Security: Different times - Different ways
Due to various important changes EVE Online has undergone in the last couple of years, there are new challenges to contend with in many areas. Unrestricted Alpha access and Skill Trading have led to an increase in account hijacking issues and lowered the barrier of entry for botting.
In this blog we will discuss some challenges we're facing today, what we're doing about them, and what you can do to keep your EVE Online account, characters and your stuff safe from thieves.
Please give us your feedback in the comment thread.
News on botting
Bans in January.
A little over 1800 accounts were banned for botting/automation in January. Mining bots were the largest group represented, with ratting bots coming in a close second.
About one third of the affected accounts received permanent bans as repeat offenders, while the rest was temporarily banned on first offense.
CCP is committed to keeping EVE clean and your assistance is greatly appreciated - please keep those bot reports coming!
How to report a bot in-game
Follow these 3 steps to report a bot suspect in-game:
1. Open the Character Information Window
2. Select the Report Bot entry from the Actions Menu
3. Confirm the submission of the report
Steps with illustrations:
- To bring up the Character Information Window, right-click on the Character you want to report and select "Show Info" from the Menu. You should now see the Character Information Page as shown in the picture below:
- Right click the "Actions" button in the top left of the Character Information Window, select "Report Bot" from the menu.
- Confirm your submission, you'll receive a notification if it goes through.
This is the best way to report bots so please be sure to give it a try when you think you have found one. Reports are very helpful, but we know that our feedback to you can be improved a lot so we're working on that as well.
Ban policy update
As of March 1st, 2018, botting bans will be handled as follows:
Macro use/modified client
1st offense – 3-day temporary ban.
2nd offense – Permanent ban
The change is for the 1st offense which currently is a 30-day temporary ban. This is done to streamline the process and to make it all more user friendly. Players caught botting will get a painless chance to mend their wicked ways, and if they don't then they simply get removed from the game pronto and we can all move on.
With Alpha access and Skill Trading we have seen a very dramatic increase in account hijacking and theft by RMT operatives. The value of accounts has increased as the thieves now steal all the skill points, along with all the hard-earned ISK and assets. At this point, most of the ISK and other stuff sold on the shady RMT sites out there comes straight from other players' hijacked accounts.
Compromised emails is THE way thieves get into your accounts to steal your stuff. If somebody has access to the email that you have registered on your EVE Online account, then they will pretty much be able do whatever they like with YOUR account. They can change your password, change the email to lock you out entirely and log into the account and sell YOUR stuff at massive discount. What you're left with is a ruined account, useless characters with no skills and, of course, a hijacked email which you have probably used to sign up for lots of other stuff too.
Making sure your email is secure is obviously of utmost importance.
A good way to see if your email has possibly been compromised in a data breach is to go to:
...and check there. There is also a lot of interesting information about various data breaches they have collected on the page. Many of the breaches listed have had a direct impact on our situation. For example, anyone using a yahoo email for EVE Online would be well advised to secure the email to avoid unwanted attention from thieves looking for stuff to steal.
We will leave you with a handy list of things you can do to keep your stuff safe from the naughty.
Make sure your email is secure. Hijacked emails are THE way thieves get access to your stuff. Put 2FA on your email.
Use strong passwords. Create unique passwords that use a combination of numbers, lower and upper-case letters. Don't use standard dictionary words since those can be easily cracked by various password-cracking tools available online. Stuff like "qwerty", "123456", "password" and "user" etc. are bad passwords that can easily be guessed or cracked.
Don't re-use usernames and passwords for multiple different accounts or sites. Most of the breached EVE accounts this year are from password reuse (in the case of the email, which they have access to).
Use a password manager to ease the burden of remembering a trillion complex passwords, an impossible feat.
Don't share your login details with anyone. Your friend might have poor operational security.
Stay cool and fly safe!