Gaile LF people who experience NCSMA glitch.

She wants to contact the people who claimed they managed to log onto stranger's NCSoft master account. Remember this is not the same thing as the Aion website glitch.

Posting for exposure. Mods feel free to merge into the sticky I guess.

I'm looking forward to see someone stepping up and admitting he was able to log into others accounts (maybe transfer just an ecto or two for rainy days).

OMFG I KNEW THAT I LOST MY ACCOUNT AND IT WAS NOT MY FAULT!

Anyway finally they admit that It's not the player their fault but the company their fault.
Don't hate the player hate the game.

The last time someone stepped up to duplicate a known bug (mapping to Mallyx's outpost), they were greeted with an in-game ban (one of them has posted here about this recently).

It's a shame I don't remember my NCSoft account username or PW because then I could help out!

I think it was the armbrace dupe. As far as I know, mapping to that outpost required hacking the client. Correct me if I am wrong.

they may ban those ppl which accidently found that glitch cause they may blame them they stripped those accounts..

It was where you could map right to Mallyx and fight him, instead of having to do all the DOA areas first. Basically you get his green drop and the gemstones, but as legit drops from killing him.

fenix and i were banned for about 4 hours after we sent in the duping method. gaile got our accounts fixed almost immediately after we got a message to her.

Right. I was posting about 2 separate exploits. The duping one was when 2 guru members duplicated a red dye as pointed out above. Their accounts were returned after the automatic bot ANet ran banned all the duped item accounts.

But as far as I know, it was impossible to map to the Ebony Citadel of Mallyx outpost initially without hacking the client to allow that. Other people could tag along in the party of someone who hacked their client to get there or someone who was "anchored" there from their hall.

Since it seems that the people who are getting logged into this way are people who are logging into their NCSMA from elsewhere, I'm going to put this under "Things To Not Do". No point in trying to crack into someone else's account if it's going to make my own vulnerable at the same time.

Umm, huh? She is saying that they can't duplicate this, implying that it's not possible. That's about 180 degrees away from "yes, it's possible, and it's our fault..."

I'd recommend that you re-read the original post.

Precisely my point. Say in the near future they figure out how to track who is doing this (say, anyone who has tried to log on 200 times in an hour). Then people trying on Gaile's behalf get thrown into that pool, and poof, you are perma'd.

Besides that, I sure as hell don't want someone to get into my NCSMA by doing Gaile's bidding.

I'm not bothered by there being security related glitch.

I'm not bothered by them not knowing what is wrong.

I am bothered by the fact they are still allowing people to log into their NCsoft accounts. All log ins should have been disabled right when they knew something like this was up. No excuses.

I'm guessing that they don't think that there actually is a problem with the NCsoft accounts (NCMAs). The only people that "know" that there is an problem with the NCMAs is the player base. So from NCsoft's point of view, "why fix it if it ain't broke!"

But even if they did think that there were problems, they wouldn't be able to instantly disable the NCMAs, since there are things that need to happen which depend on these accounts, so at this time, they are required. NCsoft wouldn't be able to disable the master accounts until substitute processes were put into place.

So Cuilan, when some random person makes a random accusation about guild wars being easily hackable, without actual proof or it being reproducible, anet should just shut down guild wars for all of us? Or do you see how that might be the wrong action?

Just so everybody knows, screenshots of you being inside of somebody else's account aren't good for anything apparently. I'm not exactly sure what they want from the community, really. Anything the community can possibly provide (unless they do some illegal shit to the NCSoft website) is too "vague" and not "worthwhile".


...meh. At least we got that previous password thing in there.

Theocrat: Any information provided will be followed up on by the NCsoft security team. At this point they're focusing on trying to replicate the error. Screen shots help, but they just show that there might be a bug, and the security team is digging much deeper, by trying to verify that the error exists. We sincerely appreciate those few people who have provided us with information.

Please keep in mind that, so far, we have discovered no malicious compromises having occurred in the manner described (random account switches). As I told you all before, we have added additional logging and security measures to further strengthen existing processes and preventative systems.

I imagine they need stuff like time/date, account names and IPs et al.

Automated login scripts and the like don't seem to produce the bug. It's has to be a human doing it. Someone I have no reason to doubt set up a script to do that and was unable to log in. Another person was able to reproduce it first try. Another user reported getting into a different account after a few more tries. Several hundred, I believe.

That may be the reason you haven't been able to reproduce it up to now.

Short of recording everything we do, there's no other proof we can give to you. But we do care about this, that's why some of us put in the work. Take it or leave it.

(I would name names, but I really don't see the need to, especially if it may result in some kind of disciplinary action from NCsoft.)