Guild Wars Forums - GW Guru
 
Forums Guild Wiki PvX Wiki
 

Go Back   Guild Wars Forums - GW Guru > The Inner Circle > The Riverside Inn
Reload this Page Account Hackings - The Source
Register FAQ Calendar Mark Forums Read

Notices

Closed Thread
Page 1 of 23 1 2311 > Last »
 
Thread Tools Display Modes
Old Jan 01, 2010, 02:38 PM // 14:38   #1
[Domination Henchman]
 
Join Date: Feb 2007
Location: Echovald Forest
Guild: House Vasburg
Profession: Me/
Advertisement

Disable Ads
Default Account Hackings - The Source
OFFICIAL RESPONSES AND ACTION

Quote:
Originally Posted by Regina Buenaobra View Post
First of all, we have escalated this up to the NCsoft Security team, and they will investigate the issue.

There have been ongoing investigations on the hacking incidents for some time, and according to the data gathered, none of them appear to be directly or exclusively related to NCsoft Master Accounts. Some hacking victims have NCsoft Master Accounts, some don't. Data was recently reviewed, and about half are not NCsoft Master Account holders. Therefore the hysteria surrounding the idea that all hacks are coming through the NCsoft Master Account doesn't seem to be valid. However, this doesn't necessarily rule out that some hacks are coming through NCsoft Master Accounts. The information about this particular exploit is new to us, and we don't know what will happen as more people, due to this thread, learn about it and even try it. We're not brushing things under the rug, nor denying that there might be a problem. The Support team has not previously notified us of this issue as detailed in the OP. The first we have heard of this information, as detailed in this thread's original post, was brought to our (ArenaNet's) attention just recently (yesterday, according to Gaile), so it's incorrect to suggest that we've been covering it up for months. Please be assured that we are taking the concerns in this thread seriously, following up with NCsoft Security, and actively raising the issue with the Security team.

Thank you.
Quote:
Originally Posted by Regina Buenaobra View Post
ArenaNet has been discussing the issues pointed out by players in this and other forum threads on the issue with NCsoft. Again, we take these concerns very seriously, and we're currently taking measures to address them on several levels, and we will continue to do so.

There is a change in one of the NCsoft Master Account processes that is being enacted, and we believe this change will help quite a lot in enforcing account security, and we're very grateful to the folks involved who've worked today to get those measures in place, on a holiday, and many of them away from home. They've taken our escalation of this issue very seriously, are listening, and are doing what they can do to proactively help, and to take your concerns on board and make improvements in very short order.

The security team continues to research and additional changes might be put in place. If you try to change your password on the NCsoft web site now, you will notice one of these changes: you will be required to input the old password to change it to a new one.

I would like to reiterate one point again, because people continue to ignore this fact: The account hacks are not likely related to the NCsoft Master Account security concerns. Roughly half of the hacked acounts do NOT have an NCsoft Master Account, and very few account thefts involved a password change at all. The hacker(s) knew the account credentials, and they did not access the hacked accounts through NCsoft Master Accounts. The hackers had a list of passwords, which they used to steal accounts.

Again, our NCsoft Security team is continuing to investigate this issue, and there might be additional changes forthcoming.
THINGS STILL IN NEED OF CLEARING UP:

1. Why this issue is not being held responsible for 50% of reported account hacks.
2. Where the list of passwords hackers are using for the other 50% is coming from.
3. Why ArenaNet was not informed of this issue by NCSoft when they found out about it, through Gaile (ArenaNet Support Liaison) or another medium.

-----------------------------------------------------------------------------------------------

Hello denizens of Guild Wars Guru! It is I, Erys Vasburg, everyone's favorite Domination Henchman, here to deliver some startling and very important news to you all! Anyone who has been following Regina or Gaile's talk pages on the official wiki lately will have noticed a certain forum moderator kicking up a bit of a stir about the security issues as of late. For whatever reason, he hasn't brought these issues to Guru yet. So, everybody's favorite Domination Henchman (that's me!) has decided to go over his head and share this with you. Read it quick, before it gets lost in Gaile's confusingly organized talk archives forever!

