Sep 16, 2006, 05:43 AM // 05:43
|
#1
|
Desert Nomad
Join Date: Aug 2005
Location: California, USA
Guild: Angel Sharks [AS] (RiP [KaiZ] T__T")
Profession: Mo/E
|
"Password Reset Failure" - Anet Support Email
I wasn't sure where else to place this but i am curious as to Anet's procedures and account identification methods...
The other day i got this email from [email protected]::
Quote:
Someone at 196.202.4.229 attempted to reset your PlayNC Master Account password for account "XXXXXXXX". This attempt was unsuccessful. If you did not attempt this change, please contact support immediately at [email protected].
|
Yes, the email was legit and that quote was all that was in the email. I already got an auto reponse from them after my initial response, but a couple things make me curious...
First of all, NO i did not attempt to change my password recently, so it is obviously someone trying to get into my account. That ip is not mine, so its obvious its not me. I have since reported to the linked email telling them i was not attempting to change my password and to continue blocking that ip from trying so.
So what has me curious is: i always thought that the "PlayNC Master Account" refers to the EMAIL ADDRESS that we had registered our accounts with and with which we use to login to Guild Wars. The alleged account of "XXXXXXXXX" doesn't exist (to my knowledge). Why? Because "XXXXXXXXX" (spaces included) is simply the name of one of my RP characters in GW. So WHY in the world would they think that "XXXXXXXXX" is my "Master Account" ???
i wouldn't say im worried, mebe just a little paranoid that something fishy is going on. I have since scanned my PC for Spyware, Trojans, Keyloggers, and any other malicious files and came up clean. I have also officially changed my account password for my GW account tonight without any troubles. So are my worries warranted? Or does Anet simply identify accounts in a REALLY weird manner?
So anyone else experience this before? Since i am about 99% sure that the emails i received are authentic, i am more confused then worried at this point, but any reassurance or feedback helps! Oh ya, and YES i emailed them asking about my confusions/suspicions.
Thanks! Cheers!
Last edited by Batou of Nine; Sep 16, 2006 at 06:10 AM // 06:10..
|
|
|
Sep 16, 2006, 05:47 AM // 05:47
|
#2
|
Aquarius
Join Date: Jun 2005
Location: Somewhere between Boardwalk and Park Place
|
Chances are that someone stuck in your email and fooled around. It's a very good thing to reset everything though, just in case. Your master account I believe is the first character you created, but I may be factually incorrect about this (I'd like to know if I am).
|
|
|
Sep 16, 2006, 06:02 AM // 06:02
|
#3
|
Desert Nomad
Join Date: Aug 2005
Location: California, USA
Guild: Angel Sharks [AS] (RiP [KaiZ] T__T")
Profession: Mo/E
|
Ok, i did more investigating.
It seems the "PlayNC Master Account" is actually the account you created on the NCSoft website! It is the account you have to create in order to change your in game passwords. This created account is different from your GW account.
It seems i had created an account a long while back, and completely forgot about it, which means i have also forgotten my password for it. LOL! my PW change for GW hasn't happend yet, so i will be in process of recovering it with Anet.
So it would seem some1 SOMEHOW got my play ncsoft account name, and then attempted to use the "Forgot Password" feature which you have to answer the security question first to change the account password. Lucky for me, he didnt get through. Ugh. what a mess. Oh and depending on how many people read this thread before i edit the original of my PlayNC Master Account....
....Please dont do what the above ip tried. lol!!
Last edited by Batou of Nine; Sep 16, 2006 at 06:11 AM // 06:11..
|
|
|
Sep 16, 2006, 01:10 PM // 13:10
|
#4
|
Site Contributor
|
Batou of Nine, I'm going to speak frankly here but I'm curious as to what protection any of us have right now from ArenaNet and NCSoft. Considering that this is the EXACT SAME IP that hacked one of our own mods Tsunami Rain. How many other accounts did this IP try to hack. What kind of steps are taken when quite clearly someone can try and try and try again with no consequence to gain your password with the PlayNC website.
I've all ready gone in and changed out all my "contact info" through the PlayNC account to bogus information. I would encourage any of you right now to do the same and I don't even know the consequences or if this violates something but I think this obvious lack of security and someone being able to repeatedly try to gain your password is disappointing.
