"Password Reset Failure" - Anet Support Email

I wasn't sure where else to place this but i am curious as to Anet's procedures and account identification methods...

The other day i got this email from [email protected]::

Yes, the email was legit and that quote was all that was in the email. I already got an auto reponse from them after my initial response, but a couple things make me curious...

First of all, NO i did not attempt to change my password recently, so it is obviously someone trying to get into my account. That ip is not mine, so its obvious its not me. I have since reported to the linked email telling them i was not attempting to change my password and to continue blocking that ip from trying so.

So what has me curious is: i always thought that the "PlayNC Master Account" refers to the EMAIL ADDRESS that we had registered our accounts with and with which we use to login to Guild Wars. The alleged account of "XXXXXXXXX" doesn't exist (to my knowledge). Why? Because "XXXXXXXXX" (spaces included) is simply the name of one of my RP characters in GW. So WHY in the world would they think that "XXXXXXXXX" is my "Master Account" ???

i wouldn't say im worried, mebe just a little paranoid that something fishy is going on. I have since scanned my PC for Spyware, Trojans, Keyloggers, and any other malicious files and came up clean. I have also officially changed my account password for my GW account tonight without any troubles. So are my worries warranted? Or does Anet simply identify accounts in a REALLY weird manner?

So anyone else experience this before? Since i am about 99% sure that the emails i received are authentic, i am more confused then worried at this point, but any reassurance or feedback helps! Oh ya, and YES i emailed them asking about my confusions/suspicions.

Thanks! Cheers!

Chances are that someone stuck in your email and fooled around. It's a very good thing to reset everything though, just in case. Your master account I believe is the first character you created, but I may be factually incorrect about this (I'd like to know if I am).

Ok, i did more investigating.

It seems the "PlayNC Master Account" is actually the account you created on the NCSoft website! It is the account you have to create in order to change your in game passwords. This created account is different from your GW account.

It seems i had created an account a long while back, and completely forgot about it, which means i have also forgotten my password for it. LOL! my PW change for GW hasn't happend yet, so i will be in process of recovering it with Anet.

So it would seem some1 SOMEHOW got my play ncsoft account name, and then attempted to use the "Forgot Password" feature which you have to answer the security question first to change the account password. Lucky for me, he didnt get through. Ugh. what a mess. Oh and depending on how many people read this thread before i edit the original of my PlayNC Master Account....

....Please dont do what the above ip tried. lol!!

Batou of Nine, I'm going to speak frankly here but I'm curious as to what protection any of us have right now from ArenaNet and NCSoft. Considering that this is the EXACT SAME IP that hacked one of our own mods Tsunami Rain. How many other accounts did this IP try to hack. What kind of steps are taken when quite clearly someone can try and try and try again with no consequence to gain your password with the PlayNC website.

I've all ready gone in and changed out all my "contact info" through the PlayNC account to bogus information. I would encourage any of you right now to do the same and I don't even know the consequences or if this violates something but I think this obvious lack of security and someone being able to repeatedly try to gain your password is disappointing.

I have right now 3 confirmed people this has happened to. Batou of Nine, Tsunami Rain and Seissor in the last 3 days. Anyone else please step forward.

Is it due to some vulnerability on PlayNC's website or something?

generik, the "vulnerability" is that someone can repeatedly try to gain your password without being locked out. Hundreds of times even. Our mod Tsunami Rain had 70 attempts on his account before they finally got it and wiped his account clean. We all know the importance of having both letters and numbers in our password, in having passwords that are different for other important aspects that might contain personal data (such as banking, etc.) which would make attempts like this more difficult. But frankly, it's well known that many don't do this

I've also been in and I see no way to change my username on the PlayNC website. My username is thankfully quite different from my forum and my guild wars names. But I'm sure many never saw this "consequence" when they went in to access the store and had their account linked. There's no way to unlink these accounts right now either from the PlayNC website. So if someone does log in they have access to your GW account, your personal information such as address, name, and phone number. If you have accounts with other NCSoft games such as lineage, city of hereos, or more they have access to these accounts, and it will include your CC#'s last 4 digits with those game accounts.

Someone at 196.202.4.229 attempted to reset your PlayNC Master Account password
for account X. This attempt was unsuccessful. If you did not attempt this
change, please contact support immediately at [email protected].


I got the same message this morning, same IP address and all. 5 attempts, all failed. I switched my account info to incorrect information about myself. My P/W is pretty solid, as is my totally WTF forgotten P/W Q.

I think the person is trauling Guru and reading up on users to guess their passwords, then using their Guru name to see if its their PlayNC name.

OMG and I just figured out another method they are using to get our log ins....MSN/Yahoo/AIM contact information that is DISPLAYED PUBLICLY! on our Guild Wars Guru profiles!

