Pages: [1]
|
|
|
Author
|
Topic: NCsoft master account security compromised (Read 12515 times)
|
sam, an eggplant
Terracotta Army
Posts: 1518
|
|
|
« Last Edit: January 02, 2010, 08:45:37 AM by sam, an eggplant »
|
|
|
|
|
UnSub
Contributor
Posts: 8064
|
Thanks for the heads up.
|
|
|
|
Yegolev
Moderator
Posts: 24440
2/10 WOULD NOT INGEST
|
Fantastic.
|
Why am I homeless? Why do all you motherfuckers need homes is the real question. They called it The Prayer, its answer was law Mommy come back 'cause the water's all gone
|
|
|
NiX
Wiki Admin
Posts: 7770
Locomotive Pandamonium
|
Fantastic.
Don't you mean... FUNtastic?
|
|
|
|
Yegolev
Moderator
Posts: 24440
2/10 WOULD NOT INGEST
|
Maybe. Someone who isn't me might be accessing my NCSoft account right now. Since I don't remember my login ID and password.
|
Why am I homeless? Why do all you motherfuckers need homes is the real question. They called it The Prayer, its answer was law Mommy come back 'cause the water's all gone
|
|
|
CaptainNapkin
Terracotta Army
Posts: 395
Once split a 12.5lb burger with a friend.
|
Appreciate the warning.
|
|
|
|
Yegolev
Moderator
Posts: 24440
2/10 WOULD NOT INGEST
|
Apparently the only game under my "master account" is Dungeon Runners. EDIT: Hooray for Keepass and its password generator.
|
|
« Last Edit: January 04, 2010, 10:42:08 PM by Yegolev »
|
|
Why am I homeless? Why do all you motherfuckers need homes is the real question. They called it The Prayer, its answer was law Mommy come back 'cause the water's all gone
|
|
|
WindupAtheist
Army of One
Posts: 7028
Badicalthon
|
How's Aion doing, anyway? Because this thread doesn't bode well. Not because of the security breach, but because of the lack of reaction. If Battlenet were compromised now that WoW is on it, you'd still hear the screaming while sitting on the moon.
|
"You're just a dick who quotes himself in his sig." -- Schild "Yeah, it's pretty awesome." -- Me
|
|
|
UnSub
Contributor
Posts: 8064
|
I think NCsoft reacted, but has kept very quiet about it. A few announcements here and there about their games and that's it. It's probably best for them to go, "The problems are all fixed. No issues now".
The irony is that it was apparently updates to their security systems that caused the problems.
|
|
|
|
Setanta
Terracotta Army
Posts: 1516
|
I just got an interesting email:
Apart from the fractured grammar, it looks semi-legit but I'm not going to clicky the link because my Aion account never made it past the first 30 days :D I've sent NCSoft support a copy via the official site though because it sure as hell smells like a scam. I logged into Guild Wars; they've changed the login process, now you need to add the name of a character in-game to your password and user name. It looks like they are trying to sort it and sweep it all under the carpet.
|
"No man is an island. But if you strap a bunch of dead guys together it makes a damn fine raft."
|
|
|
Tarami
Terracotta Army
Posts: 1980
|
I had my credit card number stolen as a result of a breach in NCSofts account management, I think, a few months back. I wonder if it took them this long to find it.
|
- I'm giving you this one for free. - Nothing's free in the waterworld.
|
|
|
Setanta
Terracotta Army
Posts: 1516
|
Second email just arrived, their grammar has improved a little bit
NCSoft's customer support has escalated it but I bet you they've had their database of email addresses hacked at the minimum.
|
"No man is an island. But if you strap a bunch of dead guys together it makes a damn fine raft."
|
|
|
Shatter
Terracotta Army
Posts: 1407
|
There is quite a bit of phishing going on in game too, although you have to be a complete moron to go to the site and "login". I got a number of tells over Xmas for 3 different sites. Seems that with the BOT crackdown these gold sellers are now focusing more on phishing/scamming instead.
