Having recently been the victim of a compromised account, despite my
savvy and efforts to protect my private information, I was interested
in what Sony Online Entertainment would have to offer at their
Compromised Accounts and What You Can Do to Prevent Them panel at SOE
Fan Faire. Scott Dale, Assistant Manager of Tech and Billing Support at
SOE, kicked off the panel with a presentation about account security.
Compromised accounts are fairly common right now, said Dale. A
compromised account means that somehow your [account] information has
How Can You Tell Your Account Has Been Compromised?
Dale listed several ways in which players can recognize that their
account security may have been breached. When he displayed an image of
the character selection screen from EverQuest II, the audience
chuckled. The character on the screen was standing there sans armor in
So, the first way you know youre accounts been compromised, said
Dale, Is that your characters are naked. He went on to present a list
of ways to recognize a potential account security issue:
- Your character has been stripped, or you are missing money
- You remember logging out at a specific location, but your
character has been moved. Its like you wake up and you dont know
where you are, said Dale.
- You receive email from customer support telling you that
your password has been reset, or that your character has been
transferred, when you didnt actually initiate any action.
- You receive notification that your account has been
reactivated when you didnt reactivate it. You may not be playing
right now, said Dale, but youre probably going to want to play again
some time, so you want to protect your account.
- You receive word from friends or guild mates to tell you
that theyve seen your character in game at times when you were not
- You are contacted by Customer Service with a notice that
your account may have been breached or that there is unusual behavior
occurring on your account. A lot of times, Dale said, We catch this
activity even before you notice it.
Compromised accounts can stem from unlikely sources. (Okay, probably
not this source, but still.)
An audience member commented then that he was contacted by Customer
Service because his compromised account had been banned. Dale explained
that account banning is used as a security measure when theres
suspicious activity on an account. Normally, the way we know that an
accounts been compromised is because someones using it to farm, he
said. Someone has logged in from another country--and you can probably
all guess which country that is--and theyre in your account stripping
your characters; theyre selling in the Bazaar; theyre spamming with
How Are Accounts Compromised?
Dale then warned about sharing accounts, and stressed that even sharing
an account with a trusted individual isnt necessarily secure, because
that person could have room mates or friends who access your account,
and suddenly youre sharing it with a whole bunch of people instead of
just one. He explained that CS often receives support tickets from
people who are missing items and often the loss is the result of a
The amount of time it takes us to go through and track down stuff is
about 45 minutes for an easy one, said Dale, and that doesnt
necessarily mean we can reverse the damage.
Most people who report compromised accounts say they have a key
logger, said Dale. Ive never had a key logger, and Ive never known
anyone whos had one, but thats the most common way people style="font-style: italic;">think [account
Although key loggers are thought of as spyware (Dale mentioned spouses
installing key loggers to track their significant others movements on
the Internet as an example), most key loggers are accidentally
downloaded client-side, usually via email or website.
Ive heard of people who used third-party programs who became
compromised because [the programs] contained key loggers, said Dale.
If youve downloaded a third party app that wasnt secure and had a
key logger in it, the key logger will record data, including your
phishing sites look identical to the official login sites. Can you spot
Most phishing attempts occur when an account holder receives an email
directing them to a fake login site. Dale showed an image of a copycat
site under the headline, Can You Spot the Phishing Site?
Whats the difference? an audience member asked.
Thats a good question, because there isnt one, said Dale. These
sites look identical. He went on to explain that the URL for the two
sites was very similar--the official Station login site is
auth.station.sony.com, while the phishing sites URL was
A lot of the links on a phishing site will actually point to
our site, Dale said, so unless youve gone through all the links on
the site to verify, theres no reason for you to think youre not on
What Can You Do?
Dale reiterated his advice for keeping accounts secure:
- Avoid using your character name as an account name
- Change you password to something less obvious
- Use a combination of uppercase, lowercase, symbols,
numerals and letters. These types of passwords are more difficult to
- Dont share your password with anyone else. (Dale joked,
People tell us things like, I dont share my password with anyone!
The only people who have it are me and my guild.)
- Dont click on hyperlinks, particularly if they arrive in
email. Type in the web address for the official site manually.
After Scott Dale concluded his presentation on account security, his
colleague Jason Brenner, Project Manager for SOEs Business Development
team, went on to introduce the prototype of SOEs proposed security
token system, which is similar to Blizzards Authenticator. (We gave
you the href="http://www.tentonhammer.com/news/SOE-unveils-security-token-system">details
on the Security Token System during Fan Faire last weekend.)
As SOEs presentation demonstrates, there are many ways to recognize
compromised accounts, as well as to safeguard your accounts security.
No one wants to find their character naked and their bank account
empty. But if the worst does happen, its good to know that Customer
Service teams, like the one at SOE, are there to provide assistance.