Jump to content

[ESET Internet Security] License Key Overuse


Recommended Posts

uPsuQ73.png

I purchased my license key about 6 months ago, and I just recently (two weeks ago or so) had the inkling to check my account online. To my surprise, there have been 30+ other people that have used it. I do not know these devices, so I had to manually remove them.

How does one remedy this potential leak?

For my part, I think my accounts have been secure.

  1. Emails all have MFAs.
  2. Password quality on everything is usually 180+ bits.
  3. The device I'm using the key on is routinely cleaned, and I am always careful re: phishing, malware, etc.

I have never shared my key to anybody. It didn't stop several people to use it though. As of now, there have been two or three other devices constantly using the license key which I remove almost every other day over myESET.

Link to comment
Share on other sites

  • Administrators

You have a license for 2 devices but in fact ESET has been installed of 4:

image.png

If you don't use any of the devices, the seats should be freed via the license manager.

Link to comment
Share on other sites

That's my point exactly. I have paid LCs, but other people are using it. You've seen TWO extra users in your screenshot above, and look at how many there are now when I just checked.

375197652_LicenseOveruse.thumb.png.b10e3db483c14becbe838930fa912048.png

I am not blurring out their computers because they are not mine, and I'd like to know a better solution other than constantly checking and removing them over myESET. It's a stop-gap solution, and it's not efficient.

Link to comment
Share on other sites

  • Most Valued Members
1 minute ago, Dream said:

That's my point exactly. I have paid LCs, but other people are using it. You've seen TWO extra users in your screenshot above, and look at how many there are now when I just checked.

375197652_LicenseOveruse.thumb.png.b10e3db483c14becbe838930fa912048.png

I am not blurring out their computers because they are not mine, and I'd like to know a better solution other than constantly checking and removing them over myESET. It's a stop-gap solution, and it's not efficient.

Weird.

Sure someone else posted something similar recently.

Just to check, did you buy the license from Eset's site or another site e.g. Amazon, eBay etc.

Problem with these sites is scammers will resell licenses for 1 user to multiple people which will get them blocked 

Link to comment
Share on other sites

I have not seen the post because I've been trying to report it several times since I noticed it, but I haven't had any reply to any of it. It was recommended to me to ask over here.

The purchase was directly from the ESET website. I always check for the proper URL whenever I purchase things online.

Link to comment
Share on other sites

  • Administrators
20 minutes ago, peteyt said:

Just to check, did you buy the license from Eset's site or another site e.g. Amazon, eBay etc.

The license was purchased from ESET Canada so that's not a problem.

I see that Dream's email address was "pwned" in 4 breaches. If you use the same password for your my.eset.com account, anyone could find your license key.

image.png

What I'd recommend:
1, Change your password wherever you've used your email address to one that is not easy to guess
2, Ask ESET Canada to reset your license key and deactivate already activated devices. You will receive a new unique license key that nobody else knows. Given that you will already use a new password for your my.eset.com account, unauthorized persons won't be able to log in and get your new license key.

Link to comment
Share on other sites

2 minutes ago, Marcos said:

The license was purchased from ESET Canada so that's not a problem.

I see that Dream's email address was "pwned" in 4 breaches. If you use the same password for your my.eset.com account, anyone could find your license key.

image.png

What I'd recommend:
1, Change your password wherever you've used your email address to one that is not easy to guess
2, Ask ESET Canada to reset your license key and deactivate already activated devices. You will receive a new unique license key that nobody else knows. Given that you will already use a new password for your my.eset.com account, unauthorized persons won't be able to log in and get your new license key.

I've used https://haveibeenpwned.com/ before, and I have changed the password since then. Again, my passwords are usually 180+ bits in quality (which is like 30+ characters). My email, the password for this forum, and myESET are all different.

Link to comment
Share on other sites

4 minutes ago, Marcos said:

What I'd recommend:
1, Change your password wherever you've used your email address to one that is not easy to guess
2, Ask ESET Canada to reset your license key and deactivate already activated devices. You will receive a new unique license key that nobody else knows. Given that you will already use a new password for your my.eset.com account, unauthorized persons won't be able to log in and get your new license key.

What I would recommended is Eset implement 2FA for my.eset.com ASAP. Something that said was to done and has yet to be done.

Link to comment
Share on other sites

  • Administrators

This one is a suspicious login that I've found given that you are from Canada:

03/30/2021 - 1:25 PM, Casablanca, Morocco

Link to comment
Share on other sites

3 minutes ago, Marcos said:

This one is a suspicious login that I've found given that you are from Canada:

03/30/2021 - 1:25 PM, Casablanca, Morocco

Yep. I've checked all what I could check in myESET, and I saw that before. It's the Chrome browser that gave it away.

Link to comment
Share on other sites

My question as to these bogus my.eset,com entries is why do they exist in the first place?

In this instance, there are two licenses and both are allocated. Should not my.eset.com block any additional set ups? Or what is going on is someone logs on my.eset.com; deactivates a legit license setup; then allocates that license to his device?

Edited by itman
Link to comment
Share on other sites

4 minutes ago, itman said:

My question as to these bogus my.eset,com entries is why do they exist in the first place?

In this instance, there are two licenses and both are allocated. Should not my.eset.com block any additional set ups? Or what is going on is someone logs on my.est.com; deactivates a legit license setup; then allocates that license to his device?