Jaion sends you a tell "Hey" You reply "sup" Jaion "Dont forget to claim you Christmas gift at nc-aion.com"
yeah...
|
|
|
|
sam, an eggplant
Terracotta Army
Posts: 1518
|
Scamming and phishing is a given with any reasonably successful game. The accounting backend being totally compromised is a horse of a different color. Really nasty stuff.
|
|
|
|
Chimpy
Terracotta Army
Posts: 10619
|
|
'Reality' is the only word in the language that should always be used in quotes.
|
|
|
sam, an eggplant
Terracotta Army
Posts: 1518
|
So people just imagined they were randomly logged into other peoples' accounts? Or they were flat out lying?
|
|
|
|
Lum
Developers
Posts: 1608
Hellfire Games
|
Given how many oversight hoops that article had to jump through to make it on the official site, I hope you all will understand if I can't comment any further on the subject.
|
|
|
|
Setanta
Terracotta Army
Posts: 1516
|
So people just imagined they were randomly logged into other peoples' accounts? Or they were flat out lying?
All I can say is the phishing attempts I received were made on a game that I hadn't logged into or been subscribed to past it's first 30 days. No RMT etc, running Nod32 etc, etc, I didn't make it past Level 17, didn't even go looking for info on the game past the official site. The chances of the randomly getting my email in direct relation to a game I had to register with on a website - well, I can put 2+2 together... can you? PlayNC were quick to get back to me to let me know it was a phishing attempt (which I was certain it was) - kudos to their customer support there (fortunately I'm not stupid enough to click links in emails automatically). :)
|
"No man is an island. But if you strap a bunch of dead guys together it makes a damn fine raft."
|
|
|
sam, an eggplant
Terracotta Army
Posts: 1518
|
I get phishing attempts for WoW on all my email addresses. WoW accounts are worth more than mastercard or american express cards on the black market. Lately I've seen a couple of Aion phishes too, and I never bought Aion. Hell, I never even bothered with the beta.
It's not exactly spear phishing. They cast a wide net.
|
|
|
|
01101010
Terracotta Army
Posts: 12003
You call it an accident. I call it justice.
|
Strangely enough, I absentmindedly clicked my Aion bookmark last night and decided to log into the master site. Password did not work. So I went to the forgot password screen and it told me both my answers to my "secret" questions were incorrect. I had pulled off all my info after I quit the game, but still...
|
Does any one know where the love of God goes...When the waves turn the minutes to hours? -G. Lightfoot
|
|
|
WayAbvPar
|
I have never used a password manager, but the sheer amount of accounts I have online for forums (fora?) and games is getting pretty large, and I can't keep recycling the same 4 or 5 passwords forever. Anyone have experience with them? Any recommendations? Free would be ideal, but I could deal with a small fee too.
|
When speaking of the MMOG industry, the glass may be half full, but it's full of urine. HaemishM
Always wear clean underwear because you never know when a Tory Government is going to fuck you.- Ironwood
Libertarians make fun of everyone because they can't see beyond the event horizons of their own assholes Surlyboi
|
|
|
Yegolev
Moderator
Posts: 24440
2/10 WOULD NOT INGEST
|
I just posted about this in the LotRO subforum. I currently use KeePass for work purposes and am starting to use it for personal stuff. It has fancy autotype which I adore, plus a handy password generator which is what I used to make my new 16-character LotRO password. Beyond this, I am afeared of losing my DB since I'll be properly fucked, and so have signed up for BackBlaze to back up my stuff.
|
Why am I homeless? Why do all you motherfuckers need homes is the real question. They called it The Prayer, its answer was law Mommy come back 'cause the water's all gone
|
|
|
WayAbvPar
|
Heh- have Keepass's FAQ open in another tab as I read this. How much of a pain is it to use? Do you use the master file or master password option? I can see getting a little USB dongle for my keys to cart around with me so I could access stuff everywhere.
|
When speaking of the MMOG industry, the glass may be half full, but it's full of urine. HaemishM
Always wear clean underwear because you never know when a Tory Government is going to fuck you.- Ironwood
Libertarians make fun of everyone because they can't see beyond the event horizons of their own assholes Surlyboi
|
|
|
WindupAtheist
Army of One
Posts: 7028
Badicalthon
|
I use a piece of paper kept in the desk drawer. I don't really forsee Chinese gold farmers breaking into my house.
|
"You're just a dick who quotes himself in his sig." -- Schild "Yeah, it's pretty awesome." -- Me
|
|
|
UnSub
Contributor
Posts: 8064
|
I use a piece of paper kept in the desk drawer. I don't really forsee Chinese gold farmers breaking into my house.