I have right now 3 confirmed people this has happened to. Batou of Nine, Tsunami Rain and Seissor in the last 3 days. Anyone else please step forward.
|
|
|
Sep 16, 2006, 01:16 PM // 13:16
|
#5
|
Desert Nomad
|
Is it due to some vulnerability on PlayNC's website or something?
|
|
|
Sep 16, 2006, 01:41 PM // 13:41
|
#6
|
Site Contributor
|
generik, the "vulnerability" is that someone can repeatedly try to gain your password without being locked out. Hundreds of times even. Our mod Tsunami Rain had 70 attempts on his account before they finally got it and wiped his account clean. We all know the importance of having both letters and numbers in our password, in having passwords that are different for other important aspects that might contain personal data (such as banking, etc.) which would make attempts like this more difficult. But frankly, it's well known that many don't do this
I've also been in and I see no way to change my username on the PlayNC website. My username is thankfully quite different from my forum and my guild wars names. But I'm sure many never saw this "consequence" when they went in to access the store and had their account linked. There's no way to unlink these accounts right now either from the PlayNC website. So if someone does log in they have access to your GW account, your personal information such as address, name, and phone number. If you have accounts with other NCSoft games such as lineage, city of hereos, or more they have access to these accounts, and it will include your CC#'s last 4 digits with those game accounts.
|
|
|
Sep 16, 2006, 02:41 PM // 14:41
|
#7
|
Jungle Guide
Join Date: Aug 2005
Location: Squiggilyville. Population: Me.
Guild: [oRly] Hello Kitty Death Squad
Profession: R/Me
|
Someone at 196.202.4.229 attempted to reset your PlayNC Master Account password
for account X. This attempt was unsuccessful. If you did not attempt this
change, please contact support immediately at [email protected].
I got the same message this morning, same IP address and all. 5 attempts, all failed. I switched my account info to incorrect information about myself. My P/W is pretty solid, as is my totally WTF forgotten P/W Q.
I think the person is trauling Guru and reading up on users to guess their passwords, then using their Guru name to see if its their PlayNC name.
OMG and I just figured out another method they are using to get our log ins....MSN/Yahoo/AIM contact information that is DISPLAYED PUBLICLY! on our Guild Wars Guru profiles!
Also when you say "forgot password" on PlayNC it asks for account name and your date of birth....if they have account name all they need is DOB....and guess what....THATS ALSO on your freaking Guild Wars Guru account. So everyone go around and put fake DOB in your GWG profile and set it to "hidden"
Last edited by Seissor; Sep 16, 2006 at 02:54 PM // 14:54..
|
|
|
Sep 16, 2006, 03:05 PM // 15:05
|
#8
|
Underworld Spelunker
|
Quote:
Originally Posted by Inde
We all know the importance of having both letters and numbers in our password, in having passwords that are different for other important aspects that might contain personal data (such as banking, etc.) which would make attempts like this more difficult. But frankly, it's well known that many don't do this
.
|
hi Inde
i have not gotten this yet but do have one account locked into the store.
the one consolation i have is that i use everything i can to make it harder to get into my account
1 each has a unique email on my ISP.
2 each of those email addresses are maximum allowable number of random letter/number/symbol @MY ISP.XXX
3 those email addresses are used no where else
4 my passwords are the same maximum length and used again no where else
5 i update and use the 2 top rated spyware apps out there before logging in to my accounts running them in the background so i dont waste time (doing it right now)
i did find recently a Lineage II keylogger which i happily deleted.
since i used the store that might have been an access point if i hadnt gotten if
Spyware Doctor was the one that got it
|
|
|
Sep 16, 2006, 03:24 PM // 15:24
|
#9
|
Burninate Stuff
Join Date: Aug 2005
Location: New Mexico
Profession: E/Mo
|
thaks for the heads up guys.
Im not usually too fussy about hiding personal stuff, but the date of birth is definately gone.
Inde, if that is true that thats all it takes to get into account recovery in ncsoft, is there a way to disable ALL age/DoB?
|
|
|
Sep 16, 2006, 04:19 PM // 16:19
|
#10
|
Desert Nomad
Join Date: Nov 2005
Location: Eh I forget... o_O
Guild: Biscuit of Dewm [MEEP]
Profession: R/
|
I got one of these and I contacted NCsoft and they said CHANGE YOUR PASSWORD! And thusly I did... Only to find out months later that it had been my husbands account and not mine >_> and I didn't remember what I changed the password to <_< (However he had NOT linked it to his GW account yet, but he was trying to.)
My husband and I share email accounts and such as well as each of us having our own.... I got confused cause I was so flipped out that someone tried to jack "my" account >_<
|
|
|
Sep 16, 2006, 05:56 PM // 17:56
|
#12
|
ArenaNet
|
I must ask if you guys are responding to these emails by clicking an in-mail link. If so, could this be like the eBay letters I get daily, asking me to "reset my password" or giving me the exact same warning as expressed in this email, including an IP address and asking me to "click this link to protect your account."
