As many players know, there is always a message on our login screen that tells us how third-party programs consist keyloggers, which will most likely be the reason to the loss of our accounts. In related to this, this message has recently changed into the following:
"We've noted a rise in attempted game account thefts. Account Theft often results from risky player behavior (purchasing gold online, sharing accounts, using third-party programs, answering bogus emails, or having weak passwords.) To protect yourself, use a complex password and change it regularly."
So what is really the reason for Anet to make this change? I'm not certain to what the reason is, but I do have an approximation. Just recently, a friend of mine who has not logged on for 7 months has logged on briefly. Knowing how he swore not to reinstall the game, I was shocked, and I asked him shortly afterwards. This is when I discovered that he has never reinstalled the game and that an email was sent to him about his password being changed. Of course, we have retrived his account as soon as possible. The one thing that troubled me was that although my friend is not wealthy in the game, none of his items were stolen in the process of being hacked. We've only notice the change in his password.
Here's a brief analysis of the reasons stated by Anet, which made have led to this incident:
Purchasing gold online: My friend hasn't logged on for 7 months, and he doesn't even care about his account upto this point of being hacked. So I doubt he would purchase gold online.
Sharing accounts: He has not given his account and password away to anyone; the only exception was made is because he wanted me to retrive his account.
Third-party programs: Same reason as purchasing gold online.
Answering bogus emails: I'm not sure about this one.
Having a weak password: He uses the password that's given of the password reset option, and in a sense, it is probably weak, but how does someone else know the string of his account name?
Just to speculate, I wish that the community can discuss what is likely to be the cause of this incident. To be more frightening, once again, I want to point out that the theif did not take any of his items. What was the theif planning to do with the account? Just think about it - how many of us would stop playing Guild Wars for a few weeks here and there. Imagine one day when we come back to this game, we are being accused of botting or selling in-game gold, which results in an account termination. That is truly scary.
The other announcement of the login screen...
DivineEnvoy
oracle.delphi
Someone may have hacked it to use it for botting purposes, is my best guess
kinda scary i'll admit
kinda scary i'll admit
slowerpoke
The botters have probably shifted their attention to stealing more accounts since the RTM has made the old way of business difficult.
Operative 14
Considering Taiwan has been cut off from trading with the rest of the game, it makes sense to me that the now defunct Asian gold farmers, that were using Taiwan as a gateway, are now trying to quickly build their numbers up on the global districts so they can continue farming and selling their wares to their 'customers'.
As to how it could have happened to your friend, I'm at a loss. Though, the e-mail address he uses for his account name, is it just his regular hotmail account or something?
As to how it could have happened to your friend, I'm at a loss. Though, the e-mail address he uses for his account name, is it just his regular hotmail account or something?
DivineEnvoy
Quote:
|
Originally Posted by Operative 14
Considering Taiwan has been cut off from trading with the rest of the game, it makes sense to me that the now defunct Asian gold farmers, that were using Taiwan as a gateway, are now trying to quickly build their numbers up on the global districts so they can continue farming and selling their wares to their 'customers'.
As to how it could have happened to your friend, I'm at a loss. Though, the e-mail address he uses for his account name, is it just his regular hotmail account or something? |
Loviatar
Quote:
|
Originally Posted by Operative 14
As to how it could have happened to your friend, I'm at a loss. Though, the e-mail address he uses for his account name, is it just his regular hotmail account or something? |
most people when they register their account use their normal everyplace email out of habit.
my accounts all have serarate one place only from my isp and are the maximum length allowed for an email name at my ISP dot com also the name is a randomly generated password giving something like this.
FvysNU6wNS4SHtDfoDDyQ @ my isp . com
max password as well but that one place email name is the blocker.
as well as keeping the nastys out
software firewall from zonealarm
hardware router firewall for my little network seems to work
VitisVinifera
several people, myself included, have suggested some simple security measures, which I'm sure Anet doesn't care enough to implement.
Thinks like, if someone's trying to brute your pw, your acct is locked after x incorrect tries and you are notified via email
Despite Anet's shift the blame stance, some people will lose their accounts due to no fault of their own (ok partial blame for making easy to brute pws)
Thinks like, if someone's trying to brute your pw, your acct is locked after x incorrect tries and you are notified via email
Despite Anet's shift the blame stance, some people will lose their accounts due to no fault of their own (ok partial blame for making easy to brute pws)
Darcy
ANet, guru and other forums have been telling people for years about the steps needed to prevent account hacks.
The problem is that no one reads the warnings until after they have set up the account. Too late to use a one-off account name email that can be discontinued.
That only leaves changing your hard-to-hack password on a regular basis as a prevention measure.
The problem is that no one reads the warnings until after they have set up the account. Too late to use a one-off account name email that can be discontinued.
That only leaves changing your hard-to-hack password on a regular basis as a prevention measure.
Kerwyn Nasilan
If this is happening I want the ability to change my account password the old way cause the new way is just a nightmare and not worth the time.
