one of my good friends in my guild as of this hour, has gotten hacked her second time, likely by the same person.
The first hacking has been Reported how many times now, and now becasue NFsoft wont let anyone change their passwords or emails on their site, she is likley dead now for GW if the hackers erase her chars this time.
I reemmber Galie saying that something was going to be done about this months ago, within a weekish span time, that seems to have ended up as a LIE.
i tell noone my information, im paranoid about security, but the NCsoft holes is worrying me, for my security and that of my freinds.
to be simple, and sorry for shouting, BUT SOMETHING NEEDS TO BE DONE NOW, NOT A YEAR FROM NOW.
and why isnt anet shutting down the hackers, it should be easy to trace logs and find out what **** was involved in ripping her off.
I am tired of this NCsoft security hole
Solar Light
Loviatar
Quote:
|
Quote:
|
and before you say it the password i changed was the login screen password NOT my NCsoft account password
Solar Light
really? then why have most of my guildies been trying to figure out how to get the pass changed for her in NCsoft?
everything we have tried to do to help her figure out how to change it has failed.
so, if you actualy know how, write a walkthrough please, becasue, if everyone i know cant easly find out how to get it changed, then somethings wrong somewhere.
everything we have tried to do to help her figure out how to change it has failed.
so, if you actualy know how, write a walkthrough please, becasue, if everyone i know cant easly find out how to get it changed, then somethings wrong somewhere.
Morganas
plaync.com -> account
Log in, and the rest is self explanatory
Log in, and the rest is self explanatory
Solar Light
if it was that simple, i wouldnt be here.
lennymon
I changed my email on the the NCsoft site recently... (it isnt even either of my acct emails anymore)
edit:
ok reset my password too
all you do is go to www.plaync.com, click the support tab, click the manage acct link, login, and reset password, that easy
edit:
ok reset my password too
all you do is go to www.plaync.com, click the support tab, click the manage acct link, login, and reset password, that easy
tasha
Lets try this then:
www.plaync.com
-> Account
-> Enter PlayNC master account details
-> Find Guild Wars account in list
-> Account Information button
-> Reset Password Button
Follow on screen instructions for Password reset, confirmation email will be sent to your account email address.
www.plaync.com
-> Account
-> Enter PlayNC master account details
-> Find Guild Wars account in list
-> Account Information button
-> Reset Password Button
Follow on screen instructions for Password reset, confirmation email will be sent to your account email address.
Skyy High
How do you add your Guild Wars Account to the "games" list? Do you add the original game code, any of your expansion game codes, all of the codes?
holababe
Hey they fixed it!!
Solar Light
yeh? it might work for you, but my friend could do ntohing to change stuff, i recall some kind of lock on her plaync account, but im not sure on the details, thefirst thing i know for sure is that my freind could not get her password or emial changed by ncsoft, and that the hacker is still around to feed off her again despire the first hacking being reported.
lennymon
um, are you sure you're friend is the 'legal owner' of the GW acct? try this then, when you go to plaync.com and get the login prompt, just type in the acct name and hit the forgot password button, it will reset it for you and make you change it the next time you login.
lustymuffins
I also know Sol's friend who was hacked, her password consisted of random letters and numbers to the extend of kg8e42moo or something similar.
She attempted multiple times to do a password change with no success. She then proceded to give me her account information so that i could try. When i did, i was redirected to the PlayNC website where, it did not allow for a password change either. I tried both of the following...
1) change password by entering old and creating a new; The result - redirection to PlayNC.com
2) selected the forgot password box: result - redirected to PlayNC.com
Even after logging in using her PlayNC cridentials ( email and password are different than the GW account's login information), It would not allow me to change her account password, even after specifying all information such as security questions and birthday. ( its as if the gw account is not linked to her PlayNC) I am a Bachelors in BSS and BNW so its not like im computer illiterate.
As for waht Anet should do...
Could Anet possibly just track her account and log the IP address of the ones using it, then contact the ISP they are under to report them as breaking the ISP agreement of illigal activities.
She attempted multiple times to do a password change with no success. She then proceded to give me her account information so that i could try. When i did, i was redirected to the PlayNC website where, it did not allow for a password change either. I tried both of the following...
