Forum Settings
       
Reply To Thread

Really miss the game, but...Follow

#1 Jul 11 2011 at 1:53 PM Rating: Decent
Scholar
**
546 posts
Hello everyone,

I recently re-subscribed to Everquest 2, then heard of all the great news coming out of Fan-Faire shortly after (I was very excited to get back into it). However, shortly after updating my card info with SoE to re-subscribe, I was contacted by my bank (today) in regards to several transactions made from another country... I know they make pre-paid cards so that may be an option, however, I am also concerned just how safe my account itself is (in terms of my characters, etc).

Regardless, I just wanted to give people a heads up. Maybe I just got unlucky, but I am now not confident in placing my card information with Sony Online Entertainment (or the PS3 network for that matter). I may look into purchasing cards for game-time and I see they offer a new authenticator? I really would like to get back into EQ2, as I missed the game and the new changes coming look amazing...
____________________________
"When you're on a journey, and the end keeps getting further and further away, you then realize that the real end is the journey."

~Karlfried Graf Durckheim
#2 Jul 11 2011 at 5:42 PM Rating: Excellent
Empress of News
ZAM Administrator
Avatar
***
2,220 posts
Sorry to hear that! Glad your bank caught it though.

There is an authenticator coming out, and people at Fan Faire got one. I don't think they've officially released the authenticator itself yet but they said they have plans for iPhone and Android versions (that are free) and of course they will be selling a physical version too.
#3 Jul 12 2011 at 2:49 AM Rating: Decent
Scholar
**
546 posts
Yeah, my bank was on top of it as soon as Monday morning came. I had just reactivated my account too... I had thought long and hard about selecting a single mmo to play (I really do not have time to play more than one and would find it a waste of money). It's a shame I cannot play with confidence. I had thought Sony had everything cleaned up, but obviously not. It did not take long, for soon after I updated my card on file, my bank account was robbed... I guess I will have to stick with Rift, which is an okay game, but it lacks several features I love about EQ2.
____________________________
"When you're on a journey, and the end keeps getting further and further away, you then realize that the real end is the journey."

~Karlfried Graf Durckheim
#4 Jul 12 2011 at 5:41 AM Rating: Decent
***
2,926 posts
Very good thing the bank caught it on time. After all that happened, getting game cards might not be a bad thing to do, I'm considering it too although so far nothing happened.

The latest expansion is quite good, interesting questlines and zones to discover, I hope you are still enjoying those.

____________________________


#5 Jul 12 2011 at 9:17 PM Rating: Decent
Scholar
**
546 posts
I am wondering if I ought to go as far as starting a brand new account, only using the pre-paid cards? I would lose a few years of Veteran rewards (I think I was up to four years) and my characters, but I do not want to invest time into characters on an account that could be compromised at any moment... Normally, I would just discount the game and move on to another MMO, but Everquest II currently has all the features I want that others lack. . . And with the newest expansion, it's only going to get better!

I ultimately will end up playing on a new account and just will have to start from scratch... So, if any of you folks have a guild that is seeking new members, I certainly would be interested. Many of the people I played with seemingly have either quit or are taking a long break, so it would be nice to meet some new folks to enjoy the game with.
____________________________
"When you're on a journey, and the end keeps getting further and further away, you then realize that the real end is the journey."

~Karlfried Graf Durckheim
#6 Jul 12 2011 at 9:53 PM Rating: Decent
Scholar
***
2,471 posts
Opening a new account isn't going to do anything. If your account was compromised, change the email address associated with it and change the password, opening a new account is pointless. Also, the CC info that was stolen from SOE was old, likely expired cards and it was a single breach, it's not an ongoing thing. If their were false charges made to your CC right after you used it, the issue is likely on your end.
#7 Jul 13 2011 at 1:00 AM Rating: Good
I gotta agree with Raolan here... it is far more likely that the breach is a coincidence and has nothing to do with SOE.

But for the sake of online security in general, I don't understand why anybody still gives out their "real" credit card numbers for web transactions any more...

