Update - Wednesday, December 2, 2009

Seconded. There are alternatives if you don't want to go to those coding lengths:

1) Cloak e-mails and game passwords. Require me to respond to an e-mail to the cloaked e-mail to change my game password.

2) Less stringent: cloak e-mails. Require me to enter the existing in-game password to change my password.

Either way, the fact that an unauthorized entry to a PlayNC account coughs up all of my info to a hacker is beyond unacceptable. If you cannot do either of those things, then:

3) Let me sever the connection

is the only reasonable alternative. And if you believe that the recent rash of hacks is unrelated to your free Xunlai storage pane promotion, you're crazy. Explain why Aion accounts are getting hacked left and right, then. That's a VERY small group of accounts in which to observe all of those hacks............

If they are going after paypal then some serious legal stuff may follow and we MAY see changes (though ncsoft will NEVER say they did anything wrong)


I would also have to say that it is more than likely that it is more than just one rmt/hacker doing all of this----one may be hitting the older accounts, one may be hitting the unknown website, another maybe hitting ?????....

and there may still be some of the usual user errors too (though the ones mentioned here are not those imo).

and IF it is more than one---there is some serious breach going on.

and yeah

I also want to sever my ncsoft ties especially after they said to never use your password for anything else and then made you use it for a UNSECURE webpage (xth)........

and on the OP...yes thanks for the updates.

It's a shame. There are things I would purchase from the in-game store but due to so many security question marks around it, I refuse. I'm sure they don't care about a couple of bucks lost, but they really need to get it together before the majority of GW's community gets wind of the concerns.

That would be an expensive admission, yes.

It's increasingly looking that way. And that makes sense, if you think about it. Multiple hackers exploiting the same vulnerability for different purposes isn't startling. There are only so many "easy" ways to crack a system.

I made a full system scan with a few tools and nothing. The issue is that I used a Windows machine during this particular transaction so I cannot prove that I am fully clean. There is no fully protected Windows system. Still waiting for the replies.

Do you use Iobit Security 360? It picked up a "threat' that all my other defenses missed.
I received an email that said "Email Undeliverable". I opened it to see a list of obsolete addresses that I hadn't cleared from my contacts. I suspected that my email had been compromised. I did a full system scan with 4 of the top rated AV and spyware programs. Finished off with Security 360 which revealed & removed the threat. I then changed my password on everything that didn't auto log.

Computer is used for email, GW, Guru, GW Wiki, & facebook. You choose where the "threat" came from. Keep your guards up.

Which 4? And top-rated by whom?

Thanks for info. I have not used this one. I will try it shortly.

It may have detected a "threat", but are you sure it actually removed it?

You might be interested in this review... it's not encouraging.

Imo "Free security software" wont ever be GOOD security software! There is always a price to everything. Bottomline; what you get is what you pay for.

I just don't see the general relation.

Any mainstream malware/virus and what it does or what the person does after certain information is collected, wouldn't be bothered for seconds with a petty Guild Wars account.

To the people getting hacked are either visiting sites, searching for certain software that alters something within Guild Wars and are the receiving recipient of shady stuff because of it.


Of course this is just the first step in anything and knowing a ton of people use global/master passwords and usually only have one email addy makes anything after a lowly game account access that much easier. Still anything or anyone that would use such info definitely wouldn't block current access, strip your account, change password, they would simply access it just to see if info is correct and not touch anything.

We aren't talking WoW accounts here that could be worth 500$+ a pop.

Try reading the posts in this thread.

If you still don't get it, keep re-reading them until you do.

I think you underestimate business side of malware.

Egold companies that would be interesated in GW account would also be interested in WoW accounts or any other game.

If you are in business of stealing personal info and malwareing, you will likely have several customers, and one of those customers is going to be egold company. You can get info, you can sell it. Even low price is worth it on good volume. If you can monitor wow.exe and aion.exe, adding gw.exe to mix is kind of smart.

And hey, infected computers are in for sale too! It only costs acout cent per machine to get your own malware on. Once your CC number/paypal accoout/ebanking account is obtained, it is proftable to resell.

---

General relation is here at least for some cases: one fansite got security breach recently. Regina said they are back online now and all fixed, she did not name site thou.