Also when you say "forgot password" on PlayNC it asks for account name and your date of birth....if they have account name all they need is DOB....and guess what....THATS ALSO on your freaking Guild Wars Guru account. So everyone go around and put fake DOB in your GWG profile and set it to "hidden"

hi Inde

i have not gotten this yet but do have one account locked into the store.

the one consolation i have is that i use everything i can to make it harder to get into my account

1 each has a unique email on my ISP.

2 each of those email addresses are maximum allowable number of random letter/number/symbol @MY ISP.XXX

3 those email addresses are used no where else

4 my passwords are the same maximum length and used again no where else

5 i update and use the 2 top rated spyware apps out there before logging in to my accounts running them in the background so i dont waste time (doing it right now)

i did find recently a Lineage II keylogger which i happily deleted.

since i used the store that might have been an access point if i hadnt gotten if

Spyware Doctor was the one that got it

thaks for the heads up guys.
Im not usually too fussy about hiding personal stuff, but the date of birth is definately gone.
Inde, if that is true that thats all it takes to get into account recovery in ncsoft, is there a way to disable ALL age/DoB?

I got one of these and I contacted NCsoft and they said CHANGE YOUR PASSWORD! And thusly I did... Only to find out months later that it had been my husbands account and not mine >_> and I didn't remember what I changed the password to <_< (However he had NOT linked it to his GW account yet, but he was trying to.)

My husband and I share email accounts and such as well as each of us having our own.... I got confused cause I was so flipped out that someone tried to jack "my" account >_<

Just a few tips for people reading this thread.

1. Do Not use Hotmail for your game account. A blind one handed monkey can crack a Hotmail account. I'd suggest not using Hotmail for anything. Ever.

2. Use long random character passwords. Different ones for everything is preferable. Here's a good, free, safe generator:
http://www.roboform.com/ It even stores passwords for you so you don't have to try and remember them, or post sticky notes on the monitor.

3. Periodically change your passwords.

I must ask if you guys are responding to these emails by clicking an in-mail link. If so, could this be like the eBay letters I get daily, asking me to "reset my password" or giving me the exact same warning as expressed in this email, including an IP address and asking me to "click this link to protect your account."

If so, it's phishing and we will see what we can to to prevent that.
If not, then we need to look into what's going on on a completely different level.

I have forwarded this to the Support Team and to some of our internal programmers, and hope to have an answer very soon!

Thank you for your report.

Edit to add:

I would strongly urge everyone to remove personal contact information from fansites. If someone needs to reach you, accept their PM and give your information privately and individually to them only.

Oh come on.. That is the only message that they get in the e-mail. The only "link" there to click is the e-mail address quoted in the message, [email protected]. At the VERY most, it'll open Outlook Express and start a new e-mail window. If it opened a website, people would pretty much get the freaking idea and close it, it doesn't take a lot of brains to KNOW when someone's screwing with you.

And I KNOW that Tsunami Rain isn't that stupid.


What is this? Are you trying to insinuate that it's our fault that your employer's security and lockout features, which SHOULD be in place to safeguard it's customer's information, are severely lacking? Oh, I'm sorry, make that non-existant! I hope that isn't a road you intend to travel down, because you (and anyone else working for PlayNC or it's affiliates/subsidiaries) are in no position to place the blame on the fansites.

Your response pushed my buttons a bit, and as such, this entire post is my opinion and mine alone, not the opinion of this website or it's staff.

Birthdays are not considered a sensitive piece of information. We acquire this information so that we can verify COPPA. The fact that NCSoft chooses this as a means of verification is another security issue, when it is public information and would never be considered a secure means of verifying identity.

GuildWarsGuru.com will lock anyone out who attempts an incorrect password 5 times. This is standard security for most forums, ISP's, even many email providers, banking, and more. We do not display anyone's email address, even clicking on the 'email user' link WILL NOT display the email address used to sign up for this site. This is a fundamental flaw in NCSoft's security and to even suggest that this problem could have been prevented by directing a finger at the fansites is disturbing. I have even added the security measure of disabling everyone's birthdate from being displayed, because I care about the security of our users.

These are not phishing emails. These are attempts on people's Guild Wars accounts because of security issues that are not in place on the PlayNC website.

They need not and perhaps should not be displayed. Disabling them was a wise choice.

To the recent posters:

I don't really care if you're posting for yourself, the site, or the man in the moon. I have been asked to help. I resent being asked to post in a thread and then getting rude replies. I are unhappy the reaction to my reaching out to assist is having my hand ripped off. I'm here, on a weekend, genuinely trying to help, and genuinely trying to solve what could be a critical problem! I am not required to work the weekends, and I'm further not required to answer support issues nor, in fact, am I required to post at all. I made the judgment to try to help, and to try to communicate. I suggested a couple of possibilities, and possibilities only. I did not dismiss the concerns, nor try to gloss over them. In fact, I sent an email of concern to a half dozen people, including two company founders, before I even posted. For goodness sake, I'm still in Information Gathering Mode.