1) change password by entering old and creating a new; The result - redirection to PlayNC.com
2) selected the forgot password box: result - redirected to PlayNC.com
Even after logging in using her PlayNC cridentials ( email and password are different than the GW account's login information), It would not allow me to change her account password, even after specifying all information such as security questions and birthday. ( its as if the gw account is not linked to her PlayNC) I am a Bachelors in BSS and BNW so its not like im computer illiterate.
As for waht Anet should do...
Could Anet possibly just track her account and log the IP address of the ones using it, then contact the ISP they are under to report them as breaking the ISP agreement of illigal activities.
bart
it sucks to get hacked. a friend got hacked 3 times and he's done everything from changing password to using spybot/antivirus. I suspect that its the add-ons that he downloaded for the game that is siphoning information to the hacker.
lennymon
So basically in summation: the NCsoft hole is gone. If a person doesn't have some cosmic ray induced bad karma, changing passwords and emails and game acct info is trivial now. I can even do all of this using firefox and not even have to use the security hole ridden MS product.
Additionally the only possible reason I can come up with as to why NCSoft would lock an account as you describe would be an acct ownership issue as would arise from have 'gotten the account from a friend'. As such I have zero insights on that, sorry bud.
Additionally the only possible reason I can come up with as to why NCSoft would lock an account as you describe would be an acct ownership issue as would arise from have 'gotten the account from a friend'. As such I have zero insights on that, sorry bud.
lennymon
ok, this might be a redundant question, but have you tried add game and typed in her GW key?
B Ephekt
Quote:
|
Originally Posted by lustymuffins
As for waht Anet should do...
Could Anet possibly just track her account and log the IP address of the ones using it, then contact the ISP they are under to report them as breaking the ISP agreement of illigal activities. |
Solar Light
the sarcasam ehre sickens me, have fun with the day that you get hacked, because, despite however hard we try not to, the odds remain that it can happen.
the wonderful support from the community aside, the lack of any assistance, or basic security, or any kind of crackdown on hackers, from NCSOFT, bothers me.
Thank you for getting my point, pointing fingers around at why a person get hacked matters little, the fact is, its damm hard to recover from getting hacked in GW, mostly due to problems from NCsoft, and the fact that hackers seem to rarely get tracked down and banned.
the wonderful support from the community aside, the lack of any assistance, or basic security, or any kind of crackdown on hackers, from NCSOFT, bothers me.
Quote:
|
Firanne on GWO Yes, likely getting hacked is a hole on the users side. However, since said user is unable to change their account information once its linked to and NCSoft account, it means that a hacked account is basically lost forever, since the user has no way to change the hacked account info to new info not in the hackers possession (assuming they plug the hole that enabled hacker to get info in the first place). Its also bad that if you have a change of Internet provider, you cannot lose the old email as you cannot change the account to your new one... Read and understand the OPs concerns before blasting his friend and saying that its not ANETs problem. The hack is not, but being able to recover from it is. |
holababe
If you were smart, like I was, you wouldn't link to a PlayNC master account
lightblade
If your friend is the one that got hacked, why doesn't he/she make a post in here him/herself?
Keylogger it is. She must be trying to download gw hacks from warez sites.
She gave you her password? Man! Does this show how she doesn't keep her password to herself? She deserve to be hacked.
Quote:
|
Originally Posted by lustymuffins
her password consisted of random letters and numbers to the extend of kg8e42moo or something similar.
|
Quote:
|
Originally Posted by lustymuffins
She then proceded to give me her account information so that i could try.
|
Vermilion Okeanos
Quote:
|
Originally Posted by lightblade
She gave you her password? Man! Does this show how she doesn't keep her password to herself? She deserve to be hacked.
|
Give me a break.
B Ephekt
Quote:
|
Originally Posted by Solar Light
the sarcasam ehre sickens me, have fun with the day that you get hacked, because, despite however hard we try not to, the odds remain that it can happen.
|
Point being, maybe the person could try and learn a thing or two from this experience instead of just complaining.
Gaile Gray
The OP saw fit to post this in multiple fan forums. I must say, that's not a good or courteous choice, since server costs have an impact upon the kind folks who house these forums, and it appears a tad like "dev bashing" to take a negative, accusatory post to multiple sites. Regardless, let me repeat what I said elsewhere:
I have passed this along. I share your concerns, but I must, once again, make suggestions rather than simply shaking my fists at the heavens. For the vast, vast majority of account thefts are connected to simple human error and poor choices in selecting a user name, or in keeping a password private. Here are some tips:
I have passed this along. I share your concerns, but I must, once again, make suggestions rather than simply shaking my fists at the heavens.
