lordrichter wrote: »ZOS_GinaBruno wrote: »The vendor we use to power the ESO forums reset all user passwords for partners that had upgraded to their most recent software version, which included the ESO forums. You are required to reset your password as a security precaution to address a potential security issue in their forum software. Please be aware that ESO forum accounts are completely separate from your ESO game account, so your existing credentials can still be used to access the game. To log into your forum account, simply go to the sign in screen and reset your password. As soon as we receive more information from the vendor, we'll pass it on.
1 - This could have and should have been communicated without people having to ask for an explanation. Like on top where the maintenance anouncements are. But I guess that was impossible since this one didn't affect just 'some people'.
2 - Am I understanding correctly that a company as big as Zos has to rely on a 3rd party vendor for their forum ? Is this a joke ???
1) ZOS was probably caught off guard, as well. This all started happening late on Friday, after normal business hours, so who knows if Vanilla attempted to contact someone, and whether that someone was monitoring their email on the weekend.
ZOS may have only known something was up when people started to comment on the issue, and their own accounts stopped working until the passwords were reset. I will suggest that she is considerably less pleased about what the "forum vendor" did than you are. Unscheduled things like this, on a weekend, can hit ZOS customer support and add to the support load.
2) Why does any company need to run their own forum? They are a game studio, not a social media provider.
The ESO forums are hosted by Vanilla, using their hosting. This means that ZOS pays them for the cost of running the server, including hosting and bodies.
Here is what happened.
https://status.vanillaforums.com/incidents/2zdqxf3bt7mj
Czekoludek wrote: »ZOS_GinaBruno wrote: »The vendor we use to power the ESO forums reset all user passwords for partners that had upgraded to their most recent software version, which included the ESO forums. You are required to reset your password as a security precaution to address a potential security issue in their forum software. Please be aware that ESO forum accounts are completely separate from your ESO game account, so your existing credentials can still be used to access the game. To log into your forum account, simply go to the sign in screen and reset your password. As soon as we receive more information from the vendor, we'll pass it on.
Can you tell me how it is ossible to have so huge problems with communication after the outrage of event canceling and promisies that you will improve on that field? Seems a bit unprofessional
lordrichter wrote: ».Czekoludek wrote: »ZOS_GinaBruno wrote: »The vendor we use to power the ESO forums reset all user passwords for partners that had upgraded to their most recent software version, which included the ESO forums. You are required to reset your password as a security precaution to address a potential security issue in their forum software. Please be aware that ESO forum accounts are completely separate from your ESO game account, so your existing credentials can still be used to access the game. To log into your forum account, simply go to the sign in screen and reset your password. As soon as we receive more information from the vendor, we'll pass it on.
Can you tell me how it is ossible to have so huge problems with communication after the outrage of event canceling and promisies that you will improve on that field? Seems a bit unprofessional
Wait, are you responding to Gina letting people know what is happening with a complaint that ZOS is not letting people know what is happening?
lordrichter wrote: ».Czekoludek wrote: »ZOS_GinaBruno wrote: »The vendor we use to power the ESO forums reset all user passwords for partners that had upgraded to their most recent software version, which included the ESO forums. You are required to reset your password as a security precaution to address a potential security issue in their forum software. Please be aware that ESO forum accounts are completely separate from your ESO game account, so your existing credentials can still be used to access the game. To log into your forum account, simply go to the sign in screen and reset your password. As soon as we receive more information from the vendor, we'll pass it on.
Can you tell me how it is ossible to have so huge problems with communication after the outrage of event canceling and promisies that you will improve on that field? Seems a bit unprofessional
Wait, are you responding to Gina letting people know what is happening with a complaint that ZOS is not letting people know what is happening?
