Anyone else receive unsolicited emails with access codes in Russian language?

Lumenn

ProudMary wrote: »

Lephrel wrote: »

ZOS_GinaBruno wrote: »

Hi everyone, if you received one of these emails, please submit a ticket with Support and provide the details. You can choose the "Account Recovery" category. Thank you!

@ZOS_GinaBruno Did account passwords get leaked though? Do you have any infos on that, as it would be a major problem.

We definitely need an official announcement from ZOS regarding this data breach. What all info was compromised? And what should the player response be?

Wait, has there been a data breach? @ZOS_GinaBruno might want to get on top of this either way before your forums(and others) blow up. An official announcement would be nice.

KMarble

ProudMary wrote: »

Lephrel wrote: »

ZOS_GinaBruno wrote: »

Hi everyone, if you received one of these emails, please submit a ticket with Support and provide the details. You can choose the "Account Recovery" category. Thank you!

@ZOS_GinaBruno Did account passwords get leaked though? Do you have any infos on that, as it would be a major problem.

We definitely need an official announcement from ZOS regarding this data breach. What all info was compromised? And what should the player response be?

From what have been posted so far, there is no data breach. It seems there is/was an attempt at guessing the password of some accounts, but it doesn't sound like it was successful.

Collecting account names can be as easy as logging in and wandering around Tamriel. As far as hacking goes, this (trying to figure out a password) is as simple as it goes. If there was a data breach, the hackers would be in control of the accounts already.

blue_peaceful_Manticore

KMarble wrote: »

ProudMary wrote: »

Lephrel wrote: »

ZOS_GinaBruno wrote: »

Hi everyone, if you received one of these emails, please submit a ticket with Support and provide the details. You can choose the "Account Recovery" category. Thank you!

@ZOS_GinaBruno Did account passwords get leaked though? Do you have any infos on that, as it would be a major problem.

We definitely need an official announcement from ZOS regarding this data breach. What all info was compromised? And what should the player response be?

From what have been posted so far, there is no data breach. It seems there is/was an attempt at guessing the password of some accounts, but it doesn't sound like it was successful.

Collecting account names can be as easy as logging in and wandering around Tamriel. As far as hacking goes, this (trying to figure out a password) is as simple as it goes. If there was a data breach, the hackers would be in control of the accounts already.

Its easy to find accound ID yes. But how they find your email adress link to that account ID without a data breach?

davidtk

EnKor wrote: »

KMarble wrote: »

ProudMary wrote: »

Lephrel wrote: »

ZOS_GinaBruno wrote: »

Hi everyone, if you received one of these emails, please submit a ticket with Support and provide the details. You can choose the "Account Recovery" category. Thank you!

@ZOS_GinaBruno Did account passwords get leaked though? Do you have any infos on that, as it would be a major problem.

We definitely need an official announcement from ZOS regarding this data breach. What all info was compromised? And what should the player response be?

From what have been posted so far, there is no data breach. It seems there is/was an attempt at guessing the password of some accounts, but it doesn't sound like it was successful.

Collecting account names can be as easy as logging in and wandering around Tamriel. As far as hacking goes, this (trying to figure out a password) is as simple as it goes. If there was a data breach, the hackers would be in control of the accounts already.

Its easy to find accound ID yes. But how they find your email adress link to that account ID without a data breach?

Thats the question!

ProudMary

Lumenn wrote: »

ProudMary wrote: »

Lephrel wrote: »

ZOS_GinaBruno wrote: »

Hi everyone, if you received one of these emails, please submit a ticket with Support and provide the details. You can choose the "Account Recovery" category. Thank you!

@ZOS_GinaBruno Did account passwords get leaked though? Do you have any infos on that, as it would be a major problem.

We definitely need an official announcement from ZOS regarding this data breach. What all info was compromised? And what should the player response be?

Wait, has there been a data breach? @ZOS_GinaBruno might want to get on top of this either way before your forums(and others) blow up. An official announcement would be nice.

KMarble wrote: »

ProudMary wrote: »

Lephrel wrote: »

ZOS_GinaBruno wrote: »

Hi everyone, if you received one of these emails, please submit a ticket with Support and provide the details. You can choose the "Account Recovery" category. Thank you!

@ZOS_GinaBruno Did account passwords get leaked though? Do you have any infos on that, as it would be a major problem.

We definitely need an official announcement from ZOS regarding this data breach. What all info was compromised? And what should the player response be?

