Support group messing up beyond all recognition

Okay...this is gonna be one massive text (and forgive me for lousy grammar and vocabulary English isn't my primary language)

Where to begin...about a week ago my guild wars account got hacked for the second time in two weeks...like the first time I had to wait a few days before I received help from the support group...here's their first explanation for me getting hacked twice in a row:

Your account has been accessed by a Real Money Trading company from China again. This indicates a a larger issue. We recommend that you run a full virus scan on your computer before entering any new password information to ensure the security of your account.

I believed them and updated all my virus scanners and removed all bad 'stuff'...after a few days I still didn't get a response for helping me resetting my password (resetting via the log in screen didn't work).

Now this is where they really dropped the ball...my e-mail adres is Posting your email is a bad idea ...today I got this mail:

Thank you for contacting NCsoft(R) Support! Your gw game account Posting your email is a bad idea password has been reset to *******. Be aware that passwords are case-sensitive.

They send me the name of another person's e-mail...and his new password...how messed up is that? Funny thing is I still can't play guild wars!!!

Update:
Thank you for contacting NCsoft(R) Support! Your PlayNC master account Posting account details is a bad idea password has been reset to ******. Be aware that passwords are case-sensitive.

Once again...wrong account and thus wrong e-mail

They... sent you a login and password for someone else's account?

...

Yikes.

Yeah...twice

Hmm...to my knowledge, this issue hasn't been reported on the forum up to now. Interesting indeed.

You'll probably want to post this on Gaile's wiki talk page. That's a quicker way of getting ahold of her.

Actually, her support page would be better: http://wiki.guildwars.com/wiki/User_...Support_Issues

Let's see Gaile talk her way out of this one. "OH! It was a mistake. We're just sooo swamped. You have to understand we're just dealing with so much, mistakes happen. We'll review this immediately."

Hi Nick,

Thank you for providing that information.

First, I accidentally reset your password for an account that was not yours and sent you that password. Please disregard those passwords as they have since been expired.

Additionally, your NCsoft master account and Guild Wars game account "@hotmail.com" passwords have been reset and the automatically generated passwords have been sent to your @hotmail.com e-mail address.

So you now have someone's Guild Wars email account login and their Master Account NCSoft username. As far as I recall you can't change your username or your account email. Kind of backs that user into a corner.

Very frightening........i thought it couldn't get any worse...it just did!

Were I in your shoes, I would probably get in touch with those people whose account information you were sent, and make sure they are aware of the issue and have since changed their information.

They should be notified that their account was, for a while, completely compromised.

You're not the only one who made that sugestion...will do that right away, thanks for the 'tip' all

When the first BIG RED message popped up i promptly changed my password. From that point within 8 hours i couldnt access my account. There was a SNAFU with my password not being able to access my account(new PW)

About 2 days later i received the EXACT SAME responses you did Lanvin. I have an account name and password that does not belong to me. NOW i did dump the info upon receiving it. But its pretty spooky thinkin this is something that has happened more than once.

I figure if it happened to me and to lanvin then its happened MANY MANY more times. I wasnt even going to bring it up until i saw this.


Cronk

I FEEL SAFE AND SNUGGLY!!!!!

someone please get this mess up to the proper people A.S.A.P.
-thanks.

/edit
in this day and age that sort of incompetence is unacceptable, no matter if it is due to human or automated error.

The lesson I draw from this is to never, ever petition support again for anything other than complete account disaster. I'd assume they won't randomly do anything like this to an account if we don't put it on their plate.

unless you are the one who's account/credit card info has been given to a complete random person.

It may be worth doublechecking that the communications weren't part of a phishing scam spoofing to be NCsoft.

I let Gaile know about this in the proper place here.

OP, just so you know, she will need more information. You need to follow that link and provide her with your support number, etc.

I'd assume they wouldn't accidentally give anyone my account info unless they were doing work on my account as well. So, if I don't have them working on my account, they can't mismanage it. Maybe I'm being optimistic, but surely, they don't just pick random account names out of a magician's hat or something?

I feel the same way. I haven't and will not go anywhere near their mess/site/support unless absolutely, positively necessary. We won't get the details of their problems, so it is safe to assume that ANYONE and EVERYONE is not immune to this sort of incompetence. unless told otherwise.

