Happy Fun Security Issues

I am too tired to write commentary, so consider this a public service.  If you have an NCSoft Master Account for Aion, City of Heroes/Villains, Lineage 1/2, etc. or you were dumb enough (like I was) to link your Guild Wars account(s) to the NCSoft Master Account (for silly things like another Storage Pane), then I suggest you read this thread.

The tl;dr version is that security holes existed in the NCSoft Master Account page, according to fans, that allowed people to randomly access other people’s accounts by merely signing in to their own accounts.  Then you could do fun things like change game account passwords without needing old game account passwords or jot down personal information.  The powers that be are working hard this weekend to fix or ameliorate security and information issues.

The most pertinent posts are: The OP.  The Aion fan who knows things.  ArenaNet’s Community Manager response.  ArenaNet’s Support Liaison response.  Holiday Hacker’s guide to the NCSoft page.  ArenaNet’s Community Manager response in lieu of the support response.

Good luck to all those that were hacked, and thank you to all the people working this weekend to deal with the issues.  It wouldn’t be even half as bad if there was a way to recover deleted Guild Wars characters, which is something that should be fixed in Guild Wars 2.  But, still a good quick New Year’s resolution is to change your passwords for the precious pixels we pretend to own.

–Ravious
a crescendo, annie

7 thoughts on “Happy Fun Security Issues

  1. Longasc

    I did not manage yet to get into another account at random. But I recall that during Aion release I suddenly had “wrong” and “missing” games after logging into my account. I relogged and the problem was solved. Now I fear it simply was not my account… :/

    Scary is that even a new and very complicated password is not going to safe one from the security holes. You can become a random victim at the moment and this is scary as hell.

    P.S.: Three of my friends got hacked. We assumed for two social engineering and carelessness. This can explain the third hack.

  2. heartlessgamer

    I don’t buy it. The account system in question require manual, repeated password entry to access/change account details. One accidental login gets no where near the devastation that players are reporting.

    Or I am completely wrong about the details, since I no longer use my NCSoft account.

    1. Ravious Post author

      It doesn’t matter if you use the NCSoft account. What matters for Guild Wars, allegedly, was whether you linked it or not. Once linked anybody that could access your NCSoft account could on a die roll obtain access to your account. Because your Guild Wars account was linked they could read your account name and change your password to a new password from the NCSoft account. For Guild Wars security, I believe that, for the most part, this has been fixed or gone in the right direction because now the accesor has to have your old password.

  3. Blue Kae

    Not sure what’s going on with NCSoft and ArenaNet. When did they start this whole character name to login stuff? I was going to jump on for a quick look around, but it has been six months or more since I was one last and I have no idea what my character names were. We’ll see how support does at getting back to me.

  4. ag

    with such rampant hacks, the only just solution
    is to completely wipe all accounts after patching
    and let everyone start from 0.
    no one deserves to benefit from what theyve stolen.
    and there is actually hundreds of thousands of USD
    involved.

  5. beldeti

    I’m one of the many Guild Wars players whose have been hacked. And no, I don’t have Aion.

    Luckily all characters were left intact, and what I lost I could just get back by playing normally.

    Password’s been changed in-game, not via my NCSoft Master Account. Hope my luck holds this time, and that appropriate security measures are established. It was painful getting hacked the first time around.

    @ag: a game-wide wipe would hurt those accounts not hacked too. Also, there’s character-based and account-based Guild Wars titles that require considerable investments in time, effort and grind in varying degrees. People have been working for these titles in preparation for a carryover to Guild Wars 2. Nobody would relish the thought of starting all over again.

    1. Ravious Post author

      Sorry to hear that Beldeti. I am glad they weren’t wholly malicious (which deleting characters is). Luckily, there are only a few super valuable things, which can gain some permanency in the HoM anyway. Hopefull you have a speedy recovery. :)

Comments are closed.