Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Quick Links
Snail USA on Account Security
Sanasu
Member UncommonPosts: 29
Hey guys, I am not a regular poster here (I think I have 10-ish posts) but there was a topic brought to my attention today that I feel needs to be addressed in regards to how Snail USA handles account security.
Earlier today I logged in to my AoW character (Wudang, love the swords) and found out that all of my Taels (their version of in game gold that can be traded between players) had been exhausted. I opened a ticket and went to the forums to see if there was any information on account hacking and how to recover lost items/money if your account gets hacked. What I found out appalled me to no end.
http://www.ageofwushu.com/forums/viewtopic.php?f=29&t=7940
The seventh post down explains that Snail USA is in no way responsible for the security of someones account. Now, I understand that it is in the hands of players to be sure they aren't going to any shifty sites to get malware or keyloggers that are going to swipe account information, so that was not an issue for me. What chaffed my bum was that there is no way Snail USA is willing to refund or return lost items/Taels and states that it is the players fault and they are not liable (in any way) for damages rought to your account. It is like saying that if we do not want to be robbed that we should lock our doors. In my case I locked my door, but someone kicked the door in and they do not offer reinforced doors. This can be seen in the seventh post and other posters in this thread:
http://www.ageofwushu.com/forums/viewtopic.php?f=29&t=7940&start=20
Needless to say, I am out a fair number of Taels and have no recourse to recover them. In my defense, I have not had a game account hacked before, run computer security scans daily, and use a different password for each account. The fact that I was hacked in less than 2 weeks after the game dropped absolutely astounds me.
The next thing that concerns me (and this is where is gets super sketchy) is that you can turn gold that you buy with real money for their in-game shop into Taels. This means that a hacked account will lose the money they invested into the game and Snail USA is simply not willing to work with them. This can be seen by multiple posters in the previously linked threads. What makes this sketchy is that upon losing money you can always give Snail USA more money to get your Taels back (ie: buying more Taels).
This is the first game in which I have experienced this type of neglect for account security protocol on the part of the company, and it will hopefully be the last. Needless to say, I will not be renewing my VIP status and have cancelled my GameStop preorder for the boxed copy of the game. It's a shame too, I was realy enjoying this game. I am just unwilling to support a company who doesn't want to help customers with account security issues, only to turn around and be willing to sell you the in-game money you just lost. It just doesn't sit right with me.
If you read this whole post, thank you for your time and please try to spread the word on this and maybe Snail USA will actually take customer concerns about account security seriously.
-Sanasu
Comments
Conjecture on my part here, so bear with me.
I believe part of the problem is that Snail isn't able to effectively track gold through certain transaction with database logs. If they aren't able to figure out how the gold was dispersed after it was removed from your account, I don't find it too surprising that they wouldn't offer a refund. Remember, this is a player driven economy - largely different from how a game like WoW (auction house, grind loot) works. Thus, the quantity of currency ultimately matters in relation to how fast gold enters and leaves the market via gold sinks (ie. taxes).
Simply giving back gold doubles that problem in each instance, which likely poses a larger problem for the whole game (although it obviously helps you none).
I do not know what is causing these problems, although they appear to be fairly localized. The usual culprits are to blame - such as looking up old forums for your email information, weak passwords, viruses, ect. Based on what you said, it seems to me that you took proper precautions. Sometimes that's all you can do.
I personally always check my last IP login information prior to logging into my character. If you don't recognize that IP, then you know something is wrong. For things like this, arm yourself with the most information you can.
I do understand what you are saying about them not being able to track where in-game currency went after an account had been compromised, and it is something that has been talked about a bit on the forums. The normal response would be something to the effect of "Well if Snail can't track where stuff is going in game they could at least tell us that!", which is probably not the right response for Snail. If Snail were to tell us they can't track logs on player activities, it shows that they have very little control over market flow in their game. Logistically, it would make looking at metrics on things like what players are spending Taels on incredibly difficult (impossible).
I also understand that this game has a player driven economy, however what doesn't make sense is that being the reason they won't help players recover stolen in-game goods and money. The reason I say this is because they sell Taels themselves. If returning stolen Taels causes instability in the in-game economy, then why on earth are they selling Taels in the first place? That creates artificial inflation something fierce. The fact that they even sell Taels shows that the end economy isn't really a major concern for them.
