Closed Thread
Page 3 of 82 FirstFirst 1 2 3 4 5 6 7 13 53 ... LastLast
Results 31 to 45 of 1219
Like Tree3Likes

Thread: Account Security Discussion

  1. #31
    Rift Disciple
    Join Date
    Feb 2011
    Posts
    175

    Default

    Quote Originally Posted by Aieny View Post
    I'll bite . Basically, it goes to the stealthiness of the keylogger. If a keylogger is running 24/7, any moderately decent security program will find it during a scan. Those keyloggers are indiscriminate; they will log everything you do. That makes them more vulnerable to detection.

    More sophisticated keyloggers specifically target Rift (or WoW, or Eve) by hooking into the launcher's executable. They remain dormant when the launcher isn't running, so they are less likely to be detected by security scans. These will only get your Rift login information, not your email.

    Putting a coin lock on an account when it logs in from an unknown location protects accounts from loss if your email isn't compromised. As I just explained, frequently keyloggers won't worry about email, just it's target program.

    If you log in from your typical location and discover a coin lock, your computer may be infected (so then you clean your system before getting into your email to remove the lock). The coin lock is similar, but less restrictive, than Blizzard's account lock security.
    Interesting and makes sense but...

    If it is specific to Rift how about some help from rift in how to remove it. at lease what process program etc to look for.

    They said they know it is our fault so if you are right they know at least what it is if it is rift specific.

  2. #32
    Telaran Zilvermoon's Avatar
    Join Date
    Feb 2011
    Posts
    50

    Default

    @ Elrar

    I for one is very happy with the enormous effort that Trion is putting into Account Security, haven't had my account hacked and would hate for it to happen,
    only once in my years playing MMO's did i have an issue with an game account (was my own fault used an 3rd party PC to login to the game, and the PC had a keylogger on it).

    That said I'm rather sad that the focus on Account Security is leaving a lot of people with in-game issues without customer support,
    I've had a ticket open for around 6-7 days now and the only response I've got was the standard formula:
    Hello REMOVED FOR PRIVACY!

    Thank you for contacting us regarding Rift.

    At this time we are experiencing an extremely high volume of requests for support and are taking a much longer than expected time to get to your requests. We do appreciate your patience, as well as your part in helping to create this wonderful problem to have.

    Please know that this is not the level of customer service, nor the speed of response that you should expect from Trion Worlds Inc. We are taking steps to correct this situation as quickly as possible however it will take us some time to get to the level of staffing necessary to provide the support that you deserve.

    There are a couple of things that you may be able to do to help us get you the assistance you need as quickly as possible.
    1. Our first priority is helping anybody whose account may have been compromised. If your account has been compromised please know that you are our top priority and we are getting to you as quickly as possible. When submitting a ticket for assistance of this kind please ensure that you select "Hacked Account" as your category in order to get the fastest possible resolution. Please also title your page as "hacked account" and include the character name that has been compromised along with the shard that the character is located on.
    2. If your issue has self-resolved or if you no longer need assistance please close your ticket by typing /cs and then hitting the "Close Issue button".
    3. If you still need assistance then please type /cs and type "yes I still need assistance" and select the Update Issue option.
    4. If you are reporting somebody trying to sell plat (which you shouldn't be seeing much of anymore) then please right click the player's name and use the report spam option. This allows us to both investigate the issue as well as consistently improve our spam filter to get these aggravations out of Rift.

    Thank you for helping to make Rift the success that it is. We greatly appreciate your support and value you as a customer. We do apologize for the delay in responding to your request and thank you for your continued patience while we make the necessary changes to provide the customer support and experience that you should expect from Trion.
    If you have any additional questions or concerns then please don't hesitate to let us know. Thank you for your continued support of Trion Worlds and for playing . Your reference number for this question is REMOVED FOR PRIVACY

    Sincerely,

    In-Game Support Lead
    Trion Worlds Inc.
    This response was send to me two days after creating the ticket, and it's now been roughly 4-5 days,
    in the mean time I've had several other issues so I had to update em into my ticket, since the first issue still haven't been solved, now my fear is that once I finally get a response it'll again be the standard formula or only get some of the issues re-solved and my ticket closed just to have to recreate em and wait yet again.

    So I ask:
    Will tomorrows Coin Lock update help the customers that didn't get hacked to get better Customer Support? or should we expect the same level of Support as we have received until now?

    Hope you'll get back to me on this, be it here in public or by a PM.

