Dec 13, 2009, 08:04 PM // 20:04 | #1 |
Ascalonian Squire
Join Date: Mar 2009
|
Email saying someone has reset my password.
I just got an email from [email protected] saying
'Someone at 218.8.233.220 has reset your Guild Wars Game Account password for account [email protected]. If you did not make this change, please contact support immediately at [email protected].' I can't try logging in because the game is installed on my other computer. So where do I go about getting help for this? I typed in [email protected] and got a invalid url. Can anyone link the website before. Also does this mean someone has tried hacking into my account? |
Dec 13, 2009, 08:15 PM // 20:15 | #2 |
Wilds Pathfinder
Join Date: Nov 2007
Guild: The Lost Souls Of Jugdement [KJCD]
|
[email protected] is an email address, so just email them. Yes, i'm afraid you have been hacked.
|
Dec 13, 2009, 08:53 PM // 20:53 | #3 |
Guest
Join Date: Jan 2007
|
inetnum: 218.7.0.0[Who Is IP][trace][Reverse IP Search] - 218.10.255.255[Who Is IP][trace][Reverse IP Search]
netname: UNICOM-HL country: CN descr: China Unicom Heilongjiang province network descr: China Unicom admin-c: CH1302-AP tech-c: LZ31-AP status: ALLOCATED PORTABLE mnt-by: APNIC-HM mnt-lower: MAINT-CNCGROUP-HL mnt-routes: MAINT-CNCGROUP-RR changed: [Who Is Domain][trace][Reverse DNS Search] 20031110 changed: [Who Is Domain][trace][Reverse DNS Search] 20040927 changed: [Who Is Domain][trace][Reverse DNS Search] 20050511 changed: [Who Is Domain][trace][Reverse DNS Search] 20060124 changed: [Who Is Domain][trace][Reverse DNS Search] 20090508 source: APNIC route: 218.8.0.0[Who Is IP][trace][Reverse IP Search]/15 descr: CNC Group CHINA169 Heilongjiang Province Network country: CN origin: AS4837 mnt-by: MAINT-CNCGROUP-RR changed: [Who Is Domain][trace][Reverse DNS Search] 20060118 source: APNIC person: ChinaUnicom Hostmaster nic-hdl: CH1302-AP e-mail: [Who Is Domain][trace][Reverse DNS Search] address: No.21,Jin-Rong Street address: Beijing,100140 address: P.R.China phone: +86-10-66259940 fax-no: +86-10-66259764 country: CN changed: [Who Is Domain][trace][Reverse DNS Search] 20090408 mnt-by: MAINT-CNCGROUP source: APNIC person: Liu Zhiyong nic-hdl: LZ31-AP e-mail: [Who Is Domain][trace][Reverse DNS Search] address: Data Communication Bureau of HLJ phone: +86-451-542931 country: CN changed: [Who Is Domain][trace][Reverse DNS Search] 20030801 mnt-by: MAINT-CNCGROUP-HL source: APNIC most likely a proxy/zombie, but ya never know. (see link in post below) Last edited by gone; Dec 13, 2009 at 09:04 PM // 21:04.. |
Dec 13, 2009, 08:53 PM // 20:53 | #4 |
Krytan Explorer
Join Date: Sep 2007
|
Yeap. Log on NOW!!! before they empty your entire account!!! Probably too late now since it only takes seconds to transfer the most valuable stuff out to someone else.
