Greetings, glorious testers!
Check out Alpha Two Announcements here to see the latest news on Alpha Two.
Check out general Announcements here to see the latest news on Ashes of Creation & Intrepid Studios.
To get the quickest updates regarding Alpha Two, connect your Discord and Intrepid accounts here.
Check out Alpha Two Announcements here to see the latest news on Alpha Two.
Check out general Announcements here to see the latest news on Ashes of Creation & Intrepid Studios.
To get the quickest updates regarding Alpha Two, connect your Discord and Intrepid accounts here.
Guildie account hacked, IS says it's your job to keep it safe
BlackBrony
Member, Alpha Two
I had a guildie that had their account hacked. Somehow they gained access. Of course when these things happen it's a huge problem.
It was a 250$ account, not a free one, mind you. They had to buy another key to get access to alpha 2.
They contacted IS support and the last email they received said:
"you're responsible for the security of your account. We consider the matter closed."
This is not MY problem. But if someone had a problem like this, and they received this kind of reply, how can I trust that it won't happen to me in the future? Accounts GET hacked all the time, it's inevitable.
Does this means that if it happens to me when the game is live I am going to lose my progress because "you're responsible for the security of your account"?????
Would you feel happy if you received this kind of reply from a company to which you paid and invested time in?
Would you feel safe with this kind of customer support?
It was a 250$ account, not a free one, mind you. They had to buy another key to get access to alpha 2.
They contacted IS support and the last email they received said:
"you're responsible for the security of your account. We consider the matter closed."
This is not MY problem. But if someone had a problem like this, and they received this kind of reply, how can I trust that it won't happen to me in the future? Accounts GET hacked all the time, it's inevitable.
Does this means that if it happens to me when the game is live I am going to lose my progress because "you're responsible for the security of your account"?????
Would you feel happy if you received this kind of reply from a company to which you paid and invested time in?
Would you feel safe with this kind of customer support?
0
Comments
This is the shitiest reply someone could ever think of.
Thanks for being another useless cultist.
The context is there. Account got hacked, IS said "that's your problem, case closed".
Do you want me to write an essay to explain something so simple?
That isnt context lmao. How did he get hacked is the first question. He gave someone else access to his computer and then they targeted a AoC account for some reason out of anything else important?
If it was a bruteforce attack or Intrepid-side data security breach, Intrepid would want to know more. If the password was taken from anywhere else, Intrepid really doesn't need to care, and even there I wouldn't be convinced that they wouldn't help you out if you could prove your identity, and it was an alpha access backer account.
People don't know how they get hacked, that's the whole point of it. I will provide more information, since you want proof.
Why shouldn't IS care? This is about setting a precedent. So if I get hacked IS can just say "lol you're responsible for your account, good bye". And I am supposed to buy another account and play 2000 hours to get to the same spot?
I will try to get the truth you want.
So are you suggesting he just tried to log in one day and h cant all the sudden. And that is all the information you have?
And if there's any indication that it could have been a data breach on their end (which would quickly become obvious because many accounts would be affected) or bruteforce attack against them, yes, they quite certainly should care. But that's a massive IF.
Yes, please do get that truth.
I'll make sure I'll stop replying here until we either see screenshots, or a statement by Intrepid.
Here is where your problem is and this is hypothetical not implying anything about your guildie.
Intrepid probably gets a lot of these tickets from scammers who sold their account and then,
A. are trying to get a free account while pocketing cash
or
B. trying to screw over the person who bought the account from them by having the company return it back to the scammer in which they more than likely try to sell it again.
There is also one other option and that a person gave their info to a "online friend" or someone he thought he could trust and they robbed him because he is stupid!
So with no way to prove that he was "hacked" and not just dumb or a scammer how are they supposed to help him?
Again not implying your guildie is not telling the truth just bringing up other areas they have to deal with
Here is where your problem is and this is hypothetical not implying anything about your guildie.
Intrepid probably gets a lot of these tickets from scammers who sold their account and then,
A. are trying to get a free account while pocketing cash
or
B. trying to screw over the person who bought the account from them by having the company return it back to the scammer in which they more than likely try to sell it again.
There is also one other option and that a person gave their info to a "online friend" or someone he thought he could trust and they robbed him because he is stupid!
So with no way to prove that he was "hacked" and not just dumb or a scammer how are they supposed to help him?
[/quote]
While they may get some tickets like that, that isn't a reason to just completely disregard someone who is saying their account is lost. Now, whether that's actually the case here or not remains to be seen. Normally with stuff like this there's a lot more to the story than what is being told.
[/quote]
You guild member would have a convo with them and would be able to plead their case. Which is also part of the context.
Your only argument imo is that its too easy to change your email, there should be a timeframe imo. Also if you change your password yuo should have to confirm it on your email. (unsure if there is a confirm or not).
Also if you have your original payment method you can use that as proof (my friend lost his account cause he no longer has that payment as proof).