The thing is, any bank you have a credit card with (and even paypal) will now happily issue you with "virtual" credit card numbers for online shopping whenever you need them. These disposable numbers are generated on the bank website and expire after you use them. So you just go to the bank website, generate a new number then go to the seller's website (SOE for example) and make your purchase with the disposable number. The next time you need to pay that bill, you just create a new number.

see this article for details: http://www.bankrate.com/brm/news/cc/20021011a.asp




____________________________
"Well, my days of not taking you seriously are certainly coming to a middle."
~ Mal Reynolds
#8 Jul 13 2011 at 2:13 AM Rating: Decent
Scholar
**
546 posts
Raolan wrote:
Opening a new account isn't going to do anything. If your account was compromised, change the email address associated with it and change the password, opening a new account is pointless. Also, the CC info that was stolen from SOE was old, likely expired cards and it was a single breach, it's not an ongoing thing. If their were false charges made to your CC right after you used it, the issue is likely on your end.


That I am aware of, no one has ever been into my account. My password has been changed twice since Sony was hacked... In addition, the card used had the same number for a couple of years (CC/Debit card) and the only thing changed since SoE was hacked was a new expiration date and security number on the back of it. I had a PS3 with that information as well... A day after updating that information with SoE on my account, I was hit... While that is not solid proof that it was due to the hack on SoE a few months ago, it is the most likely culprit as I have not used that particular card on many other websites outside of paying for my student loans to the government. Thus, it is extremely difficult to see this as "on my end". While that is possible (somehow, someway), it is far more unlikely than the company that was hacked into... Quite a funny coincidence, not to mention timing if it were on my end.
____________________________
"When you're on a journey, and the end keeps getting further and further away, you then realize that the real end is the journey."

~Karlfried Graf Durckheim
#9 Jul 13 2011 at 2:18 AM Rating: Decent
Scholar
**
546 posts
OldBlueDragon wrote:
I gotta agree with Raolan here... it is far more likely that the breach is a coincidence and has nothing to do with SOE.

But for the sake of online security in general, I don't understand why anybody still gives out their "real" credit card numbers for web transactions any more...

The thing is, any bank you have a credit card with (and even paypal) will now happily issue you with "virtual" credit card numbers for online shopping whenever you need them. These disposable numbers are generated on the bank website and expire after you use them. So you just go to the bank website, generate a new number then go to the seller's website (SOE for example) and make your purchase with the disposable number. The next time you need to pay that bill, you just create a new number.

see this article for details: http://www.bankrate.com/brm/news/cc/20021011a.asp






I only gave out my "real" number because I was not aware of the information you just posted. So thank you, I will look into that for future online purchases. Like I had said, the exact same CC info (the number) was stored with SoE when they were hacked. As soon as the information (expiration date changed) was updated with SoE this past Thursday, I had purchases made the following Friday and Saturday from another country. Again, I made no other recent online purchases outside of re-open my Everquest 2 account during this past week.
____________________________
"When you're on a journey, and the end keeps getting further and further away, you then realize that the real end is the journey."

~Karlfried Graf Durckheim
#10 Jul 13 2011 at 3:09 AM Rating: Decent
Scholar
***
2,471 posts
Pjstock wrote:
Raolan wrote:
Opening a new account isn't going to do anything. If your account was compromised, change the email address associated with it and change the password, opening a new account is pointless. Also, the CC info that was stolen from SOE was old, likely expired cards and it was a single breach, it's not an ongoing thing. If their were false charges made to your CC right after you used it, the issue is likely on your end.


That I am aware of, no one has ever been into my account. My password has been changed twice since Sony was hacked... In addition, the card used had the same number for a couple of years (CC/Debit card) and the only thing changed since SoE was hacked was a new expiration date and security number on the back of it. I had a PS3 with that information as well... A day after updating that information with SoE on my account, I was hit... While that is not solid proof that it was due to the hack on SoE a few months ago, it is the most likely culprit as I have not used that particular card on many other websites outside of paying for my student loans to the government. Thus, it is extremely difficult to see this as "on my end". While that is possible (somehow, someway), it is far more unlikely than the company that was hacked into... Quite a funny coincidence, not to mention timing if it were on my end.


