PlayNC Account Hacked Help!
U Stole My Donut
Ok if your PlayNC account gets hacked is there a way for them to get your creditcard number? I know there is nothing they can do for a hacked account except say its all your fault but im worried about maybe Credit Card info. Is there anything I need to worry about? God im so pissed even thought I dont still play GW I hate to see my things get hacked and stolen! if anyone can help me that would be awesome! thanks
Malice Black
Cancel your card that is #1 on the list...besides that all you can do it report it to PlayNC.
U Stole My Donut
But when u make the PlayNC account do you enter your credit card information? I dont remember
broodijzer
you can test that by making a new account.
I don't remember entering credit card information, but I don't have a credit card
I don't remember entering credit card information, but I don't have a credit card
Malice Black
Quote:
Originally Posted by U Stole My Donut
But when u make the PlayNC account do you enter your credit card information? I dont remember
|
U Stole My Donut
yeah i have but it doesnt save your credit card information you have to enter it again every time you buy something i just checked by making a new account.
Thallandor
hmm i dont think i will ever use the online store...
Malice Black
Don't..it's a bit dodgy
Tactical-Dillusions
I'm sure Gaile or Alex would disagree
Manic Smile
is that supposed to make those that were hacked feel better
a friend of mine who's a mod here lost all his itmes and gold over this
I mean it was partly his fault for not using a more complicated password but it took 70ish tries for him to be hacked. What kinda website allows 70 tries. ..
a friend of mine who's a mod here lost all his itmes and gold over this
I mean it was partly his fault for not using a more complicated password but it took 70ish tries for him to be hacked. What kinda website allows 70 tries. ..
Omega X
Quote:
Originally Posted by Manic Smile
is that supposed to make those that were hacked feel better
a friend of mine who's a mod here lost all his itmes and gold over this I mean it was partly his fault for not using a more complicated password but it took 70ish tries for him to be hacked. What kinda website allows 70 tries. .. |
They must have gotten most of his login information to try 70 times. Because finding a normal password from scratch takes many more tries than that.
Gaile Gray
Quote:
Originally Posted by Tactical-Dillusions
I'm sure Gaile or Alex would disagree
|
Decide for yourself, by all means. I'm ok with ordering through the store.
Cow Tale
are there realy people who woudl try to figure out a password from scratch? sheesh and i thought by playing GW for 10 hours a day i had no life.
Linksys
it's double too difficult to guess someone's login info if you don't even know the email address they use to log in. so for even more security, don't tell anyone the email address you use or your Play NC log in name.
Hockster
Quote:
Originally Posted by Gaile Gray
Yes, I disagree, if you mean that I'm disagreeing with describing the in-game store as "dodgy." I have used it myself. Yes, gasp!, NCsoft has my personal credit card number. And you know what? They serve hundreds of thousands of players a month, given the popularity of Guild Wars, Lineage, Lineage II, City of Heroes, City of Villains... you see my point? I think that NCsoft, through the PlayNC store, has a good idea of how to protest my privacy and assure my credit card information is safe.
Decide for yourself, by all means. I'm ok with ordering through the store. |
The fact that PlayNC processes thousands of transactions monthly does not mean they are secure. All that means is that there are thousands of potential targets.
Quote:
They must have gotten most of his login information to try 70 times. Because finding a normal password from scratch takes many more tries than that. |
King Kong
Didnt Gaile say she was going to get them to fix some bits of it? 70 attempts is a joke And to think i was gonna buy a char slot today, think ill pass on that lol
fenix
Yeah, from what I've heard, PlayNC's security is terrible. There should be AT LEAST a lock out after 5 guesses...
King Kong
Dont worry this topic will be off the first page soon, so they wont have to worry about it
dmndidjit
Quote:
Originally Posted by Gaile Gray
the PlayNC store, has a good idea of how to protest my privacy
|
Saraphim
Quote:
Originally Posted by Cow Tale
are there realy people who woudl try to figure out a password from scratch? sheesh and i thought by playing GW for 10 hours a day i had no life.
|
Quote:
There should be AT LEAST a lock out after 5 guesses... |
TheGuildWarsPenguin
Did they ever fix the thing where you can't get into the ingame store if you don't link your PlayNC account to your GW account and if you did, you can't change your GW login name or password?
mrgoat
Quote:
Originally Posted by Gaile Gray
Yes, I disagree, if you mean that I'm disagreeing with describing the in-game store as "dodgy." I have used it myself. Yes, gasp!, NCsoft has my personal credit card number. And you know what? They serve hundreds of thousands of players a month, given the popularity of Guild Wars, Lineage, Lineage II, City of Heroes, City of Villains... you see my point? I think that NCsoft, through the PlayNC store, has a good idea of how to protest my privacy and assure my credit card information is safe.