CassandraGemini wrote: »lordrichter wrote: ».Czekoludek wrote: »ZOS_GinaBruno wrote: »The vendor we use to power the ESO forums reset all user passwords for partners that had upgraded to their most recent software version, which included the ESO forums. You are required to reset your password as a security precaution to address a potential security issue in their forum software. Please be aware that ESO forum accounts are completely separate from your ESO game account, so your existing credentials can still be used to access the game. To log into your forum account, simply go to the sign in screen and reset your password. As soon as we receive more information from the vendor, we'll pass it on.
Can you tell me how it is ossible to have so huge problems with communication after the outrage of event canceling and promisies that you will improve on that field? Seems a bit unprofessional
Wait, are you responding to Gina letting people know what is happening with a complaint that ZOS is not letting people know what is happening?
I believe all the anger here is directed more at the fact that we only got an official statement about this after it had already happened and also only when people actively started questioning it. The whole outrage does feel a bit artificially inflated at this point, though. I mean, who knows if ZoS even realized this would happen? And honestly, yes, a little heads-up would have been nice, if it was possible, but it's not like I'm going to lose sleep over this, so... meh.
Versispellis wrote: »CassandraGemini wrote: »lordrichter wrote: ».Czekoludek wrote: »ZOS_GinaBruno wrote: »The vendor we use to power the ESO forums reset all user passwords for partners that had upgraded to their most recent software version, which included the ESO forums. You are required to reset your password as a security precaution to address a potential security issue in their forum software. Please be aware that ESO forum accounts are completely separate from your ESO game account, so your existing credentials can still be used to access the game. To log into your forum account, simply go to the sign in screen and reset your password. As soon as we receive more information from the vendor, we'll pass it on.
Can you tell me how it is ossible to have so huge problems with communication after the outrage of event canceling and promisies that you will improve on that field? Seems a bit unprofessional
Wait, are you responding to Gina letting people know what is happening with a complaint that ZOS is not letting people know what is happening?
I believe all the anger here is directed more at the fact that we only got an official statement about this after it had already happened and also only when people actively started questioning it. The whole outrage does feel a bit artificially inflated at this point, though. I mean, who knows if ZoS even realized this would happen? And honestly, yes, a little heads-up would have been nice, if it was possible, but it's not like I'm going to lose sleep over this, so... meh.
Seems performative, even.
scorpius2k1 wrote: »Yes. But you saw how quickly the finger was pointed to "The vendor we use" in Gina's response. Typical ZoS.BackAndAngry wrote: »Aren't zos subcontractors as liable as them when managing ppl personal data?
Versispellis wrote: »CassandraGemini wrote: »lordrichter wrote: ».Czekoludek wrote: »ZOS_GinaBruno wrote: »The vendor we use to power the ESO forums reset all user passwords for partners that had upgraded to their most recent software version, which included the ESO forums. You are required to reset your password as a security precaution to address a potential security issue in their forum software. Please be aware that ESO forum accounts are completely separate from your ESO game account, so your existing credentials can still be used to access the game. To log into your forum account, simply go to the sign in screen and reset your password. As soon as we receive more information from the vendor, we'll pass it on.
Can you tell me how it is ossible to have so huge problems with communication after the outrage of event canceling and promisies that you will improve on that field? Seems a bit unprofessional
Wait, are you responding to Gina letting people know what is happening with a complaint that ZOS is not letting people know what is happening?
I believe all the anger here is directed more at the fact that we only got an official statement about this after it had already happened and also only when people actively started questioning it. The whole outrage does feel a bit artificially inflated at this point, though. I mean, who knows if ZoS even realized this would happen? And honestly, yes, a little heads-up would have been nice, if it was possible, but it's not like I'm going to lose sleep over this, so... meh.
Seems performative, even.
Reactions tend to become inflamed when there is a succession of events that trigger them. Accusing players of being performative or artificially inflating their anger seems unfair and misguided when ZOS have collected an astonishing number of blunders in the past year, including the PC-EU server imploding regularly, queues being turned on and off with little to no communication, especially in-game, events being postponed, extended or cancelled, again with poor communication, a roadmap to improve performance that was years in the making and flopped spectacularly (new group finder, anyone?), a commitment to improving communication that had yet to be translated in concrete actions... Need I go on?
