Quote:
|
Originally Posted by Lukyboy
This is interesting....
What could be the reason that they are not fixing this? |
Account Hackings - The Source
Enko
Tullzinski
not expecting any changes to the site, it is too easy for them to send people to the site to change their forgotten password. Saves NCsoft money by not having a support person touch the ticket to change forgotten passwords.
Comes down to money>security and until that changes do not expect a change to the password reset function.
Comes down to money>security and until that changes do not expect a change to the password reset function.
glacialphoenix
Quote:
| it is too easy for them to send people to the site to change their forgotten password |
Enko
Quote:
|
Originally Posted by Tullzinski
not expecting any changes to the site, it is too easy for them to send people to the site to change their forgotten password. Saves NCsoft money by not having a support person touch the ticket to change forgotten passwords.
Comes down to money>security and until that changes do not expect a change to the password reset function. |
Quote:
|
Originally Posted by glacialphoenix
...do they even ask for verification when you reset your password...? Because I remember people complaining about how they didn't.
|
Coverticus
That was some read I have to admit Erys, much obliged for posting the links.
Well...... most of us knew that the website was a pile of the proverbials but the whole "random" account access just defies belief. Obviously they didn't quite give enough bananas to the 3 year old web-monkies who built the site. Quite frankly, its shocking.
At first I thought this cannot be believed. But after reading, hmmm.
Anyway. This PLUS the debacle of what is occurring in the event atm (lack of hats) is SERIOUSLY making me (and a lot of others I would assume) start seriously thinking about bothering with GW in general.
So ANet. While I appreciate your lord and master (NCSoft) is probably gagging anything said at present, it is time to start reassuring the current community, past and present, that things ARE being done. The login change was the first step granted.
Or say goodbye to what is potentially a huge playerbase for GW2 (thus revenue).
Well...... most of us knew that the website was a pile of the proverbials but the whole "random" account access just defies belief. Obviously they didn't quite give enough bananas to the 3 year old web-monkies who built the site. Quite frankly, its shocking.
At first I thought this cannot be believed. But after reading, hmmm.
Anyway. This PLUS the debacle of what is occurring in the event atm (lack of hats) is SERIOUSLY making me (and a lot of others I would assume) start seriously thinking about bothering with GW in general.
So ANet. While I appreciate your lord and master (NCSoft) is probably gagging anything said at present, it is time to start reassuring the current community, past and present, that things ARE being done. The login change was the first step granted.
Or say goodbye to what is potentially a huge playerbase for GW2 (thus revenue).
YunSooJin
I know the guru population isnt exactly made up of adult professionals, but is there anyone well-versed in context of the law who can comment on this?
Possible that there can be class-action type lawsuits?
edit: also everyone should start trying to log into their NCsoft master accounts :P
Possible that there can be class-action type lawsuits?
edit: also everyone should start trying to log into their NCsoft master accounts :P
Erys Vasburg
Quote:
|
Originally Posted by genofreek
Is the info in the login info talk page all just unjustified rumor, then? They name the third party site in question and go into a lot of detail on how passwords got leaked.
I'm not denying that NCsoft left themselves (actually us) wide open for hacking, but can anyone confirm or deny the responsibility of RockYou? |
Smarty
NCsoft is a terrible company. Their support rating is appalling. They have had Aion out for four months in the West and whilst they've finally hired some GMs for the US servers, the Euro servers are still relying on their automated bot detection scripts and on player reports to work out who the botters and goldsellers are and falsely ban legitimate players instead. This in a subscription-based game. Do not expect NCsoft to do anything useful, such as sever the master account connection with GW, or fix their crappy website, or give hacked players any compensation, or even admit that they have shonky security, cos it won't happen. I really wish they didn't own ANet.
Zinger314
Quote:
|
Originally Posted by YunSooJin
Possible that there can be class-action type lawsuits?
|
You can try, though.
