Admin changed my password? Zos were you hacked?

TheRealPotoroo

JPS wrote: »

ZOS_GinaBruno wrote: »

The vendor we use to power the ESO forums reset all user passwords for partners that had upgraded to their most recent software version, which included the ESO forums. You are required to reset your password as a security precaution to address a potential security issue in their forum software. Please be aware that ESO forum accounts are completely separate from your ESO game account, so your existing credentials can still be used to access the game. To log into your forum account, simply go to the sign in screen and reset your password. As soon as we receive more information from the vendor, we'll pass it on.

1 - This could have and should have been communicated without people having to ask for an explanation. Like on top where the maintenance anouncements are. But I guess that was impossible since this one didn't affect just 'some people'.

2 - Am I understanding correctly that a company as big as Zos has to rely on a 3rd party vendor for their forum ? Is this a joke ???

It would explain why ZOS don't give a stuff about fixing the forum language bug that's been around for at least 18 months.

https://forums.elderscrollsonline.com/en/discussion/366666/forum-feedback-thread-functionality-not-content-moderation#latest

@ZOS_GinaBruno

Toanis

HansK wrote: »

Yes those accounts are separate but "so your existing credentials can still be used to access the game" is bad advice. IF you are using the same credentials for the forum AND the game (and be honest, most of you do) then changing your password for the game is highly recommended!!

Agreed. I wasn't even aware that forum and game are separate accounts.
Now I have two new passwords.

Kadoin

Hmm apparently they use Cloudflare...

dengodadegen

same here

FierceSam

Aside from informing us on the wretched performance of the game recently, if there is ONE thing that demands a pinned post at the top of the forum, it's a situation that requires all your forum users to reset their passwords.

Ignoring any issue of fault or blame, it's simply got to be good practice and the right thing to do to treat your users with respect and inform them when something like this needs to be done.

I don't mind resetting my password.

What I take exception to and mind a lot is feeling that maybe my account details have been hacked, that maybe I am the victim of a scam, that maybe it's about more that the details of what is, frankly, an unimportant (to ZOS) backwater forum for a game that has really serious issues right now.

I take exception to ZOS feeling that it's somehow OK to make me (and all the other users of the forum) feel this way. It just reinforces the impression of a company that just doesn't cope well with any kind of adverse situation. PC EU falls over it's heads under the table for a day or so; Event crashes in 30 minutes, it's all down to the basement to hide for a few days.

ZOS seriously need to get their act together and get in front of these things because at the moment they look like a scared cow in a hurricane.

Ascarl

ZOS_GinaBruno wrote: »

The vendor we use to power the ESO forums reset all user passwords for partners that had upgraded to their most recent software version, which included the ESO forums. You are required to reset your password as a security precaution to address a potential security issue in their forum software. Please be aware that ESO forum accounts are completely separate from your ESO game account, so your existing credentials can still be used to access the game. To log into your forum account, simply go to the sign in screen and reset your password. As soon as we receive more information from the vendor, we'll pass it on.

And you please tell us why this could not be communicated beforehand? A forum update is not a spur-of-the-moment decision.

bearbelly

It became a mantra on the Marvel Heroes forums, back when they existed (Vanilla hosted their forums, as well), but I see it is still relevant:

VANILLA SUCKS.

Neoealth

Unfadingsilence wrote: »

I had my email changed as well as my password

That seems a tad OTT

JPS

Kadoin wrote: »

JPS wrote: »

ZOS_GinaBruno wrote: »

The vendor we use to power the ESO forums reset all user passwords for partners that had upgraded to their most recent software version, which included the ESO forums. You are required to reset your password as a security precaution to address a potential security issue in their forum software. Please be aware that ESO forum accounts are completely separate from your ESO game account, so your existing credentials can still be used to access the game. To log into your forum account, simply go to the sign in screen and reset your password. As soon as we receive more information from the vendor, we'll pass it on.

1 - This could have and should have been communicated without people having to ask for an explanation. Like on top where the maintenance anouncements are. But I guess that was impossible since this one didn't affect just 'some people'.

2 - Am I understanding correctly that a company as big as Zos has to rely on a 3rd party vendor for their forum ? Is this a joke ???

They probably mean that it's hosted elsewhere, off-site. Many companies do this so they are not completely down in the case of DDOS, hardware failure, natural disaster, etc. - which would explain why account and forums passwords and logins are not shared, unless you do so manually.

Nearly every company with sense does this, and also has redundant backup servers off-site.

Off-site to me means you have your own server located somewhere else. This looks and reads to me as 'we have handed another company the reponsibility and running of the forums, including the software it runs on'. This suspicion is supported by the fact that if I ping the adress I come out at site-5020507.onvanilla.net..... It happens to be the same 'general' place where for example EA hosts its forums. So, what... If EA gets hacked we're screwed too ? Or we have to change passwords as a precaution? It just spells 'stupid' to me.

