• Announcements

    • IMPORTANT - REACH US IN THE NEW FORUM   05/04/2017

      Ladies and gentlemen ATTENTION please:
      It's time to move into a new house!
        As previously announced, from now on IT WON'T BE POSSIBLE TO CREATE THREADS OR REPLY in the old forums. From now on the old forums will be readable only. If you need to move/copy/migrate any post/material from here, feel free to contact the staff in the new home. We’ll be waiting for you in the NEW Forums!

      https://community.blackdesertonline.com/index.php

      *New features and amazing tools are waiting for you, even more is yet to come in the future.. just like world exploration in BDO leads to new possibilities.
      So don't be afraid about changes, click the link above and follow us!
      Enjoy and see you on the other side!  
    • WICHTIG: Das Forum ist umgezogen!   05/04/2017

      Damen und Herren, wir bitten um Eure Aufmerksamkeit, es ist an der Zeit umzuziehen!
        Wie wir bereits angekündigt hatten, ist es ab sofort nicht mehr möglich, neue Diskussionen in diesem Forum zu starten. Um Euch Zeit zu geben, laufende Diskussionen abzuschließen, könnt Ihr noch für zwei Wochen in offenen Diskussionen antworten. Danach geht dieses Forum hier in den Ruhestand und das NEUE FORUM übernimmt vollständig.
      Das Forum hier bleibt allerdings erhalten und lesbar.   Neue und verbesserte Funktionen warten auf Euch im neuen Forum und wir arbeiten bereits an weiteren Erweiterungen.
      Wir sehen uns auf der anderen Seite!

      https://community.blackdesertonline.com/index.php Update:
      Wie angekündigt könen ab sofort in diesem Forum auch keine neuen Beiträge mehr veröffentlicht werden.
    • IMPORTANT: Le nouveau forum   05/04/2017

      Aventurières, aventuriers, votre attention s'il vous plaît, il est grand temps de déménager!
      Comme nous vous l'avons déjà annoncé précédemment, il n'est désormais plus possible de créer de nouveau sujet ni de répondre aux anciens sur ce bon vieux forum.
      Venez visiter le nouveau forum!
      https://community.blackdesertonline.com
      De nouvelles fonctionnalités ainsi que de nouveaux outils vous attendent dès à présent et d'autres arriveront prochainement! N'ayez pas peur du changement et rejoignez-nous! Amusez-vous bien et a bientôt dans notre nouveau chez nous

[Notice] Account Security

184 posts in this topic

Posted

Nah you're really blatantly trolling.  It's common practice when there's a data breach to tell customers so they know which password was compromised or which site has problems. Doing otherwise is ignorant. 

Share this post


Link to post
Share on other sites

Posted (edited)

Nah you're really blatantly trolling.  It's common practice when there's a data breach to tell customers so they know which password was compromised or which site has problems. Doing otherwise is ignorant. 

It's not my intention to troll but if you want to use that as a cop out be my guest. It's not easy to accept when you're wrong. I know.

Common practice? You work in this field as well? Interesting.

Pretty sure they did that with this post. They informed you, but you're irrelevant, as your account was not compromised. If it was then they did what was necessary for you, in this case, reset your password & whatever else we don't know that they might have done (I was not compromised so i do not know for sure.)

Edited by War
1 person likes this

Share this post


Link to post
Share on other sites

Posted

That is exactly why I am against Paymentwall demanding a photo copy of an ID and CC to verify accounts.

Share this post


Link to post
Share on other sites

Posted

I changed my password to ******** just in case.

Sad news tho, hope they can do something to stop it.

 

1 person likes this

Share this post


Link to post
Share on other sites

Posted

All this stuff and still no Two Factor Authentication. Pretty horrific.

Share this post


Link to post
Share on other sites

Posted (edited)

If you need to change your password, you also have to change your whole email address too?! What about those of us who do not have multiple email addresses at our disposal, we have to create a whole new one we'll never check because of this? What the hell. 

