[Denied]No pardon for getting hacked

For example: https://www.sythe.org/threads/follow-up-pardon-sap-king/

It seems Sap has to pardon after he got hacked. I'm pretty sure some people before didn't have to pardon just because they got hacked. For some reason people have to pardon now after they got hacked. While their negligence would be worth disputing for, I don't think they should be required to go through the entire pardon process for this. Obviously debts need to be repaid etc though.

 

In my opinion we need something to make sure:

A. It was paid back (often it is not)
B. They put proper security on their account
C. They know to take precautions with their login.


With that being said I would be find with creating a new subsection for hacked accounts. But I definitely think they need something in place to make sure the above is done. It definitely doesnt have to be in the pardon section

 

I hate saying this so often, but I think case-by-case is best for these.

I actually don't mind "I was hacked" disputes coming through the pardon process. Oftentimes people who claim they were hacked were not hacked and are just trying to pass off scamming as something else. I can't recall us rejecting a legitimate pardon where someone got access to the claimant's account and all debts were repaid.

 

I think the biggest issue here is how can you ever be entirely certain a user was indeed actually hacked.
Sure, you can look at IP data and be reasonably confident that the account owner wasn't the person who logged in, but that doesn't mean they weren't just having a friend do it and scamming together, in the hopes of getting away with something.
I think just like it's your responsibility to protect yourself from scammers, it's also your responsibility to protect your accounts. If you allow this to happen, you should have to go through the pardon process; because ultimately, you're at fault for what happened and people got scammed because of it.

The only way it shouldn't have to go through pardons is if nobody was scammed in the process, imo.

 

I mean... You pay back the debt the scammer scammed... You're taking responsibility, right? What's the pardon necessary for?

I personally think that if without a doubt the user was 100% hacked (all check boxes ticked, different writing style, completely different location IP that isn't a VPN etc etc) and debt is repaid that they shouldn't have to go through pardon. After all, they are also a victim.

 

Just because someone looks innocent doesn't mean they are.
Ultimately, if people were scammed and it was a users fault - just because he pays it back doesn't just make it "no harm no foul"
There are hundreds of cases on Sythe of people paying back a scam and not being pardoned, literally hundreds.
As I mentioned in my post, just because it's in a different location and different writing style, it could easily be their cousin logging into their account to help them scam someone, in hopes that they can get away with it. Then once they know they can't, they just pay it back and boom, no risk to them.

There's a reason 2FA exists and why it's so encouraged. Having a reputation on this website comes with certain trust levels, and to not keep your account secure isn't only detrimental to yourself, it's detrimental to the community.

 

yeah i forgot everyone has a cousin that lives on the opposite side of the world lol

In all seriousness though, there is circumstances where is it blatantly 100% obvious that a user has been hacked.

Think of the following scenario:

A well established Sythe user from Croatia with an account selling service thats been on Sythe for 4 years, sold 200+ high value accounts no recoveries everything has been smooth. Sythe user goes inactive for 2 months then out of nowhere scams like $100 of rocket league credits, despite this user having no involvement in rocket league whatsoever and the user suddenly has broken English, on a different discord than the one he had been using the entire time he had been selling on Sythe.

10 months later said user comes back and explains that he had to go to army mandatory as it's a thing in his country (Some EU countries do this I'm pretty sure). User then repays debt. During the 10 months since the rocket league credits were stolen, there has been 0 reports on any of the accounts he sold. IP logs point to Argentina, further whois of the IP shows that the IP isn't a VPN.

Records also show that he had a password change around the exact time the rocket league credits were scammed.

Do you think in this situation the user should still need to pardon?

A well trained mod/admin should be able to thoroughly check logs/activity and come to a firm decision whether that person was 100% hacked or not.

Not 100%? Make the user go through the pardoning process

 

The situation you described is infinitely less common than the other times people are "hacked".
If someone is obviously hacked, and it's pretty blatant they had no involvement and they've repaid their debt, they simply post a pardon request and their pardon will be accepted.
It's not like "making the user go through the pardoning process" is some massive deal. They make a post, show their innocence, get pardoned. It's not a big deal.
At the end of the day it's safer for the community to have the 1/100 innocent person being "hacked" to simply just request a pardon.

 

Whichever way it goes (hacked re pardon, or hacked re dispute), it's ultimately irrelevant with regards to a user harbouring malicious intent falling through the cracks via a dispute, opposed to a pardon, as the rigour applied to both methods relative to the user being investigated, and the situation thoroughly interrogated by whichever staff member is looking into the case is exactly the same. There is no distinction between either methods unban investigation process.

With that said, the actual use of the pardon system is for a user to admit their wrongdoings and come clean. Getting legitimately hacked (albeit you can argue that their account security could be perceived as a wrongdoing, but that's a stretch in my book) is not their fault, and they have nothing to admit to. As such, a dispute is more appropriate than a pardon, in my eyes.

 

Yeah, I would agree that a dispute is probably more appropriate.

 

To the the most logical and righteous take is the following one:

If staff noticed something odd and pre-emptively bans a hacked account it's important to make a distinction between two scenarios and base policy on that:
case 1. people, other than the original owner of the account, get duped as a consequence of the hack
case 2. nobody gets duped (and thus there is no debt)

Don't know if it's status quo or not, but I'd say: case 1. requires pardoning, case 2. in principle does not require pardoning unless there is a reason to deviate from this (fishy/risky behaviour that could have led to users being duped)

 

The pardon is basically a roadblock that allows us to investigate the situation and make sure a hack actually happened. I'm pretty sure we have never denied a pardon where all debts were repaid and a hack was proven