The Elder Scrolls Online

  • Guest, it's time once again for the massively important and exciting FoH Asshat Tournament!



    Go here and give us your nominations!
    Who's been the biggest Asshat in the last year? Give us your worst ones!
F

Flight

Molten Core Raider
1,230
288
Rescorla_sl said:
Let's say your character name in TESO is "Flight" but your TESO account name that you use to login to the game is "PRX-Flight". When you type something in chat, it displays "PRX-Flight" instead of "Flight". A hacker can just monitor zone chat and write down account names and they already have half of your authentication info.

Months ago on PTS the testers were telling ZOS it was a bad idea to no avail.
Click to expand...
Wow, mind blown.
 
R

Rescorla_sl

shitlord
2,233
0
Tuco_sl said:
So a rough timeline:
A couple weeks ago: Yahoo's email system gets hacked
A few days ago: You cancel your ESO account
A couple days ago: You get a password request notification
Yesterday: You can no longer log into your gaming email account or your ESO account.

Conclusion:


Sorry you got hacked bro, but that's a coincidence. There's tons of people that get hacked because the market for MMO accounts is huge. Hackers get your account, liquidate it, then use it for a mule/spam account / laundering / sales etc.
Click to expand...
Actually if his yahoo mail account was hacked first (from Heartbleed or whatever), I can see how they did it. There was probably an older email from ZOS saying something along the lines of "Utnayan your account has been created". Now they have his account name. Next step is go to the Forgot Password page and put in his correct account name. Since they have already hacked his email account, they open up the ZOS email that has a URL to change his TESO account password. Now both his email and TESO account are compromised.
 
Utnayan

Utnayan

F16 patrolling Rajaah until he plays DS3
<Gold Donor>
16,526
12,566
Rescorla_sl said:
Actually if his yahoo mail account was hacked first (from Heartbleed or whatever), I can see how they did it. There was probably an older email from ZOS saying something along the lines of "Utnayan your account has been created". Now they have his account name. Next step is go to the Forgot Password page and put in his correct account name. Since they have already hacked his email account, they open up the ZOS email that has a URL to change his TESO account password. Now both his email and TESO account are compromised.
Click to expand...
The email account was made 4 weeks ago. And completely unrelated to anything but TESO. I guess I see where you are coming from, but how such a randomly created email account with nothing bearing anything remotely close to a TESO account... It doesn't add up. That and if that were the case, I wouldn't have gotten a password reset request from TESO BEFORE my email account was hacked. I would have had my email account hacked first, then the TESO Account.
 
Tuco

Tuco

I got Tuco'd!
<Gold Donor>
47,400
80,868
Rescorla_sl said:
Let's say your character name in TESO is "Flight" but your TESO account name that you use to login to the game is "PRX-Flight". When you type something in chat, it displays "PRX-Flight" instead of "Flight". A hacker can just monitor zone chat and write down account names and they already have half of your authentication info.

Months ago on PTS the testers were telling ZOS it was a bad idea to no avail.
Click to expand...
In addition to that, the account names for half the forum accounts (not ingame) are just the email addresses for people. So if my email is[email protected]/* <![CDATA[ */!function(t,e,r,n,c,a,p){try{t=document.currentScript||function(){for(t=document.getElementsByTagName('script'),e=t.length;e--;)if(t[e].getAttribute('data-cfhash'))return t[e]}();if(t&&(c=t.previousSibling)){p=t.parentNode;if(a=c.getAttribute('data-cfemail')){for(e='',r='0x'+a.substr(0,2)|0,n=2;a.length-n;n+=2)e+='%'+('0'+('0x'+a.substr(n,2)^r).toString(16)).slice(-2);p.replaceChild(document.createTextNode(decodeURIComponent(e)),c)}p.removeChild(t)}}catch(u){}}()/* ]]> */my forum account would be tucobenedito_ESO.
 
Vitality

Vitality

HUSTLE
5,808
30
A lot of people reporting that after ZOS gets your info they deny the refund with no reason. Bummer bros. Better charge back that shit.

Asking for secret question answer is pretty fking sketch too.
 
Cinge

Cinge

Ahn'Qiraj Raider
7,277
2,304
Vitality_sl said:
Asking for secret question answer is pretty fking sketch too.
Click to expand...
They have to ask for something to verify you own the account. When I called for support about their site not accepting my debit card they asked me for the answer to secret question.


