Curse

Deviant Angel · Jan 02, 2010, 03:44 AM // 03:44

Um... I've always had to provide my current/old password before I could make a new one. That applies to the game client and the website.

Why is this being seen as a new feature for some of you?

Edit: I could have sworn that I had to in the past on the NCSoft website. Now it appears that I don't? WTF? To make things even more interesting, I had never set up the password hint question thingies in the past... so they are sitting there waiting for a hacker to come along and set them for me.

Tullzinski · Jan 02, 2010, 03:50 AM // 03:50

Quote:

Originally Posted by Deviant Angel

Um... I've always had to provide my current/old password before I could make a new one. That applies to the game client and the website.

Why is this being seen as a new feature for some of you?

Edit: I could have sworn that I had to in the past on the NCSoft website. Now it appears that I don't? WTF? To make things even more interesting, I had never set up the password hint question thingies in the past... so they are sitting there waiting for a hacker to come along and set them for me.

It was NOT a requirement on the NCsoft Master account site. It is as of today...to change your guild wars password...

Miscreant_Moon · Jan 02, 2010, 03:52 AM // 03:52

Gaile Gray on the wiki:

ArenaNet and NCsoft staff members have been discussing the possible security issues pointed out by players in various forum threads. We absolutely do take these concerns seriously, and measures are being and will continue to be taken to address the concerns on several levels. A change in one of the NCMA processes is being made even as I write, and I think you will all agree that this change will help tremendously in enforcing a high level of account security. I just want to say I'm very grateful to the people who have been involved. They are working on a holiday, some of them away from home, and they've just been splendid in getting into this, to listening, to looking at what they can do to help -- to taking the whole matter on board and making definite improvements in very short order.
Research continues and additional changes may be put in place. But if you try to change your password in on the NCsoft site, you will notice a change, I'm sure, that will enhance account security now and in the future. -- Gaile 03:15, 2 January 2010 (UTC)

Enko · Jan 02, 2010, 03:54 AM // 03:54

heh on my post on mmorpg.com, 3 posters are saying "anet told us to change our password in the log in announcements so they must obviously be doing something to combat it".

here's one of their quotes:

Quote:

Originally Posted by Abrahmm on mmorpg.com

Last time I logged into Guild Wars there was in big, bright red text a warning about rampant account hacking, and they made me not only give my password but answer an additional security question. Explain to me how they "aren't admitting it" and "Aren't doing anything to combat it" again?

Jensy · Jan 02, 2010, 04:00 AM // 04:00

That is a step in the right direction. Thanks to whomever has been working on this. What a freaking mess, man.

AnClar · Jan 02, 2010, 04:00 AM // 04:00

Quote:

Originally Posted by Miscreant_Moon

Your Guild Wars account yes Enko. Your NCSoft master account password you still don't need to type in your current password.

According to what Gaile has up on her support page, (and I haven't tried this yet but I will shortly) NCSoft security claims that in order to change the NCMA p/w, you are asked a series of security questions first. So while you don't have to input your old p/w, you still have a layer of security to go through before you can change your NCMA p/w.

shoyon456 · Jan 02, 2010, 04:00 AM // 04:00

Nice response Anet/Gaile/Regina/NCSoft, especially on a holiday. Squeaky wheel gets the grease.

PuppyEater · Jan 02, 2010, 04:03 AM // 04:03

Good to see ye olde Tombstone Policy in full force. I'm just surprised it didn't take someone losing their entire real life identity to get anything even addressed. (All though, to be honest, someone experiencing identity theft would force them to do something but I really don't think it would be worth it...)

Cacheelma · Jan 02, 2010, 04:05 AM // 04:05

Quote:

Originally Posted by karlik

It's not exactly that Anet/NCSoft don't know what's going, it's more that they won't admit it. There is constant denial in any business out there.

When was the last time time you heard a fast food joint say "yeah, we didn't cook the burgers long enough - it's our fault people got sick"?