If so, it's phishing and we will see what we can to to prevent that.
If not, then we need to look into what's going on on a completely different level.
I have forwarded this to the Support Team and to some of our internal programmers, and hope to have an answer very soon!
Thank you for your report.
Edit to add:
Quote:
Originally Posted by Seissor
OMG and I just figured out another method they are using to get our log ins....MSN/Yahoo/AIM contact information that is DISPLAYED PUBLICLY! on our Guild Wars Guru profiles!
Also when you say "forgot password" on PlayNC it asks for account name and your date of birth....if they have account name all they need is DOB....and guess what....THATS ALSO on your freaking Guild Wars Guru account. So everyone go around and put fake DOB in your GWG profile and set it to "hidden"
|
I would strongly urge everyone to remove personal contact information from fansites. If someone needs to reach you, accept their PM and give your information privately and individually to them only.
__________________
Gaile Gray
Support Liaison
ArenaNet
Last edited by Gaile Gray; Sep 16, 2006 at 06:08 PM // 18:08..
|
|
|
Sep 16, 2006, 06:50 PM // 18:50
|
#13
|
Lion's Arch Merchant
|
Quote:
Originally Posted by Gaile Gray
I must ask if you guys are responding to these emails by clicking an in-mail link. If so, could this be like the eBay letters I get daily, asking me to "reset my password" or giving me the exact same warning as expressed in this email, including an IP address and asking me to "click this link to protect your account."
If so, it's phishing and we will see what we can to to prevent that.
If not, then we need to look into what's going on on a completely different level.
|
Oh come on.. That is the only message that they get in the e-mail. The only "link" there to click is the e-mail address quoted in the message, [email protected]. At the VERY most, it'll open Outlook Express and start a new e-mail window. If it opened a website, people would pretty much get the freaking idea and close it, it doesn't take a lot of brains to KNOW when someone's screwing with you.
And I KNOW that Tsunami Rain isn't that stupid.
Quote:
Originally Posted by Gaile Gray
I would strongly urge everyone to remove personal contact information from fansites. If someone needs to reach you, accept their PM and give your information privately and individually to them only.
|
What is this? Are you trying to insinuate that it's our fault that your employer's security and lockout features, which SHOULD be in place to safeguard it's customer's information, are severely lacking? Oh, I'm sorry, make that non-existant! I hope that isn't a road you intend to travel down, because you (and anyone else working for PlayNC or it's affiliates/subsidiaries) are in no position to place the blame on the fansites.
Your response pushed my buttons a bit, and as such, this entire post is my opinion and mine alone, not the opinion of this website or it's staff.
|
|
|
Sep 16, 2006, 06:55 PM // 18:55
|
#14
|
Site Contributor
|
Birthdays are not considered a sensitive piece of information. We acquire this information so that we can verify COPPA. The fact that NCSoft chooses this as a means of verification is another security issue, when it is public information and would never be considered a secure means of verifying identity.
GuildWarsGuru.com will lock anyone out who attempts an incorrect password 5 times. This is standard security for most forums, ISP's, even many email providers, banking, and more. We do not display anyone's email address, even clicking on the 'email user' link WILL NOT display the email address used to sign up for this site. This is a fundamental flaw in NCSoft's security and to even suggest that this problem could have been prevented by directing a finger at the fansites is disturbing. I have even added the security measure of disabling everyone's birthdate from being displayed, because I care about the security of our users.
These are not phishing emails. These are attempts on people's Guild Wars accounts because of security issues that are not in place on the PlayNC website.
|
|
|
Sep 16, 2006, 07:14 PM // 19:14
|
#15
|
ArenaNet
|
Quote:
Originally Posted by Inde
Birthdays are not considered a sensitive piece of information. We acquire this information so that we can verify COPPA.
|
They need not and perhaps should not be displayed. Disabling them was a wise choice.
To the recent posters:
I don't really care if you're posting for yourself, the site, or the man in the moon. I have been asked to help. I resent being asked to post in a thread and then getting rude replies. I are unhappy the reaction to my reaching out to assist is having my hand ripped off. I'm here, on a weekend, genuinely trying to help, and genuinely trying to solve what could be a critical problem! I am not required to work the weekends, and I'm further not required to answer support issues nor, in fact, am I required to post at all. I made the judgment to try to help, and to try to communicate. I suggested a couple of possibilities, and possibilities only. I did not dismiss the concerns, nor try to gloss over them. In fact, I sent an email of concern to a half dozen people, including two company founders, before I even posted. For goodness sake, I'm still in Information Gathering Mode.
