Email saying someone has reset my password. - Guild Wars Forums

blueflame8 · Dec 13, 2009, 08:04 PM // 20:04

I just got an email from [email protected] saying
'Someone at 218.8.233.220 has reset your Guild Wars Game Account password for account [email protected].
If you did not make this change, please contact support immediately at [email protected].'
I can't try logging in because the game is installed on my other computer.
So where do I go about getting help for this? I typed in [email protected] and got a invalid url. Can anyone link the website before.
Also does this mean someone has tried hacking into my account?

Yasmine · Dec 13, 2009, 08:15 PM // 20:15

[email protected] is an email address, so just email them. Yes, i'm afraid you have been hacked.

gone · Dec 13, 2009, 08:53 PM // 20:53

inetnum: 218.7.0.0[Who Is IP][trace][Reverse IP Search] - 218.10.255.255[Who Is IP][trace][Reverse IP Search]
netname: UNICOM-HL
country: CN
descr: China Unicom Heilongjiang province network
descr: China Unicom
admin-c: CH1302-AP
tech-c: LZ31-AP
status: ALLOCATED PORTABLE
mnt-by: APNIC-HM
mnt-lower: MAINT-CNCGROUP-HL
mnt-routes: MAINT-CNCGROUP-RR
changed: [Who Is Domain][trace][Reverse DNS Search] 20031110
changed: [Who Is Domain][trace][Reverse DNS Search] 20040927
changed: [Who Is Domain][trace][Reverse DNS Search] 20050511
changed: [Who Is Domain][trace][Reverse DNS Search] 20060124
changed: [Who Is Domain][trace][Reverse DNS Search] 20090508
source: APNIC

route: 218.8.0.0[Who Is IP][trace][Reverse IP Search]/15
descr: CNC Group CHINA169 Heilongjiang Province Network
country: CN
origin: AS4837
mnt-by: MAINT-CNCGROUP-RR
changed: [Who Is Domain][trace][Reverse DNS Search] 20060118
source: APNIC

person: ChinaUnicom Hostmaster
nic-hdl: CH1302-AP
e-mail: [Who Is Domain][trace][Reverse DNS Search]
address: No.21,Jin-Rong Street
address: Beijing,100140
address: P.R.China
phone: +86-10-66259940
fax-no: +86-10-66259764
country: CN
changed: [Who Is Domain][trace][Reverse DNS Search] 20090408
mnt-by: MAINT-CNCGROUP
source: APNIC

person: Liu Zhiyong
nic-hdl: LZ31-AP
e-mail: [Who Is Domain][trace][Reverse DNS Search]
address: Data Communication Bureau of HLJ
phone: +86-451-542931
country: CN
changed: [Who Is Domain][trace][Reverse DNS Search] 20030801
mnt-by: MAINT-CNCGROUP-HL
source: APNIC

most likely a proxy/zombie, but ya never know. (see link in post below)

JimmyNeutron · Dec 13, 2009, 08:53 PM // 20:53

Yeap. Log on NOW!!! before they empty your entire account!!! Probably too late now since it only takes seconds to transfer the most valuable stuff out to someone else.

gone · Dec 13, 2009, 09:02 PM // 21:02

http://www.ip-adress.com/whois/218.8.233.220

more detailed than copy/pasta.

Bob Slydell · Dec 13, 2009, 09:12 PM // 21:12

IPwhois result

http://ws.arin.net/whois/?queryinput=218.8.233.220

EDIT: damn someone beat me to it, lol

Braxton619 · Dec 13, 2009, 09:17 PM // 21:17

Details of the Hacker:

OrgName: Asia Pacific Network Information Centre
OrgID: APNIC
Address: PO Box 2131
City: Milton
StateProv: QLD
PostalCode: 4064
Country: AU

