 |
|
Dec 18, 2009, 12:38 AM // 00:38
|
#201 | |
|
Ascalonian Squire
Join Date: Aug 2009
Profession: E/R
|
Quote:
|
|
|
|
|
Dec 18, 2009, 12:45 AM // 00:45
|
#202 | |
|
Desert Nomad
Join Date: Mar 2006
Guild: DPX
Profession: R/
|
Quote:
Thank you for your reply, but it doesn't really help us and it does nothing to set us at ease. It has zero benefit if we change our passwords,because changed or not the only thing unwanted guests need is your login email adress,they neither need access to that email nor do they need the old password, at every other place if you want to change the password you need the old password, or you need the email which is where the actual password change happens. I know that most of this problem is not yours or Anet's fault but instead NCsoft's fault,but that is no reason to do nothing for us that will actually help us with the problem. If NCsoft does not want to work on the issue I suggest you as Anet advice people to not link their account to NCsoft, because doing so may open you to a HUGE vulnerability.You try to work on a way for the ones of us that did link our accounts (hello free storage pane) ,but which no longer wish for them to be linked to be able to unlink the account from your side of the connection. We no longer trust NCsoft and we no longer wish to be open to this vulnerability.In my opinion there should be absolutely no work on GW2 untill you can sort out this problem,if you do not we will have the same problems with GW2.But I am simply one player in the thousands of players that play this game, so my opinion will most likely be disregarded, which is not unexpected. Thank you. A concerned player. Last edited by Xenex Xclame; Dec 18, 2009 at 12:47 AM // 00:47.. |
|
|
|
|
|
Dec 18, 2009, 02:52 AM // 02:52
|
#203 | |
|
Krytan Explorer
Join Date: Sep 2007
|
Quote:
That's like saying to the Locksmith: Thief: This is my house, could you let me in? Locksmith: As long as I get pay for my service, I don't give a damn if its your house or not. Not my job. My job is to open locks. Last edited by JimmyNeutron; Dec 18, 2009 at 04:20 PM // 16:20.. |
|
|
|
|
|
Dec 18, 2009, 03:16 AM // 03:16
|
#204 | |
|
ArenaNet
Join Date: Apr 2008
Profession: Me/
|
Quote:
__________________
Regina Buenaobra Community Manager ArenaNet, Inc. |
|
|
|
|
|
Dec 18, 2009, 03:32 AM // 03:32
|
#205 | |
|
Jungle Guide
Join Date: Apr 2005
Profession: N/A
|
Quote:
Since accounts are being hacked through resetting the password on the playNC website, a common question is: why can't you implement e-mail confirmation when resetting passwords? Is it because that is something NCSoft has control over? If so, why are you not pressuring NCSoft to change it, and if you are, why are they doing nothing? |
|
|
|
|
|
Dec 18, 2009, 03:47 AM // 03:47
|
#206 | |
|
Jungle Guide
Join Date: Mar 2006
Location: Trying to stay out of Ryuk's Death Note
Profession: N/R
|
Quote:
However, there have been a numerous people that have reported accounts being stolen/hacked and getting the email from NCsoft Master Hub notifying them the password has been changed by IP addresses from RMTs in China. Common sense tells us that the weak point is there. So it does not take a rocket scientist to determine that if the function was turned off for now it would reduce the amount of accounts stolen. While I am not saying all of the hacked accounts are because of NCsoft site, it is obvious that once that login and password are hacked it is giving the hackers free access to any and all accounts tied to the NCsoft Master Hub. Please disable that sites ability to change passwords. With Wintersday coming up tomorrow, I can imagine that alot of people that have not played in awhile will be returning and if they forgot the passwords it is nice to be able to direct them to the automated site to reset it. But this needs to happen and soon despite the influx. Which is going to cost more: Having support reset passwords manually or dealing with the increase of hacked accounts. Last edited by Tullzinski; Dec 18, 2009 at 03:54 AM // 03:54.. |
|
|
|
|
|
Dec 18, 2009, 04:08 AM // 04:08
|
#207 | |
|
Banned
Join Date: Sep 2009
|
Quote:
When I change my password from the ingame menu it wants my current password. When I change it from ncsoft it just wants a new password. That equals zero security. I agree with the above request, remove the abilty to change passwords from the ncsoft menu. |
|
|
|
|
|
Dec 18, 2009, 05:09 AM // 05:09
|
#208 | |
|
Wilds Pathfinder
Join Date: Dec 2005
Guild: Spectra Sg [SpcA]
Profession: W/Mo
|
add me to the list
Quote:
okay, venting aside, i was reminiscing of the good old days in thunderhead keep and eternal grove. enemies attacking on multiple fronts, a small team of adventurers fending them off in a fort. When one entry point was under extreme duress, the team was reshuffled immediately to stem the threat, with much frantic pinging and arrows drawing on the minimap. failure to do so usually resulted in a wipeout. many dwarven kings and tree singers must have fallen in the course of guild wars. good times. on to these account breaches. i have read gaile's and regina's statements on these account breaches. The general strategy seems to be a) change password b) wait while the team comes up with a resolution. a) is not really an ideal response to these breaches. many players are on hiatus and do not even log in or follow the forums. I was only aware of all these issues after receiving that dreaded email. of course, now that i know, there is no way for me to change my password without support's assistance. b) is well and good. but it seems to be more skewed towards the mid or long term. this "brainstorming" is not about how to hustle that warrior to the west gate, it is about how to slay the evil lich king at his lair. thunderhead keep could well be lost by the time we figure out how to slay the lich king, in which case we will never get to him. to summarize my opinions: a) short, medium, long term solutions are required. this is true in every crisis. what are the short terms resolutions offered so far? the first post in this thread was 10th dec. it has been almost a week since then. many accounts could have been saved if some form of short term action was taken. b) service support standards are lacking. this is an online game. the account governs my ownership of the game. theft of my account equals theft of my copy of the game. 7 hours (and counting) is too long a wait for a simple account lock request or even an initial contact by a support rep. i have not even been attended to, so i can only wonder how long it'll take for that to happen. c) separation of concerns is a standard audit procedure. i am at fault for reusing passwords for forums and internet support accounts like ncsoft. to be realistic, few users are going to have separate passwords for the multitudes of websites out there. however, i practice tranching. i make it a point to have a different username and password for accounts which require higher security. guild wars was one of those accounts. that my guild wars account was breached possibly because a different forum account was breached stinks of irregularity. d) keyloggers and trojans are a possibility, but i'm confident there would have been some actual reports of malicious software on someone's pc considering the severity of this outbreak. occam's razor. e) this is not the bigger battle. the bigger battle is guild wars 2. i've just had 3 to 4 years of gaming effort on guild wars compromised. the heart-break is hard for a non-gamer to imagine (afterall, it's all virtual right?). i have serious misgivings about any online games which cannot safeguard my progress/ ownership. it may well be that this is my farewell to tyria. Last edited by trielementz; Dec 18, 2009 at 06:11 AM // 06:11.. |
|
|
|
|
|
Dec 18, 2009, 07:09 AM // 07:09
|
#209 | |
|
Furnace Stoker
Join Date: Jan 2008
Profession: Mo/
|
Quote:
|
|
|
|
|
|
Dec 18, 2009, 08:40 AM // 08:40
|
#210 | |
|
Lion's Arch Merchant
Join Date: Oct 2005
Guild: Leader - ANZAC
Profession: E/
|
Quote:
descr: 1F~11F, No. 218, Rueiguang Road descr: Taipei Taiwan 114 Do a whois from a command prompt for more detail information. And yes I am another one that was hacked, without sharing info on any forum or website. Uhmm, guess my avatar needs changing 
|
|
|
|
|
|
Dec 18, 2009, 12:38 PM // 12:38
|
#211 |
|
Jungle Guide
Join Date: Mar 2006
Location: Trying to stay out of Ryuk's Death Note
Profession: N/R
|
Sorry to hear about the above members getting hacked.