If you have gmail, you can add a period anywhere within the address and make it "different" thisismyemail@gmail.com is the same as this.ismyemail@gmail.com; you also add a + to the end (provided the website permits it) but thisismyemail+bdo@gmail.com is the same as thisismyemail@gmail.com but shows you uniquely incoming allowing easier filtering and seeing who is selling your email.

Using Outlook/Hotmail? You can make aliases that are 100% different but come into the same e-mail inbox and you can even choose unique domains that Microsoft uses. Find out how to make aliases at https://support.microsoft.com/en-us/help/12407/microsoft-account-manage-aliases

These are two of the best features for using login accounts for game. Be safe out there!

Edited by Toq

Share this post


Link to post
Share on other sites

Posted

That is exactly why I am against Paymentwall demanding a photo copy of an ID and CC to verify accounts.

Paypal also requires photocopy of ID and CC to verify accounts if you've ever had a fraud flag. 

Share this post


Link to post
Share on other sites

Posted

Well it's been about four-five hours. They probably do not know a whole lot, so those of you asking/demanding for information about the third party site and more information, these things do take quite some time to track down and learn the extent of. 

 

By their policies and the laws involved they are only required to let you know that accounts have been breached, and if the breach occurred outside or inside the company's control. They are not obligated to reveal which 3rd party that they work with that has been breached, nor are they obligated to reveal any information outside what actions they have taken to secure the information/accounts that has been affected. Daum/Pearl Abyss have done what they are obligated to do thus far. 

 

Now is that exactly the best way to handle it? No, but it is still early, and they've done what they can as quickly as they can for the accounts that have been effected by this intrusion. There are companies that get breached and do not disclose the extent of that breach for weeks after it has occurred, either because they did not notice or because they decide internally not to release such information until they know the extent of the breach. 

 

I don't know a whole lot about the operation of Daum/Pearl, I've heard stories but I'm just now getting involved with them for the first time as a customer and consumer of their products. So far I've had no complaints (well, except that they are a EU based company and it took me almost an entire week to get around the failsafes on my own debit card to purchase the game but not something they can really do unless they want to create a NA vendor.) I think at this time as a community, we need to just let them work on this issue and when they have resolved the issue they might divulge more information, or as is their right as a company, they might not divulge what has happened to one of their business partners for a multitude of reasons which could be contractually obligated for them to remain silent. We will just have to see, but in the meantime, lets be patient and just worry about what we need to right now. If you feel that your account needs to be more secure, then change your password and make a new email address to register to the game. If you do not feel the need to change your password, then let Kakao/Daum/Pearl do their thing. 

It's not my intention to troll but if you want to use that as a cop out be my guest. It's not easy to accept when you're wrong. I know.

Common practice? You work in this field as well? Interesting.

Pretty sure they did that with this post. They informed you, but you're irrelevant, as your account was not compromised. If it was then they did what was necessary for you, in this case, reset your password & whatever else we don't know that they might have done (I was not compromised so i do not know for sure.)

I agree that you're not trolling, but I think the edge of certain aspects of your posts does cause reflexive reactions in some people. You've given lots of useful information and I give you props on that, but if you truly do work in this field, you know not to feed the trolls and some of your tones and words do exactly that in a way that does not seem professional. I know that this has nothing to do with work or anything but anyone that works in such mediums should always bring a level of professional courtesy when working on the internet, chiefly because it helps avoid such bitter retaliations against otherwise credible postings/posters as yourself sir. 

1 person likes this

Share this post


Link to post
Share on other sites

Posted

If you need to change your password, you also have to change your whole email address too?! What about those of us who do not have multiple email addresses at our disposal, we have to create a whole new one we'll never check because of this? What the hell. 

You can create a new gmail address, then configure it to forward to your main address.  Here is a link with instructions.  Hope it helps.  

