Hide your Magelo -- Daybreak will allow you to be a victim.

The fallout from two recent threads is that Daybreak is not willing to take responsibility for its actions. Hackers can compromise our accounts. Daybreak has shown it is unable to protect our digital assets and is unwilling to take care of their clients when devastating things happen outside of our control.

https://forums.station.sony.com/eq/index.php?threads/char-restore-test-already-taking-place.218507/
https://forums.station.sony.com/eq/...where-game-masters-will-not-intervene.218411/

As a result, I deleted my Magelo and am recommending my friends do so as well. Don't let anyone /inspect you. Don't let anyone know your char has good gear. Don't be a target. If you're in a raiding guild I would also turn on /anon.

Protecting my char is important to me. What other things can we do to be safer?

That's exactly what I am going to do. Sorry magelo, I won't be using your services since its a danger to my character.

I think that is over reacting.

How could they get your account name and password from your character magelo?

I'd highly doubt very many folks with magelo use their character's name for their account name or password.

First Ive heard that magelo is a security risk. How do you figure?

He's saying having good items on your Magelo will make your character a target. Not that Magelo itself is any security risk.

Meh, guild tags and account activity are just as good indicators. This isn't going to change my Magelo updating apathy in either direction.

I might add not to use your maIn account (with forum signature/Magelo link) to write on the Forums. I wonder if the EQ site or Forums have a vulnerability.

Huh. Thats like saying that having a nice car makes you a target.

It should only matter if you have a keylogger on your system to catch the info you enter in to the forms for forum logins. Or have a local proxy https bypasser. Both of which mean you're screwed anyways.

The actual login page is https, and uses the same account login system as the rest of the soe/dbg forms. Password storage in the db should be using a once-way hash function with a unique per-user salt, so even getting the stored hash out of the db wouldn't be useful because you can't use it to figure out the password.

4 years ago soe might have been using worse practice for password storage, but high publicity hacks tend to get companies to start using better security practices pretty quickly.

What fallout?

People do ill advised things with their log-in information, such as:

• Verbally tell a friend
• Email it ( do I really need to get into how insecure email is?)
• Send it as a PM on a message board system (these things get hacked, and accounts get compromised all the time. Most of the compromised EQ accounts I have heard about stem from this method. The thief looks at Guild message boards that are exploitable. Next they look through the PMs that are stored in the DB. And if you ever sent a PM with your account info, they will find it. game over )

When you give out that information, you only have yourself to blame.

This is not a Daybreak issue, it is not a Magelo issue, it's an issue of someone being careless with their log-in information.

People laying it solely on personal responsibility are likely the same people who say there is nothing to worry about over NSA data collection ("You don't have to worry as long as you have nothing to hide.")

I'd be worried about the "unknown unknowns" when one day your character is suddenly missing and you thought you did everything right.

We need to be proactive in our principles whether it is defending our consumer rights or civil rights.

What do you tell the people that get their account information hacked and their characters deleted? Sorry, you're collateral damage? Feel free to re-roll a character?

So characters be can't restored even if they were not deleted "through a game play error". What is this Russia?

Your guild tag is much more likely to make you a target than your magelo profile.

Believe me if a *good" hacker goes after you he will have your bank accounts, SIN number, how much you paid in taxes last year and every password you have ever used at his fingertips ..if its on your hard drive it will be his.

I've seen your magelo. I'd hide it too.

If this was a server hack where accounts were compromised and characters or items were deleted, then yes, I think they would restore those characters, and force everybody to reset their passwords. (I think it was a few years ago when there was a security issue and we were forced to.) However, this is not the case, is it?

I am sorry for your friend, because even though its against the EULA to share your account information, many of us already gave out our information at one time. But, in the EULA it clearly states "You are liable for all activities conducted through the Account" meaning anything done using that account is assumed to be done by you.

If your friend was serious about getting their account restored, I assume they would hire an attorney to prove that your friend did not actually delete the character, that an unauthorized person accessed the account, and all activities done from a specific time frame were done without authorization. The would have to subpena server logs, and most of all prove the account owner had nothing to do with what happened after the account was accessed by the other person.

This would be a great way to scam Daybreak. Have someone else (so they are using a different IP address) transfer the character to FV, sell off everything, which could be over $1,000 USD and the owner petitions that the account was "hacked" and to have it restored to the point where it was before it was transferred off the original server. Nice little scam there, might miss a week of game time, but you just got a cool $1000 for doing basically nothing.

Other then hiding away in instances how would you suggest people prevent others from using /inspect? You can turn off receiving /inspect messages but you can't prevent people from inspecting you.

The problem is people were doing this. The problem was common during the free server transfer days they even took fv off the list at one point so you had to petition after buying a token

I'd have to disagree with this. Namely for the fact that unless the lawyer is going to work for free ( pro bono ), that person won't see any money. Your typical attorney will charge a $1000-$2000 retainer fee for something like this. The contingency contracts attorneys offer (the ones where you don't pay anything unless you win) are commonly for personal injury, malpractice, or other "sure win" cases that involve insurance claims or class action status.