 ANET/NCsoft: Two more examples of gold sellers stealing accounts. Regardless of how they were hacked, the NCsoft Master Hub Password reset function needs to be turned off. It is the finish line for the hackers and should be disabled immediately. Are we going to see a flood of accounts hacked with the return of many members due to the event weekend? VV what he said below VV Last edited by Tullzinski; Dec 18, 2009 at 02:58 PM // 14:58.. |
|
|
|
|
Dec 18, 2009, 02:38 PM // 14:38
|
#212 |
|
Lion's Arch Merchant
Join Date: Apr 2007
Location: UK
Guild: I use to love CB :(
Profession: Mo/
|
Regina/Anet
Accounts are being compromised everyday and there needs to be some level of damage limitation ASAP, allow people to at least lock characters otherwise you will see more folks walking away from GW and GW2. If any of my friends get hacked they will not get GW2. Accounts have been hacked for a long time already and there needs to be immediate damage limitation. There is no comfort for those who have been compromised, nor does the fact that anet are working on solutions. Me and others are not prepared to spend at the store and everyday folks are scared that there account is another statistic, regardless of how it happened. Please make this possible before more fans and players are compromised. TY Last edited by Silverblad3; Dec 18, 2009 at 02:41 PM // 14:41.. |
|
|
|
|
Dec 18, 2009, 03:53 PM // 15:53
|
#213 | |
|
Banned
Join Date: Sep 2009
|
Quote:
|
|
|
|
|
|
Dec 18, 2009, 04:03 PM // 16:03
|
#214 | ||
|
Pre-Searing Cadet
Join Date: Jan 2007
Location: Illinois
Guild: Blade and Rose [BaR]
Profession: Me/N
|
Quote:
Someone at 122.147.127.156 has reset your Guild Wars Game Account password for account [...]. If you did not make this change, please contact support immediately at [email protected]. Did a whois, got: descr: New Century InfoComm Tech. Co., Ltd. descr: 1F~11F, No. 218, Rueiguang Road descr: Taipei Taiwan 114 country: TW and a person's name, email, apartment number. It's been 18 hours since I filled out a support ticket, still got nothing but the automated response. I posted in Bellissima's thread on GWO. From NCSoft, I only got the generic "your password has been reset" email, and then tried to login to my PlayNC/NCSoft account, and could not. Someone hacked into my PlayNC account, changed my security questions/answers, and changed my Guild Wars password. Even though I use a unique password for Guild Wars, which I haven't typed in ages (I use the Properties shortcut), apparently you don't even need to enter your old Guild Wars password in PlayNC to change it. So, essentially, all that is standing between you and $150 worth of game is a very hackable website. I wish there were an unlinking option, or heck, requiring your old GW password to change to a new one. At least my characters have not been deleted -- someone was kind enough to check, and my igns are still addable to the Friends List. Otherwise, I second this post: Quote:
Last edited by Rinoa Hawkeye; Dec 18, 2009 at 04:45 PM // 16:45.. |
||
|
|
|
|
Dec 18, 2009, 04:35 PM // 16:35
|
#215 | |||
|
Grotto Attendant
Join Date: Apr 2007
|
I am back in this thread but briefly.
Quote:
Quote:
I am very sorry about your account. That name is the name of the contact info for New Century InfoComm Tech. Co., Ltd., which is most likely just an ISP. That person is probably not responsible and probably not willing or able to help figure out who is. Perhaps, something is being done though: Quote:
|
|||
|
|
|
|
Dec 18, 2009, 04:40 PM // 16:40
|
#216 |
|
Krytan Explorer
Join Date: Sep 2007
|
I can see it now.