Don't delete those emails yet, you can forward them to Gaile once one have her email addy that way she has sold proof that there is a huge hole in security.

fixed it for ya....and yeah, makes me feel that much better knowing that we have people working on these that are less than competent.

Pretty bad support blunder, however something is missing here:

What occured between the first time you were hacked and the second time? Did you update and run any scans after the first hacking incident? From your post you lead me to believe that you did not since you mention that "I believed them and updated all my virus scanners", after the second hacking incident!?!

It took TWO times for you to get hacked by what appears to be the SAME Hacker for you to "remove all the bad stuff". With the new requirement to have a character name the hacker had to know your character names, unless this happened before the new security changes.

I find it very curious that the phrase " Your account has been accessed by a Real Money Trading company from China AGAIN. appears. This is screaming infected computer!!!

I have to ask: Did you use any of the gold/item buying sites?

After everything people have been through lately getting ANET to add additional security measures you manage to get hacked twice in two weeks by what is most likely the same person!!! Give me a break!!!

Again, agreed resetting and sending you the wrong account is a very bad support error. IMO your errors are worse.


Also noticed that the support email asks you to update and run a full scan BEFORE putting in your new password. Did you do that?

Who was the GM in charge that was helping you? If it was the same clown who effed my acount up, I might actually reopen my ticket.

Support people were probably beating their heads against the wall after the incident happened AGAIN!!! So far this is maybe the second type of this error to occur in 4+ years that I have seen.

This guy and Killed, while it is a bad error. IMO it is not the HUGE security issues that we had before.

Also this is strange too from the second email correcting the blunder:

Please disregard those passwords as they have since been expired.

How long did this sit for those passwords to have expired.

Maybe I am the only one but there is more to this story than we are getting....

Never used any of those gold/item buying sites...
Nobody knows the password...only used that password for guild wars and guess what I had the same pw for four years...then I changed it because of the red text and 3 hours later I was hacked...

And yes I updated my virus scanners before I entered the new password...not that I really feel the need to convince you First you suppose all my errors and then you say they're worse than theirs while I never even made an error

I'm sure there is more to the story. on both sides.
as far as the "please disregard blah blah blah" it looks like the support liaison realized what they farged up and kinda corrected it.

"Whooops, I just gave your account info away(to another user), but I deleted/invalidated that info(along with the other person's account info) and tried adding new stuff to your account as well as theirs" sounds about right to me.

This is EXACTLY what I was wondering. I definately do not think the OP is telling us the full story and/or is lying about something (such as the whole "I did not go to any gold selling sites" and "I did a virus check BEFORE changing my password" yada yada yada.


Just my $.02 on the matter.

Could you please forward the entire email ticket to [email protected]. We will look into this right away. Thanks.

3x counting Cronk and a possible 4th if Killed u man's incident can be confirmed.

No you are adding in stuff and not reading his post and assuming things with absolute no facts then trying to fill in the gaps thinking something is missing.

Okay this wasn't what I had in mind when I started this thread First of all yeah I am an amateur when it comes to computers so maybe it was my own fault that I got hacked (twice omg!!!!) altough I must repeat: I've never been to a gold buying website honestly....and never gave me password to anyone! Also I had the same pw for years and never had any problems...when I changed it because of the red text the problems began!

But it was never my intention to blame anet that I got hacked...all I wanted to say was that they send me those account informations of other persons...and when I read the information I started with I don't really think it would appear I'm accusing of anet for getting my account hacked...And finally...I was able to change my pw through ncsoft like...5 min after I started this thread through the help of guildwars support (whom I thanked in a mail and do so at this moment again)...

It's true that it's not anets fault...It's also true though that anet's gonna have to pick up after ncsofts RED ENGINE GORED ENGINE GORED ENGINE GORED ENGINE GO ups...

*points at my character name in the login screen*

Sadly this is true. But Arena.Net is doing an amazing job at picking up after NC's constant f*ck ups/refusal of security improvement.

While you may want to make this about the (IMO) rare screwup by support, there are other issues that are very important and fresh in many people minds about the security holes.

