Quote:
|
Originally Posted by Chthon
/Signed.
I've been keeping tabs on the "I've been hacked" stories. |
Petition For Improved Account Security.
Bob Slydell
Chthon
Quote:
|
Originally Posted by Tullzinski
http://wiki.guildwars.com/wiki/User:...count_Security
Keep your email secure..... |
Now, can you understand why people are so upset?
Nuime
/signed
Although I haven't had a problem (yet, *keeps fingers crossed*) I also would like to continue to play the game, make in-game-store purchases and everything else like one normally would without even having the slightest trace of worry that any "safe" actions I take through ncsoft will result in getting my account hacked.
Aside from just ncsoft apparently needing to up their own site security...
A simple thing that would make me feel a bit better when it comes to my accounts would be to simply send out an email confirmation when any password (guild wars or ncsoft main) requests to be changed. Assuming your email wasn't compromised, that alone would help a great deal.
You could even add on a "click here to confirm that yes, you changed your password" and make the account temporarily "suspended" until that link is clicked. Heck, take it one step further and make someone answer their "secret questions" again for another level of confirmation at any point of attempting to change a password. Yes it would be a bit of a runaround and annoying to do at that point, but I for one can safely say I rather have it be annoying for me to make changes to my account if it made it harder for someone else to remotely alter anything.
Although I haven't had a problem (yet, *keeps fingers crossed*) I also would like to continue to play the game, make in-game-store purchases and everything else like one normally would without even having the slightest trace of worry that any "safe" actions I take through ncsoft will result in getting my account hacked.
Aside from just ncsoft apparently needing to up their own site security...
A simple thing that would make me feel a bit better when it comes to my accounts would be to simply send out an email confirmation when any password (guild wars or ncsoft main) requests to be changed. Assuming your email wasn't compromised, that alone would help a great deal.
You could even add on a "click here to confirm that yes, you changed your password" and make the account temporarily "suspended" until that link is clicked. Heck, take it one step further and make someone answer their "secret questions" again for another level of confirmation at any point of attempting to change a password. Yes it would be a bit of a runaround and annoying to do at that point, but I for one can safely say I rather have it be annoying for me to make changes to my account if it made it harder for someone else to remotely alter anything.
Carboplatin
./signed.
However, I don't expect anything to be done. I've since started stashing my new earned goodies in multiple accounts, so if they hack one, hopefully the others will be safe. Yeah its that sad.
However, I don't expect anything to be done. I've since started stashing my new earned goodies in multiple accounts, so if they hack one, hopefully the others will be safe. Yeah its that sad.
Grunntar
/signed!
I completely agree with this assessment!
The fact that they unwilling to even try to build in some security is what I find most disturbing. The house is on fire, and they are sitting on the couch, drinking a beer, and watching TV.
Quote:
|
Originally Posted by Siirius Black
Someone found a vulnerability in ncsoft and obviously they are exploiting it.
|
Quote:
|
Originally Posted by Chthon
because NCSoft can't build a secure system is utterly unacceptable
|
(Datura)
/Signed
I don't like NC Soft but love Arenanet.
So, I'll continue to do business with Anet until I can't trust their products for any reason.
I don't like NC Soft but love Arenanet.
So, I'll continue to do business with Anet until I can't trust their products for any reason.
Tullzinski
Quote:
|
Originally Posted by Chthon
The most logical explanation that is consistent with the reported facts of recent account thefts is that it is possible to steal accounts solely through interaction with NCSoft and a-net. The thief does not need to interact with the user in any way -- no keylogger, no man-in-the-middle, no phishing, no social engineering, no access to your e-mail, no gleaning your info from forums like this one. The thief goes directly to NCSoft/a-net and comes away with your GW login credentials. Do you comprehend that?
Now, can you understand why people are so upset? |
Hotboxin240
/signed
................
................
didis
/signed
Authenticator ftw
Authenticator ftw
The Drunkard
/notsigned
I would agree if you provide an explanation on some of the possible reasons how people are getting hacked and some alternatives for Anet to improve the security. Otherwise this is just another thread demanding Anet to change their game's structure because "we don't like it."
