Curse

lishi · Jan 02, 2010, 02:12 AM // 02:12

Quote:

Originally Posted by Zinger314

Hats > Account Security

Duh.

You are comparing apple with orange.

The ncsoft account system and the guildwars dev team are separate and with different competence.

If the company XXX have a big problem in their marketing department the guys on the production department don't stop their job and help the marketing department with stuff who are not their competence.

sykoone · Jan 02, 2010, 02:13 AM // 02:13

Quote:

Originally Posted by AnClar

oh for freaks sake!!! Shut down the plaync site until you get this fixed!!!!!!!! The hell wiith channels and protocol. Be safe first and fix later!!!!!!!

The problem is that no one from anet can shut down the plaync site. So you're stuck with going through the channels in order to get anything done.

Nereyda Shoaal · Jan 02, 2010, 02:18 AM // 02:18

Meh

I'm going to win the lottery tomorrow, buy ANet from NCSoft and hand it to someone responsible. Someone responsible who cares about the game and thinks gamers are real people not numbers which you put into a PowerPoint presentation which you show to your boss every 4.5 weeks
NCSoft is SH*T. SH*T, SH*T and once again SH*T. I'm almost certain no one from ANet can tell them that straight in the face. But since I'm not employed by them I shall say it once again - you are shit NCSoft, bunch of money grabbers

For me this security issue, in the scale 1 to 10 is probably 8
9 is when those "hackers" take control over the game servers
10 is when they hack into ANet/NCSoft LAN
If I was IT support there I would just pull the plug on the server where the website resides
I mean seriously.... Logging RANDOMLY to other people accounts?! WTF?!
If that happened at the place I work the whole department would be in the office 24/7 until the SERIOUS SECURITY BREACH is resolved

As much I'm neutral towards Gaile, Regina and all the rest at ANet I must say I feel sorry for them. Saying something and hoping someone else did his/hers job properly... then defending them and putting your reputation on the line. F*cking hell... I would never do that. It must feel like someone back stabbed you, doesn't it?

pumpkin pie · Jan 02, 2010, 02:19 AM // 02:19

experienced in NOT listening to their customer's genuine concern crew?

start looking for jobs or give me back all my undedicated minipets! more then 40 of them

AnClar · Jan 02, 2010, 02:23 AM // 02:23

Quote:

Originally Posted by sykoone

The problem is that no one from anet can shut down the plaync site. So you're stuck with going through the channels in order to get anything done.

OK then...everyone here should immediately submit multiple support tickets to the PlayNC site...maybe if we all do this:

A. NCSoft will "get it".
B. The increased traffic to the PlayNC site will take it down, thereby solving the shut it down issue.

chimx · Jan 02, 2010, 02:30 AM // 02:30

I'm actually try to fully wrap my head around how many people could have been affected by this. Also I have created a petition demanding NCsoft/anet take responsibility IF (and looks to be likely) the fault is on their end.

Please sign! Voice your opinions and mark your name so that NCsoft knows the magnitude of the problem

Regina Buenaobra · Jan 02, 2010, 02:33 AM // 02:33

First of all, we have escalated this up to the NCsoft Security team, and they will investigate the issue.

There have been ongoing investigations on the hacking incidents for some time, and according to the data gathered, none of them appear to be directly or exclusively related to NCsoft Master Accounts. Some hacking victims have NCsoft Master Accounts, some don't. Data was recently reviewed, and about half are not NCsoft Master Account holders. Therefore the hysteria surrounding the idea that all hacks are coming through the NCsoft Master Account doesn't seem to be valid. However, this doesn't necessarily rule out that some hacks are coming through NCsoft Master Accounts. The information about this particular exploit is new to us, and we don't know what will happen as more people, due to this thread, learn about it and even try it. We're not brushing things under the rug, nor denying that there might be a problem. The Support team has not previously notified us of this issue as detailed in the OP. The first we have heard of this information, as detailed in this thread's original post, was brought to our (ArenaNet's) attention just recently (yesterday, according to Gaile), so it's incorrect to suggest that we've been covering it up for months. Please be assured that we are taking the concerns in this thread seriously, following up with NCsoft Security, and actively raising the issue with the Security team.

Thank you.

genofreek · Jan 02, 2010, 02:33 AM // 02:33

Quote:

Originally Posted by flubber

one to many https in those links brah ;-D

Beat me to it. :P There seems to be a lot of flubbed code going around.

J I L T · Jan 02, 2010, 02:36 AM // 02:36

How big is the chance of randomly logging onto another person's account? I'm just wondering out of curiosity and so I can know just how big of deal this really is.

Quote:

Originally Posted by Erys Vasburg

Of course, the denial is strong. Of course, Gaile insists that this issue is nothing, even though she did not read up on it before saying so. Of course, she insists that it is not related, as many hacked accounts were not linked to NCSoft Master Accounts. Of course, she, and everyone at NCSoft, would like us to believe that after four years, suddenly thousands of people became infected by a real life stupidity virus and stated dealing with RMT or being keylogged simultaneously, and visiting a website that she refuses to name or even offer any scrap of evidence that it exists.

