I've never been hacked. There has to be something that you're doing, probably something that you don't even know of. Out of the MANY years I've had my NCsoft account, nothing has happend. Even my old WoW account when it first came out, nothing.
So I also am having a hard time believing that this is something from "the inside" (tin foil hat mode engage). Now if there was solid proof then you can possibly come to that conclusion.
Assuming you bought the game yourself (not from another person) and still have your box you can get the account back 100% of the time. First thing you need to go is to go the NCSoft support pages, create a new account and open a ticket telling them what is going on. Calling is a bad idea. Use their support site.
Usually they will just ask you for the information that was on your account when you first registered the item (stuff like address, cc last 4, etc). Most of the time that will get your account returned because you will know the info and the other person wont. If for whatever reason that does not get the job done you'll go thru an account verification process where you'll have to send in the UPC from the box and the verification key along with proof of your ID (copy of driver's license, etc). Once you do this you'll definitely get the account back.
I've never been hacked but when Lineage 2 came out someone tried to say they had bought a copy of the game with the same CD key as mine. NCSoft sent me a prepaid Fedex label and had me mail in the info described above. After they got it they unlocked my account and gave the access back to me. From now on is any issues happen with my account all I have to do is prove my identity and they'll give the account back to me.
I got the same e-mail a couple of days ago and besides the bad english is was pretty obvious that is was someone looking to get my password. Are you by any chance a member of aionsource? They got hacked and the hackers sent everyone on the list this e-mail. Anytime you get something like this think 3 times before you click on it.
Well my inactive Aion account was hacked this morning. I spent a whopping $70 or so on the collectors edition (thinking it would be a great game and all) and I had plans to go back and check out all the new stuff that they were adding in this year, only to turn on my computer this morning and find an e-mail telling me someone from some IP had changed my password while I slept.
I tried using the "Forget Password?" option, and thus far I cannot answer my questions correctly, it just tells me they're wrong. I didn't know it was possible to reset my questions, and my password was friggin big and it had letters and numbers, I am shocked that they could change it. I've contacted NCSoft. I'm wondering if any of you had your account hacked; how long it took you guys to get your accounts reinstated? Right now I'm pretty pissed off and I'm pretty worried that that $70 account is lost forever. I mean I can provide NCSoft with even the game code I used to sign up... I'm hoping I am not going to be permanently fubared.
EXACT same thing happened to me and when I contacted NCSoft they wanted me to give various info, such as last 4 digits in my CC nr, serial nr and etc. Then after a week they replied again and said they wanted MORE info. Like my CoX serial number which the account also was linked to. I said that I havent played that game in a year and no longer have the box with the serial nr (the game was garbage so I just threw it away).
They didnt respond and I can just assume that the hacker now has my account. *shrug* I was done with the game but no way in hell I am going to buy another game from NCSoft. A hacker robbed me of my account and they seem incapable of finding out who is who. Pathetic.
You do know that anyone can send you an email with matching email address to that of NCSofts support email? Check the message source to see the actual sender, usually a hotmail or gmail address. You can even see the IP it was sent from. Take the IP and do a lookup, they usually are based in China.
So in other words, you may have been victim of a scam to give them your account info needed to actually retrieve your account, thus making it extremely difficult for NCSoft's support to know you are the original owner. If they needed the info to get a hold of your account, you gave it to them.
They didnt respond and I can just assume that the hacker now has my account. *shrug* I was done with the game but no way in hell I am going to buy another game from NCSoft. A hacker robbed me of my account and they seem incapable of finding out who is who. Pathetic.
Well if the hacker got your nc account by first hacking your email they could feasibly provide a last 4 and serial number too (I'm not saying that happened I'm just pointing out that the hackers could provide basic information and appear to be just as legit as you).
If you wanted your account back you could have gotten it. You may have had to jump through hoops to get it but in the end there is no way a hacker can prove that they are you (the person who's name is on the account) and that's what it would have boiled down to.
I'd say something's definitely wrong over at Aion's HQ if they're able to get email addresses of users (not just Aion, but other NCSoft games). Same happened with WoW, the phishing mails are rampant and I get one a day now even on emails that aren't linked to my ganes anymore.
@ Yamota You do know that anyone can send you an email with matching email address to that of NCSofts support email? Check the message source to see the actual sender, usually a hotmail or gmail address. You can even see the IP it was sent from. Take the IP and do a lookup, they usually are based in China. So in other words, you may have been victim of a scam to give them your account info needed to actually retrieve your account, thus making it extremely difficult for NCSoft's support to know you are the original owner. If they needed the info to get a hold of your account, you gave it to them.