Tullzinski
Quote:
|
Originally Posted by Enko
if the issue is that when logging into ncsoft, you might end up on someone else's account, just requiring the old password to change to a new password would block this. that shouldn't be that hard to implement. once they get that block in, then they could actually work on fixing the problem. with the number of games that are affected by this, it should be one of ncsoft's, if not the most, important issue to fix as it affects their credibility. if their shareholders ever got word that their entire database was open like this, they'd probably lose a crapload of money.
|
I totally agree that requiring the old password would solve the problem, but that defeats the purpose of having the password reset function there to keep people from having to contact support.
Awhile back I thought that putting in a legitimate CD key to change the password would work better instead of the old password.
YunSooJin
Quote:
|
Originally Posted by Zinger314
No, due to the typical EULA clause of "you don't own anything."
You can try, though. |
dr love
Quote:
|
Originally Posted by ac1inferno
What I don't get is can't they check and punish those who did it? I mean isn't it possible to look back in trade logs and see that one account moved everything it owns to another account? Or even if they were outside an outpost and everything was dropped for another account to pick up, isn't is possible to look back and check into those?
|
2. if they compensate you for your loss, then it is effectively duping (your friend could pretend to hack you)
3. you could potentially revoke really bad trades you made by saying you got hacked.
4. having the person's ign may not help you either if they just ignore you.
can you think of a better solution?
Riot Narita
Sh!t the bed.
So all of us with linked NCsoft master accounts... our character names are literally the only things standing between us and random robbery?
Now I am EXTRA glad I bought name changes for every IGN I've ever posted on forums.
So all of us with linked NCsoft master accounts... our character names are literally the only things standing between us and random robbery?
Now I am EXTRA glad I bought name changes for every IGN I've ever posted on forums.
Leslie
I hope NCsoft do the following.
1. Add a security password option (or, force players to enter the old password) before allowing to change the accounts' passwords from the master account.
2. fire, torture and murder the moronic half-wit individual(s) responsible for coding the website, then hire competent web developers to fix this ridiculously huge security problem.
1. Add a security password option (or, force players to enter the old password) before allowing to change the accounts' passwords from the master account.
2. fire, torture and murder the moronic half-wit individual(s) responsible for coding the website, then hire competent web developers to fix this ridiculously huge security problem.
Enko
Quote:
|
Originally Posted by Tullzinski
Requiring the old password (which has been forgotten) would require legitimate user to contact support to change the password.
I totally agree that requiring the old password would solve the problem, but that defeats the purpose of having the password reset function there to keep people from having to contact support. |
Quote:
|
Originally Posted by Leslie
I hope NCsoft do the following.
1. Add a security password option (or, force players to enter the old password) before allowing to change the accounts' passwords from the master account. 2. fire, torture and murder the moronic half-wit individual(s) responsible for coding the website, then hire competent web developers to fix this ridiculously huge security problem. |
also, is it me or did all of these problems start popping up after aion got released? I've had a ncsoft master account since 2004 when I was playing city of heroes and never had a problem with them.
Edge Igneas
Quote:
|
Originally Posted by ac1inferno
What I don't get is can't they check and punish those who did it? I mean isn't it possible to look back in trade logs and see that one account moved everything it owns to another account? Or even if they were outside an outpost and everything was dropped for another account to pick up, isn't is possible to look back and check into those?
|
They already said they carry all sorts of information and logs of trades. I know they said this during the Armbrace duping, and I think they also said it again during the RR days.
I'm just waiting for them to actually do something. Trace the IP's already, break a situation before it occurs. But I'm guessing this isn't happening one place at a time, the trading could probably be occurring nonstop, from multiple people working in a group.
Hiding in the bowels of the deepest districts.
Tullzinski
Quote:
|
Originally Posted by Enko
i would rather have the minority of people who forgot their GW passwords be required to request user support then to have everybody's account at risk.
|
Erys Vasburg
Quote:
|
Originally Posted by Riot Narita
So all of us with linked NCsoft master accounts... our character names are literally the only things standing between us and random robbery?
|
(An assumption of course, but it adds up. Until officially told otherwise by someone we can actually trust to be informed (like, not Gaile), it's the logical conclusion.)
