 |
|
Dec 19, 2009, 07:00 PM // 19:00
|
#261 | |
|
Forge Runner
Join Date: Jul 2005
|
Quote:
Has anyone else had multiple accounts hacked simultaneously? Or, does anyone who's been hacked have other, unhacked accounts linked to the same NCMA? |
|
|
|
|
Dec 19, 2009, 07:59 PM // 19:59
|
#262 | ||
|
Lion's Arch Merchant
Join Date: Aug 2005
Location: The Cosmic Ocean
Guild: DVDF
Profession: Me/
|
Quote:
Quote:
So yeah, change the password to NCSoft's master account too if possible. |
||
|
|
|
|
Dec 20, 2009, 03:40 AM // 03:40
|
#263 |
|
Lion's Arch Merchant
Join Date: Nov 2005
Guild: The Heart of Life is [Love]
|
powercozmic, that's the exact same email I received. I think it's the standard issue "Oops, our security sucks!" email they've been sending out to a lot of people lately.
|
|
|
|
|
Dec 20, 2009, 08:24 AM // 08:24
|
#264 | |
|
Lion's Arch Merchant
Join Date: Aug 2005
Location: The Cosmic Ocean
Guild: DVDF
Profession: Me/
|
Quote:
|
|
|
|
|
|
Dec 20, 2009, 03:32 PM // 15:32
|
#265 | |
|
Lion's Arch Merchant
Join Date: Nov 2005
Guild: The Heart of Life is [Love]
|
Quote:
|
|
|
|
|
|
Dec 20, 2009, 03:49 PM // 15:49
|
#266 | |
|
Jungle Guide
Join Date: Jun 2008
Location: Australia, what you want my home address?
Guild: [CAT]
Profession: Mo/
|
Quote:
But she failed to mention what percentage of accounts are even linked to NCsoft master accounts in the first place... making her assertions look like the desperate misinformation work of a CR/PR trying to convince us that smoking has no ill effects on our health... Lets be honest, if only 20% of all Guild Wars accounts are linked to an NCsoft master account, and yet such linked accounts make up MORE THAN HALF of those recently hacked... then linking an account to the NCsoft master account would mean you're five times more likely to be hacked... but there is no problem here. So, amongst all of that data Gaile has collected... is there any mention of the percentage of Guild Wars accounts actually linked to the NCsoft Master accounts, not just those recently hacked accounts, but in total? Enquiring minds want to know... instead of telling us what you think the data supports, just give us the data, we can think for ourselves. Lies, damned lies, and statistics! Edit: Sorry for not replying sooner, I have this habit of getting banned
Last edited by Nerel; Dec 21, 2009 at 02:03 AM // 02:03.. |
|
|
|
|
|
Dec 20, 2009, 11:52 PM // 23:52
|
#267 |
|
Ascalonian Squire
Join Date: Nov 2006
Location: Germany
Profession: Me/
|
First of all, I have to apologize for my English. It's not my native language.
All these posts here sound familiar to me. My husband has been hacked one day before the new red and shiny log-in announcement. He got an e-mail that his password was changed. We traced the IP – it was from Beijing, China -.- He tried to log on to his NCMA but the pw was wrong. He managed to reset it and then changed it. Then he changed the pw for his game account via the NCMA. After logging on, you can imagine what was left. They took everything valuable. All Gold, rare materials, 1 Fow, 1 Torm Shield, Tomes, Consumables, sup Vigors, rare minis etc., etc. Everything was earned honestly over almost 4 years -.- He was always extremely careful with his private data. He's working with PCs for nearly 30 years now and he never had a virus or a key logger or anything like that. He used his log-in information (pw and e-mail address) for Guild Wars ONLY. It was long, complex and he didn't tell it to anybody. We are, or should I say, were in a one man / one woman guild all the years and he never registered at any game-related forums or anything. He didn't play any other games over these years. All the security stuff (Anti virus, Anti Malware, Firewall etc.) was always running and up to date. There have never been any threats. He contacted support and that is at least as annoying as the hack itself. Head → desk! They blocked his account AFTER he changed his password – for „security reasons“. Great! Why didn't they block it when that friendly Chinese hacker with his Chinese IP logged into his German account with a German IP? Oh, and they blame him, of course. They told him „that someone stole his account shows that he is careless“. They don't even seem to read what their customers write. They just send these „copy and paste“ answers like „read the security FAQ; we are sooo terribly sorry but we won't restore anything“ and calling their customers liars indirectly. Dear A-Net employees, not all of your