What to do after being Hacked?

Interesting.

I logged in yesterday to find a very inactive friend logged in and on a character that I rarely ever saw him play. He was showing up as afk on messengers, so I sent a txt asking about it and he confirmed that it wasn't him on the account. He was at work. I eventually found his assassin being used as a bot in ToPK. (Hey Anet! HINT! HINT!!) I asked him about the e-mails once he got home and he said he couldn't find anything from NCSoft about a password reset or anything else. The password was obviously reset since he couldn't log in.

I was wondering if the hacker had gone that extra mile and changed the e-mail address, so I went into my account and changed mine to see what would happen. I instantly got an e-mail from NCSoft on both accounts.

The old account got a notification that someone at XX.XXX.XX.XXX changed the e-mail address associated with my account. The second account got a verification code and instructions about how and where to use it. Both e-mails were sent at the same time. The notification e-mail instructed me to contact support if I didn't change the address. Really?! Why the hell should we be forced to jump through hoops with support when they could do something as simple as ask us if we authorize the change before sending the verification code to the new address? I didn't work my ass off for the things I have in game just to lose it all because they refuse to do simple things like ask me to verify that I want an e-mail address or password changed. I don't mind having to click a few more times to change anything related to my account and anybody that considers it unnecessary or annoying is probably playing for the other team.

The friend I mentioned here was the second person from my friends list that has been hacked in the past week. I'm not sure about the other person, but I know that the one I saw online yesterday did NOT get e-mails from NCSoft. How the hell does that even happen?!

I enabled their latest security feature when I logged into my NCMA yesterday and I still don't feel confident that my account is safe. Oddly enough, my bank uses a similar method and I don't constantly worry about losing my money. I actually feel feel pretty vulnerable since I think I was on the FL of two people that were hacked and I have no idea how they became victims. They were both inactive and don't use RMT sites. I honestly believe there is something very wrong on the NCSoft side. :/

A little off topic, but I have to ask... what happens to accounts that were hacked and used as bots? Assuming my friend manages to get his account back, does he have to worry about getting Dhuum'd in the future if Anet decides to go on another massive banning spree?

Heh, I also was a victim of being hacked, although I stopped most activity on my main GW account years ago. Technically I quit the game, but came on every now and then to see if any friends were still playing, and possible play a little to see what has changed.

I think it wasn't till sometime last year that I decided to login again, but couldn't. After all my efforts to use all passwords I've ever used in the past, I still couldn't login. After giving up, I decided to put up a support ticket for it, in which they finally reset the password for me, and even then I couldn't login, because the account was banned. (Probably because it was used for botting. -_-; After that, I put in another ticket to get it unbanned, and it was handled swiftly, but all my characters were naked. About 8 sets of Obsidian armor gone, and tons more 15k prestige armor, not even counting the backup platinum and ectos/shards I had been hording prior to quitting. Yup, you guessed it, they just told me that I was SoL in terms of getting all my stuff back. Only things they didn't take were my mini-pets, which I'm surprised.

When I got hacked, it didn't really bother me much though, since I didn't really think I'd need the armor, money, weapons, and all those materials. Then I saw Guild Wars 2, and was so blown away by it, that it made me want to fill up my Hall of Monuments... Oh right, I had nothing... -_-;;

So, now I'm pretty much starting from scratch in terms of cash and working for HoM...

If you got hacked, immediately contact NCS about it here:
www.guildwars.com/support

Exactly. Such a simple measure, and it would have prevented my case of hacking. If you don't have access to the old account then you're stuck contacting support...but at least you're not contacting them because you were hacked.

There's no cure for bad passwords, key loggers, etc. Those risks will always be around. But there are routine security measures that NCSoft could take which would have stopped many cases of account compromises that I've seen posted lately.

Braxton, I think everyone here has already been through support. We're just dealing with the aftermath.

/signed for the simple measures as outlined about. Also, I admit that 99% was a number I pulled from my behind

I'd like to hope that GW/NCSoft implement something like the coin lock feature that Rift just implemented over the last couple of days. It would go a long way to protecting the assets that their customers have built up over their playing time. (Guess what I'm playing while waiting for my GW account to get sorted out ... ).

So I guess my friend got his account back today. The hacker stole his minipets, rare materials, roughly 200k, a few major vigor runes (lol?) and trashed all the equipment on his assassin that they didn't need for the bot. Other than that, he said his other characters appear to be untouched.