I would agree if you provide an explanation on some of the possible reasons how people are getting hacked and some alternatives for Anet to improve the security. Otherwise this is just another thread demanding Anet to change their game's structure because "we don't like it."
Chthon
Quote:
|
Originally Posted by Tullzinski
Absolutely!!! I guess I should have put the /sarcasm line in my last post. I find it amazing that ANET/NCSOFT has this listed as a ADDITIONAL security measure when it is NOT!!!
|
Aragno
Signed
ArenaNet should start focussing on main issues instead of fixing rather pointless things
ArenaNet should start focussing on main issues instead of fixing rather pointless things
Obrien Xp
/signed
We bought it and worked on it, at least try to do something.
Skill Balance<<<Security
I love anet, its just that this is out of hand.
We bought it and worked on it, at least try to do something.
Skill Balance<<<Security
I love anet, its just that this is out of hand.
Jhesta Z
--Signed--Signed--Signed--
Too many hours played to start over.
Too many hours played to start over.
Rydia Merchan
/ Signed!!! Thanks for posting this Shan.
shadowlurk16
Signed.
I got my account hacked 4 days ago by a Chinese gold farmer. I just got it back yesterday after HAVING to call NCSoft and pressure them into doing something. Pressure this company on the phone guys, even if you have to wait 20-40 minutes while on hold.
To people who want to know the potential of these hackers here are the main things.
1) These hackers can gain all your information that is entered in your NCSoft account. This means full name, DOB, Street Address, and email.
2) These hackers can change your security questions and passwords at any time they wish.
THIS IS SERIOUS NCSOFT! We are being serious about wanting to keep our accounts safe, so be respectful and return the favor.
Suggestions for NCSoft on how to improve security
1) Require changed password requests to be finalized in the email of the registered person. Changing passwords directly in NCSoft Master Account is unsafe.
2) Allow players to HAVE A CHOICE wether or not they want a password for each of their characters. This means that when you click on a character to play, another password unique to that character (and not stored on the NCSoft website) is required to access the character.
3) Characters cannot be deleted once made unless a request is sent to the user's email for confirmation.
4) Allow the email used to log into the account to be changed via email confirmation from the old email and the new email.
5) MAKE ALL REQUESTS AND TRANSACTIONS GO THROUGH THE USER'S EMAIL! This will make things much more secure.
Please fix the security issues for the sake of your company and for your player base.
I got my account hacked 4 days ago by a Chinese gold farmer. I just got it back yesterday after HAVING to call NCSoft and pressure them into doing something. Pressure this company on the phone guys, even if you have to wait 20-40 minutes while on hold.
To people who want to know the potential of these hackers here are the main things.
1) These hackers can gain all your information that is entered in your NCSoft account. This means full name, DOB, Street Address, and email.
2) These hackers can change your security questions and passwords at any time they wish.
THIS IS SERIOUS NCSOFT! We are being serious about wanting to keep our accounts safe, so be respectful and return the favor.
Suggestions for NCSoft on how to improve security
1) Require changed password requests to be finalized in the email of the registered person. Changing passwords directly in NCSoft Master Account is unsafe.
2) Allow players to HAVE A CHOICE wether or not they want a password for each of their characters. This means that when you click on a character to play, another password unique to that character (and not stored on the NCSoft website) is required to access the character.
3) Characters cannot be deleted once made unless a request is sent to the user's email for confirmation.
4) Allow the email used to log into the account to be changed via email confirmation from the old email and the new email.
5) MAKE ALL REQUESTS AND TRANSACTIONS GO THROUGH THE USER'S EMAIL! This will make things much more secure.
Please fix the security issues for the sake of your company and for your player base.
Olim Chill
Quote:
|
Originally Posted by Chthon
The most likely explanation is that, in addition to the usual number of people who get their accounts stolen through their own stupidity, there is currently a method of stealing accounts directly through a-net/NCSoft. The password reset feature on the NCSoft master account seems the most likely culprit.
|
Die You Infidel
/notsigned
get urself a proper password
get urself a proper password
Eliz Genevieve
/signed. I've been hacked too, I know what it feels like.
shadowlurk16
Through much reading of player responses, I have come to the conclusion that one of the many problems wrong with the NCSoft security system (and the reason why many people are getting their accounts hacked) is the Password Reset Feature.