 

https://www.lifewire.com/how-to-forward-your-gmail-email-to-another-email-address-1171906

Share this post


Link to post
Share on other sites

Posted

You can create a new gmail address, then configure it to forward to your main address.  Here is a link with instructions.  Hope it helps.  

 

https://www.lifewire.com/how-to-forward-your-gmail-email-to-another-email-address-1171906

You can also just create another email address that is part of your main account but is locked behind its own password. If someone breaks into either account, they can see that you have another account linked to it but cannot access it unless they can provide the password for that one as well. 

Share this post


Link to post
Share on other sites

Posted

@CM_Aethon

This is the exact reason why we need authenicators like google authenticator and 2 step verification. Why the hell do we still not have this as an option? It's 2017 damn it!!!!

1 person likes this

Share this post


Link to post
Share on other sites

Posted

This should have been posted as a sticky across all the forums not just this one.

Share this post


Link to post
Share on other sites

Posted (edited)

i'm not supplying a photo ID just to have my email changed incase this happens again...

My problem is that they require you to disclose your entire social security number as well, if you're submitting a passport photo ID which contains SSNs (1). The thing is that my social security number is not needed to authenticate my identity (since my passport contains a photo ID alongside my full name and signature), and this number is a prime target for identity thieves (2). My policy is never to give away my SSN unless it's strictly required. So it doesn't make sense from a security perspective to give this information away in this case.

In fact, when I requested an email change a few months ago, I gave up after 1,5 months, not only because of slow responses, but because they wouldn't accept a passport with my social security number covered by a piece of tape (a tape is used because any digital manipulation would invalidate the photo ID). I proposed to submit a selfie with my passport in front of the ticket, with my social security code covered by tape. This proposal is ironically even more secure than their method (photo ID in front of ticket), because the photo contains a selfie (which can be matched to the passport photo), and yet they refused to accept it.

Their email change page also states:

  • The ID is a valid government-issued document and has not expired.

I explained to them that in my country, a credit card is considered a valid government issued ID, but they refused to accept it. When I went through the same process at Blizzard (they offer self-administered email changes, but I'd forgotten my secret question/answer), they not only accepted my credit card (3), they allowed me to block out some of my credit card information using tape, because they understood that they didn't need to know my bank account number or CCV to authenticate myself. This took less than 24 hours.

Blizzard also write:

  • We’ll never use your ID for anything other than verifying account ownership. We delete the copy you send us once the ticket is resolved.

But Kakao has not made their policy clear on their email change page: Who has access to these photo IDs? How long are these photos stored?

On top of that, Kakao doesn't even offer 2-factor authentication for their game or player accounts.

The lack of understanding and cooperation from their side made this a very frustrating experience, and after 1,5 months I gave up, and I posted this message in the support ticket thread (I've emphasized some parts of the message here):

Hi,
Due to lack of any response I've given up hoping for a solution to this request.

I'm very disappointed by the unprofessional customer service, and the atrociously long response times. I understand that you're busy, but this issue is still unresolved after 1,5 months. It should not take that long to resolve a relatively simple "change email"-request.

I'm also disappointed that you were not willing to accept my proposal (selfie with passport in front of ticket), but insists on following a standard procedure, which is ironically less secure than my suggested method. There are more than one road to Rome, so to speak.

Asking people to submit photos of their passports to change their emails is not only a big hassle for your users, but also for you. This process should be self-administered (BDO is the only game where I'm not only asked to submit passport photos for verification, but also disclose my entire social security number, a prime target for identity thieves).

I hope you will consider adding self-administered email changes in the future (along with 2-factor authentication/email verification). You should also take a long, hard look at how you operate your customer service (infrastructure, manpower, internal communication, efficiency, etc.): When relatively simple support cases like this are still unresolved after 1,5 months, something is seriously wrong.

Regards,
- [Name withheld] -

NOTE: I don't regularly post on this forum anymore, so I may not be able to follow up any replies to this message.

