Glorious Alpha Two Testers!

Phase I of Alpha Two testing will occur on weekends. Each weekend is scheduled to start on Fridays at 10 AM PT and end on Sundays at 10 PM PT. Find out more here.

Check out Alpha Two Announcements here to see the latest Alpha Two news and update notes.

Our quickest Alpha Two updates are in Discord. Testers with Alpha Two access can chat in Alpha Two channels by connecting your Discord and Intrepid accounts here.

Guildie account hacked, IS says it's your job to keep it safe

2»

Comments

  • NemesesNemeses Member
    edited September 20
    Noaani wrote: »
    Nemeses wrote: »
    If this is all true it’s an incredible poor response from IS, yes, I agree, they may get many of these types of tickets from morons trying to scam them, but it’s such a easy fix, account, blocked until ownership is proven.

    That would give me an incredibly easy way to pull a key leader out of the fight on a metropolis or castle siege.

    Please this is just rubbish, you going to hack an account first, its frightening that people are as stupid as this.
    The Immortals
    • We Lived a Thousand Lives, United we Stand.
    • Recruitment
  • mfckingjokermfckingjoker Member, Alpha Two
    Nemeses wrote: »
    BlackBrony wrote: »
    I had a guildie that had their account hacked. Somehow they gained access. Of course when these things happen it's a huge problem.
    It was a 250$ account, not a free one, mind you. They had to buy another key to get access to alpha 2.
    They contacted IS support and the last email they received said:
    "you're responsible for the security of your account. We consider the matter closed."

    This is not MY problem. But if someone had a problem like this, and they received this kind of reply, how can I trust that it won't happen to me in the future? Accounts GET hacked all the time, it's inevitable.
    Does this means that if it happens to me when the game is live I am going to lose my progress because "you're responsible for the security of your account"?????

    Would you feel happy if you received this kind of reply from a company to which you paid and invested time in?
    Would you feel safe with this kind of customer support?

    This is pretty much the reply you are gonna get from any company when they steal your account so please keep it safe.

    No it is not, my Gf many years ago had her LoTRo account hacked, soon as we reported it, they froze the account, then did checks, IE bank account used home address listed, few other things, with a few hours she had her account back.

    In fact I know of no other company that will do this, so your answer is complete BS

    I play mmo for years, it's the first time I hear that, probably I didn't play the ones that do what you said.
    3hmamy1ekfqy.gif
  • Taleof2CitiesTaleof2Cities Member, Alpha Two
    Support issue threads tend to quickly die in the Forums because:

    1. The full account of the events from the player’s perspective is rarely given.

    2. Explanation from the Support Team is never made public.

    If the player’s account is accurate, they still could have enabled 2FA to add security and prevent the hack.

  • ErgophobicErgophobic Member, Alpha Two
    BlackBrony wrote: »
    Uh, most people sure as hell are using different passwords for different platforms.

    If you're not, that's failing internet safety 101..

    https://bnd.nd.gov/81-of-company-data-breaches-due-to-poor-passwords/

    Yes, I am pretty sure MOST people are doing this.

    Well, that article is 6 years old...

    Here is an article from July 2024 that claims that "Thirty-two percent of people use the same password across multiple accounts, with 14% using the same password for both work and personal accounts."

    https://teampassword.com/blog/the-biggest-password-trends-of-2020
  • tinukedatinukeda Member, Braver of Worlds, Kickstarter, Alpha One, Alpha Two, Early Alpha Two
    Support issue threads tend to quickly die in the Forums because:

    1. The full account of the events from the player’s perspective is rarely given.

    ^^ OP needs to post that context (and their guildie needs to start using a password manager)
  • nanfoodlenanfoodle Member, Founder, Kickstarter, Alpha Two, Early Alpha Two
    edited September 21
    I have read some of the replies. If this is true, this is very upsetting IS should investage and if they think this is true. They should 100% take steps to fix this. Hackers are smart and will be doing this for the life of Ashes. Selling accounts is a real business. If this is true. It's a very sad bit of news to hear.
  • CaerylCaeryl Member, Alpha Two, Early Alpha Two
    nanfoodle wrote: »
    I have read some of the replies. If this is true, this is very upsetting IS should investage and if they think this is true. They should 100% take steps to fix this. Hackers are smart and will be doing this for the life of Ashes. Selling accounts is a real business. If this is true. It's a very sad bit of news to hear.

    Based solely on the posts, it doesn't sound at all like they told the guy to gtfo.

    Most likely they asked for some identifying information, he couldn't or wouldn't produce it, or it had been in the new person's 'possession' so long that they couldn't verify a claim of hacking over other things mentioned in here.

