Discussion in 'Player Support' started by Wulfgyr, Sep 9, 2019.
"Never give up, never give in." --The Doctor
(also: "Never cruel or cowardly. ["And if you ever are, always make amends." --12th Doctor addendum]")
Looks like dreamweaver is my Obi-Wan. Senior Customer Support closed the ticket again, and said in-game GM's cannot assist with account recoveries.
Remember, the squeaky wheel gets the grease!! You can be the squeaky wheel!!! Go get them, be an 18 wheeler that severely needs a lube job on all the wheels!!!!!
Truth! 'tis only a minor setback!
No pressure guys.
Apparently the support portion of the site is down - was going to submit a new petition, and got greeted with a ZenDesk error screen.
I do want to point out something that's been slightly bugging me. When the senior CS rep closed the petition, they made the following comment:
*Deep breath* I get it - Customer Support reps have to deal with a lot of grief and hassle, and frequently have to sort through murky "gray area" situations. However, from a community relations/branding perspective, this could use a bit of... "polish" if it's part of the normal "script:"
Accounts from the "golden days" (i.e. original UO, EverQuest, DAoC, EverQuest II) originated before measures like MFA were commonplace. It's been mentioned in this thread about the SoE and ezBoard hacks around 2005-2006 (ezBoard may have been a bit earlier than that). P.S. - Verification by SMS is not a good MFA method, and I would urge Daybreak to consider moving to something like Duo or the Microsoft/Google Authenticator apps.
Especially in the early days of Raid guilds, sharing account information with key classes was commonplace. While "officially" prohibited, there was a bit of "wink-wink, nod-nod" involved here. I can remember sitting at the bar of the Chicago Sheraton at Fan Faire '03, and chatting with members of <Wraith>/<Reviviscence>, SoE community outreach folks, and a few other players. When that was mentioned off-hand (maybe by Tattle? *shrug*), the SoE staff mentioned that they couldn't condone that... but realized that progression guilds had to do "certain things" to keep up with the Aussie and Korean guilds.
Even if the password is immediately changed after this, the account name still becomes "known" to others than the owner. Combined with info gleaned from chat, it then becomes fairly trivial to social engineer a password reset with support staff.
An earlier response from CS mentioned that they send out an email if a compromise is suspected. But what happens when that email goes to an account that no longer exists? Before there was GMail, many folks used their ISP email accounts. For those of us that moved every couple of years in the '90's & 2000's, that meant new emails every couple of years until adoption of a Yahoo or GMail address.
If the account was compromised, it's very likely the information was shared or sold - that was probably one of the motivating factors behind the initial compromise!
I especially take exception to "in every case we've seen it turns out the account was either sold or shared." Blanket statements like that are dangerous and give the appearance of a lack of care/empathy. A quick forum search shows several instances where an account was compromised where information was not shared, and the CS staff successfully helped the individual regain control. (Note: This is from my perspective as a forum viewer, and involves a certain level of trust in what is posted)
And finally... if security is of the upmost importance, why don't they accept the original information used to establish the account?
Phew, ok - /rant_off
Here's something to help end on a more cheerful note - one of my Alts still has a pretty kickass surname title!
Off to see if the support site is up yet.
Years ago I hadn't logged in for over a year due to job moves. I did have my original DvDs and my email address which was gone. I supplied a couple of other things as well and got my accounts back. I was sent temporary passwords. I now have backups of my information so if I forget again, I can get my accounts back.
That's excellent! That's pretty much how I got the Mystbolt account back, and the info is now safely stored in my password manager. I'm still working to get the other back- hopefully a GM will be able to verify the info I provided them like my missing characters paying for Mystbolt's upkeep:
I would still recommend contacting whoever issued the card you used back in the day, the banks were usually who we had our cards through back then, and ask them for the card number of the card you had back when you had that account. Luckily I still had the same bank account, of course that card had long expired, but I had put the card in my EQ2 box, so I had the original card I used so I did have that information for 2 accounts.
For 2 others, I did not have the card information, but I knew who the issuer was. I called them and even though I no longer had any cards with them, I explained the situation and asked them for the card number that I had on record with them in 2005 and they provided it to me via email, it was long expired so there were no security concerns for me, they sent the name on the card, the card number and the expiry date.
So it is worth a shot. Not all card issuers will be quite so willing to help, but depending on who issued it, you may get lucky and then you wont have to hope for a benevolent CSR experience.
That's great advice, Cyrrena! I have all the billing address info from back then and had planned on tracking down the card numbers - but on the last petition they wanted info from 2 years after I stopped playing, and closed it when it didn't match what I created the account with. It might be worth tracking down anyways, though my account with one of the Banks was closed long ago when we consolidated everything to one bank.
I don't keep backups on my computer I use every day. The hard drive or the controller could go out.
I have my backups on several external devices like USB hard drives and thumb drives. Along with CDs and DvDs.
My password manager has an encrypted cloud-backup. Locally I've got my own domain running on Server 2k16, with the Essentials role installed. Important files are stored on a shared folder, and all clients in the house are backed up nightly (daily/weekly/monthly scheme) to a 6 TB RAID 5 array that has a "hot spare" installed in case one fails (also where the shared folder is located). Core server backups got to separate external 4 TB drive.
Yep, the kids have never been able to use "the computer deleted my homework" excuse. While it's not an enterprise level setup, it's robust enough for home use.
I know what all of that means, but I don't use it. Cost me too much. I have around 20 thumb drives of various sizes and several 500 gig and 1 terabyte USB external hard drives. And a stack of 50 CDRs.
I have never trusted "the Cloud" at all, probably never will. Always strikes me as about as secure as an average cloud. :-/
I'm with Gero: physical media all the way.
A huge, HUGE thanks to Edikit and the whole Daybreak CS team. I'm not going to lie... a little bit of awesome may have leaked out of my eyes!!
I spent a good chunk of the day cleaning things up a bit, and going through the betrayal quest to become a Mystic again.
And to top it off, both our girls finished in the top 20 for their cross country meet today! All in all, a great way to start the weekend.
-Wulfy & Mystbolt
And a big "Wulfgyr's right, you guys are awesome!" out to Edikit and all the gang!
what ? did you get your account back ? awesome if you did
I don't want to say I told you so , heck , ITOLD YOU SO
I am soooo happy for you .
Congrats on getting your account back !
And 'the cloud'... yeah, who has access to your files besides you ? One company I worked for used one of the cloud back up services. My boss asked me what I thought of it... I pointed out they had nice adverts, but why does the corp office trust them ? What is that company's track record ? Has anyone, that we know of and if so would that company tells us, hacked them ? Unfortunately, some muckymuck at corp liked the idea and wasn't interested in our input.
My backups of all of that stuff like card numbers and such is pencil and paper and I usually have 2 wirebound notebooks kept in different locations that are both locked so that it is safe and accessible.
Separate names with a comma.