It's fairly obvious that the hacker wants accounts for botting ToPK. (Once again... HINT HINT ANET!) They actually went through the trouble of capping Shadow Form for his assassin and getting it through all the Prophecies missions required to access ToPK. (I guess that could be considered a not-so-bad thing? )

Keep in mind that he was one of the people that DID NOT receive a notification e-mail about his password being reset. NCSoft did not bother to offer an explanation about what happened or reveal the IP of the person that hacked his account. They simply allowed him to regain access to his account and told him that the culprit's IP had been nuked.

The number of people that have said something on here about their accounts being hacked is pretty small, but I feel like the number of victims is much higher. Go sit in any district of ToPK and tell me all those people look like legit players. I'm willing to bet that a lot of those accounts are stolen. I have reported a few that have been farming non-stop for days and they are still at it! Literally... non-stop. I used to go into extreme farming mode back in the day and even I had to stop to sleep every now and then.

It probably would have taken my friend months to realize that he had been hacked if I didn't log in the other day. I can only imagine how many others have been hacked and have no clue since they didn't get an e-mail. :/

Edit: Apparently he didn't get an e-mail when he regained control of his account and changed the password. Anyone else? Might be something worth mentioning to support.

I also got hacked the other day.... Was able to get support to reset the password yesterday but was banned during a GvG because my account was hacked. >.>

A couple of my friends have also had their accounts hacked recently... You'd hope that ANet or NCsoft could take the extra step to make our accounts a lot safer.

I was hacked on another game. Never been hacked on guild wars.
But personally I'd borrow materials from a friend or guildy to start farming and build it back up. :]

Don't know about anyone else, but I'd pay $10 + shipping for a physical second-factor authentication.

@Surgo, if the problem is keyloggers, a physical password generator is useless. Because if there's a rogue program running on your computer, it can do, intercept and impersonate anything that you do.

Restricting game access from certain IPs is a good idea... until you start thinking about it. One problem can be ISP's who like to regularly change their clients' IPs, making this feature useless. Another very basic flaw is that the restricted IP can be changed from the master account, so if the keylogger gets access to that it won't matter anyway.

Rift's Coin Lock can mitigate this issue because (presumably) it springs into action automatically, as soon as it detects a different IP for a certain account. But it depends on how the unlock is done. If the hacker already has access to the means to confirm the unlock... it's back to square one.

The problem of MMO servers is how to make sure that the person at the end of that Internet cable is who they claim to be. It's nearly impossible to do this perfectly. Ease of authentication and hard-to-hack are mutually exclusive, and it's hard to find a good balance. That's just how it is with any form of remote communication. Even face-to-face identification can be faked so...

Thing is, effort should be spent on preventing these hacks from happening, not on damage control once they've happened. Because as anybody can see after reading this thread, there's nothing left to do afterwards.

The only advice I can give you is:

(1) Keyloggers: once you got one, you're screwed. Unfortunately Windows makes it almost impossible to avoid getting one, by design (users are actually required to go download random software and install it). This is made worse by flaws in software you're running (browser, messenger, email client, Windows itself) that let stuff enter and install itself without you even knowing.

So consider having a different Windows install for GW, which is kept clean and up to date at all times, with the minimum amount of software installed beside GW. Also consider using stuff like DeepFreeze and Anti-Executable.

On a side note, if you run GW on Mac or Linux the problem is mitigated by multiple factors. Linux users almost never install random binaries off the web, there's centralized machine-wide auto-update and GW on Linux/Mac runs via a virtual machine of sorts (Wine, CrossOver, Boot Camp) which has separate files and environment which is easier to check/keep clean. Still, don't assume that as a Mac/Linux user you're invulnerable.

(2) Be wary of any forums you join. Don't use the same email or password as your in-game account or the master NCSoft account.

(3) Be careful who you give information that facilitates the login. Don't mention email addresses in-game, don't mention any IGN outside it. Yeah I know, it sucks not to be able to do that, to offer help to people on forums and so on. But as long as any IGN is an authentication factor, that's how it is. And I hope I don't have to say you should never tell anybody the password.

(4) If the master account is hackable, you're screwed anyway. So stop worrying about whether it's hackable or not. Sure, do the stuff above, but don't lose sleep over the master account.

IDEAS FOR IMPROVEMENT

The pool for private knowledge needed for login could be extended.

Idea 1: on the game login screen, show the pic of a random one of the account chars and ask the user to type its full name to login. Sneak in randomly generated char pics every once in a while and ask user to type "not mine" if they see it.

Idea 2: Make user answer questions like: on char X, my currently equipped weapon has a mod of ..... (single choice answer from given list).