This is a very good point but it works both ways. I doubt NCSoft would suddenly lose any and all sense of business by letting a problem like this continue. That leads to me to believe that there's probably a logical explanation that doesn't hinge on NCSoft having some cover up conspiracy to mislead and screw over customers or every employee being in denial. I'm most certainly not saying this isn't a problem or doesn't need to be fixed but this is the kind of situation where you should really hear both sides and the only NCSoft reply I've seen was the one from Tamat compared to all the posts from players who really don't know full scope of the situation. Plus I can't help but think that the hacking wouldn't be anywhere near as severe if players hadn't made forum topics exposing the flaws to the public. To me both parties are equally at fault. And the irony is the people complaining about the lack of security are actually contributing to it. Chances are any cover up was actually meant to protect us. Basically I'm willing to give them the benefit of the doubt to at least protect their business interests. But then again I'm a devil's advocate.

obastable · Jan 02, 2010, 02:37 AM // 02:37

Someone asked back on page 3 or 4 if there was a potential lawsuit & the answer is a resounding YES

EULA's and TOS's are NOT above the law. They are not a be all end all governance of how it will be. Unless YOUR local law is, to the letter, identical to their EULA/TOS then there is room for you to take them to the cleaners.

If you've been hacked & denied restitution the first thing you should do is contact customer support (yes, I know, this seems redundant but it's not). Save copies of all ingoing and outgoing emails so you can print them if necessary. Request a full explanation of what happened. Be polite, courteous, and patient but do NOT accept the first answer you get. Be persistent.

In the meantime, do yourself a favour and brush up on your local law. Every country, state, province, etc., has local consumer protection laws to some degree. Learn them, look for loopholes, and take notes.

If support refuses to co-operate get the contact information for NC Soft's legal department. Explain what happened, attach all emails you've exchanged with support, and include exactly what you're asking for (in most cases a full restoration of your account to a state immediately prior to being hacked), and then clearly pinpoint where your local laws give you grounds for a lawsuit if they aren't willing to compromise their EULA/TOS and work with you outside of a court room.

Unless a class action is launched in numerous countries world wide then this issue can be settled in small claims court, in which case you can represent yourself for a very minimal cost.

Where I live I can take them to court in a heart beat; both NC Soft AND Arena Net. If, or I'm starting to think I should say "when", I'm hacked this is precisely what I will do.

Yes, it's just a "game", but it's a "game" that NC Soft & Arena Net have spent a lot of money convincing me to invest my time in playing, to actively participate in, to provide feedback for, and to see things we've all had a hand in (to some extent) implemented into the game. If it weren't for us the pixels of Guild Wars commodities would have no value and they would have ceased to create revenue a long time ago.

Enko · Jan 02, 2010, 02:41 AM // 02:41

Quote:

Originally Posted by Regina Buenaobra

First of all, we have escalated this up to the NCsoft Security team, and they will investigate the issue.

There have been ongoing investigations on the hacking incidents for some time, and according to the data gathered, none of them appear to be directly or exclusively related to NCsoft Master Accounts. Some hacking victims have NCsoft Master Accounts, some don't. Data was recently reviewed, and about half are not NCsoft Master Account holders. Therefore the hysteria surrounding the idea that all hacks are coming through the NCsoft Master Account doesn't seem to be valid. However, this doesn't necessarily rule out that some hacks are coming through NCsoft Master Accounts. The information about this particular exploit is new to us, and we don't know what will happen as more people, due to this thread, learn about it and even try it. We're not brushing things under the rug, nor denying that there might be a problem. The Support team has not previously notified us of this issue as detailed in the OP. The first we have heard of this information, as detailed in this thread's original post, was brought to our (ArenaNet's) attention just recently (yesterday, according to Gaile), so it's incorrect to suggest that we've been covering it up for months. Please be assured that we are taking the concerns in this thread seriously, following up with NCsoft Security, and actively raising the issue with the Security team.

Thank you.

Which security team is giving you this information? NCSoft's or Anet's? NCSoft has blatantly ignored all information that they have massive security holes in their system for a long time now. This isn't the first security hole that people have found.

Even if this wasn't going on, there are still some security issues on NCSoft's master accounts such as passwords being able to be changed without verification of who's changing it (such as requiring the old password).
A post earlier by someone who has experienced in the field of testing website security detailed some additional security holes.

Why Anet isn't demanding that NCSoft fix all of these problems is mindblowing since Anet's survival is going to depend on NCSoft's reputation as long as Anet is under them. You have a game under development that from the information released will be great but chances are if things continue this way, people won't want to buy it since their account could get hacked at any time.

Despite NCSoft or maybe your own security team telling you that it's not them, the fact that there have been so many hacks going on and nothing has been done beyond requiring us to put in a character name (which can be found through numerous means) is a little telling on how we will be treated in the future. NCSoft has some of the worst customer service I have ever dealt with. City of Heroes customer service was fine when it was still under Cryptic and as soon as NCSoft took over, it went to crap.

