account suspended after being hacked (multiple claims)

PURPLE245 · March 2019

hello my account was hacked a few months ago so i sent support a emails about it but i got no reply for about 4 days so i emailed them from my old email what the account used before ... then i got a email saying my account was suspended for "multiple claims to the account with correct details". and since then i have emailed support and they will not help at all. i told them i sent from 2 of my emails and they just send back the same copy and paste message about multiple claims even tho i have explained. and if the hacker is also trying to reclaim it would be so easy for them to write my (game code/account created/and characters) or screenshot them but they will not even try to solve the issue asking something only i would know(deleted character before i was hacked ect)they just copy and paste there reply i have sent them screenshots of both emails and even payments from all the way to 2015 and they still send back a copy and paste lol im at a loss what to do i have sent hundreds hours/money and they ask the most basic questions anyone who had access can see.

JamieAubrey · March 2019

Damn the spelling got worse the more I got to the end

starkerealm · March 2019

Aside from offering best wishes that customer support sorts this out, there's not much we can do.

Though, I would say, update your ticket, don't just blindly send emails, because that's not how this system works.

seventyfive · March 2019

That text was a pain to look at.

Good luck with getting the issue resolved.

Zathras · March 2019

Phone them.

Your email has probably been flagged in some manner. As you said, "multiple claims to the account with correct details".

There is also the General Help forum, which may get you a better response.

Good luck!

Nemesis7884 · March 2019

How can one protect against hacking? I dont think there is 2 factor authentification?

starkerealm · March 2019

Nemesis7884 wrote: »

How can one protect against hacking? I dont think there is 2 factor authentification?

Couple things:

First, make sure your email account is, in fact, secure. Don't reuse a password for it. If your game password and email password are the same, that authentication step is meaningless.

Second, use a non-standard email for verification systems (like ESO's.) Yes, I'm telling you to set up an entirely different email for this game. (Or at least for your gaming, and possibly some other specific, trusted, services.)

Third, make sure your game password is secure, and does not match ones you use elsewhere. You can check HaveIbeenPwned to see if your email has been in any mass database breaches. If you believe your password has been compromised, change it.

Fourth: Learn how to generate, and use, reasonably secure passwords.

As always, there's this fun XKCD strip:

I don't recommend following that exact formula, because at this point a 4 place dictionary search attack is pretty viable. But, you can flavor it up a bit, while following that basic structure and you should be fine.

Also, if you've never read Brian Krebs's work. I'd recommend it. Not a lot about password security, but a ton on internet security as a whole. Most if it isn't going to be applicable, but it's worth knowing more about the world you live in.

Finally, practice good system hygiene. Keep an antivirus running, don't spend time on sketchy sites. Be cautious about installing software from unknown sources. Stuff like that. There are a lot of resources to get you started on how to keep your system in good condition.

The primary means of hacking your account are as follows:

You reused a password that was compromised in a breach. Now, ESO isn't going to be the first thing they check, but it's up there.

Someone gets you to give out your password. Most often this will be one of those emails that says, "log in or your account will be banned because reasons." Guess what? Log in through that site and you lose the account anyway. Another way would be they get you to install a piece of software. "Hey, look, this addon with an external .exe will let you use it as an out of game auction house." Only, it's a keylogger, so your password for the game, and probably your email gets hoovered up.

Ironically, another good way to potentially lose your account is if you reuse your ingame password elsewhere. Not all sites are trustworthy, so that weird fan site you frequent, turns out to be not on the level, and whoops, they have your password, @name and Email. Again, bonus points if your email and @name match, as do both passwords. Then it's a single point of failure for both accounts and you're hosed.

There are possibilities for failure on the backend. But, realistically, it's usually going to be one of those above, or something similar.