GW Update: A Bank has been added to GW. Like a regular bank, you need an ATM card to deposit and withdraw anything from the bank. How will this work? Your ATM card can be anything you have in inventory, materials, rare drops, armor, dyes, etc... Once you place the ATM item into the Bank, you will then be require to enter a 4 digit pin #. If the wrong ATM item is placed in, it WILL still ask you for a 4 digit pin #. This is to prevent hackers from guessing if they have the right ATM item or not. Once the correct pin# is enter, you can store anything you want into the bank; gold, materials, weapons, etc... and even the ability to lock up any characters from deletion!!! Ex. ATM Item: 4 Pile of Glittering Dust (NOTE: This is not the same as 1 Pile of Glittering Dust or a Stack of Dust). The 4 IS IMPORTANT!!!! Timer: Wait 5sec REGARDLESS of correct ATM item or not Enter Pin. Wait 5 sec Bank Unlock if correct. Why the timers? Like I said, to prevent hackers. Long time ago, Unix hackers would be able to guess a username easily if they got the Password prompt immediately. Getting the Password prompt means the username exist and therefore returns the Password prompt instantly. However, if the username doesn't exist, it searches its "passwd" file for the username that was enter and this takes about 5-10secs. Hackers would know if it takes more than 5sec, an invalid username have been enter and to try the next username. Fun part back then was passwd wasn't encrypted till later on. Someone could've just type on "cat passwd" and log the entire output to a txt file. Later on, encryption was implemented and passwd- <---hyphen added, but still wasn't secure. Anyways, I'm digressing. But you get the point...a Bank added!!!! all yours for the low price of $9.99!!!! NOTE: This idea is (tm) and patent pending!!! To use this feature, please contact me for royalties fees. LOL!!! Last edited by JimmyNeutron; Dec 18, 2009 at 07:05 PM // 19:05.. |
|
|
|
|
Dec 18, 2009, 04:43 PM // 16:43
|
#217 | |
|
Forge Runner
Join Date: Jun 2006
Guild: Hard Mode Legion [HML]
Profession: N/
|
Quote:
However, I'm not convinced that the NC website is less secure than the GW login. It's just a better target for hackers than the individual game accounts. From my point of view the link to the NC account does not make the GW account less secure, it seems like two entry points but just as a normal burglar they can work most efficient on one door at the time. What I do know is that targeting the NC account is far more profitable for a hacker than the GW account. Because the account might be linked to several games. It might well be that the criminals figured this out and are now working full-force on the NC accounts and less on the GW/Aion/whatever accounts they used to work on. Meaning an increased amount of people getting hacked on their NC account. |
|
|
|
|
|
Dec 18, 2009, 04:44 PM // 16:44
|
#218 | |
|
Pre-Searing Cadet
Join Date: Jan 2007
Location: Illinois
Guild: Blade and Rose [BaR]
Profession: Me/N
|
Quote:
|
|
|
|
|
|
Dec 18, 2009, 05:19 PM // 17:19
|
#219 | |
|
Banned
Join Date: Sep 2009
|
Quote:
Regardless of how, once they get into NCsoft, it is as you said, they have access to any game account you have linked. From that point they don't need to know any passwords, they can change the game passwords at will and start cleaning your accounts. |
|
|
|
|
|
Dec 18, 2009, 05:49 PM // 17:49
|
#220 |
|
Desert Nomad
Join Date: Jul 2007
Location: Cuba
|
A number of security flaws are present on that ncsoft account website, which have been pointed out numerous times and all are still present.
|
|
|
|
 |
|
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT. The time now is 10:42 AM // 10:42.
jQuery(document).ready(checkAds()); function checkAds(){if (document.getElementById('adsense')!=undefined){document.write("_gaq.push(['_trackEvent', 'Adblock', 'Unblocked', 'false',,true]);");}else{document.write("