ReferralServer: whois://whois.apnic.net

NetRange: 218.0.0.0 - 218.255.255.255
CIDR: 218.0.0.0/8
NetName: APNIC4
NetHandle: NET-218-0-0-0-1
Parent:
NetType: Allocated to APNIC
NameServer: NS1.APNIC.NET
NameServer: NS3.APNIC.NET
NameServer: NS4.APNIC.NET
NameServer: NS-SEC.RIPE.NET
NameServer: TINNIE.ARIN.NET
Comment: This IP address range is not registered in the ARIN database.
Comment: For details, refer to the APNIC Whois Database via
Comment: WHOIS.APNIC.NET or http://wq.apnic.net/apnic-bin/whois.pl
Comment: ** IMPORTANT NOTE: APNIC is the Regional Internet Registry
Comment: for the Asia Pacific region. APNIC does not operate networks
Comment: using this IP address range and is not able to investigate
Comment: spam or abuse reports relating to these addresses. For more
Comment: help, refer to http://www.apnic.net/apnic-info/whoi...e-and-spamming
RegDate: 2000-12-07
Updated: 2009-10-08

OrgTechHandle: AWC12-ARIN
OrgTechName: APNIC Whois Contact
OrgTechPhone: +61 7 3858 3188
OrgTechEmail: [email protected]

# ARIN WHOIS database, last updated 2009-12-12 20:00
# Enter ? for additional hints on searching ARIN's WHOIS database.

Where he lives:

SaiyanAvatar · Dec 13, 2009, 09:32 PM // 21:32

Blueflame, same IP address got my account as well. I have no idea what's going on or what's missing yet.

I've contacted NCsoft but have not yet heard back.

How is your situation going so far?

Bob Slydell · Dec 13, 2009, 09:35 PM // 21:35

http://i47.tinypic.com/2s0zcao.jpg
http://i46.tinypic.com/20tnnuu.jpg

Asia Pacific Network. Sounds like a data center.

Im afraid they used a proxy server. Maybe support can still help you though.

Siirius Black · Dec 13, 2009, 09:38 PM // 21:38

Dont you suppose to make password changes from NCSOFT? if they did the change there...then the security breach or problem is at NCSOFT...

gone · Dec 13, 2009, 09:39 PM // 21:39

My gut tells me Liu Zhiyong lives here (see link)
http://maps.google.com/maps?source=s...000000&split=1

gone · Dec 13, 2009, 10:05 PM // 22:05

I'd like to add that in NO WAY are MY POSTS approved by this site, Anet or NCsoft. just a post from some random guy on the interwebs.

JimmyNeutron · Dec 13, 2009, 10:08 PM // 22:08

I created a bogus account on NCSoft and yeap...you can reset your password WITHOUT having to know your existing password NOR does NCSoft sends a confirmation email to your register email address BEFORE they reset your password.

My opinion....NCSoft is to blame!!! due to lack of security implementations.

VOICE UR ANGER AGAINST NCSOFT!!! Remember....vote w/ your wallet.

Curious...all those that got their account hack, did you register on ANY fansites using your GW's login info (your email address)?
Thanks!

Xaniane · Dec 13, 2009, 10:46 PM // 22:46

Blue! I had the exact same thing happened to me about a month ago.
Same email saying someone at so and so address has reset your password if this is not you contact support immediately.
I tried the url that they provided and it was invalid or it was in chinese.
So I went to the guildwars website and then went to NCsoft link in there and changed my password.
All I can say is thank god nothing has been touched.
But I'm still peeved, Not Happy Jan!

....

Bob Slydell · Dec 13, 2009, 11:01 PM // 23:01

There still is no way to tell if its really a guy in china or if its a proxy from someone in America, there is just no way to tell still. But since other people had the same address linked to their password changing, leads me to believe that its a gold selling site/business's IP address. ArenaNet should take action and just simply deny that IP address any service to Guild Wars. It'll stop them for a while and cause them to have to take the time and change their IP with the ISP. They might still be able to change passwords in NC, but when they try to access GW it'll fail.

gone · Dec 14, 2009, 02:52 AM // 02:52

I've been getting e-mails like this lately(for like.....months). the hilarious thing is, I've never went near, signed up for, or ever had anything to do with Blizzard. ever.
the actual message is the best.