For the vast, vast majority of account thefts are connected to simple human error and poor choices in selecting a user name, or in keeping a password private. Here are some tips:- Select a unique user name, and not "(name)GuildWars."
- Use a secure password. No birthdates, no pet names. Toss in symbols, capitalization, numbers, and more.
- Do not use that same password for PlayNC or any other purpose!
- Do not use an email account that is publicly known. Since Guild Wars requires an email address for user name, can you see fit to set up a separate account for games? Can you not give out that name to people you meet in the game? Have an email for games, and an email for, you know, email. But keep them both current so you don't find yourself unable to confirm ownership of the account, or receive alerts should someone try to access the account.
- If you set up your account through PlayNC, it seems to me you have an extra layer of security: PlayNC name, game user name, password. I could be mistaken, but that seems better, not worse. However, being able to change that information would be a really good thing, and I've written tonight to ask if there is any chance that we can foresee such an option in the near future. I'm hopeful that players will, someday, be allowed to change some or all of the various parameters of their account security. But at the same time, the very ability to make those changes could open security breaches, and in fact requires greater diligence on the part of both player and company.
Hockster
Quote:
|
Originally Posted by bart
it sucks to get hacked. a friend got hacked 3 times and he's done everything from changing password to using spybot/antivirus. I suspect that its the add-ons that he downloaded for the game that is siphoning information to the hacker.
|
Alex Weekes
(Edits in italics)
Can you please detail exactly what your concerns are with regards a "security hole" in PlayNC accounts? I ask, because security has been significantly improved on PlayNC master accounts over the last few months:
1. It is no longer possible to 'brute force' the resetting of passwords on an account, because the system will lock out for a period of time after a handful of incorrect attempts.
2. Resetting your master account password now involves an email being sent to the address registered within PlayNC. You cannot simply change someones password by knowing their birthdate and guessing their security question answer.
Now, with regards changing your details within PlayNC:
1. You CAN change a linked Guild Wars account password through a PlayNC master account. Simply login to the account, find your GW account in the Games List and then click the "Account Details" button associated with that account. Then choose the "Reset Password" button.
2. You CAN change your contact email address. This email address will be used for notifying you of any password changes and for resetting a forgotten Master Account password. To change the email address, login to your Master Account and scroll down to the bottom of the page. At the bottom are your contact details. Click the "Edit Contact Info" link, and change your designated contact email address.
Important Note: A PlayNC Master Account is *not* the same as a Support account used for communicating with the PlayNC support teams. Logging in to a PlayNC Master Account should be done through the "Account" link button on the left side Nav of the PlayNC site.
Can you please detail exactly what your concerns are with regards a "security hole" in PlayNC accounts? I ask, because security has been significantly improved on PlayNC master accounts over the last few months:
1. It is no longer possible to 'brute force' the resetting of passwords on an account, because the system will lock out for a period of time after a handful of incorrect attempts.
2. Resetting your master account password now involves an email being sent to the address registered within PlayNC. You cannot simply change someones password by knowing their birthdate and guessing their security question answer.
Now, with regards changing your details within PlayNC:
1. You CAN change a linked Guild Wars account password through a PlayNC master account. Simply login to the account, find your GW account in the Games List and then click the "Account Details" button associated with that account. Then choose the "Reset Password" button.
2. You CAN change your contact email address. This email address will be used for notifying you of any password changes and for resetting a forgotten Master Account password. To change the email address, login to your Master Account and scroll down to the bottom of the page. At the bottom are your contact details. Click the "Edit Contact Info" link, and change your designated contact email address.
Important Note: A PlayNC Master Account is *not* the same as a Support account used for communicating with the PlayNC support teams. Logging in to a PlayNC Master Account should be done through the "Account" link button on the left side Nav of the PlayNC site.
Gaile Gray
Alex,
The concern that I've seen expressed is handling changes to your Guild Wars user name once linked to PlayNC. I believe that is not possible with the current situation. Now that may lie in the fact that one has lost access to an older email address, through a change in ISP, though a expiration, for whatever reason. Some processes require verification via email, and once one cannot access a former email account, verification becomes impossible. One wants to change to a new Guild Wars user name, but changing the user name requires receiving email at that user name (email address), yet one cannot access that address any longer.