The CCV number on the back of the card is meant to be used for validation, indicating that you do in fact have possession of that card, most companies don't store that information. Also, the CC numbers that were compromised were not those of US cards (assuming you're a US customer).

As far as you being compromised a day after using your card being an indication that it is on SOE's end, the exact opposite is true. It indicates that your system is compromised since it was just used on your system. Since you just used it and it was compromised, if we assume that is when it was compromised, it would have had to have happened one of three ways.

1. Your system has been compromised and it was recorded when you entered the details. This is the most likely scenario and I'll explain why in a minute.

2. It was intercepted in transmission. The most vulnerable part of this scenario would be if you were using an unsecured wireless connection, a public system, or a compromised system. The chances of it being intercepted between your ISP and SOE's servers is highly unlikely.

3. SOE's servers are actively being monitored and information is being stolen as it is entered. I won't go into how unlikely this is, other than to say that if it were happening, a **** of a lot of people would be experiencing the exact same issue you are.

Back to number one. Your posts and assumptions indicate you aren't very knowledgeable on the subject, which is perfectly understandable since most people aren't. Either your CC was compromised awhile ago and the false charges lining up with your use on SOE's servers is purely coincidence, or it was compromised when it was used. Assuming your most recent use was the time it was compromised, it would have to be a form of malware that actively monitors and communicates with its host system, which is something that does not go unnoticed on a corporate network, although goes unnoticed on users systems on a daily basis.

I spent enough time explaining to people how these things work when SOE was offline, I'm not doing it again. I'm simply informing you that your assumptions are highly unlikely and starting a new account is pointless. If you want to start a new one anyway, go ahead. If you want to use a time card or temporary online purchase number like OldBlue mentioned, go ahead. But don't blame a company for something you know nothing about. As someone who's studying infosec and has been building and securing SOHO networks on a personal level for more than a decade, the false information and unfounded assumptions are extremely grating on the nerves, especially when that false information is one of the main reasons so many people have compromised systems to begin with.
#11 Jul 13 2011 at 6:08 AM Rating: Decent
Scholar
**
546 posts
Raolan, back up a second please, and hear me out. I did in fact 'assume' but saved the blame... I assumed it was a result of a few things; the recent hack attack on SoE systems, my own failure to take precaution and get a new card when I heard news of said hack, and finally, I had assumed that had the information been gathered from that card previously, the updating of information was all the culprits needed. That being said, no I do not have an in-depth knowledge concerning the following; online theft, server storage systems, and the latest malware out there. Hence why assumptions were made on my part out of frustration. However, I do have substantial knowledge of my own personal computer and computer hardware / software. This computer was custom made and was recently returned after I had sent it out for repair to the facility in which it was constructed. I am using the latest version of ESET software, in addition to Firefox with No Script. The first thing I did, was issue a full scan on my system, with which came clean... I scan on a daily basis as well. My wireless internet is secured with a password. My computer is in its own private network. No sharing files, printers, etc with other computers.

My intention with this entire thread was not to place any blame on Sony Online Entertainment. I did however, make assumptions to the possible cause, in light of recent purchases (and many people would do so as well). Moreover, few people possess your claimed credentials, and are largely blind in their ignorance, resulting in assumptions and false blame. My only sole intention was to state my misfortunes to the Zam community, with hopes of receiving information in regards to Sony Online Entertainment, Everquest 2, and to hopeful extract information revolving around similar thefts involving any of the individuals on these boards when make online purchases (S.o.E or otherwise).
____________________________
"When you're on a journey, and the end keeps getting further and further away, you then realize that the real end is the journey."

~Karlfried Graf Durckheim
#12 Jul 13 2011 at 2:10 PM Rating: Decent
Scholar
***
2,471 posts
A system breach like what happened to SOE is similar to the robbing of a brick and mortar store. They go in, find what they're after, and leave.

The CC and debit card info that was stolen was from Austria, Germany, the Netherlands, and Spain, and no CCV numbers were compromised. So unless you're from one of those areas, your CC info wasn't even compromised. Even if your CC info was compromised, they do need your new expiration date and CCV code, which they aren't going to get from you updating your information with SOE because the SOE breach is not an ongoing thing.