From what have been posted so far, there is no data breach. It seems there is/was an attempt at guessing the password of some accounts, but it doesn't sound like it was successful.

Collecting account names can be as easy as logging in and wandering around Tamriel. As far as hacking goes, this (trying to figure out a password) is as simple as it goes. If there was a data breach, the hackers would be in control of the accounts already.

There had to be a data breach to access so many of the email addresses associated with ZOS accounts, I'm assuming.

They are sending phishing scam emails to those email addresses they got from the ZOS data base is what's going on, at least that's what it looks like to me.

ZOS needs to make an official announcement as to the extent of the data breach and what the player response should be, if any. Or if this was just some internal screw up with their automated systems. But why is the message in the Russian language then? At any rate, I feel very strongly ZOS should address this situation ASAP and give players an explanation as to what is/was happening here.

blue_peaceful_Manticore

ProudMary wrote: »

Lumenn wrote: »

ProudMary wrote: »

Lephrel wrote: »

ZOS_GinaBruno wrote: »

Hi everyone, if you received one of these emails, please submit a ticket with Support and provide the details. You can choose the "Account Recovery" category. Thank you!

@ZOS_GinaBruno Did account passwords get leaked though? Do you have any infos on that, as it would be a major problem.

We definitely need an official announcement from ZOS regarding this data breach. What all info was compromised? And what should the player response be?

Wait, has there been a data breach? @ZOS_GinaBruno might want to get on top of this either way before your forums(and others) blow up. An official announcement would be nice.

KMarble wrote: »

ProudMary wrote: »

Lephrel wrote: »

ZOS_GinaBruno wrote: »

Hi everyone, if you received one of these emails, please submit a ticket with Support and provide the details. You can choose the "Account Recovery" category. Thank you!

@ZOS_GinaBruno Did account passwords get leaked though? Do you have any infos on that, as it would be a major problem.

We definitely need an official announcement from ZOS regarding this data breach. What all info was compromised? And what should the player response be?

From what have been posted so far, there is no data breach. It seems there is/was an attempt at guessing the password of some accounts, but it doesn't sound like it was successful.

Collecting account names can be as easy as logging in and wandering around Tamriel. As far as hacking goes, this (trying to figure out a password) is as simple as it goes. If there was a data breach, the hackers would be in control of the accounts already.

There had to be a data breach to access so many of the email addresses associated with ZOS accounts.

They are sending phishing scam emails to those email addresses they got from the ZOS data base is what's going on.

ZOS needs to make an official announcement as to the extent of the data breach and what the player response should be, if any.

I dont know if data breach as happen. But if yes, ZoS will never say the tru about that. Like all other companies. They never tell the true.
If data breach as happen, all they will say is something like: "Yes, yes blablabla. We have one, but its all ok and they (hackers) only get @ID and Some emails.
And then, sadly, like all companies, ZoS will say: "All info about credit card\real and personal information are 100% fine"

And this is why i use: Virtual credit card to renew my eso+. This virtual credit card have only 30 days life time and can make only one payment.... But you wanna know the joke about this?! ZoS reject this cards now. If i wanna use Credit card to pay my eso plus, i have to use one with one year life time, and this Card need to be able to make multiple payments.
-I feel 100% safe to renew eso plus with a 30 days Virtual Credit Card one time use.
-ZoS ignore my safety now, and only allow Multipayments Credit Card. Sad!

StormBlade512

If anyone gets an unsolicited email, definitely change your passwords asap - it could mean your password has been leaked/cracked/otherwise obtained. It's better to be safe than sorry! (Imo I would also change my email password too).

Want to echo that we really REALLY need better two factor than the email access codes. It's just too basic and a lot of times takes ages to come through. We need authenticators/SMS with back up codes and de-authorisation

davidtk

Interesting, I changed password and now I have full mail of this spam:
Probably not related, but what if it happens to be related.

Elsonso

Lumenn wrote: »

Wait, has there been a data breach? @ZOS_GinaBruno might want to get on top of this either way before your forums(and others) blow up. An official announcement would be nice.

Definitely a curious case, but I wouldn't assume "data breach" quite yet.

I would, however, change passwords A.S.A.P.... and not from a computer normally used for gaming. Ideally, you want to trigger the "new IP" email when you log in to change your password.

Edit: Also, if you do not have 2FA on the email account, do that first.