4 days ago, my account got hacked after using the password reset feature. I changed my password through the NCSoft Master Account system and within 3 hours of me resetting the password, the account belonged to a gold farmer in China.
Another user made a similar post.
"I suspect the same. One of my accounts got hacked right after I'd used the password reset feature. It was the first time I ever used the password reset feature and the first time I ever got hacked. Fortunately, there was nothing in there worth taking at the time." - Olim Chill
So the moral of the story? DO NOT reset your password at this time. Leave it as it is. I figure that the hackers are getting your information via hacking the notifications that are being sent from NCSoft server that the account password was changed.
The hackers are intercepting packets from password changes.
4 days ago, my account got hacked after using the password reset feature. I changed my password through the NCSoft Master Account system and within 3 hours of me resetting the password, the account belonged to a gold farmer in China.
Another user made a similar post.
"I suspect the same. One of my accounts got hacked right after I'd used the password reset feature. It was the first time I ever used the password reset feature and the first time I ever got hacked. Fortunately, there was nothing in there worth taking at the time." - Olim Chill
So the moral of the story? DO NOT reset your password at this time. Leave it as it is. I figure that the hackers are getting your information via hacking the notifications that are being sent from NCSoft server that the account password was changed.
The hackers are intercepting packets from password changes.
Another Felldspar
Quote:
|
Originally Posted by The Drunkard
/notsigned
I would agree if you provide an explanation on some of the possible reasons how people are getting hacked and some alternatives for Anet to improve the security. Otherwise this is just another thread demanding Anet to change their game's structure because "we don't like it." |
Enter your current Password:
Enter your new Password:
Confirm your new Password:
Within the NC Soft master account it works this way:
Enter your new password:
Confirm your new password:
..and bingo the password is changed allowing the thief, who never needed to know your current password, access to your account. It doesn't matter how good your password is, because they never even have to figure it out. And should you happen to already be logged into your account and playing it will kick you out to give the thief access.
How's that? Change your mind? Want a fix or two?
I'll be honest, I love A-Net. I love Guild Wars. I'm the biggest fanboi-gurl in the world. I support A-Net in every way possible. I've spent quite a lot of money on bringing my family into the game and I've talked it up to quite a few people who have spent their money to come into the game. But I won't spend another dollar until they say that they are working to make my account and the accounts that I've helped to propogate safe. It isn't that "we don't like it" like you've said in your post. It's that we can't trust it.
SpiritSpammer
--signed--
/12char
/12char
snowman relic
/signed
anet i love your game but this bull has to stop its not fair we can lose years worth of work in hours. i log in at least twice a day just to make sure my accounts still there and even then im extra careful but a month or two ago my friend not a hacker but good with computers was able to help me reacess my NCsoft account in a matter of minutes when i had no clue the username or password and after said event happened i relized anet has put all who regestered in a position ready to be hacked. say good bye to all your stuff unless we get this fixed
anet i love your game but this bull has to stop its not fair we can lose years worth of work in hours. i log in at least twice a day just to make sure my accounts still there and even then im extra careful but a month or two ago my friend not a hacker but good with computers was able to help me reacess my NCsoft account in a matter of minutes when i had no clue the username or password and after said event happened i relized anet has put all who regestered in a position ready to be hacked. say good bye to all your stuff unless we get this fixed
agent akio
/signed.....
joshuarodger
Quote:
|
Originally Posted by The Drunkard
/notsigned
I would agree if you provide an explanation on some of the possible reasons how people are getting hacked and some alternatives for Anet to improve the security. Otherwise this is just another thread demanding Anet to change their game's structure because "we don't like it." |
Quote:
|
Originally Posted by Chthon
/Signed.