Decide for yourself, by all means. I'm ok with ordering through the store. |
Seeing as I know more than you do about this sort of thing, I'm going to stick with my opinion over yours for now. So here's what I think (And this opinion is slightly revised from previous commentary): Not that bad. Rate limiting is a good idea, but an account lock after N guesses would constitute a denial of service vulnerability, and add an associated nightmare in customer service / verification to unlock an account. (Just think what would happen when some ne'er do well decides to use a spam list of emails to lock ~80% of guildwars accounts. Account "theft" isn't the only thing to think about here.) Locking an account after a number of guesses is a bad idea. Limiting it to 5 guesses in 15 minutes, or 30 minutes, or even an hour is a fine and dandy idea, provided it's implemented with an enforcement of complex passwords. That would be enough - it would stop automated attempts to crack your password, and the aforementioned DOS attack would take significant, sustained use of resources to lock any significant portion of accounts and keep them locked. (Actually, add a proper end-to-end encryption scheme in the protocol used to communicate with the server, and then you have enough. I have no evidence if the do any encryption in the gw client or not. If not, sound the klaxons again, it's a problem. I expect something at least equivalent to SSLv3 in the GW store.)
I would like a confirmation though, on wether/how long they keep your credit card information - I have to re-input it each time I buy from the store. If they store it, and I still have to re-enter it, that's pretty silly. If they don't store it at all, then until the IRS decides to tax in-game earnings, I don't much care about their security. And there's exactly zero reason to store it. Subscription-based games are the only ones that should ever need to store that.
After all this, if someone can guess your password in only 70 tries, you are using a bad password (Or they achieved a statistical miracle) Stop using your pets name and your birthday for passwords.
ducktape
Quote:
Originally Posted by TheGuildWarsPenguin
Did they ever fix the thing where you can't get into the ingame store if you don't link your PlayNC account to your GW account and if you did, you can't change your GW login name or password?
|
cosyfiep
heck, even THIS SITE locks you out after 5 bad guesses on the password----and I dont think we are selling anything here! (are they?)
FeroxC
Only 70 attempts!, to crack an average password you needs thousands and thousands of attempts enough to strain the login server and get very well noticed(applies to bruteforce & dictionary).
If he got it under a couple of thousands attempts it means youve been infected with a trojan/keylogger and hes probably logged every password/number youve entered since.
Its not PlayNCs fault its your lax PC security.
If he got it under a couple of thousands attempts it means youve been infected with a trojan/keylogger and hes probably logged every password/number youve entered since.
Its not PlayNCs fault its your lax PC security.
ducktape
I think the point is that 70 attempts is a ridiculous number of consecutive wrong password attempts to allow. I'm sure it would have let the attacker keep guessing and guessing and guessing indefinitely.
Eviance
Quote:
Originally Posted by FeroxC
Only 70 attempts!, to crack an average password you needs thousands and thousands of attempts enough to strain the login server and get very well noticed(applies to bruteforce & dictionary).
If he got it under a couple of thousands attempts it means youve been infected with a trojan/keylogger and hes probably logged every password/number youve entered since. Its not PlayNCs fault its your lax PC security. |
HOWEVER at the same time there was another thread going on about PlayNC's lack of security. At that time Gaile said that there was a loggin temp-lock in place but when myself and a few others checked into it, that wasn't the case. I'm really hoping that they are still working on this issue and that it can be resolved in the VERY near future so that these things happen less often, even to the stupid people who fail to use complex passwords. Mine was complex enough but now it's almost to much for myself to log in with lol.
To the OP: Good luck and do your best to clean your PC to make sure it wasn't a keylogger/trojan. If it was then everything you're accessing including online banking, emails, ebay, paypal.. EVERYTHING is at risk! I've been there it's no fun! Glad to hear that at least your credit card info via plaync wasn't aquired ^_^
Edit: ONE last thing! Check your connection and make sure you don't have a piggy back! Password your PC so that no one can gain access from across the street! That was a tip a guildie gave to me and I actually had someone attempt 9times to log on to my plaync account once via an IP that was near to me, so I am guessing that's what had happened there.
Spydergst1
I know this does not pertain to PlayNC or give you direct advice for your situation but I thought you might find this info useful someday.
1. If you stay at a hotel/motel. Do not give your room “key card” back. It contains all your information including credit card. The hotel staff puts it on top of the deck of available room keys and your info stays on it for someone to grab. Recent news reports of people stealing identies from the hotel they worked at was in the news just a few months ago. The hotel writes off the loss of the key cards so don't worry and they don't charge you extra for not turning it in. I KNOW! Someone in my family owns a hotel.
2. Write on the back of all your credit/debit cards (NOT YOUR SIGNATURE)!! Write "Photo ID Required". That way no one can slip a purchase passed a dip shit cashier who is not paying attention.
3. Shred (don't just rip up) all your credit card application junk mail. YES, YES, YES, people do go though your garbage. For instance, I always thought no one goes through my garbage! One day a woman, her son and a cop come to my door and complain about porn movies being in the garbage. Living in a 6 unit apartment building at the time it could have been anyone. It sure wasn't me. Another time I threw away a certificate on a wood plaque I was given by my father for Karate when I was young. A few weeks later someone told my dad they were garbage diving and found it and gave it to my dad. I lived about 10 miles from my dad at the time. He was upset. Point is people do go though your garbage and WILL steal your idenity and tape up and turn in those credit card applications with a different address under your name.
