This is just a note to other GW users. I was hacked while on my account last night. Someone logged into my NCSoft master account and changed the passwords for it as well as my log in password. I was immediately booted out of GW and could not log on. I then logged onto one of my other accounts to see someone else logged into my main account. I started the ball rolling trying to get a quick response from Anet, with no prevail.
It seems to me that NCSoft has some issues with Brute Force hacking.
I have no Trojans, KeyLoggers or have I downloaded any unsafe programs, I am running Kespersky total security.
The only thing I have downloaded recently was GWML, I do not know if this is the culprit or not but it was recent.
Yes when I first started GW I bought gold for real money, stupid I know, but I was not aware of the pitfalls at the time and I didnt know it was wrong.
I just wanted everyone to be aware, change your NCSoft Master account passwords regularly, it might have saved me a large headache.
Account Hacked, not a QQ.
Rainen_Fyre
Mustache Mayhem
make your password 10 chars + next time.. don't use words in the dictionary or names/slang words and add some numbers, you'll be fine
or you can make your pass really random- use a pattern on your keyboard, like start at g and press the keys to make a circle around it, last letter in caps then add your favorite number after.. just an example of ways to make your pass totally random and still remember it
or you can make your pass really random- use a pattern on your keyboard, like start at g and press the keys to make a circle around it, last letter in caps then add your favorite number after.. just an example of ways to make your pass totally random and still remember it
Razon
Lol if someone actually brute-forced your password, it must really suck. A password with just letters/numers alone ain't the best idea.
Laraja
Being an ex-Unix engineer with a specialty in hacked systems, I can tell you that making up good passwords is actually pretty easy.
The random Star Wars name generator is perfect. Type in some random crap, you cousin's best friend's dog's name, a made-up prescription drug name, whatever, replace some of the letters in the generated name with corresponding numbers on your phone, such as 2 for abc, 3 for def and so on, and you have a password that is impossible to hack. It has no ties to anything that's remotely familiar to you. Write it down, remember it, tape it to the bottom of a desk drawer or somewhere in case you forget.
No one would brute force a GW password unless they're so bored, that they have nothing else to do. Hackers brute force a system that actually is worth the time and has something worth stealing. I would expect it's something that you've accidently downloaded.
Anyway, my two cents worth.
The random Star Wars name generator is perfect. Type in some random crap, you cousin's best friend's dog's name, a made-up prescription drug name, whatever, replace some of the letters in the generated name with corresponding numbers on your phone, such as 2 for abc, 3 for def and so on, and you have a password that is impossible to hack. It has no ties to anything that's remotely familiar to you. Write it down, remember it, tape it to the bottom of a desk drawer or somewhere in case you forget.
No one would brute force a GW password unless they're so bored, that they have nothing else to do. Hackers brute force a system that actually is worth the time and has something worth stealing. I would expect it's something that you've accidently downloaded.
Anyway, my two cents worth.
Iuris
Brute forcing would also hit the failed attempt login delay GW is supposed to have.
Hacked, hacked, hacked... who believes this crap? You don't get hacked in GW. Somehow, somewhere security slips. Answer a wrong email, change pass on an NCsoft imitation page - bang. Use strong GW password and download nothing - and someone gets into the Email used for login, resets password, and gets it sent to him. Stuff like that is what really happens.
But noooo - everyone is SOOOO secure.
I sometimes actually wonder whether half the "hacking" reports are false complaints from gold sellers angry that Anet shut their accounts down, trying to make it seem GW is insecure.
Hacked, hacked, hacked... who believes this crap? You don't get hacked in GW. Somehow, somewhere security slips. Answer a wrong email, change pass on an NCsoft imitation page - bang. Use strong GW password and download nothing - and someone gets into the Email used for login, resets password, and gets it sent to him. Stuff like that is what really happens.
But noooo - everyone is SOOOO secure.