It's not that they don't know what's going on and need us to tell 'em - it's that they don't want us to know, and we need to tell 'em we do.

I was one of the first to respond to the "character name" update, and I believe my comment was to the effect of it was like putting a "band aid on a severed artery".

I knew Regnobra lies. I just want to call her out on what she said.

MMSDome · Jan 02, 2010, 04:14 AM // 04:14

I actually lold when I read about this on TeamQQ seeing as my account was hacked as well.

So much for them blaming the community for having bad passwords.

REFUNDS!

Deviant Angel · Jan 02, 2010, 04:15 AM // 04:15

Quote:

Originally Posted by Tullzinski

It was NOT a requirement on the NCsoft Master account site. It is as of today...to change your guild wars password...

I've never tried to change my plaync account password in the past, so that's why I didn't notice that little security disaster waiting to happen.

Inner Salbat · Jan 02, 2010, 04:17 AM // 04:17

Read this and obey it

Do not fill in those extra security questions with anything valid, like what colour is your car, if you say "Blue" your an idiot and you deserve all your stuff being hacked off your account because your a class total idiot, in fact don't even bother to wait for the hacker just trade all you stuff to me

what you should be putting in those boxes is;

X2xA3!#5!uBqZx7{2^yY

And write it down on some paper somewhere.

obastable · Jan 02, 2010, 04:24 AM // 04:24

Quote:

Originally Posted by MMSDome

So much for them blaming the community for having bad passwords.

REFUNDS!

Not entirely true, though it is the standard response given to hacked account incidents. Press, be polite, and be patient ... and you will eventually get a better answer.

Sierraa · Jan 02, 2010, 04:30 AM // 04:30

Quote:

Originally Posted by Erys Vasburg

However, if you want a Guru moderator's confirmation, you have it here:

xxteacakez = me, while I'm only a ventari/nolani mod I can truthfully say that my NCsoft account doesn't start with a "k" and I had full control over the account that I was logged in.

Regina Buenaobra · Jan 02, 2010, 04:42 AM // 04:42

ArenaNet has been discussing the issues pointed out by players in this and other forum threads on the issue with NCsoft. Again, we take these concerns very seriously, and we're currently taking measures to address them on several levels, and we will continue to do so.

There is a change in one of the NCsoft Master Account processes that is being enacted, and we believe this change will help quite a lot in enforcing account security, and we're very grateful to the folks involved who've worked today to get those measures in place, on a holiday, and many of them away from home. They've taken our escalation of this issue very seriously, are listening, and are doing what they can do to proactively help, and to take your concerns on board and make improvements in very short order.

The security team continues to research and additional changes might be put in place. If you try to change your password on the NCsoft web site now, you will notice one of these changes: you will be required to input the old password to change it to a new one.

I would like to reiterate one point again, because people continue to ignore this fact: The account hacks are not likely related to the NCsoft Master Account security concerns. Roughly half of the hacked acounts do NOT have an NCsoft Master Account, and very few account thefts involved a password change at all. The hacker(s) knew the account credentials, and they did not access the hacked accounts through NCsoft Master Accounts. The hackers had a list of passwords, which they used to steal accounts.

Again, our NCsoft Security team is continuing to investigate this issue, and there might be additional changes forthcoming.

DragonRogue · Jan 02, 2010, 04:43 AM // 04:43

Forgive me if i sound a bit dumb with this question... but ive never had to buy anything from the NCsoft store, i just use the loggin screen link for the few extra toon slots i wanted, so never needed my ncsoft account name or PW...So why is it impossible to just change the PW on the same loggin screen without having to go thru their website? Seems that it would be easier and only Anet would know whats going on. After all, im logging into GW and using my GW PW on a GW game screen...not an NCsoft screen.