Enko
Quote:
|
Originally Posted by Tullzinski
Absolutely, I think maybe adding the input of a CD key to change the password may work better.
|
Tullzinski
Quote:
|
Originally Posted by Enko
and how many of us kept all of their cd keys from 4 years ago? requiring the old password would block off the method in the OP since they are randomly being allowed access to other people's accounts; they wouldn't know the original password. this would be a quick easy thing to implement to stop the current account hackings until they can actually fix their website security.
|
Do not get me wrong I am not defending NCsoft, just looking as a different option becuase IMO they will not add the input of the old password to change your password.
greenthumb
Quote:
|
Originally Posted by YunSooJin
I know the guru population isnt exactly made up of adult professionals, but is there anyone well-versed in context of the law who can comment on this?:P
|
If there is a security breach where ANet/NC Soft failed to take appropriate security measures to protect personal information, there are certain obligations that laws may require, which may include notifying the impacted individuals and/or notifying the respective government agencies, and the laws may provide for a time period within which such notices need to be sent.
If there is a lack of transparency on the part of ANet/NC Soft, it may make sense for the appropriate government agency to investigate.
Winterclaw
You know the best thing to do is for everyone who has an NCsoft account to log in about 100 times and see how often they get access to the wrong account.
coil
orrrrrrrrr
it's all a marketing ploy to scare us into buying a new "unlinked" storage account until "security" is restored!
but on a serious note: RED ENGINE GORED ENGINE GORED ENGINE GORED ENGINE GOing wow.
it's all a marketing ploy to scare us into buying a new "unlinked" storage account until "security" is restored!
but on a serious note: RED ENGINE GORED ENGINE GORED ENGINE GORED ENGINE GOing wow.
Martin Alvito
Quote:
|
Originally Posted by greenthumb
If there is a lack of transparency on the part of ANet/NC Soft, it may make sense for the appropriate government agency to investigate.
|
It is probably not so career-advancing to nail a company that retails computer games for being careless with its players' e-mail addresses.
Enko
Quote:
|
Originally Posted by Tullzinski
When the account gets stolen you have to produce the keys to get it back. So if you do not have them you are screwed either way.... and you had to input the keys to link the accounts in the first place. So should be easy to put in to.
Do not get me wrong I am not defending NCsoft, just looking as a different option becuase IMO they will not add the input of the old password to change your password. |
i'd rather the account not be stolen at all. make the old password required and they won't be able to take it in the first place. if it gets stolen in a different method where they actually get all your account information, then of course, you'll probably need your cd keys to prove its yours.
WTFBanMe
i know why ncsoft put this account character thingy . cos they know the problem alrdy that why they know if ppl get ramdom account wont know the character inside.
Enko
Quote:
|
Originally Posted by WTFBanMe
i know why ncsoft put this account character thingy . cos they know the problem alrdy that why they know if ppl get ramdom account wont know the character inside.
|
that doesn't stop people from changing passwords; it just stops them from accessing the account so now neither party can get in.
deluxe
Quote:
|
Originally Posted by WTFBanMe
i know why ncsoft put this account character thingy . cos they know the problem alrdy that why they know if ppl get ramdom account wont know the character inside.
|
Snow Bunny
I cannot wipe the grin off my face.
Now, ArenaNet, defend yourself.
I know too many people to have been hacked; the new portrayal of the situation makes sense.
Now, ArenaNet, defend yourself.
I know too many people to have been hacked; the new portrayal of the situation makes sense.
Enko
Quote:
|
Originally Posted by Snow Bunny
I cannot wipe the grin off my face.
Now, ArenaNet, defend yourself. I know too many people to have been hacked; the new portrayal of the situation makes sense. |
didn't know there were a lot of aion accounts that got stolen this way before reading this.