I sometimes actually wonder whether half the "hacking" reports are false complaints from gold sellers angry that Anet shut their accounts down, trying to make it seem GW is insecure.
fritz300
This also just happened to me early this morning..
I use a non-dictionary alpha-numeric password that would take years to brute force and they were still able to reset my password... Perhaps the forgot password function was exploited or something similar. Any update on your account Rainen_Fyre?
I use a non-dictionary alpha-numeric password that would take years to brute force and they were still able to reset my password... Perhaps the forgot password function was exploited or something similar. Any update on your account Rainen_Fyre?
shoyon456
Quote:
|
Originally Posted by Iuris
Brute forcing would also hit the failed attempt login delay GW is supposed to have.
Hacked, hacked, hacked... who believes this crap? You don't get hacked in GW. Somehow, somewhere security slips. Answer a wrong email, change pass on an NCsoft imitation page - bang. Use strong GW password and download nothing - and someone gets into the Email used for login, resets password, and gets it sent to him. Stuff like that is what really happens. But noooo - everyone is SOOOO secure. I sometimes actually wonder whether half the "hacking" reports are false complaints from gold sellers angry that Anet shut their accounts down, trying to make it seem GW is insecure. |
Hell, I think Anet is even secretly aware of some sort of exploit for this, hence why guru now has the no IGN in profile policy as requested by Anet.
Just my 2 cents.
snowman relic
ive had i think 4 but for sure 3 friends who were looking up how to hack guild wars and the next day they were hacked so you might want to stay away from hacking sites to
sirsterm
Posting about this is a waste of time. I have made a couple of posts about this and had one deleted. With 3 years of grinding to only have my stuff gone is pure bs.
Stop drinking the Anet kool-aid... no kidding.
To anyone else whos been hacked, the Kool-aid really don't taste good anymore anyway so move on.
For the ones who love this Kool-aid let them be happy with Anet ops I meant Jim Jones.
Stop drinking the Anet kool-aid... no kidding.
To anyone else whos been hacked, the Kool-aid really don't taste good anymore anyway so move on.
For the ones who love this Kool-aid let them be happy with Anet ops I meant Jim Jones.
damkel
What everyone has been saying, stay away from suspect e-mails, downloads, websites etc. There is real money to be made in hacking peoples accounts and taking their gold (like the OP who admits to buying in-game gold with real $$). Sorry for your loss dude. Thanks for putting this warning out too.
The build master
Quote:
|
Originally Posted by Rainen_Fyre
Yes when I first started GW I bought gold for real money
|
But really you cant do much for keeping your account safe. Random passwords regular virus scans and try to avoid weird gw related web sites.
mlandry
I just logged on for the first time in months today because I felt like restarting. Noticed a few items are missing (I thankfully customize everything and they left those) + all my armors have had their vigors runes taken off, no more cash in stash, all my chaos gloves + destroyer gloves have been salvaged as well.
Guess I'm permanently done with this game after 2200 hours played. Thanks hackers.
P.S : I only use this + GWwiki as sites.
Guess I'm permanently done with this game after 2200 hours played. Thanks hackers.
P.S : I only use this + GWwiki as sites.
Blobbob
Quote:
|
Originally Posted by shoyon456
Hell, I think Anet is even secretly aware of some sort of exploit for this, hence why guru now has the no IGN in profile policy as requested by Anet.
|
Deviant Angel
Quote:
|
Originally Posted by Rainen_Fyre
Yes when I first started GW I bought gold for real money, stupid I know, but I was not aware of the pitfalls at the time and I didnt know it was wrong.
|
Majority of the people that have made "omg I just got hacked" threads recently have been told by support that RMT companies were responsible. They don't need a keylogger if you used the same email and password (hell, even a similar one) to register on their website.
Rainen_Fyre
Quote:
|
Originally Posted by fritz300
This also just happened to me early this morning..
