Account Hackings - The Source

Now that I've finally reached the end of these 16 pages, I'm going to say something that has not been said clearly in this thread.

Re: "Roughly half of the hacked acounts do NOT have an NCsoft Master Account"

All this statement tells us is that there are still idiots out there giving their account information to RMT's etc. You cannot rid the world of idiots, and account 'hackings' like this will always continue as long as there still exist people that are greedier than they are intelligent.

IF all (or a significant majority) of account hackings were traced to be related to the NCsoft Master Account, it would be an incredibly insulting reality. There is NO way that you can deny a breach of security in the NCMA by saying that only half of the hacked accounts had a NCMA. Since when is "half" an insignificant proportion?

Briefly, let me make an analogy. You would not say "only half of car accidents involve alcohol use/abuse", and use that to try and convince people that alcohol is not a major concern in car accidents.

In short: telling us that half the hacked accounts have no linked NCMA means nothing.

HALF of the hacked accounts didn't not have an NCsoft Master Account. HALF. That leaves the other ~50% unexplained.

We've been complaining about the NCsoft site for years now and nothing has been changed until recently. Most of us are not directly relating the ability to login to a different account by using OUR information to the hacks, it may have contributed and if it didn't it's a new problem that needs your attention.

My personal information is on that account and it's viewable to anyone who happens to gain access to it.

Through all the rough sea water......

Id like to extend apprectiation to the people who are supposed to be off the clock, relaxing, and/or just enjoying the holidays.....who are working hard on issues that need to be heading in the right direction.

Thank you to all who are involved. I'm not going to make assumptions that certain people arent doing anything to help the gaming community out.

Please pass along Miss Regina, that some of us appreciate the extra time spent.

Thanks

I applaud ANet for arranging for prompt action in responding to the community's concerns and lack of confidence in the NCsoft Master Account security.

It's not clear what ANet and NCsoft regard as "very few", but it's worth noting that ANet/NCsoft was aware of account thefts involving password changes (and the relative ease in changing GW account password credentials through the NCsoft Master Account until the new change).

I think it's great that something's been done, and hopefully further improvements will be made to address any other concerns and security weaknesses that have been presented. If these concerns have been known for awhile, I wouldn't necessarily regard the recent action, even on a holiday, as being proactive. (Perhaps the recent improvement could and should've been implemented some time ago, and perhaps shouldn't have then required major escalation on a holiday....it's something that the organization should try to take back and consider internally.)

I posted this on Kill Ten Rats, so I hope it gets disseminated a little more. Massively sometimes picks up my posts... but yeah, even though it is debatable as to whether this is long overdue or not, great action by ArenaNet on this holiday weekend.

I hope the issue gets resolved, even moreso, and I hope that this puts a jolt into the devs for GW1 and GW2 in regards to how fragile our characters can be. Not being able to recover deleted characters is 100 times worse than getting hacked and losing loot... especially with the HoM on the line.

Agreed. Between the hat issues and now this, im sure Regina and Gaile and many others have not had a good holiday this past 24 hours or so. It is very nice to see you all working hard on the holidays to try and fix these issues. Crappy time of year for this all to have happened. For that I am truly sorry. And kudos for doing this. Also I am pretty pleased with Gaile and Regina for doing their best to keep everyone posted as well as they have been. We can see how much time you have invested into these issues. Especially when most companies wouldve said, tough shit, we are on holiday and will deal with this after the new year.

People ignore you because their partly blind with rage with both frustration and anger, and to me there justified considering they/we and I will not get back our stuff despite most of us being here playing your game since it's release.

And how exactly did they obtain this mysterious list of passwords?

while its great that they're working during the holidays, a lot of these issues have been known since october . .. it's only come to a head now because someone posted this here (previously only on aion forums) and its getting a lot more attention.

some things like requiring the old password to change passwords should have been there from the start.

There are a few things that don't make sense to me regarding Regina's most recent post in this thread.

But the most blatant problem I see: as Regina tells it, they only discovered this specific issue yesterday. So in the last 24ish hours they were able to update the password change request screen to include the necessity of the old password. They were able to do this in 24ish hours, while people were on vacation, and apparently not even in town. And kudos for that.