But now they know where to find it!
|
|
|
|
Yegolev
Moderator
Posts: 24440
2/10 WOULD NOT INGEST
|
Heh- have Keepass's FAQ open in another tab as I read this. How much of a pain is it to use? Do you use the master file or master password option? I can see getting a little USB dongle for my keys to cart around with me so I could access stuff everywhere.
It's not a pain. I use the master password, someone would have to install a keylogger to get the database password so I have not bothered with keys. The most bothersome part is clearing out the sample entries and making your own folders, but that's hardly a bother. I toggled the bit where it minimizes when you press CTRL-C, which copies the passwd to the clipboard; otherwise I usually use the autotype (CTRL-V) to enter whatever into the window which last had focus. For work, I was able to modify the default autotype so new entries all get 'su{ENTER}{PASSWORD}{ENTER}' instead of the webby {USERNAME}{TAB}{PASSWORD}{ENTER} default. If you don't want to bother with keybindings, the context menu lets you copy userid or passwd and trigger autotype. Anyone can use it. I use a piece of paper kept in the desk drawer. I don't really forsee Chinese gold farmers breaking into my house.
Hope you used a lot of characters on your paper, Wile E. Coyote. The main idea here is that KeePass has a password generator. You can write it down on a piece of paper afterward, or come up with your own string and write it down. I could do the paper thing but using KeePass is a lot more convenient when you have large, tedious passwords to type. Or cut-n-paste from a text file, I don't give a shit. No one wants your vorpal sword of ninja-killing anyway.
|
Why am I homeless? Why do all you motherfuckers need homes is the real question. They called it The Prayer, its answer was law Mommy come back 'cause the water's all gone
|
|
|
Lantyssa
Terracotta Army
Posts: 20848
|
I use Password Safe.
|
Hahahaha! I'm really good at this!
|
|
|
gryeyes
Terracotta Army
Posts: 2215
|
Ive received a non-ending stream of phishing attempts that begin with "NCsoft master account security compromised" in the past couple weeks. Even to a couple emails not attached to anything related to NCsoft.
|
|
|
|
Bricktop
Terracotta Army
Posts: 1
|
Just a heads up if you were, or are a registered Guild Wars Guru member. http://www.guildwarsguru.com/forum/guild-wars-guru-security-notice-t10423257.htmlLate Friday night the GuildWarsGuru database was accessed by an unknown third party. We caught it as it happened, but in that short space of time it appears they may have managed to obtain tables of user account information.
Their point of entry was a flaw in the WordPress software used to run the GuildWars2Guru.com front page. How they managed to get from there to the other databases is unknown right now, as it involved bypassing other security measures we have in place.
We've spent the 24 last hours tirelessly investigating what happened, patching up the exploit, and further strengthening security. It was important to inform the community as soon as possible, but we couldn't do that any earlier without advertising the sites vulnerability to others who may have more malicious intent.
So, what does this mean to you?
With the high incident of RMT hackings and phishing across MMO's rising we understand how serious this problem is, and the possible implications arising from this incident. Right now we assume the hackers motivation was simply to obtain the list of email addresses, for the purpose of sending spam. That may seem fairly mundane, but there's a big market for that information.
Anything more sinister would require the hacker attempting to crack encrypted passwords. The investment required to do that seems to far outweigh the questionable return, though we can't rule it out. As such, we urge you to change your Guru, Guru Auctions and Guru 2 passwords and/or emails as soon as possible. We also urge you to change passwords and emails for any other site or service you log in to with the same information you use on guru.
We apologize for this unprecedented breach, and can only assure that your security is of the utmost importance to us. We are gamers as well, and are doing everything in our power to minimize the damage from this by informing our community openly. If you have questions or concerns please feel free to post them here, and we will do our best to address them as swiftly as possible.
|
|
|
|
|
Pages: [1]
|
|
|
|