I use a non-dictionary alpha-numeric password that would take years to brute force and they were still able to reset my password... Perhaps the forgot password function was exploited or something similar. Any update on your account Rainen_Fyre? |
And after reading all the above emails I believe my password was on the weak side. As Deviant Angel pointed out, I could have used the same password or something similar at that sight. I know it was the same email. And now in the crunch wars against gold sellers they picked my account out of the hat.
I just wanted to share this story as a warning to others that Gold Buying online is as Dumb as it comes. Hind sight 20/20.
Feathermoore Rep
They still needed you NCsoft username first.
And if they hacked through your GW account, they need to know your account name. Player names can not get you account names. One way or another your info got tapped.
And if they hacked through your GW account, they need to know your account name. Player names can not get you account names. One way or another your info got tapped.
Bob Slydell
Quote:
|
Originally Posted by Falynn Firestorm
Being an ex-Unix engineer with a specialty in hacked systems, I can tell you that making up good passwords is actually pretty easy.
The random Star Wars name generator is perfect. Type in some random crap, you cousin's best friend's dog's name, a made-up prescription drug name, whatever, replace some of the letters in the generated name with corresponding numbers on your phone, such as 2 for abc, 3 for def and so on, and you have a password that is impossible to hack. It has no ties to anything that's remotely familiar to you. Write it down, remember it, tape it to the bottom of a desk drawer or somewhere in case you forget. No one would brute force a GW password unless they're so bored, that they have nothing else to do. Hackers brute force a system that actually is worth the time and has something worth stealing. I would expect it's something that you've accidently downloaded. Anyway, my two cents worth. |
Karate Jesus
Quote:
|
Originally Posted by Iuris
Brute forcing would also hit the failed attempt login delay GW is supposed to have.
|
And even Gaile has admitted that these recent influxes in hacked accounts were no coincidence. Support is actually trying to add some more anti-hacking protocols, because of these problems (as per Gaile's talk page).
These hacks are a real problem and I personally tell everyone I know in game to avoid buying from the NCSoft website and to avoid using the NCSoft website for anything other than increasing the strength of their passwords.
Shayne Hawke
Sure is pretty risky to be playing Guild Wars these days, eh?
Good lord, I hope we don't have to use the PlayNC account to transfer things from GW to GW2.
Good lord, I hope we don't have to use the PlayNC account to transfer things from GW to GW2.
Hyperventilate
Quote:
|
Originally Posted by Iuris
Brute forcing would also hit the failed attempt login delay GW is supposed to have.
Hacked, hacked, hacked... who believes this crap? You don't get hacked in GW. Somehow, somewhere security slips. Answer a wrong email, change pass on an NCsoft imitation page - bang. Use strong GW password and download nothing - and someone gets into the Email used for login, resets password, and gets it sent to him. Stuff like that is what really happens. But noooo - everyone is SOOOO secure. I sometimes actually wonder whether half the "hacking" reports are false complaints from gold sellers angry that Anet shut their accounts down, trying to make it seem GW is insecure. |
My boyfriend's ex-guildie stopped playing Guild Wars for a few months. When he recently logged in (A few days ago), his account was gone.
Since he doesn't play anymore, how could he have slipped up his password? A-net confirmed it was a Chinese Money Trader.
I admit, the majority of people probably responded to a fake e-mail or somehow gave out their information, I don't think -everyone- has fallen for that.
Even Gaile has addressed this is a very real problem and it is hacking in one form or another.
Very scary times, these are.
Inde
I realize how frustrated some of you must be, but there's nothing we can do on this site to help. You must go through support.
Read this on security, run this to download anti-malware software, go here to ask for support on your issue.
In addition, I've added your stories to our ongoing thread to have them all consolidated for the last month: http://www.guildwarsguru.com/forum/s...79#post4928279
Read this on security, run this to download anti-malware software, go here to ask for support on your issue.
In addition, I've added your stories to our ongoing thread to have them all consolidated for the last month: http://www.guildwarsguru.com/forum/s...79#post4928279