Maintenance for the week of December 23:
• NA megaservers for maintenance – December 23, 4:00AM EST (9:00 UTC) - 9:00AM EST (14:00 UTC)
• EU megaservers for maintenance – December 23, 9:00 UTC (4:00AM EST) - 14:00 UTC (9:00AM EST)

Gold spammers and account security

BmcD73
BmcD73
✭✭✭
There were so much gold farmer spam yesterday that you couldn't read chat at all. I ended up turning off yell and zone chat all together. I already have like 20 names on ignore. Here is the thing as well: the messages were exactly the same each time. Which means the same person/group is spamming chat. Where are they getting these accounts because when you ignore it ignores their entire account. My guess is they are already hacking accounts which brings me to my point....security. There are zero account security features built into this game (from what I've seen). Anyone know anything about what their plans are?
  • OmgItzSlash
    All you have to do is pay 5 dollars to pre order this game and get the ability to play it for the first 5 early access days so i assume that's what the gold farmers are doing.
  • BmcD73
    BmcD73
    ✭✭✭
    That may be true but doesn't mean there shouldn't be some type of account security.
  • Xionar
    Xionar
    ✭✭✭
    They're likely not using any hacked accounts as of now. All of their usernames are very spammy like afejiowhg, and nothing that any normal person would pick.

    As for what they're planning, I have no clue, I would assume some sort of authenticator.
  • k9mouse
    k9mouse
    ✭✭✭✭✭
    Keep reporting them, it will let ZOS know how BIG the problem is and better info in how to battle with the gold farmers.
  • BmcD73
    BmcD73
    ✭✭✭
    Well I have seen some very normal usernames as well. I'm just curious how/what they are doing. I find it very odd that I see a spammy message that has a very specific format, I ignore, and 2 minutes later I get the EXACT same spammy message from a different account.

    To report, you need the @name correct? What is the best way to find the @name?
  • BmcD73
    BmcD73
    ✭✭✭
    The other thing is that ESO is giving hackers 1/2 of the equation by listing/showing your account name to the world. From a security point of view, that just seems unwise especially without any account security in place.
  • Seraseth
    Seraseth
    ✭✭✭✭
    BmcD73 wrote: »
    To report, you need the @name correct? What is the best way to find the @name?

    Just right click their name and click report. If you can't scroll up to see their name because of the wall of text, go into your settings and set the text size down to like 9.
    Edited by Seraseth on April 2, 2014 5:30PM
  • nerevarine1138
    nerevarine1138
    ✭✭✭✭✭
    ✭✭✭✭✭
    Account security features:

    1) Your password. It is unique, right?
    2) Your anti-malware scans that you run regularly. Right?
    3) Your ability to not click on links when you don't know what the source is.
    ----
    Murray?
  • BmcD73
    BmcD73
    ✭✭✭
    Account security features:

    1) Your password. It is unique, right?
    2) Your anti-malware scans that you run regularly. Right?
    3) Your ability to not click on links when you don't know what the source is.

    You are totally 100% correct because
    1) Your password can never be figured out by a brute force attack , dictionary attack, or any other means
    2) Anti malware and antivirus catch everything not matter what
    3) There are never any security flaws in Windows or browsers or email clients
  • BmcD73
    BmcD73
    ✭✭✭
    Seraseth wrote: »
    BmcD73 wrote: »
    To report, you need the @name correct? What is the best way to find the @name?

    Just right click their name and click report. If you can't scroll up to see their name because of the wall of text, go into your settings and set the text size down to like 9.

    I did not see a "report" on right click. Maybe I missed it. I will check again. I haven't seen much of this since I just turn off zone chat.
  • nerevarine1138
    nerevarine1138
    ✭✭✭✭✭
    ✭✭✭✭✭
    BmcD73 wrote: »
    You are totally 100% correct because
    1) Your password can never be figured out by a brute force attack , dictionary attack, or any other means
    2) Anti malware and antivirus catch everything not matter what
    3) There are never any security flaws in Windows or browsers or email clients

    1) No one uses brute force attacks, and your password should be secure enough for it to not be broken by one.
    2) They catch pretty much everything that isn't brand new.
    3) When there are, that's what your AV/anti-malware software is for.