Which wireless encryption are you using? And I would dump ESET, it isn't the best from what I gathered and doesn't even offer rootkit support. Also, Firefox isn't any more secure than the other options and noscript is a false sense of security.

Now you just sent your computer out for repair? What was it sent in for? How do you know they didn't install something on your system? They had direct access to it didn't they? You do understand that every single company (B&M or online) you give your CC number to stores that information for accounting purposes and at any time their systems can be compromised? Meaning every single place you have ever used that CC at since it was most recently renewed is just as likely to be the culprit as SOE.

You're also thinking of this like a smash and grab job, it isn't. You didn't know your CC info was compromised so the thief doesn't have to run out and use it before it's reported stolen. Most of the time these people will gather as many CC numbers from different people as they can over a given period of time and use them all at once. The odds are greatly in favor of your CC details being compromised awhile ago, not with your most recent usage of it.

And basically telling me I don't know what I'm talking about because the coincidence is too overwhelming is insulting, especially when the assumptions made don't even make sense.
#13 Jul 13 2011 at 3:49 PM Rating: Decent
Scholar
**
546 posts
Raolan wrote:
A system breach like what happened to SOE is similar to the robbing of a brick and mortar store. They go in, find what they're after, and leave.

The CC and debit card info that was stolen was from Austria, Germany, the Netherlands, and Spain, and no CCV numbers were compromised. So unless you're from one of those areas, your CC info wasn't even compromised. Even if your CC info was compromised, they do need your new expiration date and CCV code, which they aren't going to get from you updating your information with SOE because the SOE breach is not an ongoing thing.

Which wireless encryption are you using? And I would dump ESET, it isn't the best from what I gathered and doesn't even offer rootkit support. Also, Firefox isn't any more secure than the other options and noscript is a false sense of security.

Now you just sent your computer out for repair? What was it sent in for? How do you know they didn't install something on your system? They had direct access to it didn't they? You do understand that every single company (B&M or online) you give your CC number to stores that information for accounting purposes and at any time their systems can be compromised? Meaning every single place you have ever used that CC at since it was most recently renewed is just as likely to be the culprit as SOE.

You're also thinking of this like a smash and grab job, it isn't. You didn't know your CC info was compromised so the thief doesn't have to run out and use it before it's reported stolen. Most of the time these people will gather as many CC numbers from different people as they can over a given period of time and use them all at once. The odds are greatly in favor of your CC details being compromised awhile ago, not with your most recent usage of it.

And basically telling me I don't know what I'm talking about because the coincidence is too overwhelming is insulting, especially when the assumptions made don't even make sense.


Raolan... A few things; I admitted to assumptions due to me being upset and angry that I was robbed (I am human afterall). Secondly, I never told you or hinted that you did not know what you're talking about. I merely stated that the coincidence was convincing enough for me, largely based upon my ignorance revolving such cyber attacks. Moreover, I do not know you and you do not know me, so I personally take anything I read here or otherwise, with a grain of salt. I am sure you do in fact know what you are talking about, and your knowledge in regards to what is relevant to this thread, far exceeds my own.

My computer was built by a company called Digital Storm. It was sent back to have the motherboard and RAM replaced due to issues I had experienced. While it is possible they could have done something, I cannot be sure. There are endless possible culprits over the last few years of purchases. I again, jumped to a conclusion based on the knowledge of the recent attack on SOE. Regardless, I meant no offense to anyone, yourself included. Again, my point of this thread was to vent frustration and to see of anyone else had experienced something similar (which was not the case). Take offense if you want, but that was not the intention.
____________________________
"When you're on a journey, and the end keeps getting further and further away, you then realize that the real end is the journey."

~Karlfried Graf Durckheim
#14 Jul 13 2011 at 4:04 PM Rating: Excellent
Gurue
*****
16,289 posts
I think if there was still an issue of security with SOE, we'd see TONS of angry posts on the EQ2 forums. The only thing they're ******** about over there these days are mercs.
Reply To Thread

Colors Smileys Quote OriginalQuote Checked Help

 

Recent Visitors: 28 All times are in CST
Anonymous Guests (28)