Gythral

ZOS_GinaBruno wrote: »

The vendor we use to power the ESO forums reset all user passwords for partners that had upgraded to their most recent software version, which included the ESO forums. You are required to reset your password as a security precaution to address a potential security issue in their forum software. Please be aware that ESO forum accounts are completely separate from your ESO game account, so your existing credentials can still be used to access the game. To log into your forum account, simply go to the sign in screen and reset your password. As soon as we receive more information from the vendor, we'll pass it on.

So it only too ka few hours to post about an issue that should have be communicated at day or two in adavance of it actually happening

Seems to be a ZOS norm, "if we can do it wrong, we will", this has probably been planned for weeks, not some spur of the moment thing, so why were customers not given notice soon after ZOS were!!!

Oh that's right "We're killing it":
yes ZOS you are, but not in some hip meaning but in the dictionary definition of the words!

Lady_Linux

pdblake wrote: »

nafensoriel wrote: »

117Dios wrote: »

nafensoriel wrote: »

Zos found out EUPCs server problems was one dude with a 256 character password.

Source?

I asked an Alfiq in a sack. They said they were trustworthy.

That lumpy sack has been in my inventory for weeks. Do think it's suffocated yet?

ask schrodinger, maybe he knows...

Lady_Linux

did you also get logged out of twitch and twitch prime?

FierceSam

Gythral wrote: »

ZOS_GinaBruno wrote: »

The vendor we use to power the ESO forums reset all user passwords for partners that had upgraded to their most recent software version, which included the ESO forums. You are required to reset your password as a security precaution to address a potential security issue in their forum software. Please be aware that ESO forum accounts are completely separate from your ESO game account, so your existing credentials can still be used to access the game. To log into your forum account, simply go to the sign in screen and reset your password. As soon as we receive more information from the vendor, we'll pass it on.

So it only too ka few hours to post about an issue that should have be communicated at day or two in adavance of it actually happening

Seems to be a ZOS norm, "if we can do it wrong, we will", this has probably been planned for weeks, not some spur of the moment thing, so why were customers not given notice soon after ZOS were!!!

Oh that's right "We're killing it":
yes ZOS you are, but not in some hip meaning but in the dictionary definition of the words!

The thing is, even if this was a last minute thing that caught ZOS unaware, I would expect a decent communications team to have a contingency plan to deal with it.

Everyone understands that things happen that are out of your control. It’s how you react to them that determines how people perceive you. Right now I see ZOS as an organisation that doesn’t appear to have a clue, that has retreated into a shell and is almost deliberately not communicating with its customers. And that isn’t a good look.

I should feel that ZOS is a capable, competent organisation that cares about my business and which I can trust. And right now, they’re almost as far from that as they can get.

pod88kk

At least they didn't have to pull the forums too

Saelent

Grimm13 wrote: »

Saelent wrote: »

Pfft, all you people who got the email saying your password got changed...I didn’t know anything had changed until I saw this thread! Don’t know ya’ll been born, getting warnings ‘n stuffs, quick links through emails instead of having to slog the forums like us ‘ordinaries’. Pfffft!!!

It was not an email. Had a popup box after a failed login which made me think it was a phishing attempt. I spent some time looking at it, running security programs to make certain it was real.

It's extremely odd for this type of change to take place between 4 am EST and 11 am EST, that is the window of time I have from having been on and then finding the issue. the Vendor should definitely given ZOS advance notice, if they did and a zos employee dropped the ball not telling anyone else.... Let's just say ZOS does not need anything to be going wrong, their fault or not and should be looking to get answers for us.

To be honest, as I was reading this thread I was going to post “are you guys sure they’re weren’t just phishing emails” then I realised I couldn’t post because my account was logged out and password wouldn’t work.
I suspect Gina posted as soon as she had the TLDR on what was going on and was able to tell us.
I mean, it’s really great times when the company everyone is hounding isn’t even at fault in this case. Lol

KingMagaw

ZOS_GinaBruno wrote: »

The vendor we use to power the ESO forums reset all user passwords for partners that had upgraded to their most recent software version, which included the ESO forums. You are required to reset your password as a security precaution to address a potential security issue in their forum software. Please be aware that ESO forum accounts are completely separate from your ESO game account, so your existing credentials can still be used to access the game. To log into your forum account, simply go to the sign in screen and reset your password. As soon as we receive more information from the vendor, we'll pass it on.

You think to tell us after the fact?


Have a little tact and common sense next time.

andreasv

KingMagaw wrote: »

ZOS_GinaBruno wrote: »

The vendor we use to power the ESO forums reset all user passwords for partners that had upgraded to their most recent software version, which included the ESO forums. You are required to reset your password as a security precaution to address a potential security issue in their forum software. Please be aware that ESO forum accounts are completely separate from your ESO game account, so your existing credentials can still be used to access the game. To log into your forum account, simply go to the sign in screen and reset your password. As soon as we receive more information from the vendor, we'll pass it on.

You think to tell us after the fact?


Have a little tact and common sense next time.

It's the ZOS way of doing things. Like with the EU login queue. Add the queue and wait for the forum to lit up - then tell them what we did.

redgreensunset

Member of several game forums that uses Vanilla and no one knew this was happening. Vanilla did this and didn't sent out warning to anyone until long after it was done. For once it wasn't ZOS' fault, they couldn't very well warn us about something they had no idea was going to happen could they?