So yes, there are processes for changing passwords and the PlayNC user names, but I believe that the issue is changing the Guild Wars user name once linked to PlayNC. Obviously those experiencing the problems, and expressing their personal concerns, can tell you better than I.
The concern that I've seen expressed is handling changes to your Guild Wars user name once linked to PlayNC. I believe that is not possible with the current situation. Now that may lie in the fact that one has lost access to an older email address, through a change in ISP, though a expiration, for whatever reason. Some processes require verification via email, and once one cannot access a former email account, verification becomes impossible. One wants to change to a new Guild Wars user name, but changing the user name requires receiving email at that user name (email address), yet one cannot access that address any longer.
So yes, there are processes for changing passwords and the PlayNC user names, but I believe that the issue is changing the Guild Wars user name once linked to PlayNC. Obviously those experiencing the problems, and expressing their personal concerns, can tell you better than I.
Phaern Majes
Just curious, if some logged in to your NCSoft account couldn't they just change your email THEN change your password? I mean if they change your email then the having to confirm your password change wouldn't really be an issue for them. I realize that for them to even be able to get on your NCSoft account would be a security hole on the user's end. I'm just saying once they did I don't see how you could get your NCSoft account back if all they had to do was change your email first then your password.
Hockster
Quote:
|
Originally Posted by Alex Weekes
1. It is no longer possible to 'brute force' the password on an account, because the system will lock out for a period of time after a handful of incorrect password attempts.
|
There have been a couple recent threads here where the users stated getting a huge number of the auto response email about someone attempting to access an account. If the lockout mechanism in in place it appears that it is nonfunctional.
NeHoMaR
Solar Light, I am so sorry to say the security hole is in YOUR computer. If you use a good correctly configured anti-virus and firewall you will NEVER be hacked again EVER.
Shadow Kurd
Quote:
|
Originally Posted by Gaile Gray
Alex,
The concern that I've seen expressed is handling changes to your Guild Wars user name once linked to PlayNC. I believe that is not possible with the current situation. Now that may lie in the fact that one has lost access to an older email address, through a change in ISP, though a expiration, for whatever reason. Some processes require verification via email, and once one cannot access a former email account, verification becomes impossible. One wants to change to a new Guild Wars user name, but changing the user name requires receiving email at that user name (email address), yet one cannot access that address any longer. So yes, there are processes for changing passwords and the PlayNC user names, but I believe that the issue is changing the Guild Wars user name once linked to PlayNC. Obviously those experiencing the problems, and expressing their personal concerns, can tell you better than I. |
Solar Light
Quote:
| The OP saw fit to post this in multiple fan forums. I must say, that's not a good or courteous choice, since server costs have an impact upon the kind folks who house these forums, and it appears a tad like "dev bashing" to take a negative, accusatory post to multiple sites. Regardless, let me repeat what I said elsewhere: |
as far as bashing goes, i recall either you or alex posting on improvements to the NCsoft secuirty, and yet the login lockup still persists in being around.
I can dig up quotes from here if needed =p
but, i can admit i was fustrated at what happened to my friend, and i was probably a bit harsher then needed.
Galie and Alex, please assit however you can to Ncsofts Lockup changed so we can easly and freely change our logins and passwords without headaches.
Shanaeri Rynale
Quote:
|
Originally Posted by NeHoMaR
Solar Light, I am so sorry to say the security hole is in YOUR computer. If you use a good correctly configured anti-virus and firewall you will NEVER be hacked again EVER.
|
Many people have been hacked because they used the email address they use for GW as a login, or incuded in forum logins. These forums, esp some free hosted ones are easily hacked and they can get the details from there.
Never use your GW user email for anything else, Gaile posted a while ago some very good hints on account security. Follow those and you'll be ok.
I'm sure the non changing of email addresses will be fixed very soon, but one does'nt want them to open up a new vulnerability while trying to fix this one.
While we are on the subject of improvements I believe two areas could be improved.