* Lock the account after 3 login mistakes.

* Lock accounts who are inactive for extended periods of time.

Idea 1: I know enough people with a shitton of extra charr slots they use for storage with names like qfqfidoeqijdqsojdq. So, that one's is going to provide trouble to a lot of people.

Idea 2: Do you really think I remember what weapon which charr is wielding at every time? My ssin has like 12 diff shields sets and 3 diff armor sets, I don't bother remembering every time I logg off..

Also, you are going to severely punish people that would come back to the game after a 6 month break or something, they won't remember every charr name or weapon they have equipped..

At the "lock account" thing: also bad idea. I've tried to log onto Guildwars when: drunk (usually not a problem), stoned (never a problem), even did it when on shrooms once.. I am still amazed I was capable of typing my password then.. But my point, there are enough other people that play GW when drunk occasionally, but some might not be able to type their password correctly from the first try, so you'll penalize them too.

And, locking after being inactive is the worst idea of em all.. Why would one do that? The account is still property of the respective owners, and NCSoft/Anet is in no way in their rights to lock them for just being inactive.

There are better ways to secure accounts tbh..

You might want to reread the EULA you agreed to. The account is actually not your property, it is the property of NCSoft... and if they so chose, yes, it would be within their rights to lock accounts just for being inactive.

As to the rest, there are many ways they can make the login process or account verification process more secure, and I expect we'll see some of those methods showing up in GW2. Gaming account security has progressed by leaps and bounds over the years and they need to catch up. These are not stupid people, they are aware of the flaws AND aware of the potential solutions. What they are also aware of, unlike all of us here - myself included, which is significant since ensuring gaming account security and recovery is part of what I do for a living - they are also aware of the limitations of a) their software and b) their staffing.

Every decision has consequences - for the company, and for the players. In Bright Star Shine's post, we have an individual saying, "I engage in illegal activities that cloud my brain function... and I want the game to accommodate my choices and allow me to play while I'm impaired." So from his/her perspective, account security is important - but only if it does not inconvenience him/her.

This is the mentality a developer and publisher are up against. "Protect me or else... but you better not make me take any responsibility for my own security or inconvenience me in anyway."

Hell of a job, I can tell you.

That's not what I was talking about at all. Not a password generator...say, an RSA key burned into a USB device. The device would only communicate via USB events and never send the key, but rather would take the authentication challenge and perform the signature on-device.

A very simple mechanism for security uses an SSL encrypted code. The code resides on a USB device. That code was given to the USB device by the log in server of the game. The log in server knows what that code is. The next time the game tries to log in through the log in server it reads the USB device and sees if the codes match what is on file. If not, no log in.

The real security of a device like this is that the code changes every single time you log in. A person with an old code cannot do anything.

Getting a new code requires a person to jump through many hoops. This would stop almost all hacking attempts completely unless a person could write a MitM (Man in the Middle) logger for the device itself that would hack the 128-bit SSL encryption. Not impossible but VERY hard to do.

If you really wanted to get as close to hack proof as possible, use the above device with bio-metric date (finger print or such). That is how some top level security is handled. With the USB changeable key, a password and bio metric data the log in process is actually pretty painless but close to impossible to crack.

Well, Rifts coin lock system, as pointed out, is an issue if someone has access to the email account you have it pointed towards. But if someone has that information, then you have more problems than a hacked game account. But having seen it in action, I'm pretty impressed with it. I've also seen reports from people who were hacked who had their gear/characters saved by this very feature (there was an issue that Trion fixed very quickly with a vulnerability on the client that allowed people to log in without needing the username or password combination).

I'd love to see something like coinlock in place - and NCSoft have taken the first step by adding the IP assignation upon login. They just need to take it a step further (and require a code ala coinlock), and I'd love to see Anet add something similar into Guild Wars itself. And really, some kind of red flag should surely go up if an account that is always played in the UK is suddenly being accessed from China, for instance.

Also - I'd be happy to pay for an authenticator (as mentioned above) to keep my account safe. I really hope there is such a measure for GW2.

Got my account back, btw - and it was raided as expected. I haven't lost too much (just some superior vigor runes, some armour peices that were broken in the salvage process, etc). I've never been a rich player, since I blow my ingame gold on silly stuff like alcohol and sweets (which I burn through upon buying). I'm more annoyed that the hacker reset my UI and totally messed up my neat filing system i had going in my storage. Really, it's just adding insult to injury! But hey ho - my guildies have stepped up to help me get my characters kitted out fully again, and digital items aren't all that important to me. My characters are still there, so I actually have some inclination now to carry on trying to max out my HoM.