Jaraal

FierceSam wrote: »

The thing is, even if this was a last minute thing that caught ZOS unaware, I would expect a decent communications team to have a contingency plan to deal with it.

And there you have it. No one has ever used "ZOS" and "decent communications team" in the same sentence before.

DTStormfox

ZOS_GinaBruno wrote: »

The vendor we use to power the ESO forums reset all user passwords for partners that had upgraded to their most recent software version, which included the ESO forums. You are required to reset your password as a security precaution to address a potential security issue in their forum software. Please be aware that ESO forum accounts are completely separate from your ESO game account, so your existing credentials can still be used to access the game. To log into your forum account, simply go to the sign in screen and reset your password. As soon as we receive more information from the vendor, we'll pass it on.

The risk of a potential security issue concerning our passwords can be considered a high risk potential leak/breach. According to the GDPR you are obliged to formally inform us about that potential security risk of our personal details. The fact that I wasn't formally informed by your organization worries me. This should have been communicated via e-mail instead of a small post in some random threat on the Forums.

JD2013

A small heads up before it happened would have been nice ...

VaranisArano

There's a large part of me that wonders if the first the Mods and Devs found out about this change was when they got kicked out, had to sign back in, and got that red message saying an admin had changed their account details.

Its amusing to think about the folks at ZOS having basically the same reaction we did, except they got to call their IT department on a Saturday afternoon and say "Guys, what did you do? Did we just get hacked?" instead of posting about it on the forums.

And now I imagine the Devs/Mods sitting there like:
"You think we'll get detailed answers from our provider on a weekend?"
"No, but by god our players are going to want answers from us."
"So we're screwed."
"Yep. What else can go wrong?"
"Don't say that, you fool!"

SickleCider

Everyone making a mountain out of a molehill. Security protocol and required password resets are pretty standard fair for web services. My bank account requires me to regularly reset my password, and I don't need to ask, because I know it's security protocol. The message about an "admin making changes to your account" is probably one of several generic notification messages that get kicked out the door and don't necessarily mean anything.

twev

It took until just a few minutes ago to get the email authorizing me to change my password.

I had gotten logged out and locked out well before the first post in this thread.

My email account was receiving email in real-time from other sources, but it took Vanilla 12 to 14 hours to hand address the envelope and put a stamp on it so I could get the password change info?

That's just stupidwrong.

Anhedonie

L_Nici wrote: »

Since Forum Account and the player ID are connected with each other, someone could possibly used that connection to get data. Names, even home address (if you gave the correct one) and not so important, but also not nice access to your game account.

But they are not..

xxthir13enxx

I thought I got hacked...
And than I realized I really didn’t care if I had been...

scorpius2k1

JD2013 wrote: »

A small heads up before it happened would have been nice ...

No kidding---at the very least. What's next, our credit card information being compromised?

Neoealth

I was forced to change my pw from "password" to "password123" that should keep the hackers at bay.

Elsonso

JPS wrote: »

ZOS_GinaBruno wrote: »

The vendor we use to power the ESO forums reset all user passwords for partners that had upgraded to their most recent software version, which included the ESO forums. You are required to reset your password as a security precaution to address a potential security issue in their forum software. Please be aware that ESO forum accounts are completely separate from your ESO game account, so your existing credentials can still be used to access the game. To log into your forum account, simply go to the sign in screen and reset your password. As soon as we receive more information from the vendor, we'll pass it on.

1 - This could have and should have been communicated without people having to ask for an explanation. Like on top where the maintenance anouncements are. But I guess that was impossible since this one didn't affect just 'some people'.

2 - Am I understanding correctly that a company as big as Zos has to rely on a 3rd party vendor for their forum ? Is this a joke ???

1) ZOS was probably caught off guard, as well. This all started happening late on Friday, after normal business hours, so who knows if Vanilla attempted to contact someone, and whether that someone was monitoring their email on the weekend.

ZOS may have only known something was up when people started to comment on the issue, and their own accounts stopped working until the passwords were reset. I will suggest that she is considerably less pleased about what the "forum vendor" did than you are. Unscheduled things like this, on a weekend, can hit ZOS customer support and add to the support load.

2) Why does any company need to run their own forum? They are a game studio, not a social media provider.

The ESO forums are hosted by Vanilla, using their hosting. This means that ZOS pays them for the cost of running the server, including hosting and bodies.

Here is what happened.

https://status.vanillaforums.com/incidents/2zdqxf3bt7mj

Czekoludek

ZOS_GinaBruno wrote: »

The vendor we use to power the ESO forums reset all user passwords for partners that had upgraded to their most recent software version, which included the ESO forums. You are required to reset your password as a security precaution to address a potential security issue in their forum software. Please be aware that ESO forum accounts are completely separate from your ESO game account, so your existing credentials can still be used to access the game. To log into your forum account, simply go to the sign in screen and reset your password. As soon as we receive more information from the vendor, we'll pass it on.

Can you tell me how it is ossible to have so huge problems with communication after the outrage of event canceling and promisies that you will improve on that field? Seems a bit unprofessional