But it begs the question: Why was this not done weeks ago? If this particular fix was relatively simple, and if it was known that at least some of the hacking occurred via the PlayNC password change request function, couldn't this have been done prior to today? It could have saved who knows how many people from having their accounts hacked, and it could have saved the people involved from having to spend their vacations making this change. How many times did someone in this forum and other forums suggest to add this exact feature? How many "I GOT HACKED!" stories began with, "I got an email explaining my password had been changed."? How many stolen accounts were completely avoidable here?

At my job: had I screwed something up, and my boss discovered it while I was on vacation weeks later, and I needed to come into work on my vacation to fix it, I would receive a bit of credit for having done so. But that credit would not have likely negated the repercussions of having made that mistake to begin with.

Yes Enko, i am quite aware of the issues and how long they have been going on. So you dont need to quote me when all that thread is saying is that i was thanking them for dealing with this issue during the holidays when they couldve told us F*off and we will deal with it afterwards. Refer to my previous posts. I want answers just as much as everyone else here. Because many of my friends have been hacked and no excuse thus far pertains to what happened to them.

Added security is greatly appreciated, but id also like to know what they are doing to those who the items are being transfered to. Who are these hackers, where did they get these illeged lists of PW and account info? And are they being perma banned for transfering stolen goods?

While it is unfortunate that this has come to a head over the holidays... and I thank them for taking THIS time (over the Holidays) to deal with it... Too much has been ignored, blame has been spread around, and no one still has acceptable answers.

I'll pop in here. My words don't mean any more than the next poster, but you all must understand that ArenaNet is listening and taking action. I understand the frustration that these security updates were a reaction versus preventative, that maybe we've been saying them for far too long now, but I have to point out that other NCSoft games are not getting this same treatment right now.

The IGN to the character log in? Not on any other NCSoft game.
The current password addition? Not on any other NCSoft game.

Now not even I want to draw any conclusions why NCSoft seems to be absent on this issue but I can clearly see that ArenaNet is pushing. They are fighting. They are apparently one-up on other NCSoft games at this time. Which should tell us all that our community managers and support are dedicating time, resources and their passion into this. Did it come too late? Is the damage too much? I'm not going to express an opinion on that but I felt that it needed to be pointed out clearly that ArenaNet, while they might be fighting the bureaucracy of the big corporate giant, is certainly making progress. And maybe NCSoft has been there all along but, of course, all we can see and hear is the ArenaNet side so that's what I base it on.

On the same note, I do have to give thanks to not only this community but the Aionsource.com community who both seem to be fighting so hard to see that their accounts are protected. Is it because of us these security updates have happened? I think we can say with some degree of certainty that yes, yes it has. RMT's, hackers, etc. are bound and determined to acquire our accounts and I think this is a lesson for both the users and the development and publishing companies that we have to be even more vigilant. I know that a lot has indeed been learned from this thread by the players on account and password security. It is only going to benefit many of us later on as we muddle around the internet.

I know this is a passionate topic for many of us, especially those who have been hit, but please continue to try and stay on topic. Give valuable feedback, list your concerns if you have them, but know that ArenaNet is there. They are in this thread watching (even if you can't see them ).

I do appreciate the fact that Gaile and Regina are pushing NCSoft for these changes since these are on NCSoft's side not on Anet. The issues that Anet has had control over have seemed to get fixed fairly soon (hat issue, etc).

I'm wondering how much of the empty answers we've been getting is because they can't say anything beyond what NCSoft tells them. It's too bad that Anet can't break off from them and just run everything themselves.

Given that they didn't fix the bug with the site, only the GW login security, there's still the chance that your account will be randomly logged into so they can see the email address(not for your GW accounts but the one tied to your NCMA, which for many of you is probably the email you actually use), physical address, and phone number you've put in. And if you have a physical address there there's no way to remove it entirely, only change it. You can change the phone number though. So, personal information is still at risk, and I'm assuming this aspect is something ANet has zero control over.