(1) From their email change page: "No information can be obstructed in any way." https://blackdesert.zendesk.com/hc/en-us/articles/210745969-Email-Change

Also note that in some countries (such as the US), passports do not contain any SSNs. Other government issued IDs such as driver's licences typically do not contain SSNs either.

(2) PDF document about SSN from Social Security Administration: https://goo.gl/5813kY

More information about SSN: http://www.tomsguide.com/us/what-to-do-ssn-stolen,news-18742.html

(3) Blizzard accepts credit cards from certain countries, where credit cards are considered valid government-issued IDs: https://eu.battle.net/support/en/article/26516

 

Edited by AryaStark
Added note about passports and SSNs
1 person likes this

Share this post


Link to post
Share on other sites

Posted

This is why we need  2-Step Verification.... please.

Nuff said, FFS.

 

1.  Please read it, then read it again.

2.  Read it again.

3.  Implement it already.

Share this post


Link to post
Share on other sites

Posted

 

My problem is that they require you to disclose your entire social security number as well, if you're submitting a passport photo ID (1). The thing is that my social security number is not needed to authenticate my identity (since my passport contains a photo ID alongside my full name and signature), and this number is a prime target for identity thieves (2). My policy is never to give away my SSN unless it's strictly required. So it doesn't make sense from a security perspective to give this information away in this case.

In fact, when I requested an email change a few months ago, I gave up after 1,5 months, not only because of slow responses, but because they wouldn't accept a passport with my social security number covered by a piece of tape (a tape is used because any digital manipulation would invalidate the photo ID). I proposed to submit a selfie with my passport in front of the ticket, with my social security code covered by tape. This proposal is ironically even more secure than their method (photo ID in front of ticket), because the photo contains a selfie (which can be matched to the passport photo), and yet they refused to accept it.

Their email change page also states:

  • The ID is a valid government-issued document and has not expired.

I explained to them that in my country, a credit card is considered a valid government issued ID, but they refused to accept it. When I went through the same process at Blizzard (they offer self-administered email changes, but I'd forgotten my secret question/answer), they not only accepted my credit card (3), they allowed me to block out some of my credit card information using tape, because they understood that they didn't need to know my bank account number or CCV to authenticate myself. This took less than 24 hours.

Blizzard also write:

  • We’ll never use your ID for anything other than verifying account ownership. We delete the copy you send us once the ticket is resolved.

But Kakao has not made their policy clear on their email change page: Who has access to these photo IDs? How long are these photos stored?

On top of that, Kakao doesn't even offer 2-factor authentication for their game or player accounts.

The lack of understanding and cooperation from their side made this a very frustrating experience, and after 1,5 months I gave up, and I posted this message in the support ticket thread (I've emphasized some parts of the message here):

NOTE: I don't regularly post on this forum anymore, so I may not be able to follow up any replies to this message.

(1) From their email change page: "No information can be obstructed in any way." https://blackdesert.zendesk.com/hc/en-us/articles/210745969-Email-Change

(2) PDF document about SSN from Social Security Administration: https://goo.gl/5813kY

More information about SSN: http://www.tomsguide.com/us/what-to-do-ssn-stolen,news-18742.html

(3) Blizzard accepts credit cards from certain countries, where credit cards are considered valid government-issued IDs: https://eu.battle.net/support/en/article/26516

 

I thought it was paymentwall that asks for ID, social security numbers, etc. When did BDO ask for that stuff?

Share this post


Link to post
Share on other sites

Posted

But that's only asking for your ID. Not social security number or anything else. I don't mind giving my ID but I was worried about the social security number part. 

 

Share this post


Link to post
Share on other sites

Posted (edited)

But that's only asking for your ID. Not social security number or anything else. I don't mind giving my ID but I was worried about the social security number part.

No offense, but did you even read my post at all? I wrote:

In fact, when I requested an email change a few months ago, I gave up after 1,5 months, not only because of slow responses, but because they wouldn't accept a passport with my social security number covered by a piece of tape

In other words: They required that I show my entire social security number.

