has been transferred to? And is there more ways to ensure account safety then just the secret question?

To hack an eso account and change the password the hacker would need four things:

1. The account user id. This can be obtained in game.
2. Your actual password. If it is a compromised password, for example one that you have also used on other services that had a databreach and passwords and accounts stolen or if it's a commonly used password (for example "123456789" or "password" etc) then that's how they the hacker can guess it. This is probably the most common way hackers guess passwords.
3. Knowledge of and access to the email you have registered with zos so that they can obtain the one time code that is sent when they guess your password and tries to login (unless they are actually using YOUR pc to login from, because then obviously a one time code wont be needed. But that would require them to have access to your actual pc).
4. Your security question (to change the password). Again if the secret answer is something common like favourite tv-show: simpsons or similar, then that could possibly be how they also guess your security question.

No, you're over-complicating this.

Say you're email account is apart of a database breach. I buy the account info on the 'dark web' (this *** happens every day, so I'm not pulling this out of my ass).

I log into your email account and start searching for MMO / Steam / uPlay (lol) / etc. emails.

When I find them, I know I have an email address associated with an account from there.

You go there and "I forgot my user name" or / and "I forgot my password".

The email comes, you follow the link obtain the username and reset the PW. Now you have access to the account.

BUT WAIT! There's an email code!!!!

....you type the email code (because you have access to the email account)

Now...you're in!

You can decon all their stuff. Mail things to a Mule you have. The possibilities are endless.

This is just one example that I'm flying through before they close this thread. If you want more I can provide more methods that involve zero social engineering or talking to a single soul.

Jayman1000

nine9six wrote: »

"You go there and "I forgot my user name" or / and "I forgot my password".

The email comes, you follow the link obtain the username and reset the PW. Now you have access to the account.".

Huh, I just tested it out and it seems Zos service is indeed less safe than I assumed. I wasn't aware that if you had access to a users email that you so easily could obtain the userid. You're right I thought it would be more complicated. For the password reset though you need to provide the secret answer and if that is something common like what is your favorite city and your answer is New York, then I suppose it would be fairly easy for the hacker to guess the security question. Though I don't know how many failed attempts you can make before zos system freezes the account (assuming that their system will indeed freeze it at some point).

Guess the most important thing then is to have 2-factor authentication on your email so that you can be 100% sure no one can ever access it to play this trick. You could also make a strong security question answer that is nigh impossible to guess, just make sure that you wont ever forget it yourself.

Why would zos close this thread?

nine9six

I’m not sure.

They say to submit a ticket and close the thread. Always while I’ve written-out an in-depth reply. I’ve though about continuing the conversations privately, but...for what?

Topic needs exposure not private conversations between people with no “power”.

ZoS has made small improvements to their security since my account was hacked (forum threads about it) but I’d still really, really like a 2-Factor App.

Use the Google one, for all I care. Just...use one.

FTR: I rotate all of my PWs but my email was compromised and exploited within a window that didn’t protect me from a database breach. The breach wasn’t made public until *after* my ESO account was hacked.

Having email headers with IPs from Asia and Log In Attempts from Asian IPs meant nothing to ZoS and I lost all of my progress from Early Access. Only recently did I start playing again.

I “grinded” all 15 characters to Level 50 during the New Year event. At least I have my CP and my Senche Mount.

This is a real issue that’s dear to me so I’m somewhat passionate about it.

I, to no fault of my own, lost years worth of progress because “we” rely on a horrible “email-based 2-factor system” that can be easily circumvented.

Mrtoobyy

Spacegato wrote: »

Use Two-Factor Authentication for your Hotmail and never use the same password twice.
I hope you can get your gold back from ZOS.

Thanks alot! I

Spacegato wrote: »

Use Two-Factor Authentication for your Hotmail and never use the same password twice.
I hope you can get your gold back from ZOS.

Dunning_Kruger wrote: »

Mrtoobyy wrote: »

Hi.
I tried to login to the game today but it says my password/account name was wrong. My fears were real... My account has been hacked, I can see in my hotmail removed objects there were mails regarding password change etc on Saturday March 29th. Everything seems ok on the account EXCEPT all of my in game gold are gone? I had like 300 k before and now I have 21. Is there any way to get this gold back? Can one see to wich player this in game gold has been transferred to? And is there more ways to ensure account safety then just the secret question?

Damn this happen on steam version per Chance?

No it's not the steam version.