Quote:

Dear Blizzard Customer,
We have received a notice that there was made by the owner
of the Right to belong that your account with problems .
This is a very serious matter. You must login our website,else I will block your account.
This is a time sensitive issue and must be resolved promptly.
Please reply to this email with information about how you will deal with this situation.
I have disabled your account on the basis of fraudulent.
now you can login removedlink submit your evidence.
Otherwise, we will be deemed to give up your right to appeal.

Blizzard, we will need your full cooperation.

I thank you for your time and hope to hear from you soon.
if you want unlocked,please contact us within 15 days at our website:

Code:

Security of Blizzard Account
Sunday, December 13, 2009 4:02 PM
From [email protected] Sun Dec 13 21:02:00 2009
X-Apparently-To: 		 via 216.252.110.186; Sun, 13 Dec 2009 13:02:35 -0800
Return-Path: 		<[email protected]>
X-YMailISG: 		zHSsHnkWLDtWo8ax_fR8k4UhvvjYG9TS7_OKvqB8ehDaFs329TT4Pax4GiobsuQyflMwXzH_2mwx_C2xntXunB0jx9o6.ES0ytqE7QeZSGDp0ZCst.4lsNZvL.8TS0ak97Fwf2YLHNU8FpDtggi1Vld5dz3R_yqiFhxhoXaogPFDAhtRdFRhZ8EfXNy8K317mAh3uSyAC3XcZ3nZ3uk1kgNqArjvV0LajZjo.MaPZvXb9NakMGCYZ7bhEsCY7uvE6IVC5vlF9hCA5eP4Lx9xeXXeDL4eLFlx.kgnQ9hHa5PatuUeKCHD9CP7bA1DlCb3v2GqO19Lq8vC85If.A.uvLgok142NX4zru7vGGW.e2UUWbuco09JDct5zaIKa5P5A1qlsnNAQrVOig74MbsLXOM.xua.EMPn_FFCOiD.uUptJlyTfN8gfePQvu0fsXJUVt37rK4XqxgFOTrV
X-Originating-IP: 		[65.55.111.110]
Authentication-Results: 		mta1048.mail.sk1.yahoo.com from=blizzard.com; domainkeys=neutral (no sig); from=blizzard.com; dkim=neutral (no sig)
Received: 		from 127.0.0.1 (EHLO blu0-omc2-s35.blu0.hotmail.com) (65.55.111.110) by mta1048.mail.sk1.yahoo.com with SMTP; Sun, 13 Dec 2009 13:02:34 -0800
Received: 		from BLU0-SMTP35 ([65.55.111.71]) by blu0-omc2-s35.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959); Sun, 13 Dec 2009 13:02:06 -0800
X-Originating-IP: 		[60.19.171.235]
X-Originating-Email: 		[[email protected]]
Message-ID: 		<[email protected]>
Return-Path: 		[email protected]
Received: 		from fmy ([60.19.171.235]) by BLU0-SMTP35.blu0.hotmail.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.3959); Sun, 13 Dec 2009 13:02:02 -0800
From: 		
"[email protected]" <[email protected]>  
Add sender to Contacts
To: 		<>
Subject: 		Security of Blizzard Account
Date: 		Mon, 14 Dec 2009 05:02:00 +0800
MIME-Version: 		1.0
Content-Type: 		text/html; charset="utf-8"
Content-Transfer-Encoding: 		base64
X-Priority: 		3
X-MSMail-Priority: 		Normal
X-Mailer: 		Microsoft Outlook Express 6.00.2900.5512
X-MimeOLE: 		Produced By Microsoft MimeOLE V6.00.2900.5512
X-OriginalArrivalTime: 		13 Dec 2009 21:02:03.0261 (UTC) FILETIME=[85296AD0:01CA7C37]
Content-Length: 		1737
Compact Headers

Dear Blizzard Customer,
We have received a notice that there was made by the owner
of the Right to belong that your account with problems .
This is a very serious matter. You must login our website,else I will block your account.
This is a time sensitive issue and must be resolved promptly.
Please reply to this email with information about how you will deal with this situation.
I have disabled your account on the basis of fraudulent.
now you can login http://www.worldofwarcraft.com submit your evidence.
Otherwise, we will be deemed to give up your right to appeal.