@Surgo, LordDragon: It doesn't matter how fancy the device that handles the authentication. Eventually it will have to send that data through your computer. Which is where the malware is waiting to sniff it. Game over.

Try not to let that malware in there in the first place, that's the best you can do.

The only way what you propose would work was if the entire machine you're using to play would be its own black box, unmodified by anything and anybody except its makers, AND it didn't have any vulnerabilities, AND nobody cracked its master keys etc. Which is what console makers are trying to do... and failing.

Security, convenience of use, freedom to tinker; pick two; and you really only get one.

I guess you did not see where the code changes every time you log in. Getting the last code would do nothing for them as it would change on that very log in. This is the way the military handles sensitive information and it works very well. You cannot hack the account without the current code, the current code device, and the password. The military adds bio metric data so log on credentials are not an issue anymore. Hackers HAVE to find another way in.

The person would have to hack the incoming stream AND the encryption not just the outgoing stream as that code would now be useless.

All of this is handled by the log on server and not the local client. It is all encrypted and nothing is typed in but the password. I guess you could compromise the log on game server but that would be the only way to get all the information you need and be able to use it. Even if the sniffer collected every piece of data that came out of the system and every piece of data that went back into the system they could still not use it. That is unless they can crack the encryption without the encryption key.

They could get the key from the log on server if they could hack that but if they can hack the log on server they really don't need your data anymore now do they?

I don't think you realise how completely a piece of rogue malware owns your computer while running locally with full priviledges. Key word being "completely". It can do anything, see everything that goes on. It's smart enough to understand what goes on. When it doesn't understand, it promptly receives updates that teach it the new tricks. There's human hackers out there who download all the client updates, break them and then teach the malware how to do it.

Stuff like changing things around, memory randomization, no execute flags etc. is primarily meant as a defence against remote code injection, which works blindly and just hopes the evil code ends up somewhere meaningful. If the malware runs locally all these tricks are useless. It's like trying to trick someone who can read AND change your thoughts.

Encryption is only useful en-route. Eventually information has to be decrypted so it can be used. The malware will be there when that happens.

There's no defence against this. You can not be secure on a compromised machine. You're not running the show anymore. Your computer is a puppet, a zombie, end of story. The only defence is for the malware to not get on it in the first place.

And a simple piece of proof: if the security you describe was possible, there would be no bots in GW.

PS: Out of curiosity, on what computers do you think bots run on? Do you think the hacker loads side-by-side GW clients on their own machine? The run-of-the-mill ones do, but the smart ones run them on zombie computers owned by innocent people. Why do you think it's so hard to ban bots? If all bots where in China or whatever, always on the same IP ranges, wouldn't it be easy to ban those? It's hard precisely because bots run on innocent person's computers, all over the world.

Urcscumug, I know all about zombie systems and bot-nets (and I am NOT talking about GW bots). You really do not understand what type of security I am talking about. That is fine.

I do understand what you think you are talking about and what I described above could only be hacked in this case.

If the attack came in between one log in and the next AND If the attacker somehow recovered or cracked the decryption key on the log in server (all encryption/decryption happens there)

So, even if they get the key and all the data going both in and out. Even if the program 'learns' which no program really does. They cannot get all the data at the correct time and deal with the encryption correctly.

And again, just adding biometric data to all of that would stop them cold. Now, they COULD use the information gathered to do other types of attacks but they are not getting through on the log in screen.

I am not going to go into any more detail but just be aware that this is how certain very secure sites deal with the combination of security vs convenience and they have never been hacked they way you have described EVER. Every hack came from another route. For more detail on why this is look up Identity based encryption and State based encryption. You may not find very much on SBE but suffice it to say that even if a zombie system could duplicate everything possible to read off of the system that was compromised (and had the encryption key!) the zombie system would still be rejected by the log in server.

Maybe, just maybe zombifying the very system that was compromised might get them in but even that is a long shot.

I don't understand why.

If the zombie knows everything, for all intents and purposes, the login server is unable to tell the difference between the human performing legitimate login and his zombie computer imitating a legitimate login.

Please explain further because I feel that I'm missing something. I'm more than willing to admit my ignorance (and learn something in the process) in case that turns out to be the case.

Cryptography at its core means two parties know a secret that nobody else does. It doesn't work if one of the parties got its brain rooted by villains.

