Hacked Account Turnaround Times?

evendel

I've recently been hacked. I used the in-game reporter for it and it asked if I was reporting a player, which I thought odd, but I let it pass. I logged out and changed my password just in case. So does anyone have any ideas on how long until I get some kind of response from Zenimax about this?

KerinKor

Er, if you were 'hacked' how did you use the "in-game reporter"?

Please define 'hacked' as you use it because in the usual sense of 'hacked account' you'd not be able to log in or change a password.

Vlas

KerinKor wrote: »

Er, if you were 'hacked' how did you use the "in-game reporter"?

Please define 'hacked' as you use it because in the usual sense of 'hacked account' you'd not be able to log in or change a password.

Yeah, seems really weird, haha.

"I logged into my hacked account, how long until I can log into my hacked account?"

KerinKor

I'm guessing @evendel has been hit by the bank bug.

Fenbrae

Either he has been hit by the bank bug (in which case, old news) or all his money got sent away to some other guy (in which case, both his account and mail password must be real easy to crack).

evendel

A hacked account, to my knowledge, is an account that has been...stolen? I guess? By the way you guys are meaning. I logged out and an hour later logged back in. A significant amount of stuff was missing from my character AND bank. Anything of particular or even potential value. Low level runestones were left behind and alchemy ingredients. All of my gold was gone. I haven't logged any other characters until I noticed stuff was missing, I haven't created any new characters, I haven't chosen to skip the Coldharbour intro. They moved my characters around and emptied out stuff worth turning into a quick profit.

starkerealm

Yeah, when they hack an account, it's usually taken, and then used as another mule for spamming... This is the first I've heard of someone stripping an account on ESO.

jimmythesaintb14_ESO

This isn't what I would call "hacked". Someone probably just guessed your password and accessed your account and wiped you out. Come up with a good password next time. Use numbers and letters along with lower and UPPER case.

Lox

Could this be one of the first reported instances of an account being access by someone else due to ZOS actively distributing account login names? Therefore, with a little social engineering it can be relatively easy to predict someones password.

Good thread here

http://forums.elderscrollsonline.com/discussion/75786/account-username-as-contact-name-really/p1

regarding the stupid idea to use people account login name as an in-game identifier! ZOS apparently have little comprehension of the basic concepts associated with account security.

Vlas

That isnt an issue Lox...

That is a dead horse that has been beaten to a pulp

GossiTheDog

It's unlikely you were hacked. It's more likely you've been caught in the well documented bank issues here. Change password and don't worry about it.

evendel

I haven't exactly deeply researched the bank bug...but what that bug seems to be, to me at least, is a complete wipe of everything in the bank plus any space upgrades. It doesn't wipe your currently played character, it doesn't wipe your in pocket gold. My bank was left with runes and a few alchemy ingredients, my pockets were completely emptied, and all the weapons and armor that I wasn't wearing were gone from both my inventory AND my bank. So...in my opinion, probably not the bank bug. I have gotten a response saying my issue has been elevated, so clearly Zenimax is willing to attempt to do something.

Thank you all for repeatedly saying it must be my lack of a decent password or an obvious bug when what I actually asked was how long it would likely take to get a response from Zenimax. The answer is within a day, even on the weekend.

Myth1184

how did you get hacked and they get past the IP authentication?

Vixus

Myth1184 wrote: »

how did you get hacked and they get past the IP authentication?

The IP authentication isn't actually an IP auth, it's a HWID auth triggered by the client, if I'm not mistaken.

the reason I'm saying it's not an IP auth is because IP's tend to be volatile, especially if your ISP does 'dynamic IP leasing' (Which means your IP changes every time you reset your modem, basically)

HWID's and MAC addresses can be spoofed.

RedTalon

Sounds like the bank bug, has a hacker would need remote access to your computer or your email to be able to fully hack you. Cause if you log into your account/game from a new site it asks for a code.

Vixus

RedTalon wrote: »

Sounds like the bank bug, has a hacker would need remote access to your computer or your email to be able to fully hack you. Cause if you log into your account/game from a new site it asks for a code.

I'm not saying that you are wrong, but
That is not entirely true, because:

Vixus wrote: »

Myth1184 wrote: »

how did you get hacked and they get past the IP authentication?

The IP authentication isn't actually an IP auth, it's a HWID auth triggered by the client, if I'm not mistaken.

the reason I'm saying it's not an IP auth is because IP's tend to be volatile, especially if your ISP does 'dynamic IP leasing' (Which means your IP changes every time you reset your modem, basically)

HWID's and MAC addresses can be spoofed.

Which means, if I am able to fool the client that my system data isn't different from the 'victim', it'll let me in.

Hodorius

I think this "IP-check" is there to make account sharing "harder" and has nothing to do with security.
If you shared your acc you would have to give your friend your email acc login and pw too.

I think this because once I did not receive any email for a long time and when I tried to log in it worked... without entering anyhing.

That´s why I think this is just some random scare crow...

Vixus

Hodorius wrote: »

I think this "IP-check" is there to make account sharing "harder" and has nothing to do with security.
If you shared your acc you would have to give your friend your email acc login and pw too.

Not true, you'd only have to give him the auth code mailed to you, not access to your mailbox.