customers are naive and careless, you know. Believe it or not. There are posts in which you tell us you are working on the issue. Which issue, please? You tell your customers that you don't have any security problems. It sounds like your system is as safe as the White House. Oh wait! Didn't they hack the White House Servers once? If you don't have a security problem why are you „developing solutions to improve account security“? What the heck are you working on? I don't get it. It's all your customers fault, anyway. We are all careless and use our account information for everything else. Maybe we were carless because we also gave you our private data, such as address, birthday, credit card information, etc. Nevertheless you are committed to handle these sensitive data carefully and confidentially. In my opinion, game account information and private data should not be kept together and make it easier for the hackers to do even more harm then steeling virtual items. No matter how they accessed the game account. How do you handle this? How do you plan to compensate the victims for the sudden loss. Has all the effort over those years been in vain? How come, a Chinese RMT can gain access to another country's account and the owner does not even get an e-mail in which he has to confirm the password change? How come, you do not block the hackers when they try to steal an account? IP-check anyone? Btw, it took us 10 seconds to trace the IP (manually!). If someone forgot his NCMA information, he has to prove that the account really belongs to him. The hackers, however, are not expected to do so. The moral of the story: It was a lot of fun playing Guild Wars. But after all we feel stupid because we bought the game and invested a lot of money and a lot of time. And what's left in the end? For me, it doesn't make any sense to play GW without my husband. My husband feels like beeing harvested. It doesn't make any sense to him playing GW again, just to collect new "Christmas gifts" for new hackers. Furthermore, he doesn't feel like looking at his empty, stained account anymore.. Game Over and Merry Christmas to all! (and sorry for this long wall of text) Last edited by Sad Rabbit; Dec 20, 2009 at 11:55 PM // 23:55.. |
|
|
|
|
Dec 21, 2009, 12:43 AM // 00:43
|
#268 |
|
Desert Nomad
Join Date: Apr 2006
Profession: R/
|
I wonder how many password resets are actually genuine and how many are RMT hacks. Shame they decided to put that stupid "Change your password" instruction up on the login page, just to totally swamp what support they had.
|
|
|
|
|
Dec 21, 2009, 12:54 AM // 00:54
|
#269 |
|
Krytan Explorer
Join Date: Feb 2006
Guild: The Arctic Marauders [TAM]
|
Well, I haven't played in a while. I log in about once every two months to check for my character's B-Day presents. I did my routine two month log in and found that I have been hacked. My password was the same, but my gold and gold minis were gone, along with a few valuable weapons in my storage. My only gold is the 477 gold left on my paragon. I was thinking of just getting up one day and giving away all my stuff, and this basically confirms that I will. I'm not gonna make support go through and try to recover my account that has been largely untouched for a year and a half.
|
|
|
|
|
Dec 21, 2009, 01:01 AM // 01:01
|
#270 |
|
Banned
Join Date: Sep 2009
|
Ultrix -
First of all sorry about the hack. Second, I feel the same. When (not if) my account is hacked, I'm pretty much done with it as well. I've only been playing 2 years, but to just loose everything and know it would take that long again... not worth it. There are a lot of other games out there I haven't tried yet. If I have to start over, I'd rather it be a whole new experience. |
|
|
|
|
Dec 21, 2009, 03:57 AM // 03:57
|
#271 |
|
Desert Nomad
Join Date: Aug 2008
Location: Dallas, Texas
Guild: Zero Quality [zQ] /[LaG]/[USA]/[iQ]
Profession: A/E
|
I'm not going to read through the entire thread to see if my idea has been posted... but what if:
They added a "lock box" to your storage as an extra slot. The only way to access that would be to point and click a random set password you gave it. Basically keeping your REALLY valuable items some better safety. |
|
|
|
|
Dec 21, 2009, 04:11 AM // 04:11
|
#272 | |
|
Grotto Attendant
Join Date: Apr 2007
|
How many more reports like this is it going to take for a-net/NCSoft to admit to themselves (if not publicly) that there's a serious vulnerability that's NOT on the players' side?