There are also other ways to compromise security; for example: if you're using a wireless keyboard, and someone is close enough to pick up the signal (which, with signal boosters can get you to a couple hundred yards, you can potentially get remote control over a system. But, that's a weird edge case, and more sophisticated than you'd see from someone trying to swipe an MMO account.

idk · March 2019

I have come to understand people make really bad decisions when it comes to their passwords such as using the same password for things like this game and also for the email tied to this game, which is not very bright. To access someone's game requires access to their email. But from what OP is saying, something had to be taken to the next level for it to get that bad.

Zos has a very good reason to be cautious and by banning the account until and unless they can determine who is properly entitled to the account they are protecting themselves and that proper account owner. Anything less would be very poor management. It is not Zos' fault the account was hacked.

Edit: and there are some ideas presented to improve account security. But the first thing is the passwords for email needs to be very different than the accounts tied to them. This of course also includes your bank account in case that is not obvious.

nine9six · March 2019

Obligatory: I really wish ZoS would release a 2-Factor Auth System for those of us who'd like to use it.

SWTOR has it done right. Use 2-Factor, get goodies. Saves Support man-hours.

At this point, I'd pay extra just to have the feature.

SaintSubwayy · March 2019

sorry to say that but..... IF someone managed to get his/her hands onto all the Datas required to claim your account as their own, then thats your own fault.

be it by either having a super easy password, no / bad / outdated maleware protection or by knowingly hand out your account data.

YOu can try to get your account back thou, there's information and options to prove that you own this account.
Credit Card payments, Recipe for buying the game etc. but you have to make the move and bring this evidence to ZOS, they dont come and ask you for such things.

idk · March 2019

nine9six wrote: »

Obligatory: I really wish ZoS would release a 2-Factor Auth System for those of us who'd like to use it.

SWTOR has it done right. Use 2-Factor, get goodies. Saves Support man-hours.

At this point, I'd pay extra just to have the feature.

They do have a system in place. Someone has to have their email hacked to also have their game hacked. The issue is people are lazy with passwords and use the same password for so much.

I know someone who had their ESO game hacked. They were confident their password was good because their WoW game, bank account and other things had never been hacked before. In other words, they were asking to be hacked and were lucky it was just ESO that got messed up.

starkerealm · March 2019

idk wrote: »

nine9six wrote: »

Obligatory: I really wish ZoS would release a 2-Factor Auth System for those of us who'd like to use it.

SWTOR has it done right. Use 2-Factor, get goodies. Saves Support man-hours.

At this point, I'd pay extra just to have the feature.

They do have a system in place. Someone has to have their email hacked to also have their game hacked.

Bonus points if the email account the use was also lost. In which case, at least from the support end, it will look like some rando wandered in and demanded they transfer control of an existing account to them. And it gets worse. Because, the rando is offering up a lot of information, which means Customer Support cannot trust that the information was obtained legitimately.

If CS asks for info, they can be reasonably sure that the customer is providing it. But if the customer/scammer is providing information, it's possible they got that data as part of a larger breach, and that info is not trustworthy.

idk · March 2019

starkerealm wrote: »

idk wrote: »

nine9six wrote: »

Obligatory: I really wish ZoS would release a 2-Factor Auth System for those of us who'd like to use it.

SWTOR has it done right. Use 2-Factor, get goodies. Saves Support man-hours.

At this point, I'd pay extra just to have the feature.

They do have a system in place. Someone has to have their email hacked to also have their game hacked.

Bonus points if the email account the use was also lost. In which case, at least from the support end, it will look like some rando wandered in and demanded they transfer control of an existing account to them. And it gets worse. Because, the rando is offering up a lot of information, which means Customer Support cannot trust that the information was obtained legitimately.

If CS asks for info, they can be reasonably sure that the customer is providing it. But if the customer/scammer is providing information, it's possible they got that data as part of a larger breach, and that info is not trustworthy.

You conveniently edited out much of my post.

It is their email that actually got hacked. People are lazy with passwords and almost beg to get hacked. OP had their email hacked which allowed the people to hack their game. It is not the other way around.

starkerealm · March 2019

idk wrote: »

You conveniently edited out much of my post.

