Security Breach On Guru? Now my account is hacked.

Just letting everyone know that 2 of my accounts were hacked this morning, and today i saw a security breach waring on top of this forums, they stated that no date was retrieved and im not saying that this is why my accounts got hacked but it kinda happened one after the other, im not here to QQ or anything like that. I contacted support and i am trying to get my accounts back atm, just looking to let everyone know what is happening to me and to advice you to change your passwords not only ingame but on your ncsoft account as well (because i think that's how they reseted my password) dont let this happen to you.

The only way a security breach here on the forums would matter is if you use the same email/password combination for the game as the forums. (In which case, you are lacking in security yourself already).

This is why you use separate emails for game/website. And at the very least have different passwords for them if you don't have access to multiple email addresses...

I am afraid i do have the same e-mails for here and the ncsoft site, however my ingame email is different, but they somehow managed to get into my ncsoft account and reset my password, i have no idea how, the point is it happened :/

Also don't use the same passwords for forums and in-game logins..or anything else.

Sorry for your loss.

Sorry to here about your account. Chalk up another victim for Swiss cheese security on the NCMA. Now, can we please see the "you must know the old GW password in order to reset the GW password from NCMA" requirement return?

Anet is trying to do something about this. Even though they're being reckless... I had my account banned for account theft, even though I haven't stolen anything. They're very unwilling to help either.

Well that sucks.

for this reason i never left any of my IGN's on guru..anywhere

That's not an option if you posted your IGN in a thread that was later locked. (Trade threads I'm looking at you).

My only option was to buy character renames for all IGN's I'd ever posted on guru :-P

sometimes, u have to leave IGN....ie. for trade
actually, it would be nice to have a option to bind the account to one or two IGN. That way we can leave the alt's name in forum.

Simple answer: use different passwords for everything. Basic internet security, people.

yeah that sucks

More than likely this doesn't have anything to do with this site. The last I knew about the "attack" no data was actually taken.

Regardless, this is why sites need to announce there might be a possible security issue the moment you even think you might be compromised. It's not about saving face in front of the community or unnecessarily scaring people. It's about protecting the users.

If you account hack was related to the breach of Curse servers, I'm deeply sorry. Let me know if you're going to roll another account. I've got some spare gear if you need it.

Just fyi in the past mods have been willing to remove IGN's from locked Ventaris threads. I had my ign removed from a handful of them a few months ago.

yes if you have your ign in a locked thread anywhere on guru you can pm me or another supermod to have them removed. We DO understand the need for security and are willing to clean up ....

(and yeah I never leave my ign any where, didnt do it before it was a security question either).

I do like this idea... Would make it harder for someone to just waltz in with details of one character. I did think when setting up the security question "Wow, this is loose..." Normally security questions are related to things entirely irrelevant to the game/product you're using. If you really can't remember the answer to a security question as basic as your mother's maiden name, then no offence, but you're a bit slow. If you've been away from GW for a length of time and can't remember ANY of your character names, you're a bit screwed. Also I'd hate to think about how it could be exploited to access people's accounts by claiming to be them and "forgetting" your password etc :/

I do think account security needs to be tightened (why not a PIN code which is reset via email + security question if you forget?). It seems silly for them on the one hand to want to encourage player interaction and on the other make it more complex due to the glaring security flaws making it unwise to post one's IGN.

Jeez. I can't believe that after all this time, people STILL don't get it.

If thieves get into your NCsoft master account, THEY DON'T NEED ANY PASSWORDS

Of course everyone should use different, strong passwords for everything.
But that is NO USE whatsoever when NCosft's security is breached.

Last year they were getting into people's NCsoft master accounts... WITHOUT KNOWING THE PASSWORD for those master accounts.
Once they're in your master account, they can set a new GW password WITHOUT KNOWING THE OLD ONE.

And it's sounding to me like they may have found a new way into the master accounts.

Which is why your IGN is so important to protect. Every time a flaw is found and exploited in the NCsoft master account "security"... character name is your ONLY protection against the thieves. It's the one thing they can't see/change in the master account.

Well thanks for that. But I think I would have bought the renames anyway. Once you post something on the internet, it's not so easy to delete it. There are backups, search engine caches, etc... and for all I know thieves might have been routinely harvesting such information from forums, for years. I feel safer with all-new IGN's.

This. And two threads in riverside on "my GW password was changed through NCMA" in the past week might yet be coincidence, but it implies with some strength that the NCMA is indeed vulnerable again.

The requirement that you must know the GW password in order to change the GW password from the NCMA should be put back in place immediately.