    Sincerely,
    Zilvermoon

  3. #33
    Rift Disciple
    Join Date
    Feb 2011
    Posts
    175

    Default

    Quote Originally Posted by Sinfullysweet View Post
    Oh I do, I understand it is a new company and completely sympathetic. I just am a bit nervous to log in and play because I don't know if it is going to be cleaned out again, because I just can't find what caused it in the first place. I really do want to play though, I enjoy playing, they have a great game on their hands. (Plus still waiting on the rollback so not playing on any of my characters until then, and until coin lock gets into place)
    Well put.

    I do not want the roll back because by the time i found out that was there fix I had leveled from 35 to 40. I would like my plat back and would be nice bank items etc but would not be the end of the world. It would seem they could give some sort of return for what was stolen . If they have a back up they know what was taken.

    I think 5 days of paying for something and being told not to enjoy it is being very patient.

  4. #34
    Rift Disciple
    Join Date
    Jan 2011
    Posts
    94

    Default

    Quote Originally Posted by Sezyrrith View Post
    Have you followed the instructions here? It's important to use scanners that don't operate within a fully loaded up Windows environment, as rootkits will hide the keylogger from your malware detectors.

    [Edit:]You're telling the guy working for Trion, who probably has the numbers right in front of him, that he's wrong because you've heard from someone that it's more?

    Seriously?
    You'll notice he gave no numbers. Only said a "small fraction". The kinda spin people put on things like this in a situation like this.

  5. #35
    Sword of Telara Tuatha de Danaan's Avatar
    Join Date
    Feb 2011
    Posts
    825

    Default

    Honestly, this all a bunch of PR spin doctoring ********.
    I'm canceling my account until you get my stuff restored, it's been a few days now and nothing.
    I had to call you before I even talked to someone (after a 30-40 minute wait). My in-game ticket has said a GM would be contacting me shortly for three days now.

    Your phone support guy not only got my name wrong in his follow up email, he also listed an incorrect shard and misspelled not only 3 out of 4 of my characters' names, but also misspelled the word 'intact' a few times.

    In not knowing exactly why this problem is occurring, we have no way of knowing what wil help. I have a feeling that even if it was your end, you'd still be telling us it's out fault. ALL game companies are the same in this regard.

    You have no idea how frustrating it is.
    Last edited by Tuatha de Danaan; 03-16-2011 at 03:14 PM.
    "On ne voit bien qu'avec le cur. L'essentiel est invisible pour les yeux."
    You can see clearly only with your heart. What is truly important is invisible to the eyes
    - Fox to the Little Prince.

    The Code I Live By:
    http://www.youtube.com/watch?v=Sqz5dbs5zmo

  6. #36
    Soulwalker
    Join Date
    Feb 2011
    Posts
    10

    Default

    Thanks for the update.

    BUT, I feel that this is not nearly enough. As some of the other posters to this and the recently closed 62 page thread have mentioned... WHAT is the keylogger or virus that is causing this to happen? I think we deserve to know who/what the culprit is.

    I had my account hacked Monday morning around 2 a.m. I logged in around 9 a.m. to find my inventory, money & banked items gone. I ticket was opened immediately per the instructions found on the rift website. I called last night and was told that my ticket was placed into the "que" along with the rest of the support tickets. The representative I talked to, who was very nice and apologetic" told me that he would escalate my issue and that I would have some resolution in 24 hours (It's now been 25 hours) He then sent me an email asking me to list all of my missing items, characters affected, timeframe of the hack, etc. This will apparently "help" the investigation along.

    I am trying really hard to stay positive but this is now the third night I've been unable to play. All the while my guild has continued to level past me and am not missing out on all of the awesome things Rift has to offer. Hopefully this is resolved soon, otherwise I am going to lose interest and have to cancel my subscription.

  7. #37
    Community Manager Elrar's Avatar
    Join Date
    Nov 2010
    Posts
    2,584

    Default

    Zilvermoon,

    Coin Lock should help out our support staff, however, we won't know to what extent until the Coin Lock feature is live and we have a few days to see it in action.

    Thanks
    Last edited by Elrar; 03-16-2011 at 03:16 PM.

  8. #38
    Telaran
    Join Date
    Feb 2011
    Posts
    90

    Default

    Quote Originally Posted by Sezyrrith View Post
    You're telling the guy working for Trion, who probably has the numbers right in front of him, that he's wrong because you've heard from someone that it's more?
    Seriously?
    And why we would trust on them??
    Thats what I got yesterday, after 2 days.

    Your question has been received. You should expect a response from us within 24 hours.