Tandor

StormBlade512 wrote: »

If anyone gets an unsolicited email, definitely change your passwords asap - it could mean your password has been leaked/cracked/otherwise obtained. It's better to be safe than sorry! (Imo I would also change my email password too).

Want to echo that we really REALLY need better two factor than the email access codes. It's just too basic and a lot of times takes ages to come through. We need authenticators/SMS with back up codes and de-authorisation

What we really need is a default option not to wander around Tamriel displaying half the information needed to hack our accounts.

Baertram

Yeah well but changing the password would need the acocunt system to work first! As I got this russian email today the ESO account sytem was offline/under maintenance.

And now, if I try to reach it, it says:
The requested URL was rejected. Please consult with your administrator.

Elsonso

Baertram wrote: »

And now, if I try to reach it, it says:
The requested URL was rejected. Please consult with your administrator.

FYI: Account website is up and functioning. Try clearing cache or closing browser, then try again.

Tandor wrote: »

StormBlade512 wrote: »

If anyone gets an unsolicited email, definitely change your passwords asap - it could mean your password has been leaked/cracked/otherwise obtained. It's better to be safe than sorry! (Imo I would also change my email password too).

Want to echo that we really REALLY need better two factor than the email access codes. It's just too basic and a lot of times takes ages to come through. We need authenticators/SMS with back up codes and de-authorisation

What we really need is a default option not to wander around Tamriel displaying half the information needed to hack our accounts.

It's the unimportant half, and comprises none of the security of the account. The concern about account names is to combat people who use the same password like it is some sort of family heirloom. Anyone concerned enough about security to care about user names probably isn't in any position to worry.

Lumenn

Elsonso wrote: »

Lumenn wrote: »

Wait, has there been a data breach? @ZOS_GinaBruno might want to get on top of this either way before your forums(and others) blow up. An official announcement would be nice.

Definitely a curious case, but I wouldn't assume "data breach" quite yet.

I would, however, change passwords A.S.A.P.... and not from a computer normally used for gaming. Ideally, you want to trigger the "new IP" email when you log in to change your password.

Edit: Also, if you do not have 2FA on the email account, do that first.

I actually tend to do that monthly. I lived with a girl some 15 years ago that had been involved in an identity theft ring. (Believe me, after finding that out you get paranoid) the things she showed me were eye opening regarding security, and she claimed she wasn't even that good considering she had been caught and prosecuted. She spent her time after that teaching cyber security go figure.

But many playing the game don't take such precautions (although they should) and a word from the company would be responsible, even if it's a firm "No breach". It's not an issue to go ostrich with. People overlook bad customer service, but play with their money/identity and not be honest about it? That doesn't go so well.

Baertram

Thanks, that helped.

About the breach: My ESO email is not used anywhere else than for ESO, so it's definately no data breach at Twitch or any other linked account website, unless the email adresses of ESO are stored in their database too.....

Tandor

Elsonso wrote: »

Tandor wrote: »

StormBlade512 wrote: »

If anyone gets an unsolicited email, definitely change your passwords asap - it could mean your password has been leaked/cracked/otherwise obtained. It's better to be safe than sorry! (Imo I would also change my email password too).

Want to echo that we really REALLY need better two factor than the email access codes. It's just too basic and a lot of times takes ages to come through. We need authenticators/SMS with back up codes and de-authorisation

What we really need is a default option not to wander around Tamriel displaying half the information needed to hack our accounts.

It's the unimportant half, and comprises none of the security of the account. The concern about account names is to combat people who use the same password like it is some sort of family heirloom. Anyone concerned enough about security to care about user names probably isn't in any position to worry.

If I "knew" the password on an account I wouldn't be able to use it without knowing the name of the account to which it applied. I don't understand why that would be unimportant, or why it should be freely available in the public domain. Please explain!

Elsonso

Lumenn wrote: »

But many playing the game don't take such precautions (although they should) and a word from the company would be responsible, even if it's a firm "No breach". It's not an issue to go ostrich with. People overlook bad customer service, but play with their money/identity and not be honest about it? That doesn't go so well.

I would imagine that there are many many horrid examples of people making bad cyber security decisions around the game. Just goes with the territory.

As for customer service... ZOS can't say anything more until they investigate. The last thing they want to do is roll out speculation and have it be wrong. My guess is that these emails were glitches in the account system, not a response to anyone trying to log into the ESO account. I didn't see any of the access codes, so I could not tell if they were from attempts to log into the game or attempts to log into the account system, but my guess is the account system.