Yes, Gurumites, it's true - we're at risk (please do your best to thoroughly read over the content of these links from start to finish - trust me, friends, it is important that you do so if you wish to understand the severity of this problem!). Linking our GW accounts to our NCSoft master accounts has, as many have begun fearing, indeed doomed us to the fate of being easily targeted for simple hacking. While this may not be the source of all of the recent troubles, it's certainly the source of a great deal of them. The most wonderful fantasmical part of it is that, despite all evidence to the contrary, NCSoft is trying to push it under the rug with blatant lies. Truly, it is better to blame the fan community with no proof of fault by claiming a fan community website had a security flaw (I would link you to this, but it is hopelessly lost in Gaile's archives, in a place I can not find - someone who is better at the wiki, please find it for me!) than to admit that the problem lies within your own website (image swiped from xxteacakez's comment on the official wiki). Anyone who, unlike certain people in important official positions, takes the time to read the threads I linked earlier will see that this problem is far from merely "cosmetic" and is, indeed, likely what caused Linsey's own account to be hacked (she updated her facebook status when this happened, and made further comments on it afterwards - no I do not have a screenshot, but anyone who does is more than welcome to provide it; it's worth noting that the character name security change for GW happened very shortly after her account was hacked, as the previously mentioned forum moderator pointed out on Gaile's talk page).

Of course, the denial is strong. Of course, Gaile insists that this issue is nothing, even though she did not read up on it before saying so. Of course, she insists that it is not related, as many hacked accounts were not linked to NCSoft Master Accounts. Of course, she, and everyone at NCSoft, would like us to believe that after four years, suddenly thousands of people became infected by a real life stupidity virus and stated dealing with RMT or being keylogged simultaneously, and visiting a website that she refuses to name or even offer any scrap of evidence that it exists.

But we are not infected by stupidity, Guru. We do not have to lay down and accept the lies anymore. There is evidence to show that NCSoft, not the forums, not us (the players), is responsible for our hard work being wiped out without a chance to prevent it from happening or even get our prized pixel possessions restored to us. We are not at fault for NCSoft's errors; we should not be penalized because NCSoft and ArenaNet can not figure out website coding or software.

So, NCSoft. So, ArenaNet. Step up and take responsibility for your errors. Stop blaming the players! Stop blaming the community! Fix YOUR PROBLEM and save OUR ACCOUNTS (what is left of them, anyway). We did not buy Guild Wars to have our accounts stolen because YOU can't keep them secure. Those of us that bought Aion did not do it to have their accounts stolen because YOU can't keep them secure. We do not want OUR EMAILS and OUR PERSONAL INFORMATION being given to people because YOU can not admit to YOUR errors. FIX YOUR WEBSITE CODE. NOW. The character name fix was nice. You can admit that you added it because of a problem on your end, now. Own up to your mistakes, and maybe people will actually trust you enough to buy Guild Wars 2.


And, for the TL;DR people out there: LOGGING INTO YOUR OWN PLAYNC MASTER ACCOUNT CAN RANDOMLY LOG YOU INTO ANOTHER PLAYER'S ACCOUNT. YOU HAVE FULL CONTROL OVER THEIR ACCOUNT FROM THIS POINT. YOU CAN CHANGE THEIR PASSWORDS, AND EVERYTHING ELSE THAT ONE CAN EDIT FROM THE PLAYNC MASTER ACCOUNT CONTROLS.

Discuss.


EDITS TIME

First, I'd like to thank Bunny of aionsource for stopping by and joining the cause. We need all the help we can get!

Quote:
Originally Posted by Angel Kiss View Post
Hello dears, Bunny here (author of the icky sticky thread on Aion Source).

I just wanted to stop by and thank Erys for taking the time to make this thread. To be honest I think you summed it up quite nicely. I particularly like the bit about NCSoft having us "believe that after four years, suddenly thousands of people became infected by a real life stupidity virus and stated dealing with RMT or being keylogged simultaneously". That really sums it up from my perspective. I know for a fact that the past two weeks really has been the highest on record for complaints received about Aion players being hacked. Sure, the first few complaints come in and you think "yeah yeah...serves you right you gold buying scumbag", but after the 100th genuine sounding story you do start to doubt and raise questions.

The thing that bothers me most is the fact that the past two weeks have coincidentally (or not) followed the emergence of the NCSoft Master Account website issue and we haven't recieved a response about this from anyone. I don't think people have appreciated yet that Tamat's first response to the issue was completely out of context. There just so happen to be two issues with NCSoft websites and our Tamat rushed forth assuming we were talking about a different problem (one that actually IS cosmetic).