    To access your question from our support site, click here.


    Question Reference #110315-001967
    Summary: HACKED ACC
    Product Level 1: Rift
    Category Level 1: In-Game Support
    Category Level 2: Hacked Account
    Date Created: 03/15/2011 08:20 AM
    Last Updated: 03/15/2011 08:20 AM
    Status: Unresolved
    Well, nothing more to say about theyre CS.

  9. #39
    Plane Walker
    Join Date
    Nov 2010
    Location
    NYC
    Posts
    357

    Default

    Elrar,

    Love the idea of coin-locking. Also impressed that Trion's come up with an inventive solution AND implemented it in such a short period (relatively speaking).


    However, one minor question/concern about a possible oversight. (Actually I lie, it's major.)


    You stated quite definitively that "these attacks are client side"...

    ... in which case the hackers have all the login credentials for a given account: email and password.

    ... which means they can log in to the Rift Account Management page.

    ... which means they can change the email address tied to the account. (Just tested this: it requires verification at the new email address only; not at the old address.)

    ... which means all a hacker needs to do to circumvent the coin lock completely is to first log into Account Management, change the email address to "hacker@temporaryemail.com" or somesuch, then log into the game. They'll receive the unlock token at their new "fake" email address and promptly have full access to your game account again.

    (Of course, if all the hacks are client-side, it does beg the question of why nobody has reported having had their login credentials changed by the hacker. After all, the hacker could've been using the account to bot for more plat until CS could intervene, and wouldn't have had to put up with some pesky users trying to log into their account at the same time as the hacker. But that's a whole separate line of discussion.)


    The only way I see to reliably get around this is to add the "significantly different location" check to the Account Management page too, thereby forcing the unlock token to be sent to the original email address on file before anything can be accessed.

    Or has that already been implemented?

  10. #40
    Community Manager Elrar's Avatar
    Join Date
    Nov 2010
    Posts
    2,584

    Default

    And in regards to specifically WHO is doing this -

    There are a wide number of individuals and organizations, all with their own degrees of sophistication, resources and tools at their disposal. It's impossible for us to provide details on them all but I'll see what I can find out.

  11. #41
    Rift Disciple
    Join Date
    Feb 2011
    Posts
    175

    Default

    Rift devs there are certain common questions.

    1. What is a small portion of players. 1 percent, 1/2 percent ect.

    2. what is the cause of the hacks. You said it is on our side. Ok throw us a bone. What is the process and any idea on how to remove or find it or.... Personally I would like to know how you have come to this determination.

    3. How will the coin work on different types of hacks.

  12. #42
    Telaran
    Join Date
    Feb 2011
    Posts
    75

    Default

    Quote Originally Posted by Elrar View Post
    Were constantly working to improve account security and are looking into providing free authenticators you can use on your iPhone and Android phones as well as via text message in the future.
    This is the best solution by far, and I hope you can implement it soon.

  13. #43
    Telaran
    Join Date
    Feb 2011
    Posts
    90

    Default

    Quote Originally Posted by Elrar View Post
    And in regards to specifically WHO is doing this -

    There are a wide number of individuals and organizations, all with their own degrees of sophistication, resources and tools at their disposal. It's impossible for us to provide details on them all but I'll see what I can find out.
    OMG, finally we are have comunication here!!! this could a good way to fix this problem.

  14. #44
    Telaran
    Join Date
    Feb 2011
    Posts
    90

    Default

    Quote Originally Posted by Safiraa View Post
    Rift devs there are certain common questions.

    1. What is a small portion of players. 1 percent, 1/2 percent ect.

    2. what is the cause of the hacks. You said it is on our side. Ok throw us a bone. What is the process and any idea on how to remove or find it or.... Personally I would like to know how you have come to this determination.

    3. How will the coin work on different types of hacks.
    They would never say its "our side" since they never asked for a log.

  15. #45
    Ascendant the_real_seebs's Avatar
    Join Date
    Jan 2011
    Posts
    16,859

    Default

    I guess... The thing that's worrying me is mostly just that we have a fair number of people who have done a better than usual job of securing and checking their systems, who have gotten compromised anyway... I'm wondering how exactly it's known for sure that these are client-end compromises. I know that the general rule is that it's nearly always client-end compromises, but when you have two people playing the same rift install on the same machine, and only one of them gets hit... It is sorta suspicious.

Closed Thread
Page 3 of 82 FirstFirst 1 2 3 4 5 6 7 13 53 ... LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts