manukartofanu wrote: »

Did someone actually believe that DDoS story after one suspicious comment on Reddit?

Tenthirty2 wrote: »

WHAT.

I find myself a bit angry right now.

Rich's quoted response when asked if the team was aware of the poor game performance and connection issues makes me a bit concerned:
"We are most definitely aware. It's been a rough few weeks - DDOS attacks have been a big part of perf issues, but aren't the only issue we're looking into."

Rich, what the hell?

Unless I miss my guess here we have been feeling the result of these attacks for about a week now. Building in severity to this past weekend where it was clear someone was definitely squeezing fairly hard.

"We are most definitely aware"
That's great, your customers weren't and you let them run on their own assumptions.
Some of them wasted a lot of their time troubleshooting their own networks, client installs, etc when if they'd known I'm sure they would have liked to have spent that time doing something else.

This also gives nice negative-press ammunition to your competitor's marketing\PR teams...

Once verified, a DDoS event should have been reported to the user base. It would have demonstrated:
- Honesty, "Hey all, our platform and\or its supporting infrastructure\services are being targeted."
- Responsibility, "We are aware and are working on mitigating these attacks to keep the service stable."
- Capability, showing you are willing and capable of dealing with bad actors would be a better flex than hiding or avoiding disclosing a truth, unless you are directly asked during an AMA for your next money-making content launch...
That doesn't present a strong image to anyone.

What really gives me anxiety though is the last line:
", but aren't the only issue we're looking into."

Now isn't the time to be dodgy or ambiguous.
"issue" that you're looking into could be anything and the way you framed it there, right on the heels of confirming a DDoS attack, is going to make people assume all sorts of horrible things.

And give people like me heartburn over potential "issue"s like for example, a data breach that came hand-in-hand with the attack.

Enough that I'm changing my passwords and keeping a very close eye on my charge account now. Fingers crossed that it's nothing like this, but it never hurts to be extra cautious.

NOTE: I have no hard evidence that there was any data breach or exfiltration of personal and\or financial customer data. Just speculation based on experience. I don't play ESO for a living.

DenverRalphy wrote: »

TechMaybeHic wrote: »

Thing I am not buying is a DDOS lasting this long

Depending on the determination of the group behind it, how much they feel slighted, and the validation they may believe they're getting in return, it can last quite some time. I've seen some last for months.

sarahthes wrote: »

Tenthirty2 wrote: »

WHAT.

I find myself a bit angry right now.

Rich's quoted response when asked if the team was aware of the poor game performance and connection issues makes me a bit concerned:
"We are most definitely aware. It's been a rough few weeks - DDOS attacks have been a big part of perf issues, but aren't the only issue we're looking into."

Rich, what the hell?

Unless I miss my guess here we have been feeling the result of these attacks for about a week now. Building in severity to this past weekend where it was clear someone was definitely squeezing fairly hard.

"We are most definitely aware"
That's great, your customers weren't and you let them run on their own assumptions.
Some of them wasted a lot of their time troubleshooting their own networks, client installs, etc when if they'd known I'm sure they would have liked to have spent that time doing something else.

This also gives nice negative-press ammunition to your competitor's marketing\PR teams...

Once verified, a DDoS event should have been reported to the user base. It would have demonstrated:
- Honesty, "Hey all, our platform and\or its supporting infrastructure\services are being targeted."
- Responsibility, "We are aware and are working on mitigating these attacks to keep the service stable."
- Capability, showing you are willing and capable of dealing with bad actors would be a better flex than hiding or avoiding disclosing a truth, unless you are directly asked during an AMA for your next money-making content launch...
That doesn't present a strong image to anyone.

What really gives me anxiety though is the last line:
", but aren't the only issue we're looking into."

Now isn't the time to be dodgy or ambiguous.
"issue" that you're looking into could be anything and the way you framed it there, right on the heels of confirming a DDoS attack, is going to make people assume all sorts of horrible things.

And give people like me heartburn over potential "issue"s like for example, a data breach that came hand-in-hand with the attack.

Enough that I'm changing my passwords and keeping a very close eye on my charge account now. Fingers crossed that it's nothing like this, but it never hurts to be extra cautious.

NOTE: I have no hard evidence that there was any data breach or exfiltration of personal and\or financial customer data. Just speculation based on experience. I don't play ESO for a living.

Reporting on ddos tends to embolden the perpetrators. Not confirming it externally bores them after a while.

DDoS is very separate from data being compromised. It's just message/traffic spamming so that connectivity to the server is compromised.