Blizzard, we will need your full cooperation.

I thank you for your time and hope to hear from you soon.
if you want unlocked,please contact us within 15 days at our website:
http://www.worldofwarcraft.com

Sincerely,
Blizzard Billing Department
http://www.Blizzard.com

I can assure you, the "wor1dofwarcraft" almost had me clicking. lulz.
/edit2
whoops forgot
http://www.ip-adress.com/whois/60.19.171.235

nbajammer · Dec 14, 2009, 04:25 AM // 04:25

Anyone would be crazy to take that e-mail seriously with so many English grammatical errors.

Lifestyle · Dec 14, 2009, 07:03 AM // 07:03

These tracerts, whois's, google maps, and bad e-mails made my day

SaiyanAvatar · Dec 15, 2009, 09:48 PM // 21:48

UPDATE: I got back in, thankfully the person left my customized weapons and armor alone...EL Tonic, lots of gold and ectos gone though...oh well, so much for ever getting a tormented item or filling my hall...I'll never have gold again because I originally got it from kegging...so it goes, but it could be worse...

gone · Dec 16, 2009, 07:26 PM // 19:26

I just have to wonder..will these D-bags ever give up?
this time it's "worldofwarrcrarft" and claiming my nonexistent PW on a nonexistent account was changed.

Quote:

Greetings!
This is an automated notification regarding the recent change(s) made to your World of Warcraft account.
Your password has recently been modified through the Password Recovery website.
If you made this password change, please disregard this notification.
However, if you did NOT make changes to your password we recommend you Login verify your password:
linkremoved

If you are unable to successfully verify your password, please contact Billing & Account Services at *removed*.
Account security is solely the responsibility of the account holder.
Please be advised that in the event of a compromised account, Blizzard representatives typically must lock the account.
In these cases the Account Administration team will require faxed receipt of ID materials before releasing the account for play.

Regards,

The World of Warcraft Support Team
Blizzard Entertainment

Code:

World of Warcraft - Password Recovery
Wednesday, December 16, 2009 1:41 PM
From [email protected] Wed Dec 16 18:41:54 2009
X-Apparently-To: 		 via 216.252.110.187; Wed, 16 Dec 2009 10:35:42 -0800
Return-Path: 		<[email protected]>
X-YahooFilteredBulk: 		65.55.111.109
X-YMailISG: 		aE3xNuoWLDsgx1ShU3tMDeUAfgu3sKVWzuwFJlGNZOQpPui5jjco1iqSvTvhkePJpJr9ofq1KZWBSLPuaP1wngBqEgnOm2gFjnnH1.TjL7h436bvomGQTUgv81PMZUT1pM2q6jglZstmPYMd8PFzvTAp9PAHN.37Xsy4o7bsG8g8fgW3SalSMJHYdc_c3jgUNutCB3NGhb_hxCMUUca41KAw8bwVaOq1qWRT.O9GoGFeCIP1e_srvpvsshX2g3Biu8Ql7tYSe_ADKeWat6qHHkho1Yz47Z1YQfKJxD2nnW425QXKdKpbqPuGLK9T.wHLDoobHX0IajdCdn6EP7tyDExIsmMgytdBG4suRnC5BZ4GXeTP_A2V14tuE9fbmO9q3eFFRL8-
X-Originating-IP: 		[65.55.111.109]
Authentication-Results: 		mta1013.mail.mud.yahoo.com from=blizzard.com; domainkeys=neutral (no sig)
Received: 		from 127.0.0.1 (EHLO blu0-omc2-s34.blu0.hotmail.com) (65.55.111.109) by mta1013.mail.mud.yahoo.com with SMTP; Wed, 16 Dec 2009 10:35:42 -0800
Received: 		from BLU0-SMTP80 ([65.55.111.71]) by blu0-omc2-s34.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959); Wed, 16 Dec 2009 10:35:20 -0800
X-Originating-IP: 		[222.69.160.215]
X-Originating-Email: 		[[email protected]]
Message-ID: 		<[email protected]>
Return-Path: 		[email protected]
Received: 		from ygvgfaci ([222.69.160.215]) by BLU0-SMTP80.blu0.hotmail.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.3959); Wed, 16 Dec 2009 10:35:19 -0800
Reply-To: 		<[email protected]>
From: 		
"[email protected]" <[email protected]>  
Add sender to Contacts
To: 		<>
Subject: 		World of Warcraft - Password Recovery
Date: 		Thu, 17 Dec 2009 02:41:54 +0800
MIME-Version: 		1.0
Content-Type: 		multipart/alternative; boundary="----=_NextPart_000_0E46_0180E6D4.12A4DA40"
X-Priority: 		3
X-MSMail-Priority: 		Normal
X-Mailer: 		Microsoft Outlook Express 6.00.2900.5512
X-MimeOLE: 		Produced By Microsoft MimeOLE V6.00.2900.5512
X-OriginalArrivalTime: 		16 Dec 2009 18:35:19.0812 (UTC) FILETIME=[8522F440:01CA7E7E]
Content-Length: 		3403

I'm Almost ready to do stupid things "for the LuLz"
/edit-whoops -it looks to me like they are operating out of apartments/hotel rooms lol.
http://www.ip-adress.com/whois/222.69.160.215

Dec 13, 2009, 08:04 PM // 20:04	#1
blueflame8 Ascalonian Squire Join Date: Mar 2009	Email saying someone has reset my password. I just got an email from [email protected] saying 'Someone at 218.8.233.220 has reset your Guild Wars Game Account password for account [email protected]. If you did not make this change, please contact support immediately at [email protected].' I can't try logging in because the game is installed on my other computer. So where do I go about getting help for this? I typed in [email protected] and got a invalid url. Can anyone link the website before. Also does this mean someone has tried hacking into my account?

Dec 13, 2009, 08:53 PM // 20:53	#3
gone Guest Join Date: Jan 2007	inetnum: 218.7.0.0[Who Is IP][trace][Reverse IP Search] - 218.10.255.255[Who Is IP][trace][Reverse IP Search] netname: UNICOM-HL country: CN descr: China Unicom Heilongjiang province network descr: China Unicom admin-c: CH1302-AP tech-c: LZ31-AP status: ALLOCATED PORTABLE mnt-by: APNIC-HM mnt-lower: MAINT-CNCGROUP-HL mnt-routes: MAINT-CNCGROUP-RR changed: [Who Is Domain][trace][Reverse DNS Search] 20031110 changed: [Who Is Domain][trace][Reverse DNS Search] 20040927 changed: [Who Is Domain][trace][Reverse DNS Search] 20050511 changed: [Who Is Domain][trace][Reverse DNS Search] 20060124 changed: [Who Is Domain][trace][Reverse DNS Search] 20090508 source: APNIC route: 218.8.0.0[Who Is IP][trace][Reverse IP Search]/15 descr: CNC Group CHINA169 Heilongjiang Province Network country: CN origin: AS4837 mnt-by: MAINT-CNCGROUP-RR changed: [Who Is Domain][trace][Reverse DNS Search] 20060118 source: APNIC person: ChinaUnicom Hostmaster nic-hdl: CH1302-AP e-mail: [Who Is Domain][trace][Reverse DNS Search] address: No.21,Jin-Rong Street address: Beijing,100140 address: P.R.China phone: +86-10-66259940 fax-no: +86-10-66259764 country: CN changed: [Who Is Domain][trace][Reverse DNS Search] 20090408 mnt-by: MAINT-CNCGROUP source: APNIC person: Liu Zhiyong nic-hdl: LZ31-AP e-mail: [Who Is Domain][trace][Reverse DNS Search] address: Data Communication Bureau of HLJ phone: +86-451-542931 country: CN changed: [Who Is Domain][trace][Reverse DNS Search] 20030801 mnt-by: MAINT-CNCGROUP-HL source: APNIC most likely a proxy/zombie, but ya never know. (see link in post below) Last edited by gone; Dec 13, 2009 at 09:04 PM // 21:04..