Yeah, I do that sometimes. Though, I'm usually careful not to just restate their post back at them. I think the fault's on me this time, for skimming the post the first time, and missing the nuance.

Again, the point stands, lobbing unsolicited information at customer support to, "prove who you are," doesn't do that. It only leaves an option question of, "which was compromised, the 'proof' or the account?"

idk · March 2019

starkerealm wrote: »

idk wrote: »

You conveniently edited out much of my post.

Yeah, I do that sometimes. Though, I'm usually careful not to just restate their post back at them. I think the fault's on me this time, for skimming the post the first time, and missing the nuance.

Again, the point stands, lobbing unsolicited information at customer support to, "prove who you are," doesn't do that. It only leaves an option question of, "which was compromised, the 'proof' or the account?"

I would agree that just telling support random information would not help.

But the start is people need to be smart about their passwords.

starkerealm · March 2019

idk wrote: »

starkerealm wrote: »

idk wrote: »

You conveniently edited out much of my post.

Yeah, I do that sometimes. Though, I'm usually careful not to just restate their post back at them. I think the fault's on me this time, for skimming the post the first time, and missing the nuance.

Again, the point stands, lobbing unsolicited information at customer support to, "prove who you are," doesn't do that. It only leaves an option question of, "which was compromised, the 'proof' or the account?"

I would agree that just telling support random information would not help.

But the start is people need to be smart about their passwords.

Agreed. Also slightly savvy about what they do online, in general. A fantastic password won't save you from basic social engineering.

Elwendryll · March 2019

@starkerealm I didn't learn anything from your post and I already knew the strip, but for all the trouble you went through, you get an insightful. That's valuable information there.

Elwendryll · March 2019

idk wrote: »

You conveniently edited out much of my post.

It is their email that actually got hacked. People are lazy with passwords and almost beg to get hacked. OP had their email hacked which allowed the people to hack their game. It is not the other way around.

There has been some mass email leaks recently. My email got leaked. I had to change the password just in case. (I already have double factor authentication).

So that's not necessarily the owners fault. It probably is, but still...

SAMEASLEYb14_ESO · March 2019

start filing disputes on all charges for theft of funds bet they start talking to you then.

starkerealm · March 2019

SAMEASLEYb14_ESO wrote: »

start filing disputes on all charges for theft of funds bet they start talking to you then.

Bad idea. That can blow back on you in some very unpleasant ways.

jircris11 · March 2019

SAMEASLEYb14_ESO wrote: »

start filing disputes on all charges for theft of funds bet they start talking to you then.

That wont work, you can get in massive legal trouble for it. Besides most banks a companies look in to it before charging back and if your found to be trying to "froud" a company they can inform the law. Least here in the usa.

DaveMoeDee · March 2019

Regarding passwords that you can remember and that you keep unique on all sites -- if you are trying to remember all your passwords, you can't have very good passwords. People have way too many accounts to try to memorize passwords unless they have a standard password format with some site specific adornment. The problem with that is that a hacker could potentially identify that technique and you get exposed on multiple accounts.

Tia413 · March 2019

Back in the day when Trojans, Keyloggers and back doors were our biggest fears I had some of my info stolen and took my PC to my PC Tech guy (Hence why I went to him, to remove the problem from my PC). I was naive back then and had no virus protection, which helped none.

But anyway, He told me to use Notepad to store all my different email and password info on. And then to use copy and paste when inserting said info onto a site or when signing into a game/site.

I won't go into the details here of the exact method I was advised to use (you may send me a private message though and I will explain the method to you), but I haven't been compromised since then.
And I use a wireless keyboard and mouse.

I will however admit to someone having access to all my info not long ago, but ofc I was in a relationship with him for 5+ years and felt I could trust him.
Once the relationship ended I changed passwords on everything as soon as I had internet access once again.

I no longer allow access of my info to anyone.
One can never be too safe.

ZOS_JesC · March 2019

Greetings, for further assistance we would suggest reaching back out to support. You can also reach out to a moderator with your support ticket number and we can look into the status of your ticket.