On a side note, fun to watch UT in his tin-foil hat mode.
 
Vitality

Vitality

HUSTLE
5,808
30
IDK man, everyone and their mother has my email address because my forum profile. Everyone and their mother has my Account name. The secret answer is the only thing stopping anyone who might get a peak at these support emails from just swapping my PW and nabbing my account.

I mean FFS what happened to them directing you to an account verification area, or heaven forbid logging into your account on the support tool as a means of verification rofl.

Baby's first MMO - Chapter 2 - Support
 
R

Rescorla_sl

shitlord
2,233
0
Cinge_sl said:
On a side note, fun to watch UT in his tin-foil hat mode.
Click to expand...
ZOS internal memo dated the day Utnayan lost his bet.

To all TESO customer service reps:

If you receive any formal service requests from account name "Utnayan", do not process the request but instead come and notify me. I will handle the ticket personally.

Regards
Paul Sage
 
Vitality

Vitality

HUSTLE
5,808
30
Bro sage probably had them write UT's secret answer on a sticky note and send it to him so he could get his shit jacked.

Ultra Spite. Feel bad for Ut. Not cool.
 
Utnayan

Utnayan

F16 patrolling Rajaah until he plays DS3
<Gold Donor>
16,526
12,566
Rescorla_sl said:
ZOS internal memo dated the day Utnayan lost his bet.

To all TESO customer service reps:

If you receive any formal service requests from account name "Utnayan", do not process the request but instead come and notify me. I will handle the ticket personally.

Regards
Paul Sage
Click to expand...
I laughed.

Either way, with everything else that has gone wrong with this game they are trying to fix, may have fixed, and from examples you have already shown above - I highly doubt security is on the top of their list.
 
Utnayan

Utnayan

F16 patrolling Rajaah until he plays DS3
<Gold Donor>
16,526
12,566
Vitality_sl said:
Bro sage probably had them write UT's secret answer on a sticky note and send it to him so he could get his shit jacked.

Ultra Spite. Feel bad for Ut. Not cool.
Click to expand...
Meh. This is why I keep all my shit separated. I make a new email account for every MMORPG registration because I simply do not trust they will handle security well. In this case, not one other email/account in any other game has been touched. (I have 7) and the reason why this is so suspicious (Not from a Paul Sage getting revenge plot, but I thought that was hilarious when Rescorla wrote it) is because of the sequence in which it happened. Had my email been hacked, then I lost my TESO account, that's one thing. But to log into that email account, see a password request change from TESO that I didn't initiate in the inbox, (One specific email, one speicific game, in an email only created to be used with said game - nothing else) then my TESO account gets hacked, and my email account gets hacked - I will lean to believe that security, especially with examples Tuco and Rescorla have already provided in how easy it is to obtain user account names/emails, Zenimax Online has very poor security currently.

So my advice would be to create your own unique email just for this game, and change your email registration with Zenimax Online and the secret answers and everything else associated with it. So if by chance there is a major glitch here, you don't lose a real email address you actually care about.
 
Zehnpai

Zehnpai

Molten Core Raider
399
1,245
Security is a funny thing. We have non-profits that invest half their IT budget in security and financial institutions that have told us to turn off password expiration because they "Can't be bothered having to write down a new password to tape to their monitor every 3 months."
 
F

Felmega_sl

shitlord
563
1
Cancelled.

I think the game is solid but my complaints started to outweigh my support.

Pros:
-I enjoy the first person combat a lot. I can only hope future MMO's incorporate a good first person perspective.
-Graphics can be nice at times, although not being able to control the AA/AS from my control panel is annoying.
-SOME of the stories are cool.
-Crafting

Cons:
-No nametags and no combat tab make for sterile PvP.
-Bad acting. People were just reading scripts. Also, hire more fkn actors.
-WAY too many women in the game. Period. 2/3rds of the guards, assassins, fighters, warriors are women! These positions should have been filled by Men. Killed my immersion. Women threatening me left and right, as if...
-The quest grind gets tedious. There should be less running back and forth and more action/fighting.
-Not enough variation and creativity in the landscape.

Solid game with some odd, detracting design flaws.
 
Tuco

Tuco

I got Tuco'd!
<Gold Donor>
47,400
80,868
A six is higher than what I'd give to gamespot's shitty fucking website redesign. I used them as my gaming information website for around a decade, now I can't stay on that site for more than a minute.
 
You must log in or register to reply here.