|
Dec 13, 2009, 09:02 PM // 21:02 | #5 |
Guest
Join Date: Jan 2007
|
http://www.ip-adress.com/whois/218.8.233.220
more detailed than copy/pasta. |
Dec 13, 2009, 09:12 PM // 21:12 | #6 |
Forge Runner
Join Date: Jan 2007
|
IPwhois result
http://ws.arin.net/whois/?queryinput=218.8.233.220 EDIT: damn someone beat me to it, lol |
Dec 13, 2009, 09:17 PM // 21:17 | #7 |
Desert Nomad
Join Date: Jul 2008
Profession: A/W
|
Details of the Hacker:
OrgName: Asia Pacific Network Information Centre OrgID: APNIC Address: PO Box 2131 City: Milton StateProv: QLD PostalCode: 4064 Country: AU ReferralServer: whois://whois.apnic.net NetRange: 218.0.0.0 - 218.255.255.255 CIDR: 218.0.0.0/8 NetName: APNIC4 NetHandle: NET-218-0-0-0-1 Parent: NetType: Allocated to APNIC NameServer: NS1.APNIC.NET NameServer: NS3.APNIC.NET NameServer: NS4.APNIC.NET NameServer: NS-SEC.RIPE.NET NameServer: TINNIE.ARIN.NET Comment: This IP address range is not registered in the ARIN database. Comment: For details, refer to the APNIC Whois Database via Comment: WHOIS.APNIC.NET or http://wq.apnic.net/apnic-bin/whois.pl Comment: ** IMPORTANT NOTE: APNIC is the Regional Internet Registry Comment: for the Asia Pacific region. APNIC does not operate networks Comment: using this IP address range and is not able to investigate Comment: spam or abuse reports relating to these addresses. For more Comment: help, refer to http://www.apnic.net/apnic-info/whoi...e-and-spamming RegDate: 2000-12-07 Updated: 2009-10-08 OrgTechHandle: AWC12-ARIN OrgTechName: APNIC Whois Contact OrgTechPhone: +61 7 3858 3188 OrgTechEmail: [email protected] # ARIN WHOIS database, last updated 2009-12-12 20:00 # Enter ? for additional hints on searching ARIN's WHOIS database. Where he lives: Last edited by Braxton619; Dec 13, 2009 at 09:28 PM // 21:28.. |
Dec 13, 2009, 09:32 PM // 21:32 | #8 |
Pre-Searing Cadet
Join Date: Apr 2009
Guild: FIGS
|
Blueflame, same IP address got my account as well. I have no idea what's going on or what's missing yet.
I've contacted NCsoft but have not yet heard back. How is your situation going so far? |
Dec 13, 2009, 09:35 PM // 21:35 | #9 |
Forge Runner
Join Date: Jan 2007
|
http://i47.tinypic.com/2s0zcao.jpg
http://i46.tinypic.com/20tnnuu.jpg Asia Pacific Network. Sounds like a data center. Im afraid they used a proxy server. Maybe support can still help you though. Last edited by Bob Slydell; Dec 13, 2009 at 09:37 PM // 21:37.. |
Dec 13, 2009, 09:38 PM // 21:38 | #10 |
Krytan Explorer
Join Date: Aug 2007
Location: The Dragon's Lair
Guild: La Legion Del Dragon
Profession: E/
|
Dont you suppose to make password changes from NCSOFT? if they did the change there...then the security breach or problem is at NCSOFT...
|
Dec 13, 2009, 09:39 PM // 21:39 | #11 |
Guest
Join Date: Jan 2007
|
My gut tells me Liu Zhiyong lives here (see link)
http://maps.google.com/maps?source=s...000000&split=1 |
Dec 13, 2009, 10:05 PM // 22:05 | #12 |
Guest
Join Date: Jan 2007
|
I'd like to add that in NO WAY are MY POSTS approved by this site, Anet or NCsoft. just a post from some random guy on the interwebs.
|
Dec 13, 2009, 10:08 PM // 22:08 | #13 |
Krytan Explorer
Join Date: Sep 2007
|
I created a bogus account on NCSoft and yeap...you can reset your password WITHOUT having to know your existing password NOR does NCSoft sends a confirmation email to your register email address BEFORE they reset your password.
My opinion....NCSoft is to blame!!! due to lack of security implementations. VOICE UR ANGER AGAINST NCSOFT!!! Remember....vote w/ your wallet. Curious...all those that got their account hack, did you register on ANY fansites using your GW's login info (your email address)? Thanks! |
Dec 13, 2009, 10:46 PM // 22:46 | #14 |
Ascalonian Squire
Join Date: Oct 2008
Guild: Kindred Spirits (KiN)
Profession: E/
|
Blue! I had the exact same thing happened to me about a month ago.