In a word, don't shoot the messenger, nor slap the face of the person who is trying her hardest to resolve this issue!

This next post is on behalf of the man on the moon and the easter bunny.

It's nice that you're concerned, but you don't show it very well. Your posts looked like you were trying to point the blame at us, and that wouldn't have been a very good thing to do.

I think you're being paranoid though. Nobody's being "mean" or "rude" but we are a bit tired of the fact, or at least I am, that PlayNC support does absolutely nothing for it's customers. I've been trying for over a MONTH now to get my 3rd account's password changed, since the e-mail address belongs to a friend who I allowed to use the account, and every time we hit the in-game reset password link, NOTHING happens.

That's just one example.. But typically, I see nothing worthwhile come from PlayNC staff (and I'm sure a LARGE percentage of the player base will agree). But on the fair side, if you really ARE sending e-mail and trying to get some results done on the player base's behalf, thanks.. The man on the moon will be thoroughly please.

Security like this is big business and shouldn't be taken lightly. Arenanet is obviously lacking in this area and should consider looking into security professionals for more help in this area. Numerous security professionals will suggest a lot better things that most people could think of.

I would suggest however putting the 5 login rule on all arena.net passwords, it should slow everything like this down.

The thing with this is that the issue is not with gw passwords its all our PlayNC master accounts that we're having the problem. NCSoft needs to work on their security issues, A-Net needs some help too, but this current issue is all NCSoft.

They were the ones that wanted to link all of our accounts therefor creating this major security issue.

I've recived an e-mail on 9/14/06 telling me that my PlayNC password was successfully changed, yet I haven't asked for a change of it.

I would hope an update would happen before Monday night putting such a security feature in place. I say Monday because I understand it is the weekend and the proper people might not be working until Monday, but I can't think of anything that should be as high a priority as security except possibly complete inability to connect or play the game on the part of the majority of players.

If you can get into it, change ALL your NC/Anet passwords, change your security questions, remove your personal info (put false info in) and use DIFFERENT passwords for every account.

Seeing as NC's security is questionable at best, you'll have to fend for yourself for now.

As much as I've got to agree with rude posts being unncecessary, I don't think this is the way to respond to what is percieved as rudeness. There is a true flaw in NCsoft's devices that normally help to prevent this type of thing, and many people are becoming vulnerable to it. As the CR of the company, your (unfortunate) postition puts you at the brunt of this irritation.

Threats aren't the resolution to this problem. To refuse to post because users are angry is a contradiction of the CR position and is frankly showing a personal bias in what should be an impersonal transaction between user and company employee. (At least in this given situation)

Everyone appreciates your help, I'm sure of it. Many don't know the complexity of strain of your position, though. Please consider that there are many users who are becoming frustrated because something's happening that a flaw in NCsoft's own devices is expediting (although the blame is not to be put solely on NCS itself), and are communication their displeasure through the forums. There is no personal vendetta involved, but since the CR is the "siphon" between community and company, I'm afraid that it may appear to be that way.

Oh for goodness sake: I asked questions. I made preliminary suggestions. Clicking a link within an email is the number one modus operandi for phishers! Using fake "sender names" is also high on the list. Forgive me for asking, but I must!

Now, you must see that phrases like "if you really ARE sending an e-mail" is offensive. There is no question that I had, for I said I had. But yet, you write in such a manner and call me "paranoid" when I rebel at the insult? Honestly, that's silly.

In answer to your personal account issue: Allowing a friend to use your account means you've broken the User Agreement. I would imagine that this is the basis for Support not assisting you with the account reconfiguration. I know of no problems with password resets for instances of legitimate players resetting their own account passwords. (If there are, I would like to know of that, naturally.) But a situation like this, where an account has been accessed by another and is then sent through for reconfiguration in any manner, heads the list of support tickets, and such requests form the root of many scams (people trying to steal an account through a Support reset). I believe non-assistance in such cases may be policy, although I would think you would be told that. And I would say I'd be happy to investigate, but really, I don't think I can or should in this case for I trust that Support knows what it's doing. Therefore, I simply encourage you to resubmit your ticket and, if policy allows, I believe that they will help you.

Lasareth: There is no threat, suggested or implied. I'm simply making it clear where we are, and what I'm doing, and what our "obligations" are in the hopes that folks will step back and bring the thread to a more reasonable level of discourse. For we should be working together, not having some folks flaring out at the only available target. It should be extremely clear to all, no matter their level of concern or their personal frustration, that there are helpful intentions behind my posts and my continued involvement here.

It's an absolute joke that you can guess passwords an infinite number of times without being locked out on any site at all, let alone such a major computer gaming site as NCSoft. Get real, that's the oldest trick in the book, how do you not have that blocked? Unconcionable.

Because all posters in this thread are upset about the various issues, I'll close it for now until we are able to receive some official information. ArenaNet and NCSoft are aware of this issue.