Having recently been the victim of a compromised account, despite my
savvy and efforts to protect my private information, I was interested
in what Sony Online Entertainment would have to offer at their
Compromised Accounts and What You Can Do to Prevent Them panel at SOE
Fan Faire. Scott Dale, Assistant Manager of Tech and Billing Support at
SOE, kicked off the panel with a presentation about account security.

“Compromised accounts are fairly common right now,” said Dale. “A
compromised account means that somehow your [account] information has
become exposed.”

How Can You Tell Your Account Has Been Compromised?

Dale listed several ways in which players can recognize that their
account security may have been breached. When he displayed an image of
the character selection screen from EverQuest II, the audience
chuckled. The character on the screen was standing there sans armor…in
his underwear.

“So, the first way you know you’re account’s been compromised,” said
Dale, “Is that your characters are naked.” He went on to present a list
of ways to recognize a potential account security issue:

  • Your character has been stripped, or you are missing money
    and/or items.
  • You remember logging out at a specific location, but your
    character has been moved. “It’s like you wake up and you don’t know
    where you are,” said Dale.
  • You receive email from customer support telling you that
    your password has been reset, or that your character has been
    transferred, when you didn’t actually initiate any action.
  • You receive notification that your account has been
    reactivated when you didn’t reactivate it. “You may not be playing
    right now,” said Dale, “but you’re probably going to want to play again
    some time, so you want to protect your account.”
  • You receive word from friends or guild mates to tell you
    that they’ve seen your character in game at times when you were not
    actually playing.
  • You are contacted by Customer Service with a notice that
    your account may have been breached or that there is unusual behavior
    occurring on your account. “A lot of times,” Dale said, “We catch this
    activity even before you notice it.”

style="margin: 10px; border-collapse: collapse; float: right; width: 300px;"

href="http://www.tentonhammer.com/node/87870"> style="border: 0px solid ; width: 300px;" alt=""

Compromised accounts can stem from unlikely sources. (Okay, probably
not this source, but still.)

An audience member commented then that he was contacted by Customer
Service because his compromised account had been banned. Dale explained
that account banning is used as a security measure when there’s
suspicious activity on an account. “Normally, the way we know that an
account’s been compromised is because someone’s using it to farm,” he
said. “Someone has logged in from another country--and you can probably
all guess which country that is--and they’re in your account stripping
your characters; they’re selling in the Bazaar; they’re spamming with

How Are Accounts Compromised?

Shared Accounts

Dale then warned about sharing accounts, and stressed that even sharing
an account with a trusted individual isn’t necessarily secure, “because
that person could have room mates or friends who access your account,
and suddenly you’re sharing it with a whole bunch of people instead of
just one.” He explained that CS often receives support tickets from
people who are missing items and often the loss is the result of a
shared account.

“The amount of time it takes us to go through and track down stuff is
about 45 minutes for an easy one,” said Dale, “and that doesn’t
necessarily mean we can reverse the damage.”

Key Loggers

“Most people who report compromised accounts say they have a key
logger,” said Dale. “I’ve never had a key logger, and I’ve never known
anyone who’s had one, but that’s the most common way people style="font-style: italic;">think [account
fraud] happens.”

Although key loggers are thought of as spyware (Dale mentioned spouses
installing key loggers to track their significant other’s movements on
the Internet as an example), most key loggers are accidentally
downloaded client-side, usually via email or website.

“I’ve heard of people who used third-party programs who became
compromised because [the programs] contained key loggers,” said Dale.
“If you’ve downloaded a third party app that wasn’t secure and had a
key logger in it, the key logger will record data, including your


style="margin: 10px; border-collapse: collapse; float: right; width: 300px;"

href="http://www.tentonhammer.com/node/87871"> style="border: 0px solid ; width: 300px;" alt=""

phishing sites look identical to the official login sites. Can you spot
the fake?

Most phishing attempts occur when an account holder receives an email
directing them to a fake login site. Dale showed an image of a copycat
site under the headline, “Can You Spot the Phishing Site?”

“What’s the difference?” an audience member asked.

“That’s a good question, because there isn’t one,” said Dale. “These
sites look identical.” He went on to explain that the URL for the two
sites was very similar--the official Station login site is
auth.station.sony.com, while the phishing site’s URL was

 “A lot of the links on a phishing site will actually point to
our site,” Dale said, “so unless you’ve gone through all the links on
the site to verify, there’s no reason for you to think you’re not on
our site.”

What Can You Do?

Dale reiterated his advice for keeping accounts secure:

  • Avoid using your character name as an account name
  • Change you password to something less obvious
  • Use a combination of uppercase, lowercase, symbols,
    numerals and letters. These types of passwords are more difficult to
  • Don’t share your password with anyone else. (Dale joked,
    “People tell us things like, ‘I don’t share my password with anyone!
    The only people who have it are me and my guild.’”)
  • Don’t click on hyperlinks, particularly if they arrive in
    email. Type in the web address for the official site manually.

After Scott Dale concluded his presentation on account security, his
colleague Jason Brenner, Project Manager for SOE’s Business Development
team, went on to introduce the prototype of SOE’s proposed security
token system, which is similar to Blizzard’s Authenticator. (We gave
you the href="http://www.tentonhammer.com/news/SOE-unveils-security-token-system">details
on the Security Token System during Fan Faire last weekend.)

As SOE’s presentation demonstrates, there are many ways to recognize
compromised accounts, as well as to safeguard your account’s security.
No one wants to find their character naked and their bank account
empty. But if the worst does happen, it’s good to know that Customer
Service teams, like the one at SOE, are there to provide assistance.

Last Updated: Mar 13, 2016

About The Author

Karen 1
Karen is H.D.i.C. (Head Druid in Charge) at EQHammer. She likes chocolate chip pancakes, warm hugs, gaming so late that it's early, and rooting things and covering them with bees. Don't read her Ten Ton Hammer column every Tuesday. Or the EQHammer one every Thursday, either.