The Last Battle
if this has any truth i very much doubt i and many others will be buying anymore games from this company.
Faer
Quote:
|
Originally Posted by deluxe
Yes, and this is also why IGN's were removed from Guru? They could still scan those email adresses trough guru and get the correspondent ign's.
|
Enko
Quote:
|
Originally Posted by The Last Battle
if this has any truth i very much doubt i and many others will be buying anymore games from this company.
|
genofreek
That's god damn scary. This has been a known issue for how long, and we can still get in?
Turbo Ginsu
What was that? Hark, did I just hear Neverwinter Nights and Day of Defeat tellling me to come back and that my personal data is actually safe with them?
I was really looking forward to GW2, but given that it's only a matter of time before my account gets hacked, no, not the $50usd all you can eat variety, the $90aud+$90aud+$100aud+$50aud type. Oh and my wifes too, which cost the same.
The basic gist of this is, whilst they would like to claim they aren't responsible, and they can't give us our stuff back when (Not "If") our accounts finally get around to being hacked, because bla-bla-ra-ra *Insert random legalese bullshit here* reason.
Yep, not their responsibility. Just like giving them our money for new software/costumes/whatever, will no longer be our responsibility. I'm not going to waste my time qq'ing if it happens. They say in customer service, that for every person that complains, there are 10 that don't. The Chinese whispers from those 10, feed the masses. I'll be one of those whisperers..
So, lemme see, if the pricing of GW2 is around the same, and add-ons, etc that's $330aud x2 = $660aud. $660aud x10 = $6600aud. Is the point getting clear yet?
There's gonna be someone losing money out of this, and for once, I'm glad to say it ain't gonna be me.
I was really looking forward to GW2, but given that it's only a matter of time before my account gets hacked, no, not the $50usd all you can eat variety, the $90aud+$90aud+$100aud+$50aud type. Oh and my wifes too, which cost the same.
The basic gist of this is, whilst they would like to claim they aren't responsible, and they can't give us our stuff back when (Not "If") our accounts finally get around to being hacked, because bla-bla-ra-ra *Insert random legalese bullshit here* reason.
Yep, not their responsibility. Just like giving them our money for new software/costumes/whatever, will no longer be our responsibility. I'm not going to waste my time qq'ing if it happens. They say in customer service, that for every person that complains, there are 10 that don't. The Chinese whispers from those 10, feed the masses. I'll be one of those whisperers..
So, lemme see, if the pricing of GW2 is around the same, and add-ons, etc that's $330aud x2 = $660aud. $660aud x10 = $6600aud. Is the point getting clear yet?
There's gonna be someone losing money out of this, and for once, I'm glad to say it ain't gonna be me.
Enko
anyone heard of issues with ncsoft game accounts being stolen besides guild wars and aion? such as city of heroes, lineage, etc
The Last Battle
good question... i know that you can cheat and hack in CoH and Lineage
Turbo Ginsu
Quote:
|
Originally Posted by manitoba1073
And yet you mods here have just exponetially made the problem worse.
|
Regardless of what happens from here on in, you can certainly expect this to come to a glorious pus-filled head, real soon.
GG Guru!
Total SG aNet!
zwei2stein
I do not want to sound like an anet defender, but can anyone confirm this? I mean, anyone trustworthy (say, guru regular?) can confirm that he did manage to log in to someone else plaync by chance?
Because I am not aware of technology that would allow this. I can not even concieve bug where someone would randomly end getting logged to another account ... there is just no magical code fairy that could sometimes, randomly, say "nah, lets log him to completelly random different account".
Just does not work this way...
Because I am not aware of technology that would allow this. I can not even concieve bug where someone would randomly end getting logged to another account ... there is just no magical code fairy that could sometimes, randomly, say "nah, lets log him to completelly random different account".
Just does not work this way...
Enko
anyone worried that the thread for no hats has received multiple responses from regina but this one hasn't received one yet?