Well, I figured it out myself. How do i know? My username/password matched my mule account plaync credentials, the only gw account that i log in that got hacked (hey, it was made 4 or 5 years ago, back-then throwaway lets-me-try-this trial account and i-just-want-to-post-once-forum account did not exactly look important enough to maintain proper credential separation). Since that was plaync and not gw account name, account was reset throught plaync: that is why some hacked people reported password changes, while i guess some other players password/email matched their gw account directly and they got hacked without password change and just one day logged in to see they were raided.

Well, those are dangers on being careless online.

I'm sorry to say that both of you are wrong. It's off-topic completely but worth mentioning that:
1) AVG and AntiVir are 2 good examples of free antiviruses which are solid, reliable and trustworthy;
2) Shady stuff is absolutely not the main vector of attacks nowadays, although there's a certain amount of it; there are more obvious reasons which don't involve casting doubts about user behaviour: non updated software, social engineering (e.g. phishing, ignorance), software attacks (facebook was at a certain point a big vector of attacks due to huge Flash vulnerabilities; google ads had the same problem, Guru was a victim of it).

Gentlemen, please don't add to the confusion about security by pointing fingers, it only serves the bad guys which will benefit from this confusion:
http://www.guildwarsguru.com/forum/s...php?t=10298453

P.S.: zwei2stein very interesting to read your analysis.

I think either I, or some other people in this thread are confused about how NCSoft deals with lost passwords. I'm not 100% sure about this, so perhaps someone who does know can set us all straight. For the simple reason of acute paranoia about my own account, I'm not going onto the NCSoft site to check if my memory is correct.

I seem to remember there's 2 levels of dealing with lost passwords. First, you can go for a password hint, which is a bit of text you can enter as part of the account setup. Second, there's the questions you need to answer to reset your password. Maybe confusion about these account for the different descriptions people have been giving in this thread about how they remember the process.

And there's the problem.
AntiVir and AVG good as they may be are antivirus programs; and dont offer protection such as:

AntiAD/ Spyware
AntiPhishing
AntiRootkit
AntiBot
EmailScanner/ Filter
WebGuard
AntiSpam
Firewall

There is not a single security software free of charge that delivers all of the above.
Only security suits do; and those are never free of charge.

Thats why imo freeware gives people a false sense of security; and certain combinations of freeware can even compromise security; and hinder overall PC performace.

Fresh install of win$ from what? Original purchased CD/DVD disk, Burnt CD/DVD backup/restore disk, or warez OS copy?

What version of win$? Did it require live (downloaded) patches?

Were any other PC's live on the local net while this install occurred? Was network traffic monitored carefully?

Is the mobo bios clean?

What applications were installed to the PC? Where did these come from?

Far too many questions, to *EVER* rule out infection due to a "clean install"...

Its more of a function of people being educated on the difference between a virus and spyware/malware/etc. Anti-virus products don't detect spyware and its ilk. That is why one needs anti-spyware software in addition to anti-virus software. Its not a letdown of the free product, its the user not being educated to know they need both applications.

Why pay for a suite when you can get quality free software that does the job as good or better than security suites.

Security Suites are for the dumb.

This is merely an argument of semantics that you've proposed. Whether it's a, b, c, or d - it's a [file] that is running (accessed) in the kernel or in user space. Detection of e (any of the above) is really the same, regardless (~ block of code [string of 0/1] is checksummed for a signature)...

That 'freeware' A/V code wouldn't look for spyware/malware code because it is "different" doesn't bode well in any argument, unless it is 'freeware' offered as a _teaser_ (so you buy the full product).

Update just rolled, its late, and what was it?

it killed my 9 RA wins :P

Same thing happened to me, we might have been in the same team

Edit: No info yet?

Shadow Form is still the same.

Still no info from Paypal. I got money back from my transaction at NCsoft store and still have the product bought - I never asked for it to be reversed. I have no idea what is going on there. Looks like a big mess to me.

Thanks, please keep us up to date if you do hear anything.

I wonder if the reason ANet appears to be finally taking notice of the glaring security weaknesses (or at least making noises about it)... is because Paypal waded in?

This thread is just awful to read, because I know that the more vocal posters are probably not wrong at all. Oh my god, I thought duping was the worst it could get.... obviously not. I thought the NCSoft site was sketchy on the day they made us merge, and every day since... but this is an unfathomable breach of security. I fear for all GW users, past or present.

I was honestly giggling at the QQing until the part of the thread where its revealed that people's Paypal accounts are getting tampered with too. I mean.... seriously, come on, that's so bad. So, so bad. Wow.