If you're happy with ZOS, that's fine. But don't shoot down and presume malice from those people who aren't.
Versispellis wrote: »CassandraGemini wrote: »lordrichter wrote: ».Czekoludek wrote: »ZOS_GinaBruno wrote: »The vendor we use to power the ESO forums reset all user passwords for partners that had upgraded to their most recent software version, which included the ESO forums. You are required to reset your password as a security precaution to address a potential security issue in their forum software. Please be aware that ESO forum accounts are completely separate from your ESO game account, so your existing credentials can still be used to access the game. To log into your forum account, simply go to the sign in screen and reset your password. As soon as we receive more information from the vendor, we'll pass it on.
Can you tell me how it is ossible to have so huge problems with communication after the outrage of event canceling and promisies that you will improve on that field? Seems a bit unprofessional
Wait, are you responding to Gina letting people know what is happening with a complaint that ZOS is not letting people know what is happening?
I believe all the anger here is directed more at the fact that we only got an official statement about this after it had already happened and also only when people actively started questioning it. The whole outrage does feel a bit artificially inflated at this point, though. I mean, who knows if ZoS even realized this would happen? And honestly, yes, a little heads-up would have been nice, if it was possible, but it's not like I'm going to lose sleep over this, so... meh.
Seems performative, even.
Reactions tend to become inflamed when there is a succession of events that trigger them. Accusing players of being performative or artificially inflating their anger seems unfair and misguided when ZOS have collected an astonishing number of blunders in the past year, including the PC-EU server imploding regularly, queues being turned on and off with little to no communication, especially in-game, events being postponed, extended or cancelled, again with poor communication, a roadmap to improve performance that was years in the making and flopped spectacularly (new group finder, anyone?), a commitment to improving communication that had yet to be translated in concrete actions... Need I go on?
If you're happy with ZOS, that's fine. But don't shoot down and presume malice from those people who aren't.
CassandraGemini wrote: »I believe all the anger here is directed more at the fact that we only got an official statement about this after it had already happened and also only when people actively started questioning it. The whole outrage does feel a bit artificially inflated at this point, though. I mean, who knows if ZoS even realized this would happen? And honestly, yes, a little heads-up would have been nice, if it was possible, but it's not like I'm going to lose sleep over this, so... meh.
Czekoludek wrote: »She lets us know couple hours after the issue occured, in that case we should get any info BEFORE that. If this is a proper communication for you, I feel sorry for your low standards of what a good communication between client and a company should be
What needs improvement is communication. The info that this password reset is legit should be a pinned post or a notification, not a page 3 response in a discussion opened by users.
Versispellis wrote: »Versispellis wrote: »CassandraGemini wrote: »lordrichter wrote: ».Czekoludek wrote: »ZOS_GinaBruno wrote: »The vendor we use to power the ESO forums reset all user passwords for partners that had upgraded to their most recent software version, which included the ESO forums. You are required to reset your password as a security precaution to address a potential security issue in their forum software. Please be aware that ESO forum accounts are completely separate from your ESO game account, so your existing credentials can still be used to access the game. To log into your forum account, simply go to the sign in screen and reset your password. As soon as we receive more information from the vendor, we'll pass it on.
Can you tell me how it is ossible to have so huge problems with communication after the outrage of event canceling and promisies that you will improve on that field? Seems a bit unprofessional
Wait, are you responding to Gina letting people know what is happening with a complaint that ZOS is not letting people know what is happening?
I believe all the anger here is directed more at the fact that we only got an official statement about this after it had already happened and also only when people actively started questioning it. The whole outrage does feel a bit artificially inflated at this point, though. I mean, who knows if ZoS even realized this would happen? And honestly, yes, a little heads-up would have been nice, if it was possible, but it's not like I'm going to lose sleep over this, so... meh.