What Surgo proposed (the isolated hardware device that only sends encrypted data through the computer) is the only solution that comes close. But it stops short of being perfect; if there's malware on your computer, once the authenticator does its job and your IP is allowed to play GW, the malware is free to merch your stuff or trade it to its buddies.

Ah! I see where i did not explain sufficiently. The temporary code could be sent in the clear with no encryption at all only to be 'decrypted' at the log in point. In my case only one system 'knows the secret' and that is the log in Server. The rest of the encryption SSL or such is there just to prevent MitM hacking.

SBE also takes a snapshot of the system at various times and reconciles that with on file information both local and remote. The ongoing snapshots are so close to impossible to duplicate that it can even mess the signature up on the exact same system if that system becomes compromised. A zombie system trying to duplicate that sig will be seen as a foreign system even if they get everything right. Yes, it also uses serial numbered USB devices that look and act like a standard USB drive. That is why I said such was used in the first post.

It is a combined effort to take as much authentication out of the hands of the user as possible. Again, it is THE method of various agencies around the world of preventing log on compromise. So far not a single successful attack has been made against such a system.

Well, credential attack There have been many well publicized breaches of some of these systems but they all came from OS exploits, browser exploits or firewall breaks and such. Basically the people got in after the person was already logged on and took partial control of the system. I say partial because after the system was logged out it could not be logged back in. The log in and credentials remained safe even though parts of them were known.

With massive amounts of super computing / distributed computing you might be able to get past such a system but there are far easier ways than that.

Now, if we had quantum state based encryption through quantum entanglement we could have unbreakable encryption. Any attempt to decrypt such an encryption would fail every single time even on the very machine that created the key. That is still science fiction but may not be for much longer.

Oh, and even with everything I am talking about it still only comes down to this on the user end;

Plug in USB device
Input username and password
play game

Urcsumug, I think you've got half of what I'm proposing but not the other half -- the signature changes every log-in. It's not that your IP is now authenticated (in fact, IP wouldn't figure anywhere into it) -- it's that when you log out and log back in you need to authenticate again.

I think I'm going to sit down and actually make said device in the upcoming month, just so I can tell people "it's not hard, they should be doing it yesterday."

@LordDragon: what you describe (examining the system, taking snapshots) can only be done by running software on the computer. Any software or data on the computer is under malware control => fail.

You're either not explaining it right or not making sense.

Of course the signature changes every login, it's based on a different challenge from the login server every time. In fact the server will issue challenges for all important operations.

Problem 1: You say it's not about the IP; but how will the server know which client is the "good" client? How will the device describe the GW client that should be allowed to login, out of the millions of clients installed in the world?

Problem 2: If you want to only do this for login, what I said stands. After a successful login, if the malware is on your computer it can strip your toons naked and that's it. So login is not enough (it would put a damper on botting, if required across the board; but not on account hijacking). You have to authenticate each potentially harmful operation (trades, merch buy/sale, collector exchange, quest taking/handing/abandon, item drops, map jumps, item destroy, salvage etc.) How does your device handle that? How will the device know if your client does things because you told it or because the malware told it?

Banking websites do it by giving out a challenge code and asking you to enter it into a device and come back with the proper response code. If you do this for every operation above it will be secure, but it's gonna get really old really fast.

I was under the assumption that an account could only be logged in once at a time -- is this not the case? Otherwise, the challenge-response could (of course) only happen when the USB device was plugged in. When you're not actually playing the game, you should unplug it from your computer.

I am explaining it correctly, I just think you are refusing to understand. I work with clients who use such a system (but also add biometrics) every day. It works beautifully and has not been hacked even after systems have gotten infected with specific key loggers/malware to their industry.

Every log on has to be logged in a physical book, every written down log in has to be cross checked with the log in server every day. That is how I know they have not been compromised via credentials. What Surgo is proposing is actually part of the system I am describing. Yes, Surgo, it already exists.

Again, this is about CREDENTIALS log on not other hacks.

The malware you talk about in your Problem 2 is easy enough to stop. Just kill the game! Hell, if my character starts running places that I am not running him I would kill the game client in seconds. Already have done that when the keyboard locked up once. He wouldn't stop running in circles.

For malware to stealth sell off your stuff and compromise your game account they would need to break the database/client/server interface on the game server itself. If they could do that I think we would be seeing posts about items vanishing while people are playing. Have you seen any? I haven't.

Oh, and the snap shots in SBE are both on the client computer and FROM the log on server. It is a combination of so many different areas that no malware in the world is going to get them all and get them all right. The fact is the log on sever only uses some of the information each time and even THAT changes.