Quote:
|
|
|
|
|
|
Dec 21, 2009, 11:46 AM // 11:46
|
#273 | |
|
Wilds Pathfinder
Join Date: Apr 2006
Location: London
Guild: Better Than Life (BTL)
Profession: R/
|
Quote:
I still feel that same anger and frustration when I visit my Hall of Monuments and see all my beautiful rare minipets and obsidian armour that they stole :-(( However, two months later, I am probably enjoying the game more than I have for some time. Losing everything can either make you give up, or as I was surprised to find out, motivate you to try and rebuild. I will never have as much in-game wealth as I had before I was hacked (I reckon I lost 5million the hackers) and to be honest I am spending any money I get rather than letting it build up on the account. They also ruined my chances of getting two of the three titles I needed for GWAMM as they took all my sweets and party things I had been saving to do a double hit on the titles and I doubt I will make enough cash to replace them in a long long time. I am still totally amazed at ANets stance on these issues. We have had two months solid of mass hacks. We know there is a major weakness in the NCSoft Account security and that by fixing this up to 50% of the hacks could e prevented. The community has offered several good suggestions as to what needs to be fixed and how to fix it, yet victims are still being told that it is their fault that they have been hacked. This just rubs salt into a very open wound. Anet should admit they have a serious problem, fix it immediately, and compensate anyone hacked within the last two or three months with some kind of ingame compensation. Somewhere in China there are one or more groups of hackers reading these posts and laughing their damn heads off and they will continue to laugh until Anet fix this issue for good. They are making a hell of a lot of REAL money from selling the stuff that we players have worked for in some cases for over four years. |
|
|
|
|
|
Dec 21, 2009, 02:57 PM // 14:57
|
#274 | |
|
Forge Runner
Join Date: Jun 2006
Guild: Hard Mode Legion [HML]
Profession: N/
|
Quote:
The 'different message for valid and invalid accounts' is/was already present in the current GW client. Brute-forcing the GW password? Also possible. On Chthon's Step 3: Obtain the newly-reset NCSoft password. I don't know how this is done. Based on the fact that the attackers seem to be bypassing the user, I have 3 theories I'd like to test. When I looked at this it was possible to give a new password from within the NC website. What we can see is that there is an increase in hacked NCSoft accounts. Does that by definition mean there is a major weakness in the website? No! It means that there is profit to get. And the profit is higher than getting it somewhere else. It could well be that it's harder to crack a NCSoft account than a GW account. However, since NCSoft does offer access to various games with items that can be converted to real money it's worth it. Compare this to burglary. Some burglars will target every home, try the door and move on if closed. Others put more effort into breaking in to special homes with more security because there is more to gain. If there is an increase in break-ins at those special homes, does that mean there are major vulnerabilities in their alarm systems? No, it probably means more people are putting effort in breaking into those homes. Only when there is a certain pattern we can say that there might be a vulnerability. At this moment the only 'pattern' is that people with NCSoft accounts get hacked. We do not know if the effort to hack the combined NC games is decreased. If this is the case it's just a switch of target, not an indication of a vulnerability. This does not mean that there is no room for improvement on the NCSoft website. Chthon stated a few, though from the perspective of a software vendor several of those fixes are no 'easy fixes'. There may be valid reasons why certain things are the way they are. We don't know the code and logic behind everything. I've been in the field of Info-sec long enough to know that 'easy fixes' may not be that easy after all. |
|
|
|
|
|
Dec 21, 2009, 03:09 PM // 15:09
|
#275 |
|
Furnace Stoker
Join Date: Jul 2006
Location: behind you
Guild: bumble bee
Profession: E/
|
Ah HUH! account linked to NCSoft master account got hacked! as I have suspected, i was hacked soon after the link to get the extra storage pane.