Seems performative, even.
Reactions tend to become inflamed when there is a succession of events that trigger them. Accusing players of being performative or artificially inflating their anger seems unfair and misguided when ZOS have collected an astonishing number of blunders in the past year, including the PC-EU server imploding regularly, queues being turned on and off with little to no communication, especially in-game, events being postponed, extended or cancelled, again with poor communication, a roadmap to improve performance that was years in the making and flopped spectacularly (new group finder, anyone?), a commitment to improving communication that had yet to be translated in concrete actions... Need I go on?
If you're happy with ZOS, that's fine. But don't shoot down and presume malice from those people who aren't.
Please don't be so hyperbolic. The mild inconvenience that people have experienced over the password resets has nothing to do with any of those other issues. Keep the stuff separated from the stuff.
VaranisArano wrote: »Here's the Vanilla Forums incident report on what happened: https://status.vanillaforums.com/incidents/2zdqxf3bt7mj
My takeaway?
1. It wasn't a data breach, so much as a bug causing quote chains to link more personal info than they ought to if you looked at the network requests/API/HTML. The sign out/password reset was definitely done by Vanilla, so we don't have to worry about that being the ZOS admins or a hacker.
2. If you use the same password for the forums on other sites or your account, it would be a wise precaution to change those...but then, we all know that's normal password security regardless.
3. To my personal amusement, ZOS isn't the only company who only posts incident reports after the fix is done.
Versispellis wrote: »Everyone making a mountain out of a molehill. Security protocol and required password resets are pretty standard fair for web services. My bank account requires me to regularly reset my password, and I don't need to ask, because I know it's security protocol. The message about an "admin making changes to your account" is probably one of several generic notification messages that get kicked out the door and don't necessarily mean anything.
TheRealPotoroo wrote: »Versispellis wrote: »Everyone making a mountain out of a molehill. Security protocol and required password resets are pretty standard fair for web services. My bank account requires me to regularly reset my password, and I don't need to ask, because I know it's security protocol. The message about an "admin making changes to your account" is probably one of several generic notification messages that get kicked out the door and don't necessarily mean anything.
No, pissing off your user base with an entirely unexpected security update combined with disturbing messages about admins making unforeseen changes to your account for no apparent reason is totally not OK.
Hallothiel wrote: »TheRealPotoroo wrote: »Versispellis wrote: »Everyone making a mountain out of a molehill. Security protocol and required password resets are pretty standard fair for web services. My bank account requires me to regularly reset my password, and I don't need to ask, because I know it's security protocol. The message about an "admin making changes to your account" is probably one of several generic notification messages that get kicked out the door and don't necessarily mean anything.
No, pissing off your user base with an entirely unexpected security update combined with disturbing messages about admins making unforeseen changes to your account for no apparent reason is totally not OK.
Read the thread see if you can find the actual explanation before getting arsey with the wrong people.
TheRealPotoroo wrote: »Hallothiel wrote: »TheRealPotoroo wrote: »Versispellis wrote: »Everyone making a mountain out of a molehill. Security protocol and required password resets are pretty standard fair for web services. My bank account requires me to regularly reset my password, and I don't need to ask, because I know it's security protocol. The message about an "admin making changes to your account" is probably one of several generic notification messages that get kicked out the door and don't necessarily mean anything.
No, pissing off your user base with an entirely unexpected security update combined with disturbing messages about admins making unforeseen changes to your account for no apparent reason is totally not OK.
Read the thread see if you can find the actual explanation before getting arsey with the wrong people.
I read it and it doesn't change the fact that the way it was handled was not OK and we should be upset, contra Versispellis.
Hallothiel wrote: »So even after information is posted from various sources explaining it was nothing to do with Zos, people still getting arsey with Gina & co? Really?!
How do you cope when serious things go wrong in your real life & you can’t blame Zos?!