Lastly, if it is, in fact, because they have no means to track what happens to accounts, then I feel that is fairly short-sighted on their end. The game is made in a region where this sort of thing is endemic. Hackers, bots, etc. are born and bred in the country this game is from. Why they wouldn't have stronger safeguards in place, let alone at least being able to track where a cash flow is in logs, is beyond me.
-Sanasu
The patch today made so that you can not send money without a item. This makes it so they can track them. It seems silver exchange was not trackable, but item exchange is.
I do agree it sucks that they wont give it back, at the same time they're are taking a hard stance, putting the burden on the player and not inflating the economy. It's scary though.
Well it looks like this is a case of "it can't happen to me", actually happened. It looks I'm being added to the long list of people who has had their account hacked. I only had about 350 Liang in taels (all mostly from kidnapping), but when I logged in the game this morning I found my character standing right next to the bank at my school in RG and those taels gone. Luckily I didn't have anything worth to a hacker that was worthy to take from the bank as far as mats go. I put in an email ticket that has a 6 day queue and changed my account password. Putting in online ticket is a joke becuase you have to wait 1.5 hours just to get a pop up box in Chinese.
So the fact that it's only about 350 Liang isn't what's bothering me, is that from what I read on their support forums I'm going to be pretty much screwed. I'll be damned if I'm going to build up 300-500 Liang every couple of days just to have some script kiddie hack my account and take it. This sucks becuase I actually like the game but Snail just can't seem to actually manage it worth a damn. I suspected as much before I started playing, now I will wait in see in 6 or so days if they prove me right. Not to mention their mass account freezes are not helping their case either. I had several guildies who are legit players but who know how to make money on the trade market had their accounts frozen. A few have already stated that they are leaving the game now. I might be following soon if Snail doesn't pull it's head from it's arse.
"If I offended you, you needed it" -Corey Taylor
(A repost but I think its a more suitable location for this than the previous thread I posted this in)
This is a warning for my MMORPG.com folks...
This game is becoming TOXIC. There has been a rampant increase in goldsellers, account hacking, exploiting of the in-game economy and even some cases of stolen credit card information.
Their websites as well as the methods they use to transmit your credit card information and payments are severly lacking in security.
I suggest if you choose to play this game, that you do so with a completely clean e-mail address not attached to anything else. I'd also refrain from purchasing any gold from Snail Games. Do not give them your money. If you choose to please go out and get yourself one of those pre-paid cards to use, don't attach any of your personal information to this game. Paypal is also an option but I've read cases of people charges not going through completely and subsequently getting banned because Snail sees it as them buying gold but not actually paying for it..
There is a very, very strong chance that you will TOP-UP (Their gold buying term) and then turn around and have your account auto-banned because you have too much money on your toon. If you're into having multple alts you will more than likely find yourself in this situation very quickly where you have just given them money and 15 mins later you are locked out because your account is frozen.
The game is fun, entertaining and something different, but if those things alone are worth exposing yourself to having to do chargebacks and fraudelent charge claims to your bank then by all means head on over.. LoL
Just know your boy Opa tried to warn you beforehand. If you think this is all speculation I do insist you check out their forums for yourself to form your own opinions on the matter and going from there. Just a friendly warning is all..
GG MMORPG..
PM before you report at least or you could just block.
LoL If it were only that simple..
If it were only... THAT.. simple..
PM before you report at least or you could just block.
Because when 3rd parties track your buying of gold then hack your account, its on the game company not me. Lack of security on their real money transaction site isn't something I can counter. Doesn't matter what you choose for a password either. A 28 digit alpha numeric pass word simply means their brute force program has to run for another 5 min.
Glad to see this getting some attention. Sad to see it has to be from others who have also been hacked. At this point, everyone I know has jumped from AoW. We are now patiently waiting for ArcheAge for our sandbox fix. Sadly, this has also caused my group to split up again with some people in LotRO, WoW, The Secret World, and now Neverwinter. It's saddening too because this was the first game in a long time that everyone in my gaming ring truly enjoyed. Like you said, it's a damn shame because this game was really fun. But there is no way I am going to play a game where I cannot progress because my account runs the risk of being hacked with no protection or aid from Snail USA. If Snail was willing to reinstate our lost funds, I would be not ranting, because they are willing to work with us.