I've been keeping tabs on the "I've been hacked" stories. The most likely explanation is that, in addition to the usual number of people who get their accounts stolen through their own stupidity, there is currently a method of stealing accounts directly through a-net/NCSoft. The password reset feature on the NCSoft master account seems the most likely culprit. This is unacceptable. If I fall for a phishing attempt or trust someone whom I should not have with my password, that's my own damn fault. But to have my account open to being stolen, no matter how careful I am, because NCSoft can't build a secure system is utterly unacceptable. So, not only do I sign on with Shan's petition -- harsh language and "security is more important than anything else" and all -- I'll go one step further: NCSoft will not see another penny from me, ever, until this is fixed. To rehash several years worth of suggestions: 1. Find and close whatever vulnerability is allowing accounts to be stolen directly through a-net/NCSoft. 2. Since NCSoft clearly can't get their act together, just let us sever our GW accounts from NCSoft. 3. If we must retain the connection to NCSoft, then at the very least: (a) Give us back the ability to change our usernames. (b) NEVER display the e-mail that is the GW username from within the NCSoft account. (c) Require the current GW password to be entered in order to change the GW password. 4. Give us the ability to blacklist and whitelist individual IP's and IP blocks. I want to blacklist all of mainland China from ever logging into my account and I want to be prompted for a second password to login from any IP other than my current one. 5. Give us a "last login attempt for this account was X hours ago from IP W.X.Y.Z" notification every time we log in so that we know when someone is after our account and can contact support preemptively. 6. Give us an optional character lock that is permanent or takes at least a week to remove. 7. Give us a customized item lock with the same traits. |
/signed
New Buddha
=X-Signed-X=
Neo Nugget
Somebody needs to do something about it. It's clearly becoming more common and more out of hand as each day passes.
/signed.
/signed.
Just4Fun
/signed...................
Revilo Ekrub
/signed 
Shanaeri Rynale
Let's try and keep this thread focussed. Remember it's anets game and there are plenty of potential things they can do (see tons of threads on sardelac) without Ncsoft getting involved. So even if any breach at ncsoft isn't fixed it doesn't stop anet from doing damage limitation.
Faer
Tossing in my support, which comes as no surprise I'm sure.
Unfortunately, it appears that making accounts more secure is just too much of a nuisance. ArenaNet will not admit that they have a problem. NCSoft will not acknowledge or fix the problems that are incredibly obvious to anyone who has used their website.
We can hope, though.
Unfortunately, it appears that making accounts more secure is just too much of a nuisance. ArenaNet will not admit that they have a problem. NCSoft will not acknowledge or fix the problems that are incredibly obvious to anyone who has used their website.
We can hope, though.
Yinterno
Signing this.
Charlie Dayman
/signed
Any improvement on the current NCSoft security system is more than welcomed.
Any improvement on the current NCSoft security system is more than welcomed.
king swift
/signed to protecting my 3000 hour investment
Hyper.nl
/signed
I would like to have a security token please. (Authenticator)
I would like to have a security token please. (Authenticator)
tooburns
---signed----
MMSDome
I may have come into this thread late but I don't get how the OP can ask A-Net to improve account security and make a petition to do so without offering a suggestion on how they can. I am sure they want you accounts as safe as you do but asking them to simply do something like that is like asking NASA to make you a spaceship to fly to Uranus.
JoeGrogan
/signed
Pretty obvious from the amount of posts here that something is going wrong.
Pretty obvious from the amount of posts here that something is going wrong.
Coney
Quote:
|
Originally Posted by MMSDome
I may have come into this thread late but I don't get how the OP can ask A-Net to improve account security and make a petition to do so without offering a suggestion on how they can. I am sure they want you accounts as safe as you do but asking them to simply do something like that is like asking NASA to make you a spaceship to fly to Uranus.
|
But really, all of these suggestions are totally common sense to anyone with even 1.5 years education in the computer science discipline.
Meridon
May I suggest that once this thread dies a bit (let's say disappears from page 1), the petition, with all the names of those who signed along with suggestions, should be sent directly to Customer Support in an e-mail by a Guru Admin?
That way we can pretty much force an answer out of them.
That way we can pretty much force an answer out of them.