Tandor wrote: »

If I "knew" the password on an account I wouldn't be able to use it without knowing the name of the account to which it applied. I don't understand why that would be unimportant, or why it should be freely available in the public domain. Please explain!

In any identity + secret scheme, like account names and passwords, the easiest thing to find out about someone is their identity. Orders of magnitude easier. This is because the scheme does not make any attempt to hide the identity, so all attempts to do this will fail. All of the security is in the secret, in this case, the password. If you "know" the password, then that account is ***, no matter what.

This is why we have two factor authentication. If securing an identity + secret was as simple as hiding the identity, we'd be set for life.

Amottica

ZOS_GinaBruno wrote: »

Hi everyone, if you received one of these emails, please submit a ticket with Support and provide the details. You can choose the "Account Recovery" category. Thank you!

This reply seems to say it all, that it is fishy.

I just checked my email.
Emails from ESO are from no-reply@email.bethesda.net.
Emails that are forum related are from noreply.forums@elderscrollsonline.com

Someone got not so creative with creating that new domain. If other players are seeing this I would be concerned that Zenimax got hacked.

Some password advice, though. Do not use the same password for the game used for the related email and a different one for your bank. Sharing passwords among different accounts is just giving it all away.

davidtk

Elsonso wrote: »

I didn't see any of the access codes, so I could not tell if they were from attempts to log into the game or attempts to log into the account system, but my guess is the account system.

Here is full email

Elsonso

Amottica wrote: »

I just checked my email.
Emails from ESO are from no-reply@email.bethesda.net.
Emails that are forum related are from noreply.forums@elderscrollsonline.com

Someone got not so creative with creating that new domain. If other players are seeing this I would be concerned that Zenimax got hacked.

What email address did your mysterious email come from?

Edit: the one listed in the first comment, "noreply@mail.elderscrollsonline.com", is legit.

Edit 2: @davidtk if the code has a space in it, I think it comes from attempting to log into the website. If it does not, I think it comes from attempting to log into the game.

davidtk

Elsonso wrote: »

Amottica wrote: »

I just checked my email.
Emails from ESO are from no-reply@email.bethesda.net.
Emails that are forum related are from noreply.forums@elderscrollsonline.com

Someone got not so creative with creating that new domain. If other players are seeing this I would be concerned that Zenimax got hacked.

What email address did your mysterious email come from?

Edit: the one listed in the first comment, "noreply@mail.elderscrollsonline.com", is legit.

Mine from:


All of the links in the mail are legit working adresses

Amottica

Elsonso wrote: »

Amottica wrote: »

I just checked my email.
Emails from ESO are from no-reply@email.bethesda.net.
Emails that are forum related are from noreply.forums@elderscrollsonline.com

Someone got not so creative with creating that new domain. If other players are seeing this I would be concerned that Zenimax got hacked.

What email address did your mysterious email come from?

Edit: the one listed in the first comment, "noreply@mail.elderscrollsonline.com", is legit.

I did not get one. I was just noting the two emails I get from Zenimax and they do not match what the OP noted.

It is typical for a scam email to make it look like the email address is legit as they have here. It is good that the OP found this did not pass the smell test.

It is also best to avoid clicking on any links in such emails.

davidtk

Elsonso wrote: »

Edit 2: @davidtk if the code has a space in it, I think it comes from attempting to log into the website. If it does not, I think it comes from attempting to log into the game.

Six characters without a space.
As I wrote, all links was real valid links to eso website.

Baertram

Same here, all email header info and links etc. is directing to ESO and no spam or other websites.
I did not check the email's depth for any hidden trackers etc. but it looks, on first sight, like an officially "Account login" try where someone knew the email and password (or maybe tried to reset the password and there was that security layer in between which prevented it and showed the ZOs email that was generated matching to the language of the IP where the password reset was tried from > Russian).

Elsonso

davidtk wrote: »

Elsonso wrote: »

Amottica wrote: »

I just checked my email.
Emails from ESO are from no-reply@email.bethesda.net.
Emails that are forum related are from noreply.forums@elderscrollsonline.com

Someone got not so creative with creating that new domain. If other players are seeing this I would be concerned that Zenimax got hacked.

What email address did your mysterious email come from?

Edit: the one listed in the first comment, "noreply@mail.elderscrollsonline.com", is legit.

