Admin changed my password? Zos were you hacked?

Araneae6537

Same happened to me. Did everyone have to change their password I wonder? It would be nice to know why.

EDIT: Thank you! I should have read more of the replies before posting! 😅

Sylvermynx

ErinM31 wrote: »

Same happened to me. Did everyone have to change their password I wonder? It would be nice to know why.

See post: https://forums.elderscrollsonline.com/en/discussion/comment/6463909/#Comment_6463909

MissBizz

ErinM31 wrote: »

Same happened to me. Did everyone have to change their password I wonder? It would be nice to know why.

Something to do with Vanilla forums. Not zos. Maybe Google about vanilla and may find a bigger explanation?

pod88kk

ZOS_GinaBruno wrote: »

The vendor we use to power the ESO forums reset all user passwords for partners that had upgraded to their most recent software version, which included the ESO forums. You are required to reset your password as a security precaution to address a potential security issue in their forum software. Please be aware that ESO forum accounts are completely separate from your ESO game account, so your existing credentials can still be used to access the game. To log into your forum account, simply go to the sign in screen and reset your password. As soon as we receive more information from the vendor, we'll pass it on.

You couldn't of let us know that this was going to happen?

Sylvermynx

pod88kk wrote: »

ZOS_GinaBruno wrote: »

The vendor we use to power the ESO forums reset all user passwords for partners that had upgraded to their most recent software version, which included the ESO forums. You are required to reset your password as a security precaution to address a potential security issue in their forum software. Please be aware that ESO forum accounts are completely separate from your ESO game account, so your existing credentials can still be used to access the game. To log into your forum account, simply go to the sign in screen and reset your password. As soon as we receive more information from the vendor, we'll pass it on.

You couldn't of let us know that this was going to happen?

From what Gina posted, it seems as if the provider (Vanilla) didn't bother to let them know. As it happens, I've had some dealings with Vanilla, and I.... um.... well, I was unimpressed. Which is why I use phpBB3 for forums I run. Then again, I'm not a major company of any sort, so I don't need "more robust" (or paid for when it's a corporation using them) forum software.

Fur_like_snow

Sounds like the vendor got compromised. 🙄

Sylvermynx

Fur_like_snow wrote: »

Sounds like the vendor got compromised. 🙄

Yeah. Not good.

MajBludd

Same

Grimm13

had the same on several on my families accounts. I filed a ticket without response so far. Can not see that anything was done, so makes me wonder was hacked or do they have a rogue agent peering where they should not.

Grimm13

nafensoriel wrote: »

117Dios wrote: »

nafensoriel wrote: »

Zos found out EUPCs server problems was one dude with a 256 character password.

Source?

I asked an Alfiq in a sack. They said they were trustworthy.

Take it to the river

WiseSky

ditto

Jaraal

SeaGtGruff wrote: »

Hapexamendios wrote: »

A little sooner notice would have been prudent.

But you're assuming that the vendor actually gave ZOS advance notice. For all we know, ZOS didn't even know about it until the vendor had reset all user passwords, thereby prompting ZOS (after all the brouhaha on the forums) to contact the vendor and ask what the heck had happened.

Must have the same forum vendor as the EU server vendor, the group finder vendor, and the combat team vendor.



It all makes sense now!

Grimm13

Saelent wrote: »

Pfft, all you people who got the email saying your password got changed...I didn’t know anything had changed until I saw this thread! Don’t know ya’ll been born, getting warnings ‘n stuffs, quick links through emails instead of having to slog the forums like us ‘ordinaries’. Pfffft!!!

It was not an email. Had a popup box after a failed login which made me think it was a phishing attempt. I spent some time looking at it, running security programs to make certain it was real.

It's extremely odd for this type of change to take place between 4 am EST and 11 am EST, that is the window of time I have from having been on and then finding the issue. the Vendor should definitely given ZOS advance notice, if they did and a zos employee dropped the ball not telling anyone else.... Let's just say ZOS does not need anything to be going wrong, their fault or not and should be looking to get answers for us.

Major_Lag

nafensoriel wrote: »

Zos found out EUPCs server problems was one dude with a 256 character password.

You jest, but I once encountered the case of a multiplayer game where putting certain character sequences (allowed/valid characters only!) in the user name would cause a buffer overflow, crashing the server...

CiliPadi

ZOS_GinaBruno wrote: »

The vendor we use to power the ESO forums reset all user passwords for partners that had upgraded to their most recent software version, which included the ESO forums. You are required to reset your password as a security precaution to address a potential security issue in their forum software. Please be aware that ESO forum accounts are completely separate from your ESO game account, so your existing credentials can still be used to access the game. To log into your forum account, simply go to the sign in screen and reset your password. As soon as we receive more information from the vendor, we'll pass it on.

Thanks for letting us know, after the fact.