Numa Pompilius
Quote:
|
Originally Posted by VitisVinifera
several people, myself included, have suggested some simple security measures, which I'm sure Anet doesn't care enough to implement.
|
EDIT: To the OP: unless your friend has done something monumentally silly, like logging in from a public computer, it may be that your friends email account has been compromised.
mr_groovy
"If there 's a hacker here, in your neighbourhood,
Who you gonna call:
Re gi na"
Ghost busters theme melody
Who you gonna call:
Re gi na"
Ghost busters theme melody
SerenitySilverstar
Quote:
|
Originally Posted by mr_groovy
"If there 's a hacker here, in your neighbourhood,
Who you gonna call: Re gi na" Ghost busters theme melody |
BladeDVD
Quote:
|
Originally Posted by VitisVinifera
several people, myself included, have suggested some simple security measures, which I'm sure Anet doesn't care enough to implement.
Thinks like, if someone's trying to brute your pw, your acct is locked after x incorrect tries and you are notified via email Despite Anet's shift the blame stance, some people will lose their accounts due to no fault of their own (ok partial blame for making easy to brute pws) |
This frustrates brute force password programs while not requiring support having to unlock player accounts all the time.
They are continuing to work on the problem of not being able to change your login email once it is registered with NCSoft online. This seems to be more a problem with NCSoft than ANet. Mind you, we've only heard ANet's side of that story.
mr_groovy
Quote:
|
Originally Posted by SerenitySilverstar
Cute, but...no. Now it really IS Gaile, and support.
|
.
gone
as much as I hate to say this in public, and I'm sure many people already know...passwords aren't even case sensitive...at least the one the NCsoft/anet generated for me isn't.
that is pretty sad.
that is pretty sad.
zwei2stein
However, point is that someones account who was not active GW player for months was attempted to be cracked.
How would attacker know who to target?
How would attacker know who to target?
gone
they don't know who to attack, or care...unless they have your info via keylogger. brute forcing just isn't fast enough. I'm sure a few have been cracked via BFing but why do it the hard way?
and yes I've read what the op said. I'm not buying it. somehow, someone got a hold of his private info. active account or not. it's prolly just pure coincidence.
and yes I've read what the op said. I'm not buying it. somehow, someone got a hold of his private info. active account or not. it's prolly just pure coincidence.
holababe
Nobody would be stupid enough to try and brute force a GW account.
The numbers just don't add up -> 36^8 possible combinations, even at 10^6 per second (1 million) would still take more than a month to crack.
The vast majority of accounts will be hacked through a combination of keyloggers, phishers and social engineering.
The numbers just don't add up -> 36^8 possible combinations, even at 10^6 per second (1 million) would still take more than a month to crack.
The vast majority of accounts will be hacked through a combination of keyloggers, phishers and social engineering.
MoriaOrc
Acquiring Account name:
Did your friend have a forum account on a GW fansite (Guru or otherwise)? Did he use the same email to register it? Did he display that email address publicly? That seems like a pretty good way to find likely account names to me.
Password:
I don't know how they set "default recovery passwords" since I've never had to recover an account. If they're not strong passwords, or they're easily guessable, this could be how they got in to the account. Reset passwords are usually at least somewhat strong though.
Another possibility, if someone gained access to his email account through some other means and saw GW related emails. They could have tried the same account/password (and it worked).
Does NCSoft do "Answer the Question" password resets? If the answer is easily guessed, this could also be the source of the problem.
There are always ways, though a 7 month old account isn't usually a likely target for hijacking.
Did your friend have a forum account on a GW fansite (Guru or otherwise)? Did he use the same email to register it? Did he display that email address publicly? That seems like a pretty good way to find likely account names to me.
Password:
I don't know how they set "default recovery passwords" since I've never had to recover an account. If they're not strong passwords, or they're easily guessable, this could be how they got in to the account. Reset passwords are usually at least somewhat strong though.
Another possibility, if someone gained access to his email account through some other means and saw GW related emails. They could have tried the same account/password (and it worked).
Does NCSoft do "Answer the Question" password resets? If the answer is easily guessed, this could also be the source of the problem.
There are always ways, though a 7 month old account isn't usually a likely target for hijacking.
zwei2stein
Quote:
|
Originally Posted by holababe
Nobody would be stupid enough to try and brute force a GW account.
The numbers just don't add up -> 36^8 possible combinations, even at 10^6 per second (1 million) would still take more than a month to crack. The vast majority of accounts will be hacked through a combination of keyloggers, phishers and social engineering. |
Zesbeer
just like the message says just change your password often.
distilledwill
I made the mistake of tying my account to an email which was vastly overused at the time (id signed up to so much crap) and now i barely use. So it got so freaking cluttered that I dreaded having to open it up if I ever had any problems.
This post has made me think about my accounts security, I will probably be taking precautions tonight!
This post has made me think about my accounts security, I will probably be taking precautions tonight!