Mine from:


All of the links in the mail are legit working adresses

Yeah, looking back at the emails I get from logging in and them sending me a code, they came from that address. I have emails going back months years on multiple accounts that come from that address. I don't think that the emails are forged in any way. They appear to be the legitimate emails that get sent out. The bigger questions is why did they get sent out.

Edit: not only that, one I forced today is digitally signed by the same account as one that I got in 2019. If you have a way to check the TLS security for the email, it should be signed by the email address above.

davidtk

Elsonso wrote: »

davidtk wrote: »

Elsonso wrote: »

Amottica wrote: »

I just checked my email.
Emails from ESO are from no-reply@email.bethesda.net.
Emails that are forum related are from noreply.forums@elderscrollsonline.com

Someone got not so creative with creating that new domain. If other players are seeing this I would be concerned that Zenimax got hacked.

What email address did your mysterious email come from?

Edit: the one listed in the first comment, "noreply@mail.elderscrollsonline.com", is legit.

Mine from:


All of the links in the mail are legit working adresses

Yeah, looking back at the emails I get from logging in and them sending me a code, they came from that address. I have emails going back months years on multiple accounts that come from that address. I don't think that the emails are forged in any way. They appear to be the legitimate emails that get sent out. The bigger questions is why did they get sent out.

Yea that weird. If someone just tried ID and pswd that had to be very much attempts...
The account should be locked due to many bad attempts for login. And if someone had from god know where my pswd, there should be some better security like 2fa and from where the pswd came...
EDIT: I dont have that email anymore but i found older ones with 7 characters code but i dont know how many characters must security code have...

DinoZavr

The full message makes the difference.

@davidtk the entire picture changes with that full message, but not just the second half you published earlier.

This gives 2 major interpretations.
1. Less likely: password was successfully guessed and this is the authentic device authorization message
2. Most likely: fishing because of players' e-mails leak. In this case links (most likely) lead to the malicious site (pretending to be ESO support) ordering you to enter your real @UserID and password.

NEVER follow the links in the mails you suspect fraud.

davidtk

DinoZavr wrote: »

The full message makes the difference.

@davidtk the entire picture changes with that full message, but not just the second half you published earlier.

This gives 2 major interpretations.
1. Less likely: password was successfully guessed and this is the authentic device authorization message
2. Most likely: fishing because of players' e-mails leak. In this case links (most likely) lead to the malicious site (pretending to be ESO support) ordering you to enter your real @UserID and password.

NEVER follow the links in the mails you suspect fraud.

As there was written, all links led to legite ESO website pages.

DinoZavr

davidtk wrote: »

As there was written, all links led to legite ESO website pages.

Interesting.
which gives us the third option: a glitch in ESO login security system which led to erroneous sending device authentication mails.
This is less scary than option 2, but still, alarming.

Elsonso

DinoZavr wrote: »

The full message makes the difference.

@davidtk the entire picture changes with that full message, but not just the second half you published earlier.

This gives 2 major interpretations.
1. Less likely: password was successfully guessed and this is the authentic device authorization message
2. Most likely: fishing because of players' e-mails leak. In this case links (most likely) lead to the malicious site (pretending to be ESO support) ordering you to enter your real @UserID and password.

More most likely: Email is legit, but it is an errant email from ZOS that is unrelated to any attempts to log in.

Just because people get an email with a code does not mean that someone did something that generated the email. The ZOS system is probably more than capable of churning out thousands of those emails in a very short time, with no outside input needed at all.

Never assume malice when a ZOS software bug can explain everything.


Edit:

davidtk wrote: »

This is less scary than option 2, but still, alarming.

Meh. Not alarming at all, unless one is alarmed by errant emails. As the email says, after translation, if you didn't make the attempt, you can ignore the email.

vsrs_au

Elsonso wrote: »

Lumenn wrote: »

Wait, has there been a data breach? @ZOS_GinaBruno might want to get on top of this either way before your forums(and others) blow up. An official announcement would be nice.

Definitely a curious case, but I wouldn't assume "data breach" quite yet.

I would, however, change passwords A.S.A.P.... and not from a computer normally used for gaming. Ideally, you want to trigger the "new IP" email when you log in to change your password.

Edit: Also, if you do not have 2FA on the email account, do that first.

Yes, 2FA definitely helps. I have it enabled, and haven't received any of these emails.