When I start a new game, I always know there is a risk of hacking, which is why I try to protect myself as best as I can. However, in this game's case there doesn't seem to be anything I can do to really protect myself. I also do not use standard alphnumerical passwords. Cracking programs have a really difficult time breaking passwords that are full, real words. Hell, even Goons are getting hacked left and right now. It's funny because they are saying to play the game if you enjoy it, just don't work to obtain money because you very well may lose it.
It's funny though. How good this game is makes people generally shrug off issues like these until it happens to them. When it does happen to them, it gets even more interesting seeing how these individuals cope with the congnitive dissonance that arises from the situation.
-Sanasu
If it were only... THAT.. simple..
It is that simple.
So you understand that you are responsible for credential security, yet you are chaffed when they are not willing to provide you refund for your security negligence?
You keep blaming the company, yet you cannot prove or even point out where their security measures are lacking.
The idea that someone "hacked" their database or "breached" their security and then log into your account and stole your stuff is very unrealistic, naive and based on lack of technical awareness how those things work.
The most vulnerable part of client-server infrastructure is client - you, something Snail games will never have much control of.
To distinguish the difference between authorized and unauthorized transaction can be extremely difficult and sometimes you will happen to be on the short end of the stick when evidence isn't in your favor or simply isn't convincing enough.
tldr: Shit happens.
Sorry, but it would help if you read my whole argument and didn't extrapolate things I didn't say in order to try and make a point against me (I believe that is called a strawman). Also, please explain to me how much control they can have over their own system when they are banning accounts now for simply transferring large quantities of Ding either between alts or from legitimate sales. I must be missing something.
As far as your knowledge on lacking security measures, you really must not play the game. Their credit card transactions do not use encryption, there is no secondary password system to the game, and there is no third party authentication that can be used (i.e. email or mobile). The game used a secondary password in the earlier stages of beta. They got rid of it. The EU version of the game still has it and I am more hard-pressed to locate incidents of hacking there.
Also, yes it irritates me that they won't help hacked accounts. Name another reputable game where they won't help hacked accounts. Blizzard helps people who are hacked. Turbine does too. Cryptic also. Please, enlighten me with your scathing brilliance.
-Sanasu
Read my post again so you do not need to ask questions that were already answered.
I quoted exactly the part where you made an error in your further assumptions and addressed it. Nothing is "extrapolated" from there, just there is no point addressing more points caused by same error.
1) Can you elaborate how did you find out that their site use no encryption for CC transfers?
2) "Secondary password system" - no idea what that is supposed to be...
Did you mean this?:
http://member.us.woniu.com/register.jsp
Thingie that allows you to link your AoW account to Snail games account..?
3) 3rd party authentication methods are very exception on the market, and only make sense for largest companies to provide such service and I doubt many use it anyway.
EU version...you mean that one that isn't even in closed beta, yet?
Not going to answer any other questions you raised since as I pointed out at the start of my post, they already got answered. If you want some of the points to be clarified, you have to be specific, repeating the same over and over without reading the replies and making en effort to understand what others are telling you won't yield any answers for your questions nor produce a constructive discussion...if that is what you seek...
The part you quoted from my original post was talking about me. Talking about protecting myself from harmful sites and how I need to protect my account. I never said anything about Snail themselves being hacked. How on Earth would I know that? You extrapolated.
1. Check the website for yourself. It's pretty obvious. If you don't know what a security script is (https) then I have no idea how your credit card account information hasn't been lifted yet.
2. Secondary passwords are entered after you log in. Lots of Korean games us them. AION comes to mind.
3. More than just third party can be used. Tera uses a self-contained email authentication system. Gives you a second layer of security if your email password differs from your account password. These systems allow some control over where an account is accessed, thus limiting the client-side weakness of account security.
And you refuse to answer my last question... probably because you can't. To add to my previous list. NCSoft helps people who have been hacked. So does Bioware. Also Mythic.
-Sanasu
This isn't a signature, you just think it is.
There is no extrapolation, it is an argument by example. You implied that the issue is on their end, and I made an example of such scenario.
That is because the authentication via Skrill is happening in frame. Thanks for "educating" me tho....