1. User Authentication. A Password strength indicator, being able to change user name etc.
2. Access Control. Prevention of deletion of a character should 1 be compromised. Enabling the setting of a flag on a character indicating it cannot be deleted unless 24 hours have passed and a confirmation mail sent. Also have an item/armor maker, like the hat guy where a customised replacement of the armor/weapon can be made should the main ones be lost(would also serve as additional storage
The mechanics are all there in some shape or form and I believe their implemention would save a lot of support calls and worried gamers.
Burst Cancel
Some of you need to actually read the OP instead of posting patently retarded knee-jerk responses the moment you see the word 'hacked'.
Yes, we understand that you're a tough, no-nonsense person that has no sympathy for people getting hacked.
Yes, we understand that you believe getting hacked is entirely the fault of the person leaving themselves open to being hacked.
However, in your self-righteous tirades, you morons have conveniently missed the fact that the OP is talking about an entirely different issue.
So please, take your tough-guy "you deserved to be hacked" bull**** somewhere else.
Yes, we understand that you're a tough, no-nonsense person that has no sympathy for people getting hacked.
Yes, we understand that you believe getting hacked is entirely the fault of the person leaving themselves open to being hacked.
However, in your self-righteous tirades, you morons have conveniently missed the fact that the OP is talking about an entirely different issue.
So please, take your tough-guy "you deserved to be hacked" bull**** somewhere else.
explodemyheart
Quote:
|
Originally Posted by Gaile Gray
So yes, there are processes for changing passwords and the PlayNC user names, but I believe that the issue is changing the Guild Wars user name once linked to PlayNC. Obviously those experiencing the problems, and expressing their personal concerns, can tell you better than I.
|
I think that may be part of the problem that the OP is trying to express, but I could be wrong.
ikpt
Quote:
|
Originally Posted by Burst Cancel
Some of you need to actually read the OP instead of posting patently retarded knee-jerk responses the moment you see the word 'hacked'.
Yes, we understand that you're a tough, no-nonsense person that has no sympathy for people getting hacked. Yes, we understand that you believe getting hacked is entirely the fault of the person leaving themselves open to being hacked. However, in your self-righteous tirades, you morons have conveniently missed the fact that the OP is talking about an entirely different issue. So please, take your tough-guy "you deserved to be hacked" bull**** somewhere else. |
Gaile Gray
I wanted to mention that one of the ArenaNet Co-founders today sent an email to team members who work on this aspect of our service, to ask about the status of certain improvements to the system that will address such concerns. We're very sorry for the time that it has taken to make the changes, and as far as I know, there are still changes and improvements yet to be made.
lightblade
Quote:
|
Originally Posted by Vermilion Okeanos
Yes, and you defintely know what go on between them. Of course, you would know where they live and how they live, AND defintely you would even know what kind of underwear they are wearing.
Give me a break. |
Shmanka
Quote:
|
Originally Posted by Solar Light
if it was that simple, i wouldnt be here.
|
explodemyheart
Quote:
|
Originally Posted by Shmanka
Thus you are here, and it is that simple, therefore you contradict yourself.
|
Solar Light
I am starting to belive that flaming, mockery, and such is a hobby for 75% of the forum population, and they seem to have selective hearing/reading.
For those that i refer to, please tone it down, read, interpet, and figure out what i am saying, THEN try to derail me, discussions get boring when others dont even know what the full topic is.
oh, and lets not forget civalty please, i dont mind discussion and debate, but keep within the rules please
For those that i refer to, please tone it down, read, interpet, and figure out what i am saying, THEN try to derail me, discussions get boring when others dont even know what the full topic is.
oh, and lets not forget civalty please, i dont mind discussion and debate, but keep within the rules please
Pwny Ride
Quote:
|
Originally Posted by Solar Light
one of my good friends in my guild as of this hour, has gotten hacked her second time, likely by the same person.
The first hacking has been Reported how many times now, and now becasue NFsoft wont let anyone change their passwords or emails on their site, she is likley dead now for GW if the hackers erase her chars this time. I reemmber Galie saying that something was going to be done about this months ago, within a weekish span time, that seems to have ended up as a LIE. i tell noone my information, im paranoid about security, but the NCsoft holes is worrying me, for my security and that of my freinds. to be simple, and sorry for shouting, BUT SOMETHING NEEDS TO BE DONE NOW, NOT A YEAR FROM NOW. and why isnt anet shutting down the hackers, it should be easy to trace logs and find out what **** was involved in ripping her off. |