Dec 13, 2009, 09:17 PM // 21:17	#7
Braxton619 Desert Nomad Join Date: Jul 2008 Profession: A/W	Details of the Hacker: OrgName: Asia Pacific Network Information Centre OrgID: APNIC Address: PO Box 2131 City: Milton StateProv: QLD PostalCode: 4064 Country: AU ReferralServer: whois://whois.apnic.net NetRange: 218.0.0.0 - 218.255.255.255 CIDR: 218.0.0.0/8 NetName: APNIC4 NetHandle: NET-218-0-0-0-1 Parent: NetType: Allocated to APNIC NameServer: NS1.APNIC.NET NameServer: NS3.APNIC.NET NameServer: NS4.APNIC.NET NameServer: NS-SEC.RIPE.NET NameServer: TINNIE.ARIN.NET Comment: This IP address range is not registered in the ARIN database. Comment: For details, refer to the APNIC Whois Database via Comment: WHOIS.APNIC.NET or http://wq.apnic.net/apnic-bin/whois.pl Comment: IMPORTANT NOTE: APNIC is the Regional Internet Registry Comment: for the Asia Pacific region. APNIC does not operate networks Comment: using this IP address range and is not able to investigate Comment: spam or abuse reports relating to these addresses. For more Comment: help, refer to http://www.apnic.net/apnic-info/whoi...e-and-spamming RegDate: 2000-12-07 Updated: 2009-10-08 OrgTechHandle: AWC12-ARIN OrgTechName: APNIC Whois Contact OrgTechPhone: +61 7 3858 3188 OrgTechEmail: [email protected] # ARIN WHOIS database, last updated 2009-12-12 20:00 # Enter ? for additional hints on searching ARIN's WHOIS database. Where he lives:** Last edited by Braxton619; Dec 13, 2009 at 09:28 PM // 21:28..

Dec 13, 2009, 09:35 PM // 21:35	#9
Bob Slydell Forge Runner Join Date: Jan 2007	http://i47.tinypic.com/2s0zcao.jpg http://i46.tinypic.com/20tnnuu.jpg Asia Pacific Network. Sounds like a data center. Im afraid they used a proxy server. Maybe support can still help you though. Last edited by Bob Slydell; Dec 13, 2009 at 09:37 PM // 21:37..

Dec 13, 2009, 10:46 PM // 22:46	#14
Xaniane Ascalonian Squire Join Date: Oct 2008 Guild: Kindred Spirits (KiN) Profession: E/	Blue! I had the exact same thing happened to me about a month ago. Same email saying someone at so and so address has reset your password if this is not you contact support immediately. I tried the url that they provided and it was invalid or it was in chinese. So I went to the guildwars website and then went to NCsoft link in there and changed my password. All I can say is thank god nothing has been touched. But I'm still peeved, Not Happy Jan!....

Dec 13, 2009, 08:15 PM // 20:15	#2
Yasmine Wilds Pathfinder Join Date: Nov 2007 Guild: The Lost Souls Of Jugdement [KJCD]	[email protected] is an email address, so just email them. Yes, i'm afraid you have been hacked.