From reading Gaile's comments it seems to me that she has latched on to Tamat's response and arrived at the same wrong conclusion. In a meek effort to try to steer people in the right direction, I have posted the following on her talk page:


Aside from the known issue with the NCSoft Master Account page (as if that isn't enough) much worse accusations have been emerging from the Aion community over the last few days...however I couldn't say how accurate these are first hand (or how long it will be before NCSoft delete posts from the official forums of that nature).

In the meantime all I can do is say keep talking about the issue! Don't stand for this sort of nonesense and don't let it get pushed under the rug. I have it on good authority that there is rather solid evidence of a serious problem here and we all deserve to know what steps are being taken to correct it.

Secondly, for people concerned about the details of the exploit being posted here, I will again point out that this information has been public knowledge for months. NCSoft is trying to shove it under a rug, not fix it. Our only recourse is to inform as many people as we can, so that we can rise up and put public pressure on them to cut the shit.

And lastly, for those wishing for confirmation that this exploit is indeed real, I encourage you to read through the threads I linked (remember how I said they were very important? ). However, if you want a Guru moderator's confirmation, you have it here:
Quote:
Originally Posted by Sierraa View Post
xxteacakez = me, while I'm only a ventari/nolani mod I can truthfully say that my NCsoft account doesn't start with a "k" and I had full control over the account that I was logged in.

There are a handful of confirmations from other fairly solid members of our community scattered throughout this thread as well.


This issue is VERY REAL and VERY SERIOUS. Please put more time into reading up on it than Gaile did. Don't get too caught up in your hats being missing to read links about account security failures. If you lose your accounts, HATS DON'T MATTER.
Last edited by Erys Vasburg; Jan 02, 2010 at 04:30 PM // 16:30..
Erys Vasburg is offline  
Old Jan 01, 2010, 02:46 PM // 14:46   #2
Jungle Guide
 
Shadowspawn X's Avatar
 
Join Date: Jun 2005
Guild: Fellowship of Champions
Profession: R/E
Default
Quote:
Originally Posted by Erys Vasburg View Post
And, for the TL;DR people out there: LOGGING INTO YOUR OWN PLAYNC MASTER ACCOUNT CAN RANDOMLY LOG YOU INTO ANOTHER PLAYER'S ACCOUNT. YOU HAVE FULL CONTROL OVER THEIR ACCOUNT FROM THIS POINT. YOU CAN CHANGE THEIR PASSWORDS, AND EVERYTHING ELSE THAT ONE CAN EDIT FROM THE PLAYNC MASTER ACCOUNT CONTROLS.

Discuss.
This is very disturbing.......
Shadowspawn X is offline  
Old Jan 01, 2010, 02:51 PM // 14:51   #3
Desert Nomad
 
genofreek's Avatar
 
Join Date: Jan 2007
Location: USA
Guild: Jenova's Apocolyptic Remains [JAR]
Profession: D/
Default
What the red freakin engine is this madness?

edit: the character name question addition is slightly comforting, but I'm not sure how I feel about this massive exploit being highlighted and broken down on a high-traffic area of a high-traffic forum.
Last edited by genofreek; Jan 01, 2010 at 02:58 PM // 14:58..
genofreek is offline  
Old Jan 01, 2010, 02:54 PM // 14:54   #4
Ascalonian Squire
 
Anka Yirannes's Avatar
 
Join Date: Nov 2009
Guild: Liars Cheats and Thieves. [Liar]
Profession: Me/Rt
Default
Seriously Erys? Seriously?

Excuse me while I go scream bloody murder and stab some people...

(Not entirely sure I believe it though.)
Anka Yirannes is offline  
Old Jan 01, 2010, 02:55 PM // 14:55   #5
Krytan Explorer
 
Aljasha's Avatar
 
Join Date: May 2009
Default
sorry, i don't get it.
Aljasha is offline  
Old Jan 01, 2010, 02:59 PM // 14:59   #6
[Domination Henchman]
 
Join Date: Feb 2007
Location: Echovald Forest
Guild: House Vasburg
Profession: Me/
Default
Quote:
Originally Posted by Anka Yirannes View Post
Seriously Erys? Seriously?
Seriously.

Read the threads - it'll take you a while, but when you're done, your eyes will be opened. You can also spam log in / log out on your PlayNC Master Account for a while until this happens to you if you must (but please, don't screw around if it does; I know a lot of people will just have to try it to believe it, but I hope they don't also screw another player over by changing a password or, worse, stealing an account).

