heartbleed attack - Are our accounts and information safe?

flave · April 2014

There is a new vulnerability that affects a large portion of the internet. You can read more about it here - http://heartbleed.com/

I want to make sure that we are protected and the ESO servers (account and login) have been patched, assuming that they are using openssl, to the latest release.

Basically with an un-patched vulnerable version of openssl can be attacked and memory can be dumped with private keys, passwords, etc..

Would really appreciate it if someone from ESO could chime in here to to confirm security measures have been taken and that we have nothing to worry about.

NeeScrolls · April 2014

flave wrote: »

Would really appreciate it if someone from ESO could chime in here to to confirm security measures have been taken and that we have nothing to worry about.

There's always something to worry about when online the Interwebs

But yeah, i suspect one of the ESO higher-ups representatives will be posting very soon to address the game's Account name in-game security 'flaws'.

Hopefully.

jaschacasadiob16_ESO · April 2014

Well, if you consider that during the early access people reported they were logging into other people's accounts, which means they could steal your gold, delete your items, mess with the guild and delete your chars directly... you should feel pretty much safe.

Lina · April 2014

http://filippo.io/Heartbleed/#elderscrollsonline.com:443

Pahebe · April 2014

Thanks, I won't sleep at night now. Make sure to screenshot your whole character every night before going to bed.

Some things going wrong here. ZOS, please hurry up

JD2013 · April 2014

I am honestly worried about this. I am going to go and buy a timecard tomorrow.

flave · April 2014

Lina wrote: »

http://filippo.io/Heartbleed/#elderscrollsonline.com:443

Thanks for posting this Lina. I tested it earlier as well and received the same results. I heard Blizzarrd did rolling restarts early this morning/last night which many suspect were to address this issue. Do the login servers use the same authentication servers as the account management web page?

If you test accounts.elderscrollsonline.com you get a better result. "http://filippo.io/Heartbleed/#account.elderscrollsonline.com:443"

Hopefully we have nothing to worry about.

ZOS_MichaelServotte · April 2014

Many people learned about this new vulnerability yesterday and we took the issue very seriously. Here at ZOS, we quickly did an evaluation of all our systems and corrected any that had the potential to be affected. Our account systems and authentication systems did not have this potential and therefore were not vulnerable at any time.

otomodachi · April 2014

ZOS_MichaelServotte wrote: »

Many people learned about this new vulnerability yesterday and we took the issue very seriously. Here at ZOS, we quickly did an evaluation of all our systems and corrected any that had the potential to be affected. Our account systems and authentication systems did not have this potential and therefore were not vulnerable at any time.

Thanks for the quick reply on that on, Michael, I think it will really pay off in this case!

Vodkaphile · April 2014

ZOS_MichaelServotte wrote: »

Many people learned about this new vulnerability yesterday and we took the issue very seriously. Here at ZOS, we quickly did an evaluation of all our systems and corrected any that had the potential to be affected. Our account systems and authentication systems did not have this potential and therefore were not vulnerable at any time.

Whabam!

calamity · April 2014

Thank you for the quick response and great communication.

felixgamingx1 · April 2014

Glad I created a separate bank account now.

savinel · April 2014

Awesome. Thanks for jumping right on this.