    Over 2 decades online: no compromises. Either I should quit my job and go to Vegas, or users really are responsible for their own security.
    ----
    Murray?
  • Seraseth
    Seraseth
    ✭✭✭✭
    I think the biggest current issue is using the same very good very secure password in multiple locations.

    I know GW2 reported that they were seeing hackers use a database of usernames & passwords they already possessed and trying several variations on the password before moving on. IE: Fluffybunny12, Fluffybunny13, FluffyBunny12 etc.

    Games are generally quite secure, but every random fan site isn't, and if you use the same password somewhere else, it can compromise multiple games/sites for you.
  • BmcD73
    BmcD73
    ✭✭✭
    1) No one uses brute force attacks, and your password should be secure enough for it to not be broken by one.
    2) They catch pretty much everything that isn't brand new.
    3) When there are, that's what your AV/anti-malware software is for.

    Over 2 decades online: no compromises. Either I should quit my job and go to Vegas, or users really are responsible for their own security.

    1) Of course people use brute force/dictionary attacks. Especially when there are no security features built in to prevent it.
    2) Totally incorrect. First, not all are created equal. Second, I have seen users that have both antivirus and antimalware programs and have both viruses and malware. So they definitely don't catch everything and they are less than perfect.
    3) Again, totally incorrect. Antimalware and antivirus programs don't do anything to prevent security flaws in windows, browsers, or email clients. That is the very nature of the security flaw.

    Not everyone is as sophisticated and smart as you. But a there are minimum of 2 parts to securing anything online; a username and a password. ESO is giving hackers 1/2 of the equation. From a security point of view, that is bad practice no matter how smart you are or how secure you think you are. It is for these reasons almost every other MMO has something "more" to secure these accounts.
  • nerevarine1138
    nerevarine1138
    ✭✭✭✭✭
    ✭✭✭✭✭
    As someone mentioned in a previous thread, everyone in the military has the exact same style of username. Your username is meaningless without your password.

    And to say ESO doesn't have anything in place is ridiculous. They have an auto-lockout feature if you try to log in from an unfamiliar IP. Do you really think they don't have something to lock your account the same way if you have too many failed attempts?

    When I say brute force attacks aren't used, I mean they aren't used by any halfway competent people. If someone knows you, they might try to brute force your password, but gold-sellers use keyloggers and phishing. They don't need to bother with brute force; it's inefficient and ineffective.
    ----
    Murray?
  • BmcD73
    BmcD73
    ✭✭✭
    Seraseth wrote: »
    I think the biggest current issue is using the same very good very secure password in multiple locations.

    I know GW2 reported that they were seeing hackers use a database of usernames & passwords they already possessed and trying several variations on the password before moving on. IE: Fluffybunny12, Fluffybunny13, FluffyBunny12 etc.

    Games are generally quite secure, but every random fan site isn't, and if you use the same password somewhere else, it can compromise multiple games/sites for you.

    Very good point. A strong password that has been compromised doesn't do you much good :)

    But again, this is another reason why there should be additional account security especially given the projected size of this game.
  • Melian
    Melian
    ✭✭✭✭
    BmcD73 wrote: »
    I did not see a "report" on right click. Maybe I missed it. I will check again. I haven't seen much of this since I just turn off zone chat.

    There was one guy who was posting several blank lines and then a fake name ([Superman]) before his spam.

  • BmcD73
    BmcD73
    ✭✭✭
    Seraseth wrote: »
    I think the biggest current issue is using the same very good very secure password in multiple locations.

    I know GW2 reported that they were seeing hackers use a database of usernames & passwords they already possessed and trying several variations on the password before moving on. IE: Fluffybunny12, Fluffybunny13, FluffyBunny12 etc.

    Games are generally quite secure, but every random fan site isn't, and if you use the same password somewhere else, it can compromise multiple games/sites for you.

    Very good point. A strong password that has been compromised doesn't do you much good :)

    But again, this is another reason why there should be additional account security especially given the projected size of this game.
  • Unvalid
    Unvalid
    ✭✭
    I want a security key app for my phone to use with this game.
    that way i can go back to using names of female naughty bits as passwords
    instead of having to have a 145 string password of a bajillion letters number symbols and colors.
    Edited by Unvalid on April 2, 2014 6:12PM
    "I dual wield two dwarves dual wielding two two-handed swords in two-handed grips with one hand in each hand"
Sign In or Register to comment.