The very act of intercepting the particular client with malware or changing the client itself causes the log on to fail. Read that bold part over and over and over again until you get it. that is the basis for the whole thing. Yes, that means that you would have to re-authenticate yourself if you put on a macro keyboard, logged in from another system, changed out your G15 for another identical G15, changed out your mouse, and more.

Yes, but that does not prevent the malware for kicking in when it detects the GW client running and doing stuff instead of you.

Still, the device would reduce botting by orders of magnitude (if it becomes mandatory) and it would prevent account hijacking, so there's value in the idea.

The first thing the malware would do is disable your mouse and keyboard. Not to mention that computer reaction time is about a million times better than yours.

Come on, give the hackers some credit, from what I've seen they tend to be rather smart.

Which has probably been done. And there's a large chance you don't have to reverse engineer the protocol, only to piggyback on the client interface. (I don't know, I haven't looked into it.)

It's not done because it's not needed right now. At the moment a simple keylogger does the job. If there ever is a need for more sophisticated tools, they'll show up, you can be sure of that unfortunately.

No, that's how you know it happens after it happens. Because the computers say someone logged in and the written log doesn't. Doesn't do prevention or recovery, only provides a [late] warning.

You're only describing effects of the system, not explaining the how. So forgive me that it took me a while to infer the how on my own, since you weren't helping.

The problem I had is that you seemed to be describing a device that is at the same time isolated from the computer and interacting with it. As long as I assumed that the device has to have a regular software presence on the system, I couldn't imagine what would prevent the malware from taking over that presence.

I think I may have figured out. You're talking about a hardware chip connected directly to the motherboard and/or the CPU, or even replacing the CPU, which means complete low level access and control to everything. Which is in fact an even more powerful form of mind-control than the malware. To make an analogy, the malware is like using telepathy to influence and control you; the chip is like cutting you open and sticking wires directly into your brain.

The problem is that this is not a trivial device to make or use. I don't doubt that the military or corporations use such a thing, but you can't expect ordinary users to use it. First of all, it would cost a bomb to design and manufacture such a device (even assuming you stop at a single special motherboard, not attempting to make mass-market models for any CPU slot). This is not something that can be plugged into USB on any computer and just work. There's nothing inside a regular PC that allows a regular USB device to do this.

And even assuming for the sake of argument it was possible; would you plug into your personal computer a device that has complete control and reports privately to a private company? Wouldn't you be replacing the malware with an even bigger evil?

A Cautionary Tale

My wife and myself have played Guild Wars just short of six years. The game has provided us with thousands of hours of entertainment. I have made friends from all over the world whom I never would have without this game. We have shared the triumphs of struggle and the agonies of defeat. For that I am grateful.

Through our guild and various alliances we have held Cavalon and HzH. Slain Urgoz countless times. Dominated the Challenge Ladder for years. We won the Hall of Heroes on occassion as well. As a guild we accomplished all aspects of the game with the exception of GvG. As individuals we attained GWAMM status and filled our Hall of Monuments. I personally have achieved five GWAMM's and was on course for the sixth.

However ..................

Last Sunday, my wife was unable to log into her account.

She followed the login instructions to reset her password, and waited the twenty-four hours for a response.

No response was made.

She contacted support via email and was provided assistance to log into her NCSoft master account and change her password.

She followed the instructions this morning, and found that her account had been stripped of her virtual worldly goods.

During the course of looking over her raped account, we noticed that my account was online.

I immediately attempted to login, and was denied.

I have contacted support for assistance regaining my account, which is most likely in the same pillaged state that my wife’s account was in. I am awaiting a reponse beyond the automated one.

The moral of this story is this ......

I have followed all the rules and taken all the precautions advised by Arena Net and NCSoft. No third party programs. Unique passwords that are not used anywhere else. No real money trades. Our computers are virus and trojan free. My wife doesnt even know my account password.

Based upon what i have read on the forums over the years, i can draw no other conclusion than the one that has been voiced by others. The NCSoft Master account is the only common element I have with those that have had their accout stolen.

Do not think it will not happen to you.

Unfortunately, this latest experience has left me somewhat jaded as to the future. I will not be an active player in Guild Wars anymore. As far as Guild Wars 2, I am undecided as of yet. However, should the NCSoft Master Account be needed to access my Hall of Monuments and bring forward my Guild Wars achievements, I dont believe I will be a participant.

Good Night and Good Luck All

W I C K E D