Same email saying someone at so and so address has reset your password if this is not you contact support immediately. I tried the url that they provided and it was invalid or it was in chinese. So I went to the guildwars website and then went to NCsoft link in there and changed my password. All I can say is thank god nothing has been touched. But I'm still peeved, Not Happy Jan!.... |
Dec 13, 2009, 11:01 PM // 23:01 | #15 |
Forge Runner
Join Date: Jan 2007
|
There still is no way to tell if its really a guy in china or if its a proxy from someone in America, there is just no way to tell still. But since other people had the same address linked to their password changing, leads me to believe that its a gold selling site/business's IP address. ArenaNet should take action and just simply deny that IP address any service to Guild Wars. It'll stop them for a while and cause them to have to take the time and change their IP with the ISP. They might still be able to change passwords in NC, but when they try to access GW it'll fail.
|
Dec 14, 2009, 02:52 AM // 02:52 | #16 | |
Guest
Join Date: Jan 2007
|
I've been getting e-mails like this lately(for like.....months). the hilarious thing is, I've never went near, signed up for, or ever had anything to do with Blizzard. ever.
the actual message is the best. Quote:
Code:
Security of Blizzard Account Sunday, December 13, 2009 4:02 PM From [email protected] Sun Dec 13 21:02:00 2009 X-Apparently-To: via 216.252.110.186; Sun, 13 Dec 2009 13:02:35 -0800 Return-Path: <[email protected]> X-YMailISG: zHSsHnkWLDtWo8ax_fR8k4UhvvjYG9TS7_OKvqB8ehDaFs329TT4Pax4GiobsuQyflMwXzH_2mwx_C2xntXunB0jx9o6.ES0ytqE7QeZSGDp0ZCst.4lsNZvL.8TS0ak97Fwf2YLHNU8FpDtggi1Vld5dz3R_yqiFhxhoXaogPFDAhtRdFRhZ8EfXNy8K317mAh3uSyAC3XcZ3nZ3uk1kgNqArjvV0LajZjo.MaPZvXb9NakMGCYZ7bhEsCY7uvE6IVC5vlF9hCA5eP4Lx9xeXXeDL4eLFlx.kgnQ9hHa5PatuUeKCHD9CP7bA1DlCb3v2GqO19Lq8vC85If.A.uvLgok142NX4zru7vGGW.e2UUWbuco09JDct5zaIKa5P5A1qlsnNAQrVOig74MbsLXOM.xua.EMPn_FFCOiD.uUptJlyTfN8gfePQvu0fsXJUVt37rK4XqxgFOTrV X-Originating-IP: [65.55.111.110] Authentication-Results: mta1048.mail.sk1.yahoo.com from=blizzard.com; domainkeys=neutral (no sig); from=blizzard.com; dkim=neutral (no sig) Received: from 127.0.0.1 (EHLO blu0-omc2-s35.blu0.hotmail.com) (65.55.111.110) by mta1048.mail.sk1.yahoo.com with SMTP; Sun, 13 Dec 2009 13:02:34 -0800 Received: from BLU0-SMTP35 ([65.55.111.71]) by blu0-omc2-s35.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959); Sun, 13 Dec 2009 13:02:06 -0800 X-Originating-IP: [60.19.171.235] X-Originating-Email: [[email protected]] Message-ID: <[email protected]> Return-Path: [email protected] Received: from fmy ([60.19.171.235]) by BLU0-SMTP35.blu0.hotmail.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.3959); Sun, 13 Dec 2009 13:02:02 -0800 From: "[email protected]" <[email protected]> Add sender to Contacts To: <> Subject: Security of Blizzard Account Date: Mon, 14 Dec 2009 05:02:00 +0800 MIME-Version: 1.0 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.5512 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5512 X-OriginalArrivalTime: 13 Dec 2009 21:02:03.0261 (UTC) FILETIME=[85296AD0:01CA7C37] Content-Length: 1737 Compact Headers Dear Blizzard Customer, We have received a notice that there was made by the owner of the Right to belong that your account with problems . This is a very serious matter. You must login our website,else I will block your account. This is a time sensitive issue and must be resolved promptly. Please reply to this email with information about how you will deal with this situation. I have disabled your account on the basis of fraudulent. now you can login http://www.worldofwarcraft.com submit your evidence. Otherwise, we will be deemed to give up your right to appeal. Blizzard, we will need your full cooperation. I thank you for your time and hope to hear from you soon. if you want unlocked,please contact us within 15 days at our website: http://www.worldofwarcraft.com Sincerely, Blizzard Billing Department http://www.Blizzard.com /edit2 whoops forgot http://www.ip-adress.com/whois/60.19.171.235 Last edited by gone; Dec 14, 2009 at 03:39 AM // 03:39.. |
|
Dec 14, 2009, 04:25 AM // 04:25 | #17 |
Krytan Explorer
Join Date: Jun 2005
Location: Iowa
Guild: Blade And Rose [BaR]
Profession: Mo/
|
Anyone would be crazy to take that e-mail seriously with so many English grammatical errors.