Ah, I see. This is again a very exception on the market and I beleive this is more of botting security rather than account security related.
This is falling to 2). Anyway, Snail game passport I linked above does the same...?
Every company is using very much same policies when it comes to refunds - no refund when evidence is unclear and Snail games are no different.
It is apparent you actually do not care about answers nor sense, and you just keep ranting. Yes, it's frustrating but you also also wrong...
"If I offended you, you needed it" -Corey Taylor
Alright. I will yield. Apparently I have no clue what I am talking about because not addressing customer concerns is great business. Using an example based off of something I didn't say is obviously not a strawman. Every po-dink Korean MMO is a market exception and has nothing to do with the fact that they live in a region that breeds hackers. When I originally went to get a VIP account, they obviously were using Skrill and I am blind. Whatever, what-have-you. This argument about security isn't worth the time or effort.
I do understand where you are coming from about account security. Really, I do. Had Snail been able to assist me, I would have figured out MORE measures to increase my security (if there are any), and would still be playing. The game is hella fun. Also, I never lost real money. I lost in-game money. Why can't they help me with that?
The very bottom line is what my original post had as an undertone throughout, and said explicitly in some places. It is extremely poor business to not help your customers in these situations. Mythic doesn't have another means to prevent unauthorized log-ins outside of a password. Same with Turbine. Yet both of these companies help their customers when they get hacked. The reason I know they have no other authentication means other than a password is because I have accounts for lotro, ddo, daoc, and war. I have had guildies who have been hacked and restored in a matter of days... not given a copy-paste response on how it's their own fault and that nothing wil be done. Regardless, I will probably not bother posting in this thread again. My point was made and people are seeing my problems, and now other people who are running into the same issue. Going to go back to what I usually do and just lurk. I am just glad this is actually getting out there.
In other news I logged in today on my laptop (only used for academia) for the first time in a couple weeks and it looks like my account was flagged as having added not 1, but 2 (!) copies of the boxed edition. Lolwat.
-Sanasu
@Gdemami
Hey man I understand that you're trying to play devils advocate here and don't want to let false information just ruin or impeech on the respect of an innocent company but there are a few things..
1) Have you actually been playing this game?
2) Have you taken the time to read the forums to get an understanding of what is going on?
3) Have you played this game? Because if you did, you would see the type of thing that is currently so rampant in game.
If so, tell me the first 3 things you encounter when logging in.. It will be the same as everyone else I garuntee it..
I agree that in most cases account security does come down to the user. Strong passwords, secure CC information. Not telling people your account login info and all that. Not purchasing gold from third party sites because they will just turn around and take your money.
The thing that is happening now, is mass bannnings and many, many cases of false positives with no respectable response to the issue. Like literally, people are purchasing gold from Snail Games the company itself and are then getting banned because of the auto-banning program they've had running over this weekend.
Also you are giving this company and companies in general too much leeway. It's the year 2013, along with making sure your game is good and enjoyable. Security of customer information should also be a top priority. Allowing companies to skirt around these type of issues without proper response is bad business and just sets us (the gamers) up to get burned with no way of justice because of ToS, EULA's and all the other types of bullshit laws that protect these companies from being responsible in cases where their security measures fail.
As much as it is a responsibility for the consumers to protect their information, the same goes for the companies that provide these types of services.
I commend you for trying to keep the discussion valid but I think you need to take a step back and really get a better understanding on what is happening with Age of Wushu.
PM before you report at least or you could just block.
First thing I would do is download tdsskiller and run it to see if you have any trojans, keyloggers on system. If not then it is all on Snails side and is the fault of the company. If you do end up having them, at least you got rid of them.
http://www.softpedia.com/get/Antivirus/TDSSKiller.shtml
Star Citizen – The Extinction Level Event
4/13/15 > ELE has been updated look for 16-04-13.
http://www.dereksmart.org/2016/04/star-citizen-the-ele/
Enjoy and know the truth always comes to light!
The auto freeze stuff is stupid, no doubt. I was frozen for about 36 hours last week. It happened the first day the system was implimented. I was innocent, I was unforze. The investigation did take longer than I thought it would. I was at the point of pissed of, when I got back in.
Perma bans are going out as I type. If you buy gold in AoW you will be banned, and lose months of progession. They've taken a very hardline stance.