    Ultimately, it just doesn't sound like they actually told him 'sucks for you', but that there was nothing they were able to do after back and forth with the person claiming the account was theirs and got hacked
  • nanfoodlenanfoodle Member, Founder, Kickstarter, Alpha Two, Early Alpha Two
    Caeryl wrote: »
    nanfoodle wrote: »
    I have read some of the replies. If this is true, this is very upsetting IS should investage and if they think this is true. They should 100% take steps to fix this. Hackers are smart and will be doing this for the life of Ashes. Selling accounts is a real business. If this is true. It's a very sad bit of news to hear.

    Based solely on the posts, it doesn't sound at all like they told the guy to gtfo.

    Most likely they asked for some identifying information, he couldn't or wouldn't produce it, or it had been in the new person's 'possession' so long that they couldn't verify a claim of hacking over other things mentioned in here.

    Ultimately, it just doesn't sound like they actually told him 'sucks for you', but that there was nothing they were able to do after back and forth with the person claiming the account was theirs and got hacked

    Happy for me it let me know that ashes offers two factor Authentication. Both my wife and I are now set up LOL
  • NoaaniNoaani Member, Intrepid Pack, Alpha Two
    Nemeses wrote: »
    Noaani wrote: »
    Nemeses wrote: »
    If this is all true it’s an incredible poor response from IS, yes, I agree, they may get many of these types of tickets from morons trying to scam them, but it’s such a easy fix, account, blocked until ownership is proven.

    That would give me an incredibly easy way to pull a key leader out of the fight on a metropolis or castle siege.

    Please this is just rubbish, you going to hack an account first, its frightening that people are as stupid as this.

    Nope, I'm just going to say the account is hacked.

    If the resolution Intrepid have when there is a claim that an account is hacked is to lock the account (which is what you have said), then all I need to do in order to lock that account is claim that it is my account.

    It may only take them a few hours to sort things out, but if it is reported on a Friday night it will probably not be started until the Monday.

    I'm not saying this as a theoretical thing that could happen, I've seen it happen many times. It was common practice in EQ2 for a few years to get a key member or two of a rival guild locked out of the game when a contested raid encounter was due to spawn. SoE changed their practices because of this.
  • ThevoicestHeVoIcEsThevoicestHeVoIcEs Member, Alpha Two
    edited September 21
    Zehlan wrote: »

    Here is where your problem is and this is hypothetical not implying anything about your guildie.

    Intrepid probably gets a lot of these tickets from scammers who sold their account and then,
    A. are trying to get a free account while pocketing cash
    or
    B. trying to screw over the person who bought the account from them by having the company return it back to the scammer in which they more than likely try to sell it again.

    This is not a problem here. If you buy an account from a third party instead of Intrepid, you aren't Intrepid's problem, you got yourself scammed by knowingly taking that risk. Don't be that person.

    On other hand recovery of access to user account should be trivial. Information about the transaction contains the original email address. Revert the account to that email address, job done.

    My lungs taste the air of Time,
    Blown past falling sands…
  • LodrigLodrig Member
    edited September 21
    Noaani wrote: »
    Nemeses wrote: »
    Noaani wrote: »
    Nemeses wrote: »
    If this is all true it’s an incredible poor response from IS, yes, I agree, they may get many of these types of tickets from morons trying to scam them, but it’s such a easy fix, account, blocked until ownership is proven.

    That would give me an incredibly easy way to pull a key leader out of the fight on a metropolis or castle siege.

    Please this is just rubbish, you going to hack an account first, its frightening that people are as stupid as this.

    Nope, I'm just going to say the account is hacked.

    If the resolution Intrepid have when there is a claim that an account is hacked is to lock the account (which is what you have said), then all I need to do in order to lock that account is claim that it is my account.

    It may only take them a few hours to sort things out, but if it is reported on a Friday night it will probably not be started until the Monday.

    I'm not saying this as a theoretical thing that could happen, I've seen it happen many times. It was common practice in EQ2 for a few years to get a key member or two of a rival guild locked out of the game when a contested raid encounter was due to spawn. SoE changed their practices because of this.

    That is rather trivially prevented if IS just checks first if the account has had a recent PW change, if it has not then locking is rejected and the burden of proof is put on the accuser. This can litterally be automated and would prevent virtually all malicious false accusations from having an impact. And obviously anyone spamming false hacking claims would themselves get banned as well, after New World debacle no one should be so dumb to not take precautions against false accusations.
  • Taleof2CitiesTaleof2Cities Member, Alpha Two
    Mag7spy wrote: »
    If anyone is following his reddit post its interesting there lol.

    Quite a few adorable comments from the OP in there … my favorite is:

    “I am also scared because these people are unable to think ahead.”
  • Mag7spyMag7spy Member, Alpha Two
    Mag7spy wrote: »
    If anyone is following his reddit post its interesting there lol.

    Quite a few adorable comments from the OP in there … my favorite is:

    “I am also scared because these people are unable to think ahead.”