I have another account that was not link which was not hacked. Do more checking ArenaNet. |
|
|
|
|
Dec 21, 2009, 04:47 PM // 16:47
|
#276 | |
|
Jungle Guide
Join Date: Mar 2006
Location: Trying to stay out of Ryuk's Death Note
Profession: N/R
|
Quote:
IMO ANET/NCsoft continues to be preoccupied with how the hackers are getting in and telling us it is not their fault. I agree, not your fault, I got it. However even though it is not your fault, it does NOT mean that you cannot help to fix the issue by making it harder to change the password in that site!!! And in the process making many of us even more safe and scoring points with the community on top of it. Requiring a game CD Key could be one way to ensure that hackers once inside the site cannot change passwords at will, they should not have this information at all. Confirmation Emails has been asked for repeatedly and would also be great way to help feel safer. Others (who are way smarter than me) do not agree, and think there may be other vunerabilities in the site. This could be totally correct, but since we cannot gain access to the information we need to confirm this, it is reduced to "its your fault" "no its not" arguement. It is a shame that it has been reduced to that. Unfortunately until this is resolved I do not feel safe (no matter how illogical this may be) using the NCsoft site. It is a shame since I would have been happy to "donate" $10 for the costumes being offered for both my accounts. Until a remedy is applied to the NCsoft site, I will not purchase anything using that site. ANET/NCsoft should step up and do the right thing and help its players by making that site even more secure. Last edited by Tullzinski; Dec 21, 2009 at 04:49 PM // 16:49.. |
|
|
|
|
|
Dec 21, 2009, 04:55 PM // 16:55
|
#277 |
|
Lion's Arch Merchant
Join Date: Mar 2006
Guild: The Summit of Human Evolution
Profession: W/
|
It's pretty simple really...account hacks happend before linking the accounts during the promotion, but not with great regularity. They happen now at a frightening pace. Anet, you could compare the amount of hacks pre-link, to the amount post link...there's your answer.
|
|
|
|
|
Dec 21, 2009, 06:36 PM // 18:36
|
#278 | ||||||||||
|
Grotto Attendant
Join Date: Apr 2007
|
Quote:
You can specify the new NCSoft password during a password reset? I thought the system decided the new password and sent it to you. Well, shit. If that's the case, every detail of how accounts are being stolen is now publicly available. Even if this method wasn't being used by our Chinese RMT buddies to steal accounts (and I'm pretty sure it has been), it will be now... Quote:
Quote:
Quote:
Quote:
Quote:
Quote:
Quote:
Quote:
Quote:
In my opinion, everything there is doable. And doable in a shorter timeframe than this thread's been sitting here without prompting fixes. What's more upsetting is that a few 5-minute fixes would probably be enough to halt the account thefts, at least for now. |
||||||||||
|
|
|
|
Dec 21, 2009, 06:57 PM // 18:57
|
#279 | |
|
Older Than God (1)
Join Date: Aug 2006
Guild: Clan Dethryche [dth]
|
Quote:
|
|
|
|
|
|
Dec 21, 2009, 07:40 PM // 19:40
|
#280 |
|
Jungle Guide
Join Date: Mar 2006
Location: Trying to stay out of Ryuk's Death Note
Profession: N/R
|
https://secure.ncsoft.com/cgi-bin/plaync_login.pl
To reset the NCsoft Master account password: At the Login screen you can click on "Forgot your Password?" Link: The next screen asks you for your account name (if you forgot account name you have to contact support) Next screen asks you for your birthday (drop down for the month and the other 2 blocks require manual input) and the letters/numbers you see in a displayed image (typically 4 characters) (different letter position/backgrounds each time) the next screen asks you for: Please enter the appropriate response to your password hint below. Your response must be entered exactly as during registration. It displays whatever hint you put in when you created the account and has a block for manual input of the answer. I stopped at this point, but willing to bet once that answer is inputted it takes you to a password reset screen. At all times the https: was displayed. Hopefully the hackers do not have my account name/bday now... Once in you can (according to the NCsoft site): What is a NCsoft master account for? Does this mean I'm ready to play your games? Answer Once you have created your NCsoft master account you can: Add the 20-digit serial code/25-digit access key from your game to create your game account. Activate or reactivate that game account with your credit/debit card information or a prepaid game time card. Change your billing status, options or information Manage your game account password from the Game Accounts section.Manage your contact information from the Account Profile section. IF you had to input the 20-digit serial code/25-digit access key from your game at some point then how hard is it to ask for it again when changing the password????? These are all the games the hackers have access to once they have cracked your NCsoft account(provided you own all of them and they are linked) Choose the game that you want to reset the password for from the list below. City of Heroes/City of Villains Aion Exteel Dungeon Runners Guild Wars Lineage Lineage II Last edited by Tullzinski; Dec 21, 2009 at 07:51 PM // 19:51.. |
|
|
|
 |
|
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT. The time now is 10:43 AM // 10:43.
jQuery(document).ready(checkAds()); function checkAds(){if (document.getElementById('adsense')!=undefined){document.write("_gaq.push(['_trackEvent', 'Adblock', 'Unblocked', 'false',,true]);");}else{document.write("