I think they're just trying to calm the "hysteria" they keep mentioning.


Also, kudos to ANet for trying to get this fixed over the holidays. Hopefully our less fortunate Aion brethren will get similar additional security measures in place soon!

Although it may damage NCSoft's reputation even further than it has already been in the past, I for one feel it necessary for as many people to know about this as possible (I personally linked this thread on team quitter for example). As Inde stated, not only will it help us in our foray through other internet communities, but it gives us all insight as to how to protect our personal accounts better, and to give suggestions and ask questions regarding our personal security on the internet. Anet has acted fairly quickly since the proverbial shit hit the fan to get this treatment for Guild Wars, but one has to wonder where NCSoft has been in all of this, and why in the first place there was not the utmost security already in place for our accounts.

If they've put the box in to enter old password before changing it to a new one, this is good.

But it changes nothing, hackers still have there list of passwords and can change the password still, has anyone one yet changed there password and gotten a confirmation by email ?

Inde, I am certain everyone is thankful that ANet employees worked today to put the new protections in place.

However, it is tremendously disappointing that events came to this. It has been obvious to anyone following the matter that unauthorized access to NCSoft accounts was causing some account thefts. Regina is still trying to downplay the problem and effectively blame the "fansite hack"! This astonishes me. A GW account linked to an NCSoft Master Account functionally was not passworded until today, and it took public announcement of the methodology for something to be done.

We shouldn't have to coerce ANet to get account security. But that is what this matter came to. If they want our money in the future, they need to start demonstrating that they care now. The events of the last six months have not been encouraging. As matters stand, I see no reason to do future business with this company.

Did you miss the part where she said, "and very few account thefts involved a password change at all." While "very few" is incredibly vague, the point remains that much fewer than 50% of the hacks were accompanied by a password change. Access to the NCMA does not in itself make it possible to hack a GW account - you need to reset the password first - so if most of the hacks do not involve password resets, they can't be simple matters of the NCMA getting hacked.

I just changed my NCSoft password, it didn't require me to put in my old password first. =/

We do appreciate very much that Gaile and Regina are pushing the NCSoft guys to protect us from hackers. But I can't help but feel both concerned for our fellow Aion subscribers, as well as wondering why they (NCSoft) did not take steps to protect their own primary cash cow from these unathorized access attempts when this problem came into light back in... October, was it? As far as I know, there hasn't been such a widespread 'hysteria' of these account hacks over any online game like this since... ever. While this password confirmation may be a nice first step, what will happen to those who lost their accounts and everything in it? I can't help but feel bad for all the Aion and GW players, and Anet as well, for all this grief that was beyond their control.

EDIT: Skyy, it only asks for your old password for your GW account at the moment.

While I haven't read through the entire 17 pages of this post, I have read enough to both understand what probably happened to me and to be irritated that something like this happened.

In December I had tried to access my NCSoft Master Account to purchase GW for my son for Christmas only to find that I couldn't get on, my password wasn't valid. Wtf? I had just used it in October to purchase the Bonus Mission pack and the pet unlock pack from the NCSoft Store and I also purchased a copy of Aion Collector's Edition as well.

So after trying to reset my password it asked me my security questions, stuff I know very well, but neither of my answers were correct. I finally had to contact NCSoft support to have my account information reset. I couldn't find my product keys though, so I had to go through the whole thing of scanning the emails of my purchases from NCSoft Store and Paypal stuff showing that the username was mine and the product keys of the most recent stuff I had purchased.

Finally they reset my passwords and I logged in to the account to find that while my name was the same, the address and phone number was changed to someplace in Texas. The email was still the same though, but I was curious how come I didn't get an email confirming me of a password change when this turd of a person took over my account. It notified me when I changed my password from the generated one from NCSoft support, but not when the turd changed it?

Thankfully Guild Wars didn't seem to be compromised, it seems they were actually after my Aion account that I never even played (computer issues with the game) and they even payed for a month of game time, because I had canceled the account after the free time was up at the end of November.

Part of me was a bit glad that it was a wasted game card or whatever on their part, because they had just payed for it on December 20th or something like that, but now I have a brand new Aion CE that I never played that is now banned.