Your getting hacked 3 hours after changing your password screams keylogger. While you do not have to explain what you did it would help to be very specific to find out if it is indeed ANET/NCsoft still having issues or if you are the victim of some kind of keylogger.

Despite what anyone here thinks (fay vert) this is important stuff to find out because of all the new security updates that everyone here (myself included) asked for repeatedly. If you do not believe me then check out my posts in these threads. Hardly what I would consider a cheerleader for ANET or a blame the OP first person.

http://www.guildwarsguru.com/forum/a...t10419779.html
http://www.guildwarsguru.com/forum/p...tml?t=10416505

Again I AGREE that it is a big blunder on the part of support. But this is not like the reports we were seeing almost daily of people being hacked. There are just too many questions that need to be clarified that have nothing to do with one support person screwing up.

If you were the victim of a keylogger then say so and I will be happy to move on. If not then please provide as much information as possible to what happened.

You claim no errors on your part, are you aware of the recent security upgrades to ANET and NCsoft sites? You state that ANET excuse for you being hacked twice was due to Real Money Traders (RMTs) from China the way you state this is like ANET made this up. However there was a rash of accounts being hacked by the RMTs. This event led to the recent account security upgrades. 2 weeks later you come on here with your story of being hacked twice in 2 weeks and the support screw up.

While I do not deny (nor did the support guy deny) the screw up this may be a deeper issue. But on the surface it looks like your computer may have been comprimised or your information was taken from some other website breech (also recent), but I throw out the second possibility since you changed your password.

For the ANET upgrade, How did the hacker get any of your character names to access your account the first time? If you have any clue to this it would help to shed some light on the security issue. The second time I can understand since the hacker was in your account previously.

Or

How did the hacker get your old password the first time to be able to change it on the NCsoft website? this is now a requirement to change the password from the NCsoft site. Perhaps from the website breech, but then how did they manage to get in a second time.

What exact dates did the first and second hackings occur?

What was the results of the scans was any "bad stuff" found? If so what.

Another thing I find curious is that you do not mention any item losses or things stolen/deleted, originally you mention that you still cannot access your account but the second email from support corrected this issue. Did the second email not give you access to your account.

Glad to hear that you got your account back .

Still would like to know the details due to the recent security issues that I linked previously.

This doesn't bode too well for Guild Wars 2, no matter how good it is. When the reviews/blogs come out talking about it, you can rest assured at least some of the bigger ones will comment about previous security problems with NCSoft and link to these and other forums, just as many of them are doing now with regards to Guild Wars and Aion.

This may not appear too bad now since it concerns a game that was effectively given up on, but it's most certainly going to re-surface around the time Guild Wars 2 shows up. Even when everything is fixed (which I am sure it will be, eventually), it's still enough to scare people off.

After all, who wants to buy a game and spend time in it from a company with a history of security issues (real or not is irrelevant as the appearance of having security issues is enough for many people).

When the dupe issues popped up, quite a few posts pointed back to the Diablo era and the fact that many of the devs came from Blizzard. Hopefully they'll keep those issues in mind as they devote more resources to straightening all of this out.

EDIT: Of course now Diablo 3 is coming sometime in the near future, though it's been a considerable length of time since the last one, which helps people to forget the bad and only remember the good.

You still need to forward Gaile those emails like Regina asked. They really want to figure out what happened so it doesn't happen to other users.

It was my account Information he recieved we are both currently fixing the situation.
Vry scary stuff.

As well i sent in a Gm ticket about the issue and they quikly responded saying they indeed did make that mistake. but as soon as it was realized what happened they made they password that was sent invalid.

and im still unable to log onto my account due to the fact i havent recieved the new pass word any thought??

Contact Gaile on her support talk page here. She'll help you out.

Just wondering (rhetorically), when did NCsoft realize what happened? After it became an issue on these boards, and communications were sent to ANet?

How many incidents are going on which NCsoft hasn't yet realized that they may have made an error?

With all the recent concerns about security breaches and account hacks, and some degree of "fingerpointing" at players for lack of maintaining secure account credentials, this is incredibly irresponsible on the part of NCsoft. Their processes are obviously lacking in a number of areas.

how can i screen shot something that wasnt ingame. as well ive sent several emails reguarding the issue forwarded them to gaile done all i can just need to wait and see.