This is a really, really big problem. I don't know why it hasn't been posted here before, seeing as how it is not new information.
Quote:
Originally Posted by genofreek View Post
What the red freakin engine is this madness?

edit: the character name question addition is slightly comforting, but I'm not sure how I feel about this massive exploit being highlighted and broken down on a high-traffic area of a high-traffic forum.
As I said above, it's not new information at all. And, it's not like you can explain the exploit without... well, explaining it. Everyone needs to know how and why accounts have been being stolen. GW accounts should be sort of safe from this exploit now, with the character name thing going on, but that doesn't mean much to the many, many people who lost accounts to it before that was added. Nor does it change the fact that your master account is still at risk of being hit.

The method has been public since October or so (see the provided threads). I'm bringing it to Guru so that the people it hit hardest will know what actually happened.
Last edited by Erys Vasburg; Jan 01, 2010 at 03:03 PM // 15:03..
Erys Vasburg is offline  
Old Jan 01, 2010, 02:59 PM // 14:59   #7
Older Than God (1)
 
Martin Alvito's Avatar
 
Join Date: Aug 2006
Guild: Clan Dethryche [dth]
Default
Well, if you weren't already storing your valuables in an unlinked account, you'd better start.

Looks like we have the smoking gun, kids.
Martin Alvito is offline  
Old Jan 01, 2010, 03:08 PM // 15:08   #8
Krytan Explorer
 
Smarty's Avatar
 
Join Date: Mar 2008
Location: England
Profession: Me/
Default
I read the bit about people being able to accidentally log into others' NCsoft accounts on Aionsource but for some reason didn't put two and two together and work out that it explained the hacks in GW and Aion. Thanks Erys, and FFS NCsoft you pile of shit organisation, pull your goddamn finger out and get it sorted! *Really* glad I cancelled my CC details in Aion now. (EDIT: My husband, who has all his NCsoft games tied to the one master account, tells me that you need the CCV# to actually purchase anything even if your CC details are stored, so I guess that doesn't matter. Not happy about having my RL name and address in my Aion account's NCsoft account though - good job I used a completely fake name and addy in my GW NCsoft account. Very much not happy about the idea of someone being able to get hold of my personal info so easily.)
Last edited by Smarty; Jan 01, 2010 at 03:13 PM // 15:13..
Smarty is offline  
Old Jan 01, 2010, 03:13 PM // 15:13   #9
[Domination Henchman]
 
Join Date: Feb 2007
Location: Echovald Forest
Guild: House Vasburg
Profession: Me/
Default
Quote:
Originally Posted by Mister Smartypants View Post
Thanks Erys
No, don't thank me. Thank the people at aionsource and incgamers who figured this out and did all the evidence gathering. They are the real champions here. I'm just passing the message along to a community that until now had no idea what was going on.
Erys Vasburg is offline  
Old Jan 01, 2010, 03:14 PM // 15:14   #10
Academy Page
 
Join Date: Feb 2009
Profession: Mo/
Default
That's interesting to say the least. Luckily I only have aion linked to my account and I stopped playing that real quick so any hackers would just be disappointed. Thanks for the info Erys.
J I L T is offline  
Old Jan 01, 2010, 03:15 PM // 15:15   #11
Krytan Explorer
 
Firebaall's Avatar
 
Join Date: Sep 2006
Default
Quote:
Originally Posted by Erys Vasburg View Post

And, for the TL;DR people out there: LOGGING INTO YOUR OWN PLAYNC MASTER ACCOUNT CAN RANDOMLY LOG YOU INTO ANOTHER PLAYER'S ACCOUNT. YOU HAVE FULL CONTROL OVER THEIR ACCOUNT FROM THIS POINT. YOU CAN CHANGE THEIR PASSWORDS, AND EVERYTHING ELSE THAT ONE CAN EDIT FROM THE PLAYNC MASTER ACCOUNT CONTROLS.

Discuss.
I can directly confirm this.