Kuramas9tails

Same. Had to reset my password.

Hapexamendios

SeaGtGruff wrote: »

Hapexamendios wrote: »

SeaGtGruff wrote: »

Hapexamendios wrote: »

A little sooner notice would have been prudent.

But you're assuming that the vendor actually gave ZOS advance notice. For all we know, ZOS didn't even know about it until the vendor had reset all user passwords, thereby prompting ZOS (after all the brouhaha on the forums) to contact the vendor and ask what the heck had happened.

Doesn’t matter if it’s the vendor or ZOS. Prior notice should have been given.

So are you saying that even if the vendor did it without warning ZOS ahead of time then ZOS is still to blame because ZOS should have given us a warning ahead of time? Because that makes no sense.

Or are you saying that if the vendor did it then the vendor should have warned ZOS ahead of time? Because that makes sense as long as you don't blame ZOS for not giving us prior notice. Except it sounds like you are blaming ZOS for not giving us prior notice, in which case it makes no sense.

You’re reading way more into the comment than is there.

Path

Nice to know however...

Firefox changed the way they list saved passwords and consequentially I will be resetting my password for days.

barney2525

Ackwalan wrote: »

Looks like the game password and forum password are now separate from each other.

they always were. You could probably use your same PW when you set up the Forums account, but my forums pw was always different from my game pw.


Mine got reset too. so now its different again

HansK

ZOS_GinaBruno wrote: »

The vendor we use to power the ESO forums reset all user passwords for partners that had upgraded to their most recent software version, which included the ESO forums. You are required to reset your password as a security precaution to address a potential security issue in their forum software. Please be aware that ESO forum accounts are completely separate from your ESO game account, so your existing credentials can still be used to access the game. To log into your forum account, simply go to the sign in screen and reset your password. As soon as we receive more information from the vendor, we'll pass it on.

Yes those accounts are separate but "so your existing credentials can still be used to access the game" is bad advice. IF you are using the same credentials for the forum AND the game (and be honest, most of you do) then changing your password for the game is highly recommended!!

Vapirko

Same to me.

Unfadingsilence

I had my email changed as well as my password

Marolf

Looking for an explanation conserning this.

zaria

Lumenn wrote: »

While laws are different in different areas(when and if notice is given) if a breach occurred the company should immediately inform customers or possibly be held liable for negligence. Zos has a reputation for keeping silent even when it hurts them but surely this would be an exception....

The real stuff here is the ESO accounts. Forum is fluff.
If I knew the ESO login database was hacked I would killed power on the server parks.

Now I expect this was another mess up.
An message saying your forum and ESO password can not match any longer as we increased security.
Please change your forum password by pressing the recover password link.

Something all could understand.
Not just confusing Khajiits

Hotdog_23

Me too.

Banana

I find it hard to believe anyone who hacked the server would be able to stay connected long enough to download anything in its current state

Gythral

Something is wrong as not just did a password reset need to be done yesterday, now the forum is not remembering that you were logged in!

JPS

ZOS_GinaBruno wrote: »

The vendor we use to power the ESO forums reset all user passwords for partners that had upgraded to their most recent software version, which included the ESO forums. You are required to reset your password as a security precaution to address a potential security issue in their forum software. Please be aware that ESO forum accounts are completely separate from your ESO game account, so your existing credentials can still be used to access the game. To log into your forum account, simply go to the sign in screen and reset your password. As soon as we receive more information from the vendor, we'll pass it on.

1 - This could have and should have been communicated without people having to ask for an explanation. Like on top where the maintenance anouncements are. But I guess that was impossible since this one didn't affect just 'some people'.

2 - Am I understanding correctly that a company as big as Zos has to rely on a 3rd party vendor for their forum ? Is this a joke ???

Kadoin

JPS wrote: »

ZOS_GinaBruno wrote: »

The vendor we use to power the ESO forums reset all user passwords for partners that had upgraded to their most recent software version, which included the ESO forums. You are required to reset your password as a security precaution to address a potential security issue in their forum software. Please be aware that ESO forum accounts are completely separate from your ESO game account, so your existing credentials can still be used to access the game. To log into your forum account, simply go to the sign in screen and reset your password. As soon as we receive more information from the vendor, we'll pass it on.

1 - This could have and should have been communicated without people having to ask for an explanation. Like on top where the maintenance anouncements are. But I guess that was impossible since this one didn't affect just 'some people'.

2 - Am I understanding correctly that a company as big as Zos has to rely on a 3rd party vendor for their forum ? Is this a joke ???

They probably mean that it's hosted elsewhere, off-site. Many companies do this so they are not completely down in the case of DDOS, hardware failure, natural disaster, etc. - which would explain why account and forums passwords and logins are not shared, unless you do so manually.

Nearly every company with sense does this, and also has redundant backup servers off-site.

Rex-Umbra

Yeah me too