And the email change page states:

  • No information can be obstructed in any way.

And this includes SSNs, and is the reason why they wouldn't accept covered or partially covered SSNs.

All of this has been explained in my original post. Please take the time to read before replying, it saves us both time :)

EDIT:

I don't mind giving my ID but I was worried about the social security number part.

That's exactly the problem I'm describing in my original post: I don't mind giving my passport photo ID, as long as I'm allowed to cover my social security number. I don't know about how your passport looks like, but in my country, SSNs are printed on the passport.

According to this page:

https://www.quora.com/Is-US-passport-number-a-social-security-number

US passports do not contain SSNs, so if you're American you might not have this problem. Same goes for other government issued IDs which do not contain SSNs (such as a driver's license).

But all this is beside the point, since for those who do have passports with SSNs, like me, they require you to disclose all the information.

Edited by AryaStark
Added info about US passports

Share this post


Link to post
Share on other sites

Posted

One simple method.

Just look at how Blizzard does. You might learn something. 

As well as pvp balancing. 

Share this post


Link to post
Share on other sites

Posted (edited)

Rofl still have the forum warriors defending Kakao

Edited by Zodiac
1 person likes this

Share this post


Link to post
Share on other sites

Posted

 

No offense, but did you even read my post at all? I wrote:

In other words: They required that I show my entire social security number.

And the email change page states:

  • No information can be obstructed in any way.

And this includes SSNs, and is the reason why they wouldn't accept covered or partially covered SSNs.

All of this has been explained in my original post. Please take the time to read before replying, it saves us both time :)

EDIT:

That's exactly the problem I'm describing in my original post: I don't mind giving my passport photo ID, as long as I'm allowed to cover my social security number. I don't know about how your passport looks like, but in my country, SSNs are printed on the passport.

According to this page:

https://www.quora.com/Is-US-passport-number-a-social-security-number

US passports do not contain SSNs, so if you're American you might not have this problem. Same goes for other government issued IDs which do not contain SSNs (such as a driver's license).

But all this is beside the point, since for those who do have passports with SSNs, like me, they require you to disclose all the information.

yup I'm American. Sorry didn't mean to come across like I was attacking you. I was just confused and wanted to ask questions. I don't mind admitting I dont know everything.. 🙂 Some posts i seriously have to read several times to figure out what some ppl are trying to say. I for some reason thought you were fighting over a pearl shop issue. Guess I'm tired lol. Next time I'll be sure to understand it before I ask. 😶 I've just seen many people describing paymentwall and saying exactly what you said.

and drivers license here use to be peoples SSN. Glad they changed that about 25 years ago 😄

Share this post


Link to post
Share on other sites

Posted

I declare that this is not git gud.

Share this post


Link to post
Share on other sites

Posted

yup I'm American. Sorry didn't mean to come across like I was attacking you. I was just confused and wanted to ask questions. I don't mind admitting I dont know everything.. 🙂 ... Guess I'm tired lol.

It's fine, we can all get a bit tired ;) 

1 person likes this

Share this post


Link to post
Share on other sites

Posted

https://blackdesert.zendesk.com/hc/en-us/articles/210745969-Email-Change

  • A photo of your photo ID card, taken in front of today's physical newspaper clearly showing the date, or over your screen showing your open ticket. No information can be obstructed in any way.

....

  • The ticket in the background of your ID is an already sent one. We will not accept a picture where the ticket in the background is still in creation, or where you hold your ID against the Knowledge Base article or an online newspaper.

Am I tripping? Somehow...

Share this post


Link to post
Share on other sites

Posted

Say Bye Bye to your accounts all who using 3rd programs for BDO :D ... If you are stupid enought to use it... so what i can say is "good for you" hope BDO CS will not help you.

Share this post


Link to post
Share on other sites