Professor K · Jan 02, 2010, 04:46 AM // 04:46

I applaud ArenaNet for trying their best to keep us safe, but its all for naught if NCsoft can't get their shit in order.

obastable · Jan 02, 2010, 04:59 AM // 04:59

Quote:

Originally Posted by Regina Buenaobra

The account hacks are not likely related to the NCsoft Master Account security concerns. Roughly half of the hacked acounts do NOT have an NCsoft Master Account, and very few account thefts involved a password change at all. The hacker(s) knew the account credentials, and they did not access the hacked accounts through NCsoft Master Accounts. The hackers had a list of passwords, which they used to steal accounts.

I'm sorry, but ... "not likely related to the NCsoft Master Account security concerns."?

"Not likely" doesn't cut it, Regina, especially when you're talking to the people who had their NCMA's thoroughly compromised prior to their GW passwords being reset by whomever hijacked their NCMA.

In those instances I would say it is VERY LIKELY the account hacks are directly related to the NCsoft Master Account security concerns, and are guaranteed to be a direct result of a major security failure on the part of NCsoft.

What do you say, or do, for those people who have lost their stuff because of NCsofts failure to protect their personal information?

"Ooops! Suck it up, buttercup, because we still won't (willingly) do anything to help you!"

DragonRogue · Jan 02, 2010, 05:00 AM // 05:00

Quote:

Originally Posted by Regina Buenaobra

ArenaNet has been discussing the issues pointed out by players in this and other forum threads on the issue with NCsoft. Again, we take these concerns very seriously, and we're currently taking measures to address them on several levels, and we will continue to do so.

There is a change in one of the NCsoft Master Account processes that is being enacted, and we believe this change will help quite a lot in enforcing account security, and we're very grateful to the folks involved who've worked today to get those measures in place, on a holiday, and many of them away from home. They've taken our escalation of this issue very seriously, are listening, and are doing what they can do to proactively help, and to take your concerns on board and make improvements in very short order.

The security team continues to research and additional changes might be put in place. If you try to change your password on the NCsoft web site now, you will notice one of these changes: you will be required to input the old password to change it to a new one.

I would like to reiterate one point again, because people continue to ignore this fact: The account hacks are not likely related to the NCsoft Master Account security concerns. Roughly half of the hacked acounts do NOT have an NCsoft Master Account, and very few account thefts involved a password change at all. The hacker(s) knew the account credentials, and they did not access the hacked accounts through NCsoft Master Accounts. The hackers had a list of passwords, which they used to steal accounts.

Again, our NCsoft Security team is continuing to investigate this issue, and there might be additional changes forthcoming.

Regina and Gaile,

We know you have been putting forth much effort to solve a few problems in the past 24 hours and we thank you both for keeping the community updated pretty well that i can see.

But i am curious about something. What are you doing to the actual hackers? What steps are you taking on getting rid of them? I know from past threads that it has been stated that you can trace many things in this game. During the 117 issues it was how often people had gone to a restricted area and when and who, and also how much they gained from it. During the begining era of GW gold buyers, many were found, and banned, from their transactions of items that had been traced. Bans on both the sellers and buyers. So that tells me that you can trace where the stolen items are going and who has them. Are any steps being taken to ban these people? Im sure the community would feel better if perma bannings were going on. I know they did when the Bot Bannings were going on and we saw a drastic decline in Monkbots out of Arbourstone and Bergen. People want not only answers, but blood it seems and if you cant find blood for those responsible...they will settle for yours instead. Is trade to temporary accounts and buddy keys restricted? If so then if you ban real accounts, it wont be cost effective for them to keep buying an account to hack anyone.

Also, you say the hackers have a LIST OF PWs? From where have these been obtained? I personally know people who have been hacked. A few of them from the IT industry. So a few of the explanations given us arent really working for what happened to them. That is why this is all sounding a bit odd to many of us.

Faer · Jan 02, 2010, 05:01 AM // 05:01

Nice! Action being taken and more holes being filled. This is awesome!

Quote:

Originally Posted by Regina Buenaobra

The hackers had a list of passwords, which they used to steal accounts.[/B]

Hrm. Where did they get that (and the matching list of accounts those passwords are paired with) from?