    This is the top one for me 2pqnh77tmwwj.png
  • RuerikRuerik Member, Alpha One, Alpha Two, Early Alpha Two
    Support issue threads tend to quickly die in the Forums because:

    1. The full account of the events from the player’s perspective is rarely given.

    2. Explanation from the Support Team is never made public.

    If the player’s account is accurate, they still could have enabled 2FA to add security and prevent the hack.

    2FA anything you care about is the way for sure
    ptZBAr9.png
  • NoaaniNoaani Member, Intrepid Pack, Alpha Two
    Lodrig wrote: »
    Noaani wrote: »
    Nemeses wrote: »
    Noaani wrote: »
    Nemeses wrote: »
    If this is all true it’s an incredible poor response from IS, yes, I agree, they may get many of these types of tickets from morons trying to scam them, but it’s such a easy fix, account, blocked until ownership is proven.

    That would give me an incredibly easy way to pull a key leader out of the fight on a metropolis or castle siege.

    Please this is just rubbish, you going to hack an account first, its frightening that people are as stupid as this.

    Nope, I'm just going to say the account is hacked.

    If the resolution Intrepid have when there is a claim that an account is hacked is to lock the account (which is what you have said), then all I need to do in order to lock that account is claim that it is my account.

    It may only take them a few hours to sort things out, but if it is reported on a Friday night it will probably not be started until the Monday.

    I'm not saying this as a theoretical thing that could happen, I've seen it happen many times. It was common practice in EQ2 for a few years to get a key member or two of a rival guild locked out of the game when a contested raid encounter was due to spawn. SoE changed their practices because of this.

    That is rather trivially prevented if IS just checks first if the account has had a recent PW change, if it has not then locking is rejected and the burden of proof is put on the accuser.
    So, what you are saying is that the way to prevent this is to ask players to not practice good online security?

    Or, alternatively, the way to ensure you retain access to an account you have hacked is to not change the password?
  • OtrOtr Member, Alpha Two
    BlackBrony wrote: »
    I had a guildie that had their account hacked. Somehow they gained access. Of course when these things happen it's a huge problem.
    It was a 250$ account, not a free one, mind you. They had to buy another key to get access to alpha 2.
    They contacted IS support and the last email they received said:
    "you're responsible for the security of your account. We consider the matter closed."
    I find it interesting that he lost access to his account, understood the situation and decided to give more money to IS for a game which is not yet released, and keys are not even sent out.
    Most likely he lost access to the email too and he cannot recover it.

    What could IS do?

    Trust anyone writing from a random email, saying "I am not a hacker, please change the email address of that account." ?
  • RocketFarmerRocketFarmer Member, Alpha Two
    Hackers find new exploits all of the time. It’s not always on the provider. Everything you do on line carries risks. What you do to mitigate those risks matter, but even then it isn’t full proof. Neither is recovery if the hack goes deep into your personal identity.
  • FantmxFantmx Member, Phoenix Initiative, Royalty, Kickstarter, Alpha One, Alpha Two, Early Alpha Two
    It is inevitable that our accounts get hacked?
    q1nu38cjgq3j.png
  • ThevoicestHeVoIcEsThevoicestHeVoIcEs Member, Alpha Two
    edited September 23
    Fantmx wrote: »
    It is inevitable that our accounts get hacked?
    There is always a possibility, but assuming your home machine is malware free, you use a strong password and have app based MFA enabled, its really unlikely that your account gets hacked.

    Assuming the above its more likely someone at Intrepid makes a mistake and/or they get compromised.

    Also @Intrepid peeps, I really hope your game client will allow for password copy/pasting on the login screen, so people can easily use password managers for credentials storage.
    My lungs taste the air of Time,
    Blown past falling sands…
  • XeegXeeg Member, Alpha Two
    BlackBrony wrote: »
    I had a guildie that had their account hacked. Somehow they gained access. Of course when these things happen it's a huge problem.
    It was a 250$ account, not a free one, mind you. They had to buy another key to get access to alpha 2.
    They contacted IS support and the last email they received said:
    "you're responsible for the security of your account. We consider the matter closed."

    This is not MY problem. But if someone had a problem like this, and they received this kind of reply, how can I trust that it won't happen to me in the future? Accounts GET hacked all the time, it's inevitable.
    Does this means that if it happens to me when the game is live I am going to lose my progress because "you're responsible for the security of your account"?????

    Would you feel happy if you received this kind of reply from a company to which you paid and invested time in?
    Would you feel safe with this kind of customer support?

    Back in the day my WOW account got hacked because I logged into what i thought was the armoury website but it was a scam website. I msged bliz and within a day I got my access back, noticed that all my stuff was gone and my main character completely broke. Told blizzard, they sent me 10,000g to make up for the lost stuff.

    That is what I call good customer service!

    Hope Intrepid can match that quality.
  • MasterTrooperMasterTrooper Member, Alpha Two
    edited September 26
    Your guildie had their account hacked with 2FA enabled?
Sign In or Register to comment.