NC Soft Linked Accounts Vulnerable Again

Got a "Password reset success" e-mail from NCSoft Support today, which I verified to be accurate. Problem is, I didn't request my password to be reset. When I re-reset it, nothing about my account had changed, so I'm assuming whoever tried to hack my account got stopped by the character name portion of the login. For what its worth, I traced the IP to South Korea.

So if they didn't reset my password in-game, they must have done it through the NCSoft site, much like what happened to me (and hundreds or thousands of others) a while back. Beware of accounts linked to the NCSoft site, as I believe their security hole is back.

Support has been super helpful (as usual), getting back to me a whopping 7 hours later with a response that my ticket would be forwarded onto the accounting department. I expect that that's the most helpful information I'll get out of this.

Flame this, close this, deny this, do whatever you want. Not looking for answers, just trying to warn others so that they don't lose the 3 million gold I lost the first time this happened.

Thanks man. I was also screwed during the last round. I wish I could change my email address, or they would allow special chars; the bastards are so not helpful . . .

so glad im not linked to NCSoft....

I wish I could say I'm surprised, but I'm not.
Let's just hope a-net has learned their lesson and keeps GW2 as far away from the damned NCMA as possible.
Sigh....

I welcome the challenge. ME vs. THE WORLDDDDD

So long as your character names are secure, then hopefully so will your GW account. Mind you, it's concerns like the above that really makes something like the opt for a WoW style authenticator, proper account recovery and delete protection essential in GW2

how does one get linked to NCsoft anyway? Im trying to figure out if i ever did that or not

Most people got linked with the free storage panel, or if you have bought anything through the online shop.

Also:

Keep usernames/passwords for forums separate from usernames/passwords for logging into the actual game.

Most MMO hacks happen when a community forum is vulnerable and stolen usernames/passwords are used to log into the game.

Nevertheless, its a dumb joke that you can change the password for your GW account through the master-account w/o even knowing the old password

this reminds me of my one time dealing with them. when they had the free storage panel going for having the game and all the expansions, i couldn't get it to work cuz i lost the account name. so i contacted them and they actually asked for my game keys. wtf is up with that? i was told to never give it out and they needed it for what? i obviously have all the content. it was all paid for. what needed to be authenticated. just add the panel that was so generously offered and advertised (to get people to buy missing content imo). the only thing that came to mind was they would be able to reset everything with that info. going to email them one last to see if they could just add the panel. doubt it will happen.

This times 1million.

Too bad ncsoft is busy making shitty korean mmos to fix it.

This is what bothers me. Not the account linking.

Here we go again, every few weeks a thread like this pops up (I still remember mine) and nothing gets resolved at NCSoft. It's a shame that ArenaNet has to put up with this Security-flawed system, I bet if they were in charge of something that important they would handle it way better than NC. Hell, anyone could handle security better at this point.

I don't understand (as in "It won't go into my frickin' head") why this problem is still not resolved, even when we faced major security issues over the years with this mindboggling NCSoft Masteraccount.

And I guess this thread will just dwindle down like the others, because it is never a problem until it affects YOU.

And then the ones telling others that it was probably their own fault are QQing on the next thread.

I sure hope that by the time GW2 comes around all this will be out of the way. The game can get the highest ratings, if the customer support and security is left in the hands of NCSoft you will not have much of an account to play with for very long.

Someone at Anet needs to step up and tell it how it is: Security at NC is terrible, and it needs to improve! How about putting that in your financial report for next quarter...

Actually, there was a huge thread on this months ago when a lot of pressure was put on Anet to do something. They did so, which is why we have the character name field on login. As soon as they did this reports of hacks dropped off substantially.

So Anet didn't ignore the community and you can tell from the tone of their responses at the time and historically there was a degree of tension between themselves and NCsoft. I suspect (and this is pure speculation on my part) that the solution Anet implemented was partly born from this frustration. I.e if you won't fix it, we will.

What is clear is that lessons need to be learned for GW2.

This.

I can't think of any other company that allows you to change your password without providing the old one first. It's like they are trying to make hijacking accounts easier. Newsflash! I'm not buying another account or any other NCSoft game if my account is compromised because of their stupidity. Business is gonna be baaaaad... nerk!

Is requiring the old/current password really too much to ask? It shouldn't be.

During the last spate of account thefts, due to master account (lack of) security... they actually put in that requirement.

But later, after the dust had settled, and A-net had largely fixed the problem (for GW, not Aion etc) by adding the character name check...
...they took it out again

Incredible. This makes it indisputably clear, that NCsoft do not take security seriously. NCsoft simply should not be trusted with our accounts.

This is why I do not want GW2 to require an NCsoft master account for any reason.

Lucky for us (and OP) that A-net put in that character name check, because it was only a matter of time before a new master account hole was found and exploited.

But it's still unsatisfactory: our IGN's are our only defense against master account breaches, and now we have to be careful where we post them. That sucks. I hope GW2 offers something better than that, and ideally the option of securID-style hardware.

Me too......

I as well am perturbed.

I agree, and the attempt that anet made to try to keep others out (the character name--which I NEVER put on any forum)....security is still very weak.

I doubt ncsoft even cares about this since they have all the moneys they will get from this game when you buy it (basically) why bother with real security??? Its pretty sad.