In a word, don't shoot the messenger, nor slap the face of the person who is trying her hardest to resolve this issue!
__________________
Gaile Gray
Support Liaison
ArenaNet
Last edited by Gaile Gray; Sep 16, 2006 at 07:18 PM // 19:18..
|
|
|
Sep 16, 2006, 07:21 PM // 19:21
|
#16
|
Lion's Arch Merchant
|
This next post is on behalf of the man on the moon and the easter bunny.
It's nice that you're concerned, but you don't show it very well. Your posts looked like you were trying to point the blame at us, and that wouldn't have been a very good thing to do.
I think you're being paranoid though. Nobody's being "mean" or "rude" but we are a bit tired of the fact, or at least I am, that PlayNC support does absolutely nothing for it's customers. I've been trying for over a MONTH now to get my 3rd account's password changed, since the e-mail address belongs to a friend who I allowed to use the account, and every time we hit the in-game reset password link, NOTHING happens.
That's just one example.. But typically, I see nothing worthwhile come from PlayNC staff (and I'm sure a LARGE percentage of the player base will agree). But on the fair side, if you really ARE sending e-mail and trying to get some results done on the player base's behalf, thanks.. The man on the moon will be thoroughly please.
|
|
|
Sep 16, 2006, 07:26 PM // 19:26
|
#17
|
Krytan Explorer
Join Date: Feb 2006
Location: Jersey
Profession: W/
|
Security like this is big business and shouldn't be taken lightly. Arenanet is obviously lacking in this area and should consider looking into security professionals for more help in this area. Numerous security professionals will suggest a lot better things that most people could think of.
I would suggest however putting the 5 login rule on all arena.net passwords, it should slow everything like this down.
|
|
|
Sep 16, 2006, 07:30 PM // 19:30
|
#18
|
RAGE INCARNATE
Join Date: Apr 2006
Location: Sitting at The Guild Hall 2, being happy.
Guild: Nerd Clan [NK]
Profession: R/
|
Quote:
Originally Posted by Across The Battle
Security like this is big business and shouldn't be taken lightly. Arenanet is obviously lacking in this area and should consider looking into security professionals for more help in this area. Numerous security professionals will suggest a lot better things that most people could think of.
I would suggest however putting the 5 login rule on all arena.net passwords, it should slow everything like this down.
|
The thing with this is that the issue is not with gw passwords its all our PlayNC master accounts that we're having the problem. NCSoft needs to work on their security issues, A-Net needs some help too, but this current issue is all NCSoft.
They were the ones that wanted to link all of our accounts therefor creating this major security issue.
|
|
|
Sep 16, 2006, 07:32 PM // 19:32
|
#19
|
I Didn't Do It
Join Date: Jul 2005
Profession: Mo/
|
Quote:
Originally Posted by Inde
Batou of Nine, I'm going to speak frankly here but I'm curious as to what protection any of us have right now from ArenaNet and NCSoft. Considering that this is the EXACT SAME IP that hacked one of our own mods Tsunami Rain. How many other accounts did this IP try to hack. What kind of steps are taken when quite clearly someone can try and try and try again with no consequence to gain your password with the PlayNC website.
I've all ready gone in and changed out all my "contact info" through the PlayNC account to bogus information. I would encourage any of you right now to do the same and I don't even know the consequences or if this violates something but I think this obvious lack of security and someone being able to repeatedly try to gain your password is disappointing.
I have right now 3 confirmed people this has happened to. Batou of Nine, Tsunami Rain and Seissor in the last 3 days. Anyone else please step forward.
|
I've recived an e-mail on 9/14/06 telling me that my PlayNC password was successfully changed, yet I haven't asked for a change of it.
|
|
|
Sep 16, 2006, 07:34 PM // 19:34
|
#20
|
Lion's Arch Merchant
Join Date: Jan 2006
Guild: Valkyrie Einherjar
Profession: Mo/
|
Quote:
I would suggest however putting the 5 login rule on all arena.net passwords, it should slow everything like this down.
|
I would hope an update would happen before Monday night putting such a security feature in place. I say Monday because I understand it is the weekend and the proper people might not be working until Monday, but I can't think of anything that should be as high a priority as security except possibly complete inability to connect or play the game on the part of the majority of players.
|
|
|
Thread Tools |
|
Display Modes |
Linear Mode
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT. The time now is 01:56 PM // 13:56.
|