This is kicking our ass in Aion as well. Stripped out accounts are brutally common, check out the Aion Source forums.
Firebaall is offline  
Old Jan 01, 2010, 03:23 PM // 15:23   #12
...is in denial
 
dr love's Avatar
 
Join Date: Sep 2006
Location: Hyperion
Guild: starcraft 2
Profession: P/Me
Default
Quote:
Originally Posted by Erys Vasburg View Post
And, for the TL;DR people out there: LOGGING INTO YOUR OWN PLAYNC MASTER ACCOUNT CAN RANDOMLY LOG YOU INTO ANOTHER PLAYER'S ACCOUNT. YOU HAVE FULL CONTROL OVER THEIR ACCOUNT FROM THIS POINT. YOU CAN CHANGE THEIR PASSWORDS, AND EVERYTHING ELSE THAT ONE CAN EDIT FROM THE PLAYNC MASTER ACCOUNT CONTROLS.
i just checked how the password reset currently works for plaync, you have to answer a bunch of personal questions, so that would require thorough knowledge of a person.

if someone hacks your email tied to your plaync master account (read hacks your guru account, unless you use the same login and pass!), i don't think they can gain access to your plaync account.

so the OP's statement is the only plausible answer. logging on to your own plaync account can randomly log you into someone else's. that would explain people getting hacked in complete disbelief, because it has nothing to do with the guild wars client or their computer security. i've changed my own gw pass from the plaync website before. i think you just have to know the birthday? it's a piece of cake.
Last edited by dr love; Jan 01, 2010 at 03:49 PM // 15:49..
dr love is offline  
Old Jan 01, 2010, 03:27 PM // 15:27   #13
Desert Nomad
 
Join Date: Apr 2006
Profession: R/
Default
I look forward to the official response in this thread
Fay Vert is offline  
Old Jan 01, 2010, 03:30 PM // 15:30   #14
Site Legend
 
Join Date: Oct 2005
Default
Quote:
Originally Posted by Fay Vert View Post
I look forward to the official response in this thread
Heh...

It'll be a generic "we're looking into it".
__________________
Old Skool '05
Malice Black is offline  
Old Jan 01, 2010, 03:31 PM // 15:31   #15
Guest
 
Join Date: Jan 2007
Default
LOL. was waiting for this thread.
gone is offline  
Old Jan 01, 2010, 03:36 PM // 15:36   #16
Wilds Pathfinder
 
Warvic's Avatar
 
Join Date: May 2009
Location: The Netherlands
Profession: A/W
Default
Only got my Aion account linked. not my GW acc. I think il keep it like that =]
Warvic is offline  
Old Jan 01, 2010, 03:38 PM // 15:38   #17
Site Contributor
 
bsoltan's Avatar
 
Join Date: Dec 2005
Location: UK
Guild: [SoF]
Default
Has anyone been able to successfully change another account's information through this method of randomly being logged into their PlayNC account?
bsoltan is offline  
Old Jan 01, 2010, 03:38 PM // 15:38   #18
BuD
Krytan Explorer
 
BuD's Avatar
 
Join Date: Mar 2006
Location: Nunya
Profession: E/Mo
Default
Quote:
Originally Posted by Malice Black View Post
Heh...

It'll be a generic "we're looking into it".

Or..

its still not our fault....
BuD is offline  
Old Jan 01, 2010, 03:42 PM // 15:42   #19
Furnace Stoker
 
pumpkin pie's Avatar
 
Join Date: Jul 2006
Location: behind you
Guild: bumble bee
Profession: E/
Default
Thank you for this thread! told them on the phone too, that it was because of the linked account! if only they had listen. Before linking to ncsoft master account, for 4 years nothing happens!
pumpkin pie is offline  
Old Jan 01, 2010, 03:50 PM // 15:50   #20
Frost Gate Guardian
 
Join Date: May 2008
Location: Poland
Default
That websites been flawed from day one. Just look at all those people that forgot passwords to that website, because of the free storage pane rush. Then the horrible loading times on that bandwidth consuming excuse for a website. I wouldn't expect anything else, there has been no explanation into the massive hackings, and this is a pretty serious issue. I was never a fan of NCSoft, but Arenanet let me down too.

The communication regarding this has been so shallow. Something is just wrong.
Edge Igneas is offline  
Closed Thread
Page 1 of 23 1 2311 > Last »

Share This Forum!  
 
 
           

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 10:14 AM // 10:14.

Contact Us - Guild Wars Guru - Archive - Privacy Statement - Top

Powered by: vBulletin
Copyright ©2000 - 2016, Jelsoft Enterprises Ltd.
jQuery(document).ready(checkAds()); function checkAds(){if (document.getElementById('adsense')!=undefined){document.write("_gaq.push(['_trackEvent', 'Adblock', 'Unblocked', 'false',,true]);");}else{document.write("