So if I am understanding any of this that I have read so far that it was a security issue on their side... I'm rather irritated, to put it mildly. All they had to do was just log on repeatedly until my account was the lucky winner and they then have access to my personal info, my log in info... all they have to do is change the passwords and they have new games!

I went through the whole thing of thinking that my email had been compromised and deleting that account, checking my computer (which I had just done pretty much a clean install of everything when I upgraded to Win 7) with every AV and malware thingy I could get my hands on, changing the password to everything I think I have a password for, changing the email to a new one now that I deleted the old one, only to find out it was their issue?? On one hand I'm relieved it wasn't me this time... on the other.... I feel violated. By something I thought I could put my trust in. Guess I'm just naive.

I'm thankful the Anet employees were prompt with the fix, but I have a few things to say.
I've been thinking about this a lot and wouldn't it be easier to do some sort of phone registration or something? I mean say your account gets hacked right? So you call NCsoft and tell them and they do a quick search to make sure you are the owner of the account and all and then change your password back to something you agree on over the phone. Then at least a hacker would have to try to convince Anet that they really are you in order to access your account. And if you bought GW with your credit card in California, and someone is calling NCsoft from say.. Florida.. that would be difficult.

I am relieved that we do in fact have people on our side here! It is wonderful that you have helped us to push this issue through and get yet another much needed security feature implemented to help us protect our accounts. Hopefully NCSoft is working hard on fixing the bug that allows users access to other users' accounts, so our personal information will be as safe as our game accounts are soon to be.

I would like to pose some further questions related to this matter:

1. Why this issue is not being held responsible for 50% of reported account hacks. It was definitely a very big problem, that could very well have caused the loss of half of the accounts that were hacked. Why do you say it isn't likely this is the case? Even if the passwords weren't reset, it has been fairly common knowledge for a long time that bruteforcing or phishing NCSoft/GW accounts once you have the associated account name/email address is not a difficult task. If this issue was not at fault for that 50%, then... what was?

2. Where the list (or mystery list, as someone above very aptly put it) of passwords hackers are using for the other 50% is coming from. It's scary to think that hackers can obtain a list of such information without our knowledge through means other than keylogging.

3. Why ArenaNet was not informed of this issue by NCSoft when they found out about it, through Gaile (ArenaNet Support Liaison) or another medium. This issue has been public for months - shouldn't your publisher have warned you about it after GW accounts started being stolen?

First of all, Happy belated New Years Everyone! Sad for the first time I opened this website on 2010 I received this news.

However, thanks to all who made this post, posted and interesting infos and finally Anet staff who still working on this issue despite the holiday.

Cheers to GW and 2010

PS: Hope my acc doesnt get stolen.. >_>

We're never going to get a straight answer out of them over that one so lets have a stab at it shall I.

The hacker injected code (manipulated the scripts Javascript/Perl) into doing something it shouldn't have done in this case send email/passwords or any other critical data to the hacker, presumably by email ( fake one no doubt about that ), so every time you logged into an account (NCMA) it would send that data to the hacker.

The hacker then used that data to log into the (NCMA) and change the password for Aion / Guild Wars accounts and pillage all that was available.

The problem is how long as this been going on? is this hack been in there since they gave away *free panes*, if so the hackers have been sitting on that data for a very long time waiting for the right time to attack and not being impatient and doing immediately.

The right time was when Aion was released so the hackers could gain a foot hold into Aion gold selling, and as a bonus they got guild wars along with the ride.

We must first ask ourselves the question of why?
As farming build after farming build gets nerfed the demand for gold goes up, the harder it is to farm the more people are being pushed into gold sellers, which give them more of a reason to hack accounts to satisfy the demand, because not everyone has 24 hours in a day to farm this was supposed to be a casual game and they've been trying to turn it into a WoW clone ever since EOTN.

So who is at fault with this cycle?
Gold seller?
Hacker?
The nerfing of farming builds?
The inaccessibility of rare items to some players, that they feel they need to buy gold?
Is it us demanding to higher price for rare items, driving the prices up forcing people to buy gold just to afford the item(s)?