Dec 13, 2009, 08:53 PM // 20:53	#4
JimmyNeutron Krytan Explorer Join Date: Sep 2007	Yeap. Log on NOW!!! before they empty your entire account!!! Probably too late now since it only takes seconds to transfer the most valuable stuff out to someone else.

Dec 13, 2009, 09:02 PM // 21:02	#5
gone Guest Join Date: Jan 2007	http://www.ip-adress.com/whois/218.8.233.220 more detailed than copy/pasta.

Dec 13, 2009, 09:12 PM // 21:12	#6
Bob Slydell Forge Runner Join Date: Jan 2007	IPwhois result http://ws.arin.net/whois/?queryinput=218.8.233.220 EDIT: damn someone beat me to it, lol

Dec 13, 2009, 09:32 PM // 21:32	#8
SaiyanAvatar Pre-Searing Cadet Join Date: Apr 2009 Guild: FIGS	Blueflame, same IP address got my account as well. I have no idea what's going on or what's missing yet. I've contacted NCsoft but have not yet heard back. How is your situation going so far?

Dec 13, 2009, 09:38 PM // 21:38	#10
Siirius Black Krytan Explorer Join Date: Aug 2007 Location: The Dragon's Lair Guild: La Legion Del Dragon Profession: E/	Dont you suppose to make password changes from NCSOFT? if they did the change there...then the security breach or problem is at NCSOFT...

Dec 13, 2009, 09:39 PM // 21:39	#11
gone Guest Join Date: Jan 2007	My gut tells me Liu Zhiyong lives here (see link) http://maps.google.com/maps?source=s...000000&split=1

Dec 13, 2009, 10:05 PM // 22:05	#12
gone Guest Join Date: Jan 2007	I'd like to add that in NO WAY are MY POSTS approved by this site, Anet or NCsoft. just a post from some random guy on the interwebs.

Dec 13, 2009, 10:08 PM // 22:08	#13
JimmyNeutron Krytan Explorer Join Date: Sep 2007	I created a bogus account on NCSoft and yeap...you can reset your password WITHOUT having to know your existing password NOR does NCSoft sends a confirmation email to your register email address BEFORE they reset your password. My opinion....NCSoft is to blame!!! due to lack of security implementations. VOICE UR ANGER AGAINST NCSOFT!!! Remember....vote w/ your wallet. Curious...all those that got their account hack, did you register on ANY fansites using your GW's login info (your email address)? Thanks!

Dec 13, 2009, 11:01 PM // 23:01	#15
Bob Slydell Forge Runner Join Date: Jan 2007	There still is no way to tell if its really a guy in china or if its a proxy from someone in America, there is just no way to tell still. But since other people had the same address linked to their password changing, leads me to believe that its a gold selling site/business's IP address. ArenaNet should take action and just simply deny that IP address any service to Guild Wars. It'll stop them for a while and cause them to have to take the time and change their IP with the ISP. They might still be able to change passwords in NC, but when they try to access GW it'll fail.

Dec 14, 2009, 04:25 AM // 04:25	#17
nbajammer Krytan Explorer Join Date: Jun 2005 Location: Iowa Guild: Blade And Rose [BaR] Profession: Mo/	Anyone would be crazy to take that e-mail seriously with so many English grammatical errors.

Dec 14, 2009, 07:03 AM // 07:03	#18
Lifestyle Academy Page Join Date: May 2009 Profession: R/Mo	These tracerts, whois's, google maps, and bad e-mails made my day

Dec 15, 2009, 09:48 PM // 21:48	#19
SaiyanAvatar Pre-Searing Cadet Join Date: Apr 2009 Guild: FIGS	UPDATE: I got back in, thankfully the person left my customized weapons and armor alone...EL Tonic, lots of gold and ectos gone though...oh well, so much for ever getting a tormented item or filling my hall...I'll never have gold again because I originally got it from kegging...so it goes, but it could be worse...