NCsoft master account security compromised

[sam, an eggplant]

If you have a NCsoft master account, time to change the password.

http://www.killtenrats.com/2010/01/01/happy-fun-security-issues/

We know that WoW accounts as an aggregate are sold for higher values than credit cards on the black market. I wonder what eastern european carderforum denizens pay for Aion logins?

[UnSub]

Thanks for the heads up.

[Yegolev]

Fantastic.

[NiX]

Fantastic.

Don't you mean... FUNtastic?

[Yegolev]

Maybe.  Someone who isn't me might be accessing my NCSoft account right now.  Since I don't remember my login ID and password.

[CaptainNapkin]

Appreciate the warning.

[Yegolev]

Apparently the only game under my "master account" is Dungeon Runners.



EDIT: Hooray for Keepass and its password generator.

[WindupAtheist]

How's Aion doing, anyway? Because this thread doesn't bode well. Not because of the security breach, but because of the lack of reaction. If Battlenet were compromised now that WoW is on it, you'd still hear the screaming while sitting on the moon.

[UnSub]

I think NCsoft reacted, but has kept very quiet about it. A few announcements here and there about their games and that's it. It's probably best for them to go, "The problems are all fixed. No issues now".

The irony is that it was apparently updates to their security systems that caused the problems.

[Setanta]

I just got an interesting email:


Apart from the fractured grammar, it looks semi-legit but I'm not going to clicky the link because my Aion account never made it past the first 30 days :D I've sent NCSoft support a copy via the official site though because it sure as hell smells like a scam. I logged into Guild Wars; they've changed the login process, now you need to add the name of a character in-game to your password and user name.  It looks like they are trying to sort it and sweep it all under the carpet.

[Tarami]

I had my credit card number stolen as a result of a breach in NCSofts account management, I think, a few months back. I wonder if it took them this long to find it.

[Setanta]

Second email just arrived, their grammar has improved a little bit

NCSoft's customer support has escalated it but I bet you they've had their database of email addresses hacked at the minimum.

[Shatter]

There is quite a bit of phishing going on in game too, although you have to be a complete moron to go to the site and "login".  I got a number of tells over Xmas for 3 different sites.  Seems that with the BOT crackdown these gold sellers are now focusing more on phishing/scamming instead. 

Jaion sends you a tell "Hey"
You reply "sup"
Jaion "Dont forget to claim you Christmas gift at nc-aion.com"

yeah...

[sam, an eggplant]

Scamming and phishing is a given with any reasonably successful game. The accounting backend being totally compromised is a horse of a different color. Really nasty stuff.

[Chimpy]

First thing I have seen from NCSoft about this, and it is posted by none other than Lum 

http://na.aiononline.com/board/notices/view?articleID=197&page=

[sam, an eggplant]

So people just imagined they were randomly logged into other peoples' accounts? Or they were flat out lying?

[Lum]

Given how many oversight hoops that article had to jump through to make it on the official site, I hope you all will understand if I can't comment any further on the subject.

[Setanta]

So people just imagined they were randomly logged into other peoples' accounts? Or they were flat out lying?

All I can say is the phishing attempts I received were made on a game that I hadn't logged into or been subscribed to past it's first 30 days. No RMT etc, running Nod32 etc, etc, I didn't make it past Level 17, didn't even go looking for info on the game past the official site.

The chances of the randomly getting my email in direct relation to a game I had to register with on a website - well, I can put 2+2 together... can you?

PlayNC were quick to get back to me to let me know it was a phishing attempt (which I was certain it was) - kudos to their customer support there (fortunately I'm not stupid enough to click links in emails automatically). :)

[sam, an eggplant]

I get phishing attempts for WoW on all my email addresses. WoW accounts are worth more than mastercard or american express cards on the black market. Lately I've seen a couple of Aion phishes too, and I never bought Aion. Hell, I never even bothered with the beta.

It's not exactly spear phishing. They cast a wide net.

[01101010]

Strangely enough, I absentmindedly clicked my Aion bookmark last night and decided to log into the master site. Password did not work. So I went to the forgot password screen and it told me both my answers to my "secret" questions were incorrect. I had pulled off all my info after I quit the game, but still...

[WayAbvPar]

I have never used a password manager, but the sheer amount of accounts I have online for forums (fora?) and games is getting pretty large, and I can't keep recycling the same 4 or 5 passwords forever. Anyone have experience with them? Any recommendations? Free would be ideal, but I could deal with a small fee  too.