Yeah, I thought this was obvious.

I just finished a Live Chat, and I had my key reset. I'm going to observe if other people get it again somehow.

This doesn't really resolve my issue because the keys distribution seems to be flawed if what we assume (re-allocation of deactivated stuff, generators, etc.) is true.

Add MFA too!

Edited by Dream
Just a quick MFA request.
Link to comment
Share on other sites

  • Administrators
3 minutes ago, itman said:

My question as to these bogus my.eset,com entries is why do they exist in the first place?

It depends on the license and country. Usually we only report overuse first so as not to make life for home users more difficult, e.g. if they are unable to uninstall ESET from a former computer properly.

Link to comment
Share on other sites

5 minutes ago, Dream said:

Yeah, I thought this was obvious.

As far as I am concerned, the solution to this problem is simple. Remove your my.eset.com account.

I never had one previously in many years of Eset usage and never had an issue reinstalling Eset via license key method.

Edited by itman
Link to comment
Share on other sites

2 minutes ago, itman said:

As far as I am concerned, the solution to this problem is simple. Remove your my.eset.com account.

I never had one previously in many years of Eset usage and never had an issue reinstalling Eset via license key method.

This is an interesting take. Wouldn't this mean you're going in blind and assuming nobody else it using it?

It does seem counterintuitive if having a myESET account is what led to the leaks, but it's also a possibility.

I didn't even have one until recently (last month?), and it's when I saw the other users; so I assumed they were using the key prior to my creation of a myESET account.

However, I have time to check if—indeed—the myESET account is what causes the leaks given that my key has just been reset.

Link to comment
Share on other sites

  • Administrators
2 minutes ago, Dream said:

However, I have time to check if—indeed—the myESET account is what causes the leaks given that my key has just been reset.

Just to make sure, if you haven't changed your password for my.eset.com after 03/30/2021, do so in case the unauthorized person who logged in at that time knew it.

Link to comment
Share on other sites

4 minutes ago, Marcos said:

Just to make sure, if you haven't changed your password for my.eset.com after 03/30/2021, do so in case the unauthorized person who logged in at that time knew it.

Yep, I just changed it too. Time to observe for the next few weeks, I guess.

Link to comment
Share on other sites

  • Most Valued Members

@Marcos

Could this be related to the user in the post before. You show 1 or 2 user names but in the image the user posted there are multiple users 

 

Link to comment
Share on other sites

27 minutes ago, Dream said:

This is an interesting take. Wouldn't this mean you're going in blind and assuming nobody else it using it?

If anyone tried to use the license key, it wouldn't activate because its already in use assuming its a single seat license.

The problem is when a multiple seat license is purchased and not all seats are used. Then a perpetrator could use the license key to activate his device with.

One solution to this is to only allow the original license purchaser to maintain license data in my.eset.com. When a license is purchased directly from Eset, the purchase device MAC is stored internally in the my.eset.com account. If someone from another device tried to change anything license-wise, that access would be denied.

Link to comment
Share on other sites

8 minutes ago, peteyt said:

@Marcos

Could this be related to the user in the post before. You show 1 or 2 user names but in the image the user posted there are multiple users 

 

We seem to have the same issue.

2 minutes ago, itman said:

If anyone tried to use the license key, it wouldn't activate because its already in use assuming its a single seat license.

The problem is when a multiple seat license is purchased and not all seats are used. Then a perpetrator could use the license key to activate his device with.

One solution to this is to only allow the original license purchaser to maintain license data in my.eset.com. When a license is purchased directly from Eset, the purchase device MAC is stored internally in the my.eset.com account. If someone from another device tried to change anything license-wise, that access would be denied.

Yep. It's annoying when I've filled both keys, but other users still can use it (as seen from previous examples).

Link to comment
Share on other sites

1 hour ago, Dream said:

We seem to have the same issue.

Yep. It's annoying when I've filled both keys, but other users still can use it (as seen from previous examples).

My simple solution to this problem - I just deleted my my.eset.com account.😘

Link to comment
Share on other sites

I have a similar problem. Because of the nonsense of Windows, most of my programs have been logged out, including Eset. And now I have tried to add the purchased key again and I get the answer that it is overused. What should I do?

Link to comment
Share on other sites

  • Administrators
9 hours ago, Dax said:

I have a similar problem. Because of the nonsense of Windows, most of my programs have been logged out, including Eset. And now I have tried to add the purchased key again and I get the answer that it is overused. What should I do?

I was unable to find any license registered with your forum email address. Please provide your public license ID in the form of XXX-XXX-XXX. Did you purchase the license from your local ESET distributor or reseller?

Link to comment
Share on other sites

12 hours ago, Marcos said:

I was unable to find any license registered with your forum email address. Please provide your public license ID in the form of XXX-XXX-XXX. Did you purchase the license from your local ESET distributor or reseller?

image.png.a0c23b434939f36a66b4cde0ffaa3cb3.png

It was bought from a reseller.

Link to comment
Share on other sites

  • Administrators
3 minutes ago, Dax said:

image.png.a0c23b434939f36a66b4cde0ffaa3cb3.png

It was bought from a reseller.

The license was issued in China, you are from Europe. What reseller did you purchase the license from? Please contact them and ask for a refund. I'd recommend purchasing a license from your local authorized distributor https://nod32adria.com/.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...