4. Never click a link provided in an email which requires you to login with an account. For example there are scammers who create web pages that look exactly like ebays website and send you emails stating your account has been hacked. Login to correct the problem or, I bought an ebay item from you and I want it. They will have links. Once you click the link you are taken to a bogus website which looks exactly like the real thing with verisign security logos trying to make you believe is the real website. Once you login is records your login info and now they have you ebay account information or the website they are trying to scam your account for. I like to click the link and put "here is my login info" in the username field and F**k off scammer in the password field. but if you do that they will now that your email account is active since you clicked the link and they will keep sending bogus emails.
There are more tips but I feel I have provided enough here
Good Luck
1. If you stay at a hotel/motel. Do not give your room “key card” back. It contains all your information including credit card. The hotel staff puts it on top of the deck of available room keys and your info stays on it for someone to grab. Recent news reports of people stealing identies from the hotel they worked at was in the news just a few months ago. The hotel writes off the loss of the key cards so don't worry and they don't charge you extra for not turning it in. I KNOW! Someone in my family owns a hotel.
2. Write on the back of all your credit/debit cards (NOT YOUR SIGNATURE)!! Write "Photo ID Required". That way no one can slip a purchase passed a dip shit cashier who is not paying attention.
3. Shred (don't just rip up) all your credit card application junk mail. YES, YES, YES, people do go though your garbage. For instance, I always thought no one goes through my garbage! One day a woman, her son and a cop come to my door and complain about porn movies being in the garbage. Living in a 6 unit apartment building at the time it could have been anyone. It sure wasn't me. Another time I threw away a certificate on a wood plaque I was given by my father for Karate when I was young. A few weeks later someone told my dad they were garbage diving and found it and gave it to my dad. I lived about 10 miles from my dad at the time. He was upset. Point is people do go though your garbage and WILL steal your idenity and tape up and turn in those credit card applications with a different address under your name.
4. Never click a link provided in an email which requires you to login with an account. For example there are scammers who create web pages that look exactly like ebays website and send you emails stating your account has been hacked. Login to correct the problem or, I bought an ebay item from you and I want it. They will have links. Once you click the link you are taken to a bogus website which looks exactly like the real thing with verisign security logos trying to make you believe is the real website. Once you login is records your login info and now they have you ebay account information or the website they are trying to scam your account for. I like to click the link and put "here is my login info" in the username field and F**k off scammer in the password field. but if you do that they will now that your email account is active since you clicked the link and they will keep sending bogus emails.
There are more tips but I feel I have provided enough here
Good Luck
Grais
Quote:
are there realy people who woudl try to figure out a password from scratch? sheesh and i thought by playing GW for 10 hours a day i had no life. |
But of course they are also available to try to bruteforce any password out there. So be cautious and careful.
cjb909
Quote:
Originally Posted by Spydergst1
1. If you stay at a hotel/motel. Do not give your room “key card” back. It contains all your information including credit card. The hotel staff puts it on top of the deck of available room keys and your info stays on it for someone to grab. Recent news reports of people stealing identies from the hotel they worked at was in the news just a few months ago. The hotel writes off the loss of the key cards so don't worry and they don't charge you extra for not turning it in. I KNOW! Someone in my family owns a hotel.
|
They don't put anything on the cards except an ID number.
Quote:
Originally Posted by Spydergst1
2. Write on the back of all your credit/debit cards (NOT YOUR SIGNATURE)!! Write "Photo ID Required". That way no one can slip a purchase passed a dip shit cashier who is not paying attention.
|
I don't know anything about number 3, and for number 4, yeah watch out for phishing sites.
luinks
Also the client itself has flaws you can check this thread, it also has good tips for account security, no response was given at the time i wrote the thread by Anet about the infinite attempts you can do in the log-in screen...
http://www.guildwarsguru.com/forum/s...php?t=10081483
http://www.guildwarsguru.com/forum/s...php?t=10081483
Ritualistic Spankin
Threads like this will keep coming around until this problem is fixed, and I think that is the only way it is going to be addressed. Ideally, the more pressure we apply to the problem, the sooner it will get resolved.
Also on a password security note: When choosing a password, don't just pick a word, most bruteforce programs that I have encountered run through a known list of words from the dictionary, thus cutting down the time it takes to access an account.
You should use a combination of number, lowercase, and uppercase letters in your password. However all it takes is 1 keylogger and that goes out the window.
...I guess take that for what it is worth.
Also on a password security note: When choosing a password, don't just pick a word, most bruteforce programs that I have encountered run through a known list of words from the dictionary, thus cutting down the time it takes to access an account.
You should use a combination of number, lowercase, and uppercase letters in your password. However all it takes is 1 keylogger and that goes out the window.
...I guess take that for what it is worth.