[Yegolev]

I just posted about this in the LotRO subforum.  I currently use KeePass for work purposes and am starting to use it for personal stuff.  It has fancy autotype which I adore, plus a handy password generator which is what I used to make my new 16-character LotRO password.  Beyond this, I am afeared of losing my DB since I'll be properly fucked, and so have signed up for BackBlaze to back up my stuff.

[WayAbvPar]

Heh- have Keepass's FAQ open in another tab as I read this. How much of a pain is it to use? Do you use the master file or master password option? I can see getting a little USB dongle for my keys to cart around with me so I could access stuff everywhere.

[WindupAtheist]

I use a piece of paper kept in the desk drawer. I don't really forsee Chinese gold farmers breaking into my house.

[UnSub]

I use a piece of paper kept in the desk drawer. I don't really forsee Chinese gold farmers breaking into my house.

But now they know where to find it!

[Yegolev]

Heh- have Keepass's FAQ open in another tab as I read this. How much of a pain is it to use? Do you use the master file or master password option? I can see getting a little USB dongle for my keys to cart around with me so I could access stuff everywhere.

It's not a pain.  I use the master password, someone would have to install a keylogger to get the database password so I have not bothered with keys.  The most bothersome part is clearing out the sample entries and making your own folders, but that's hardly a bother.  I toggled the bit where it minimizes when you press CTRL-C, which copies the passwd to the clipboard; otherwise I usually use the autotype (CTRL-V) to enter whatever into the window which last had focus.  For work, I was able to modify the default autotype so new entries all get 'su{ENTER}{PASSWORD}{ENTER}' instead of the webby {USERNAME}{TAB}{PASSWORD}{ENTER} default.

If you don't want to bother with keybindings, the context menu lets you copy userid or passwd and trigger autotype.  Anyone can use it.

I use a piece of paper kept in the desk drawer. I don't really forsee Chinese gold farmers breaking into my house.

Hope you used a lot of characters on your paper, Wile E. Coyote.  The main idea here is that KeePass has a password generator.  You can write it down on a piece of paper afterward, or come up with your own string and write it down.  I could do the paper thing but using KeePass is a lot more convenient when you have large, tedious passwords to type.  Or cut-n-paste from a text file, I don't give a shit.  No one wants your vorpal sword of ninja-killing anyway.

[Lantyssa]

I use Password Safe.

[gryeyes]

Ive received a non-ending stream of phishing attempts that begin with "NCsoft master account security compromised" in the past couple weeks. Even to a couple emails not attached to anything related to NCsoft.

[Bricktop]

Just a heads up if you were, or are a registered Guild Wars Guru member.
http://www.guildwarsguru.com/forum/guild-wars-guru-security-notice-t10423257.html

Late Friday night the GuildWarsGuru database was accessed by an unknown third party. We caught it as it happened, but in that short space of time it appears they may have managed to obtain tables of user account information.

Their point of entry was a flaw in the WordPress software used to run the GuildWars2Guru.com front page. How they managed to get from there to the other databases is unknown right now, as it involved bypassing other security measures we have in place.

We've spent the 24 last hours tirelessly investigating what happened, patching up the exploit, and further strengthening security. It was important to inform the community as soon as possible, but we couldn't do that any earlier without advertising the sites vulnerability to others who may have more malicious intent.

So, what does this mean to you?

With the high incident of RMT hackings and phishing across MMO's rising we understand how serious this problem is, and the possible implications arising from this incident. Right now we assume the hackers motivation was simply to obtain the list of email addresses, for the purpose of sending spam. That may seem fairly mundane, but there's a big market for that information.

Anything more sinister would require the hacker attempting to crack encrypted passwords. The investment required to do that seems to far outweigh the questionable return, though we can't rule it out. As such, we urge you to change your Guru, Guru Auctions and Guru 2 passwords and/or emails as soon as possible. We also urge you to change passwords and emails for any other site or service you log in to with the same information you use on guru.

We apologize for this unprecedented breach, and can only assure that your security is of the utmost importance to us. We are gamers as well, and are doing everything in our power to minimize the damage from this by informing our community openly. If you have questions or concerns please feel free to post them here, and we will do our best to address them as swiftly as possible.