I think I might be done with this game

[ChilledMage]

Accounts are getting compromised and people are losing their items, characters and money. Support is incompetent and blames the victims instead of helping them. Devs haven't said a word about it. The lack of communication is disrespectful.

What's the point of investing more time and money when it can all be lost in a second? Knowing that this can happen to any of us at anytime and we won't get any help is terrifying. I might still log in occasionally to run some raids with friends for a few hours but that's about it, I'm never giving SSG money ever again.

 

[Genkiba]

Okay

 

[Fhrek]

I'm never giving SSG money ever again.

Nobody can't blame you for that. Confidance on SSG is reaching new lows everyday.

 

[Blerkington]

Sorry to see another customer go out the door. It might be worth removing any payment information from your account but otherwise don't delete anything in case you change your mind later and want to come back.

 

[Hafeal]

ok, I'll bite, HOW are accounts being compromised?

 

[cdbd3rd]

ok, I'll bite, HOW are accounts being compromised?

I think OP is referring to the threads about folks logging in and winding up on wrong accounts.

 

[DBZ]

Accounts are getting compromised and people are losing their items, characters and money. Support is incompetent and blames the victims instead of helping them. Devs haven't said a word about it. The lack of communication is disrespectful.

What's the point of investing more time and money when it can all be lost in a second? Knowing that this can happen to any of us at anytime and we won't get any help is terrifying. I might still log in occasionally to run some raids with friends for a few hours but that's about it, I'm never giving SSG money ever again.

Thats the spirit glad you finally got the message

CRYSTAL

 

[Necrodancer]

ok, I'll bite, HOW are accounts being compromised?

OP refers to the plethora of wrong log ins where people seem to accidentally enter with someone else's account. There doesn't seem a a way to replicate this at will but I can personally vouch for the fact I have seen a 3 people complaining on lfm about accounts being abused and lost shard, items and other shenanigans.

Cherry on top? They had the lfm on at the same time (this happened on Moonsea).

 

[Falkor]

In the other thread, Cordo deleted the fighting between people ... and left the thread up. These issues are certainly on their radar. It may take them a moment to wrangle themselves and address this situation.

Without communication and action, they will continue to lose customers. Doing nothing is a choice, and if they make that choice it clearly illustrates that this game is done. The loss of trust, lack of safety, and potential for literal fraud is a no-go for reasonable people. We navigate rare loot, lag, and other technical issues because we enjoy this game.

Yet losing actual money, having characters get deleted and being crapped on by customer support, is a big ole funky no.

Ideally, they address this. But when they can't even replicate a chest loot drop error to repair it, amongst so many other unresolved bugs, I'm not confident they have the skills or resources to address account security.

I see this as a make or break moment for the game, yet have learned the power of lowered expectations, and anticipate SSG being SSG and doing things the same ole SSG way.

Yet in this case, the wall of silence is negligent, and they are enabling fraud.

 

[DBZ]

And the abysmal state of balance and our corrupt a wish amazing balance pass was HILARIOUS

 

[Hafeal]

Was someone spreading a third party software or add-on that compromised a number of accounts?

I have not seen an announcement from SSG about compromised customer data, which I believe is mandated under MA law, which is one of the toughest in the country. They would open themselves up to serious liability if they knew something and did not report it.

 

[Br4d]

Just think about what we have now as a very effective maintenance mode. New content comes out just often enough to keep a wide range of content fresh for players and SSG apparently makes enough on the deal to keep the doors open which we should all be glad of.

Things like CS and bug fixes, well you don't get those in maintenance mode anywhere and we haven't really gotten them for upwards of 5 years now.

 

[Falkor]

As for losing the account and characters, watching zen buddhists monks make a sand mandala gave me insight here. The journey and joy of playing has been it's own gift. Logging into to raid with friends on a weekend, still brings joy. It's all temporary, and will be washed away in time. If I pass before the game ends, or the game ends before I pass, so be it.

I appreciate the experiences we have, and continue to have. And would like to have for years, so hopefully SSG does their job and fixes this.

But I really do expect SSG to SSG, because previous actions are the best indicator of future action.

 

[Falkor]

Was someone spreading a third party software or add-on that compromised a number of accounts?

I have not seen an announcement from SSG about compromised customer data, which I believe is mandated under MA law, which is one of the toughest in the country. They would open themselves up to serious liability if they knew something and did not report it.

We don't know what's causing it, and that is why we are asking for communication. It's all speculation at this point. The only thing we know is that it's happening. And yes, they are treading into legally treacherous waters. Not addressing this, and stonewalling the community, is negligent. They are enabling fraud.

There are a few different issues going on.