|
Dec 14, 2009, 07:03 AM // 07:03 | #18 |
Academy Page
Join Date: May 2009
Profession: R/Mo
|
These tracerts, whois's, google maps, and bad e-mails made my day
|
Dec 15, 2009, 09:48 PM // 21:48 | #19 |
Pre-Searing Cadet
Join Date: Apr 2009
Guild: FIGS
|
UPDATE: I got back in, thankfully the person left my customized weapons and armor alone...EL Tonic, lots of gold and ectos gone though...oh well, so much for ever getting a tormented item or filling my hall...I'll never have gold again because I originally got it from kegging...so it goes, but it could be worse...
|
Dec 16, 2009, 07:26 PM // 19:26 | #20 | |
Guest
Join Date: Jan 2007
|
Food For thought
I just have to wonder..will these D-bags ever give up?
this time it's "worldofwarrcrarft" and claiming my nonexistent PW on a nonexistent account was changed. Quote:
Code:
World of Warcraft - Password Recovery Wednesday, December 16, 2009 1:41 PM From [email protected] Wed Dec 16 18:41:54 2009 X-Apparently-To: via 216.252.110.187; Wed, 16 Dec 2009 10:35:42 -0800 Return-Path: <[email protected]> X-YahooFilteredBulk: 65.55.111.109 X-YMailISG: aE3xNuoWLDsgx1ShU3tMDeUAfgu3sKVWzuwFJlGNZOQpPui5jjco1iqSvTvhkePJpJr9ofq1KZWBSLPuaP1wngBqEgnOm2gFjnnH1.TjL7h436bvomGQTUgv81PMZUT1pM2q6jglZstmPYMd8PFzvTAp9PAHN.37Xsy4o7bsG8g8fgW3SalSMJHYdc_c3jgUNutCB3NGhb_hxCMUUca41KAw8bwVaOq1qWRT.O9GoGFeCIP1e_srvpvsshX2g3Biu8Ql7tYSe_ADKeWat6qHHkho1Yz47Z1YQfKJxD2nnW425QXKdKpbqPuGLK9T.wHLDoobHX0IajdCdn6EP7tyDExIsmMgytdBG4suRnC5BZ4GXeTP_A2V14tuE9fbmO9q3eFFRL8- X-Originating-IP: [65.55.111.109] Authentication-Results: mta1013.mail.mud.yahoo.com from=blizzard.com; domainkeys=neutral (no sig) Received: from 127.0.0.1 (EHLO blu0-omc2-s34.blu0.hotmail.com) (65.55.111.109) by mta1013.mail.mud.yahoo.com with SMTP; Wed, 16 Dec 2009 10:35:42 -0800 Received: from BLU0-SMTP80 ([65.55.111.71]) by blu0-omc2-s34.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959); Wed, 16 Dec 2009 10:35:20 -0800 X-Originating-IP: [222.69.160.215] X-Originating-Email: [[email protected]] Message-ID: <[email protected]> Return-Path: [email protected] Received: from ygvgfaci ([222.69.160.215]) by BLU0-SMTP80.blu0.hotmail.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.3959); Wed, 16 Dec 2009 10:35:19 -0800 Reply-To: <[email protected]> From: "[email protected]" <[email protected]> Add sender to Contacts To: <> Subject: World of Warcraft - Password Recovery Date: Thu, 17 Dec 2009 02:41:54 +0800 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0E46_0180E6D4.12A4DA40" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.5512 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5512 X-OriginalArrivalTime: 16 Dec 2009 18:35:19.0812 (UTC) FILETIME=[8522F440:01CA7E7E] Content-Length: 3403 /edit-whoops -it looks to me like they are operating out of apartments/hotel rooms lol. http://www.ip-adress.com/whois/222.69.160.215 Last edited by gone; Dec 16, 2009 at 07:41 PM // 19:41.. |
|
All times are GMT. The time now is 08:03 AM // 08:03.
|