Cacheelma · Jan 02, 2010, 02:43 AM // 02:43

Quote:

Originally Posted by Regina Buenaobra

First of all, we have escalated this up to the NCsoft Security team, and they will investigate the issue.

There have been ongoing investigations on the hacking incidents for some time, and according to the data gathered, none of them appear to be directly or exclusively related to NCsoft Master Accounts. Some hacking victims have NCsoft Master Accounts, some don't. Data was recently reviewed, and about half are not NCsoft Master Account holders. Therefore the hysteria surrounding the idea that all hacks are coming through the NCsoft Master Account doesn't seem to be valid. However, this doesn't necessarily rule out that some hacks are coming through NCsoft Master Accounts. The information about this particular exploit is new to us, and we don't know what will happen as more people, due to this thread, learn about it and even try it. We're not brushing things under the rug, nor denying that there might be a problem. The Support team has not previously notified us of this issue as detailed in the OP. The first we have heard of this information, as detailed in this thread's original post, was brought to our (ArenaNet's) attention just recently (yesterday, according to Gaile), so it's incorrect to suggest that we've been covering it up for months. Please be assured that we are taking the concerns in this thread seriously, following up with NCsoft Security, and actively raising the issue with the Security team.

Thank you.

You're basically telling us all that both Anet and NCSoft are just a bunch of rookies who have to rely on thier own CUSTOMERS to investigate AND point out all sort of flaws in things, from marketing "don'ts", community management, BUGS, Security issues, and everything?

How reassuring. Can't believe I was foolish enough to shell out my money so many times in the past for such company.

Tullzinski · Jan 02, 2010, 02:46 AM // 02:46

Turn it off, Turn it off NOW! It is scary to think of the amount of personal information that is being taken from this site. This is even a worse issue than having accounts stolen. Granted adding any kind of additional requirements would be welcome to keep accounts from being pilfered, it is not as serious as the amount of personal information that is in danger.

You have to wonder how much personal information has been stored away for when this hole is finally closed.

I used to think that EA (Electronic Arts) was the worse company/publisher, well not anymore. NCsoft you have done what I thought was impossible and surpassed EA as the #1 greedy faceless company that does not give a damn. Congatulations you have earned it!!!

chimx · Jan 02, 2010, 02:50 AM // 02:50

Even if Anet DID know about it this issue, the GW team can employ plausible deniability. Problem with these things is, the fact that there's no individual responsibility will carry through the group, or slip. Problem with hierarchal bureaucratic corporations is there's so much red tape you don't know who to blame. Really the onus is on them to figure this bollacked situation. I don't know what happens if the responsiblity is on their end... what are all these people with hacked Play NC accounts have to say about this?

Enko · Jan 02, 2010, 02:53 AM // 02:53

I still think that someone should post a link to this and to the aion forums on mmorpg.com or tentonhammer. maybe if a large website like them made a report on them, ncsoft would actually act on this. otherwise, we're probably just going to keep getting the same story about how they're still investigating and its not really their fault. if any other company had security problems like they've had recently, other companies would've started taking down variables to figure out what the problem was or at least have their security teams working on it around the clock to fix it. I wonder if the other company who's name means a snowy storm has had any major issues like this.

nvm, just did it myself. wonder if they allow me to link to other forums . .. guess i'll find out.

Fay Vert · Jan 02, 2010, 02:54 AM // 02:54

Quote:

Originally Posted by Regina Buenaobra

blah blah blah same old stuff blah blah blah

Heads up for you.

The shit is hitting the fan. ANet and NCSoft's reputation is in a nose dive, nobody believes you.

Time to go nuclear on this or your company is down the toilet, so you may as well cancel GW2.

BuD · Jan 02, 2010, 03:06 AM // 03:06

So if this is the real deal, wouldn't you think by now Guru would be flooded with "I got hacked" threads? Its been over 12 hours, 15k + views & almost 300 posts on a topic that blatantly tells you how to do this..and yet no rash of hacked threads.

Just playing devil's advocate.

Rhododendron · Jan 02, 2010, 03:07 AM // 03:07

You guys really sound hysteric. Its the beginning of the new year. So what if they will mess up your accounts and the xunlai booty? Take a break. The more time you invested in the game and stayed in front of the pc screen, the more you could need it.

Emperor Bush · Jan 02, 2010, 03:08 AM // 03:08

Did everyone get their festival hats?

gone · Jan 02, 2010, 03:10 AM // 03:10

Quote:

Originally Posted by BuD

So if this is the real deal, wouldn't you think by now Guru would be flooded with "I got hacked" threads? Its been over 12 hours, 15k + views & almost 300 posts on a topic that blatantly tells you how to do this..and yet no rash of hacked threads.

Just playing devil's advocate.

If I were to compromise security, I would harvest information for use at a later date. sure, -most- of the info might be useless (at a later date), most being the key word here. that, or compile it and sell it to the people who are dumb enough to actually use it..