Further update - response from them
"Thank you for following up and for taking the time to outline your concerns in detail. I understand how upsetting this situation is, especially given the time and money you’ve invested into your account over the years. To clarify, after review, there is no indication that Standing Stone Games’ systems were breached or compromised in this case. All investigated incidents of account compromise have been the result of account credentials being exposed outside of our systems. This typically occurs through phishing attempts, reused passwords on third-party websites, malware or keyloggers on a local machine, or logging into non-official sites that request account details. While we understand the frustration around not being able to change a username, access to an account still requires the correct password. Without that password, a login cannot occur. For that reason, protecting and isolating your password remains the most effective way to secure your account. To help prevent this from happening again, we strongly recommend the following: • Use a completely unique password that is never used anywhere else (not forums, Discord, other games, or email accounts). • Create a password specifically for your SSG account and do not store it in browsers or password managers tied to shared devices. • Avoid logging into any website other than official SSG properties (the game client, MyAccount page, and forums). • Run regular malware and antivirus scans on your system to rule out keyloggers. • Change your password periodically, even if you believe it has not been exposed. Unfortunately, once points or items have been spent or removed as a result of an account compromise, we’re unable to restore or reimburse them. This decision is based on policy and is consistent across all similar cases. We understand that this is not the outcome you were hoping for, but please know your feedback regarding account security options has been documented and shared with the appropriate teams for consideration. If you have additional questions or need assistance with securing your account going forward, we’re happy to help. Thank you for your time and understanding"
so generic copy and paste ignoring my actual questions
my response
"This does not answer the question. I asked if they logged into the account or they ended up in my account which is an issue I have seen myself and is widely reported. It happens when logging in or logging out a character and you end up in someone else's account. This is a fault with your system not a breach of my username/password. If they logged in you should have logs and should be able to tell me if it was a result of knowing the password or brute forcing it with multiple incorrect attempts. Depending on the issue tells me if I can continue to spend money with you or if your security is too poor to continue. Please read and respond. I have repeatedly asked for your complaints and resolution procedure and that question has also been ignored. Please can you answer that"
This is my last attempt at nice, next step legal/regulatory bodies.
I was upset, now I am angry, repeatadly ignoring the questions is terrible, currently preparing posts for every social media outlet I can think of. If nothing else everyone who plays the game needs to know these vulnerabilities and that ssg cannot be trusted to have points loaded, items on your character or have certain payment options saved as they are not secure or safe