One are accounts being hacked, and fraudulently charged, then the shards used to buy otto's boxes and moved to other accounts via auctions in bulk. I've seen half a dozen posts about this in the past few months. This could be tracked, but they don't. Pure laziness, negligence, lack of caring, I don't know ... but they could track auctions, track accounts making these kinds of purchases, track IP addresses, and have actual knowledge and actionable steps to prevent this. And they don't.

The other main issue is people logging in, and it being the wrong account. Somehow, it puts us into someone elses account even though we have used our own personal credentials. Most of the time, people get left alone. I've heard rumors of characters being deleted and other shennanigans, but most DDO players are not malicious. So when this happens, most of us just log out. It's still a massive security issue.

We do not know if this is how people are getting access to accounts and comitting fraud.

We just know that the fraud is happening. SSG's customer service has been telling people it's OUR fault, and that we have malware on our computers. There are multiple reports from the community with this response. This is a highly inaccurate and downright insulting response, but blaming the players is SSGs standard go-to. There has been discussion about this on Reddit, and elsewhere.

So really ... what we have is a full on clustermess. Multiple concurrent issues, with zero transparency or communication from the devs. But, that's how SSG always has been. This is just serious enough that they need to do something and say something.

Trust is gained by drops, and lost in buckets. This is a massive hole in the bucket.

 

[Necrodancer]

Was someone spreading a third party software or add-on that compromised a number of accounts?

I have not seen an announcement from SSG about compromised customer data, which I believe is mandated under MA law, which is one of the toughest in the country. They would open themselves up to serious liability if they knew something and did not report it.

Nothing of the kind. This issue was present since the very birth of DDO but it was so incredibly rare that only a handful of people even knew about this. Now, fast forward to today, something nobody (not even devs) why and this glitch seems to be triggering a lot more although not at a rate to gather in the square screaming DOOOOOOOOM.

They did gave us notice a few months back they were investigating the issue but nothing came out of this (and the 3 accounts "hacked" I was saying about? happened like a week ago).

 

[Br4d]

Was someone spreading a third party software or add-on that compromised a number of accounts?

I have not seen an announcement from SSG about compromised customer data, which I believe is mandated under MA law, which is one of the toughest in the country. They would open themselves up to serious liability if they knew something and did not report it.

Anybody who is using 3rd party add-ons is out of their mind at this point. These aren't even a good idea when most of the add-ons are hobby-land from ex-devs or insiders. They're a nightmare when they come from enthusiasts, who cannot control the distribution of their product reliably nor maintain it in situ on individual users machines.

Then you get the pros looking to compromise machines with zero day attacks and hackers who can make enough off of a compromised machine, via botnet, cycle stealing or just plain fraud and it's a miracle that every machine that downloads 3rd party software doesn't immediately go belly up with it's owner's wallet open to the wind.

 

[Falkor]

Yea, the skills it takes to hack accounts makes hacking a DDO account joke worthy. If someone has those kind of skills they could go after a real target with money. But somehow it's happening. 3rd party add-ons are a good theory, I never use them. But that is speculation. It could be packet sniffers, maybe an exploit thru the discord server, perhaps its brute force account attack, maybe they are using bots to cause lag and interject packets ... who knows.

As for minimizing this, thats how people always are until it's their account that gets compromised. Then the jokes on them. No one is screaming doom. They want accountability, and SSG is SSGing.

Smart to change passwords, remove payment info from account, and keep account login information confidential.

 

[Primus]

Yet in this case, the wall of silence is negligent, and they are enabling fraud.

SSG has been very open for communication in the past about bugs and their fixes, slow but open.
With that as their history, I will give them the benefit of doubt on this issue and suspect that the obvious silence on this may be due to deliberate malicious actions on the part of one/group, and SSG doesn't want to reveal info as they work to pinpoint the breach and identify the guilty.

While I am sure we haven't heard about all such incidents from the players coming to the forum to post about the breaches, more than a few that have posted have stated that they were either using 3rd party software or box accounts that they received.

 

[Falkor]

That's a fair assessment Primus. Let's hope so. Tommy the Cat is on the job.

Do we know these accounts have been using third party software or box accounts? I hadn't read that specifically from any of them. Just seems safe to disable 3rd party plugins completely.

My understanding is the accounts have been long-standing, personal, and not purchased.

 

[Br4d]

Yea, the skills it takes to hack accounts makes hacking a DDO account joke worthy. If someone has those kind of skills they could go after a real target with money. But somehow it's happening. 3rd party add-ons are a good theory, I never use them. But that is speculation. It could be packet sniffers, maybe an exploit thru the discord server, perhaps its brute force account attack, maybe they are using bots to cause lag and interject packets ... who knows.

As for minimizing this, thats how people always are until it's their account that gets compromised. Then the jokes on them. No one is screaming doom. They want accountability, and SSG is SSGing.

Smart to change passwords, remove payment info from account, and keep account login information confidential.

Some of SSG's customers spend thousands on the game annually. That's a target for somebody looking to compromise and profit.