There is some words that summarises the lot I feel, it's called GREED, JEALOUSY COVETING.

Ok, gonna weigh in here as I have never been lied to by either Martin, Regina or Gaile and ask what exactly we have been lied to about

(and misinformation about GW2 doesn't count)

Them blaming the community for weak passwords, sharing accounts, using the same password on 3rd party sites, presumably degrading there so called security, when if you look back a few posts an IT professional (outside of NCSoft / ArenaNet) on the Aion forum confirmed that there is security holes in the NCSoft site which have I presume always been there at least since october.

And no matter how much evidence we bring up they just won't accept some (not all) of the responsibility for this hideous invasion of our privacy (even IT professionals that I'll admit to some degree know more about it than I do, I just know how to understand there geek talk in some sense).

Require old password, before allowing you to set a new GW password.
This is VERY welcome. It was an obvious feature that should have been there from the start, it was conspicuous by its absence. But at least we finally have it.

People randomly accessing master accounts no longer get the keys to the (GW) kingdom.

I feel much safer now, but I hope that there is more to come.

Sorry that i didnt read all 18 pages (it's sooo long), but are people who received the giveaway storage pane (4th anniversary) in danger too? Because i remember that i had to create something before i could receive it. Was that a NCsoft master Account?

This.. I remember issues coming up about NCSoft "security" on that site in previous years - cant believe this comes from a software company too.

On the side, Thanks to Gaile for spending the time and revisiting the issues on her page on New Years Day - too many answer something then wont look again.

ok, firstly those are standard security reasons and responses that even come from antivirus companies and companies like Microsoft

And exactly what responsibility do you want MARTIN, REGINA AND GAILE to take when this is an NCSoft issue, NOT ANET!

The issue is that they flat out blamed fansites and players, when clearly it's not our fault. It's an issue THEY could have done something about.

But it IS in part fansites to blame! Partly for blowing it out of the proportion it has been blown to and also for not helping to make the fansite users follow basic security principles!

Hell, I would even blame myself if I got hacked for having my character name on my guru profile, which is a blatantly idiotic move that I'll be changing as soon as i finish this post, however, this is NOT an ANet issue and blaming ANet staff will not help the situation!

Especially as that blame is coming from fansite admins too!

We should all get a $25 GW store credit..

Thankyou Erys

so we finally got the requirement to put in the old pw to change the new. Excellent

yep

Re-read the thread. People aren't getting 'hacked' because character names were on Guru. Fansite users aren't lacking 'basic security principles'. You clearly didn't read a SINGLE post here.

Yeah I agree with Aeronwen. +10 GG to Erys, good to see someone who was willing to take the time to gather evidence, compile it in a clear manner, then stick a blowtorch under the asses that needed it so badly.

Also a ty to aNet staffers for doing the right thing, rather than the easy, regardless of the fact that it could have been done sooner, done is better than not done.

A good thing we had the mods here who closed every topic about an hacked account on the spot when one popped up. It helped covering up what was going on, although unwillingly. The fansites are also victim of NCSoft's RED ENGINE GORED ENGINE GORED ENGINE GORED ENGINE GO up.

Those threads were closed for two reasons.

1) We aren't Guild Wars Support. They deal with hacked accounts.
2) Every single thread ended up with trolling and flaming about internet security - which now clearly has no affect on whether you get hacked or not.

Those 3 can't take responsibility they have to say what there told too, the people that wrote the NCSoft website would do well to come out of the shadows and apologise publicly.

But with apologising in public there has to be some sort of redemption or it's just an empty apologising, I don't care if I never see my stuff I had again I really don't as long as, 1) no one else has to suffer this violation & 2) and others get there stuff back in some way.

We also need to know when these holes are fixed, it's no use continually changing passwords if there just getting the new ones.

Unfortunately, due to the way liability laws work, a public apology is an admission of guilt, and something you'll almost never get from a Corp. Transparency, honesty and down to earth decency is generally something u only get with private operators...

A forum.

username AND email to try to log against? check
password to try? check
character name? you bet!