Again there is no context, on how this account was "hacked" and what they did to try to get their account back int he dialogue between the support and them.
Ok, you do make a good point. Does this apply for all accounts then?
Even if you have TFA, passwords are getting leaked all the time, and people never use different passwords for different services. This is a given. I don't care how much you can tell me about security, reality is another thing and people don't use different password. If there's a data breach, that's enough for someone to get your email + password and could get hacked.
Now... what if this happens to be in the future?
I will get the info and show all I can.
IS support should block the account and let the original owner prove ownership since nothing can be transferred to another account the contents of the inventory is static. It is extra work for a CS dept. that probably isn't fully staffed-up yet.
If all the person lost was the one gaming account then it sucks but is so little cash value compared to what could have been stolen they should be relieved (or start freezing credit reports now).
I keep forgetting that personal responsibility is seen as fault these days. My bad.
Uh, most people sure as hell are using different passwords for different platforms.
If you're not, that's failing internet safety 101.
That sucks for your friend, but the account info is backed up by email. If your friend didn't get even a notice about a password change inquiry, then that means they weren't 'hacked', they just didn't use proper account security methods.
Intrepid would be responsible for a leak on their end, but it just sounds like your friend didn't do the minimum to protect his account.
These are early days, it should be REALLY easy for them to establish with which email address the transaction was associated with and revert to that email address. If they want this to be the "sole" customer responsibility the portal should both enforce STRONG passwords when setting up the user account / changing password and also ENFORCE MFA setup during the account creation.
I strongly suggest to everyone they use a password manager to generate and save a unique strong passwords for all services they use and that they enable MFA on them. 24+ char random password + MFA (just remember to save your MFA recovery code) and you are set.
This also raises a question on my side: can you change the email address associated with the AoC account without verification process of that action being done over email?
From the info the OP provided he even said last email which shows there is more to it than just piss off! I prefer a little notebook and a pen for my passwords! It's a little more of a pain in the ass but at least i don't have to worry about my notebook getting hacked lol
Challenge accepted!
In the event of a termination of this Agreement, any right you may have had to any pre-purchased Game access or virtual goods, such as digital cards, currency, weapons, armor, wearable items, skins, sprays, pets, mounts, etc., are forfeit, and you agree and acknowledge that you are not entitled to any refund for any amounts which were pre-paid on your Intrepid Account prior to any termination of this Agreement. In addition, you will not be able to use the Services.
People blaming those who get hacked are just as stupid, hackers these days are very sophisticated, that’s why decent systems need to be in place to recover accounts, just saying it’s not our fault, is simply not good enough, and maybe gives a glimpse of who IS really are as a business.
I don’t really care if the OP is being honest or not, but I do care that IS don’t care.
This is pretty much the reply you are gonna get from any company when they steal your account so please keep it safe.
dont worry my steam account go hack once and they took $240 from steam wallet and steam support was we dont want to reverse the transaction because it might confuse the thief if the money disappeared from his wallet. (its totally not cause steam profits like 10-15% on market place transactions, no not at all)
So how are we to know?
From an objective point of view this is an entirely theoretical discussion about how ANY gaming company should or should not act towards possible or already paying customers. So far, since nothing tangible proves it, this has nothing to do with Intrepid or with a third party person. We do not even know if your guildie exists.
Again: This is not people on here being assholes, we just need to know what we are ACTUALLY dealing with.
https://bnd.nd.gov/81-of-company-data-breaches-due-to-poor-passwords/
Yes, I am pretty sure MOST people are doing this.
Ok, you do make a good point. Does this apply for all accounts then?
Even if you have TFA, passwords are getting leaked all the time, and people never use different passwords for different services. This is a given. I don't care how much you can tell me about security, reality is another thing and people don't use different password. If there's a data breach, that's enough for someone to get your email + password and could get hacked.
Now... what if this happens to be in the future?
I will get the info and show all I can.[/quote]
Couple things, I use a password manager and have unique randomized passwords for every account.
A fata breach isnt enough to lose ownership of an account. In order to reset an account's password, one needs access to the email account. Even if someone uses the same password for every single account, they will NEVER lose ownership if their email account is a different password from the account compromised in the data breach.
Intrepid shouldn't be responsible for the stupidity of others. This is also why it is important on how their account got compromised. Using the same password for everything including your email is like hanging the key to your house on the front door.
The two most likely cases here is that your guildie is an idiot and hopefully learned a valuable lesson on password security or they failed/fall prey to a scam involved with selling accounts.
That would give me an incredibly easy way to pull a key leader out of the fight on a metropolis or castle siege.
No it is not, my Gf many years ago had her LoTRo account hacked, soon as we reported it, they froze the account, then did checks, IE bank account used home address listed, few other things, with a few hours she had her account back.
In fact I know of no other company that will do this, so your answer is complete BS