Email source:
Delivered-To: XXXXXXXX@gmail.com
Received: by 10.204.103.202 with SMTP id l10cs772363bko;
Fri, 25 Dec 2009 01:00:04 -0800 (PST)
Received: by 10.151.19.8 with SMTP id w8mr18564380ybi.224.1261731603853;
Fri, 25 Dec 2009 01:00:03 -0800 (PST)
Return-Path: <support@ncsoft.com>
Received: from ncmail07.plaync.com (ncmail07.ncsoft.com [206.127.155.163])
by mx.google.com with ESMTP id 37si19620815yxe.30.2009.12.25.01.00.02;
Fri, 25 Dec 2009 01:00:03 -0800 (PST)
Received-SPF: pass (google.com: domain of support@ncsoft.com designates 206.127.155.163 as permitted sender) client-ip=206.127.155.163;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of support@ncsoft.com designates 206.127.155.163 as permitted sender) smtp.mail=support@ncsoft.com
Received: from ncdcweb10.ncdc.ncus (unknown [172.30.138.135])
by ncmail07.plaync.com (Postfix) with ESMTP id A769F2A60276
for <XXXXXXXX@gmail.com>; Fri, 25 Dec 2009 09:00:02 +0000 (UTC)
Received: from localhost (ncdcweb10.ncdc.ncus [127.0.0.1])
by ncdcweb10.ncdc.ncus (Postfix) with SMTP id 8C2D13510346
for <XXXXXXXX@gmail.com>; Fri, 25 Dec 2009 09:00:02 +0000 (UTC)
Someone at 95.143.40.65 has reset your Aion (Europe) Game Account password for account XXXXXX. If you did not make this change, please contact support immediately at support@ncsoft.com.
Im not an email expert but it looks like a pretty legit mail from support@ncsoft.com since it says: domain of support@ncsoft.com designates 206.127.155.163 as permitted sender.
And the first thing I did when I got this mail was to go to my plaync account page and try to log in (not by following a link in the mail). After which I emailed support@ncsoft.com about the problem (again manually and not by following any links).
So this is not a phishing attempt. Someone, somehow, managed to reset my password since the mail from nc soft support is legit and the fact that I could no longer log into my account shows that. Also my secret questions were changed so I could no longer reset the password either.
Last step, where I gave up, was when NCSoft wanted my CoX serial number (linked to same account) and I no longer had that number since I havent been playing it for over a year (and did not intend to ever do it again). So come to think of it, not only did the hacker get my Aion account but also my Lineage 2 and CoX accounts since they were all under this NCSoft thingy.
I get same bogus email all the time when I dont even have the account anymore. Its fake ncsoft website trying to steal ur account and password. Funny thing is the email was only used for that Aion account and nothing else and somehow they know the email address? someone from the inside had to give them that info or ncsoft was hacked.
Originally posted by Splinki an e-mail telling me someone from some IP had changed my password while I slept.
I guess you clicked a link or attachement in the email to get conveniently to the lost password website?
This was mentioned several times previously in this thread. It isn't a phishing email. It was a legitimate email from NCSoft.
Anyway, I agree it is a problem. Information like this doesn't conveniently just get out on the web for any fool to pick up and have access to. Either there are some leaks inside the company, which is not that likely, but can happen. Or, you have a virus that wasn't specifically designed to pick that information up, but managed it. Damn packet sniffers.
I'd do a full virus and spyware scan on your computer.
Keep on top of NCSoft till you get your account back. They cannot deny you recovery of it, you have everything you need already. I wish you luck.
The email source does look legit, but I still don't believe account info could have been leaked from the inside like people have claimed. If that was the case, then NCSoft could have some big lawsuits on their hands.
The email source does look legit, but I still don't believe account info could have been leaked from the inside like people have claimed. If that was the case, then NCSoft could have some big lawsuits on their hands.
Lawsuits or not, doesn't mean it can't happen. It's very unlikely, but it still happens from time to time.
<blockquote><i>Originally posted by Yamota</i> <br><b><blockquote><i>Originally posted by Splinki</i> <br /> <b> <p> </p> <p>Well my inactive Aion account was hacked this morning. I spent a whopping $70 or so on the collectors edition (thinking it would be a great game and all) and I had plans to go back and check out all the new stuff that they were adding in this year, only to turn on my computer this morning and find an e-mail telling me someone from some IP had changed my password while I slept.</p> <p> </p> <p>I tried using the "Forget Password?" option, and thus far I cannot answer my questions correctly, it just tells me they're wrong. I didn't know it was possible to reset my questions, and my password was friggin big and it had letters and numbers, I am shocked that they could change it.</p> <p>I've contacted NCSoft. I'm wondering if any of you had your account hacked; how long it took you guys to get your accounts reinstated? Right now I'm pretty pissed off and I'm pretty worried that that $70 account is lost forever. I mean I can provide NCSoft with even the game code I used to sign up... I'm hoping I am not going to be permanently fubared.</p> <p> </p> </b></blockquote> <p>EXACT same thing happened to me and when I contacted NCSoft they wanted me to give various info, such as last 4 digits in my CC nr, serial nr and etc. Then after a week they replied again and said they wanted MORE info. Like my CoX serial number which the account also was linked to. I said that I havent played that game in a year and no longer have the box with the serial nr (the game was garbage so I just threw it away).</p> <p>They didnt respond and I can just assume that the hacker now has my account. *shrug* I was done with the game but no way in hell I am going to buy another game from NCSoft. A hacker robbed me of my account and they seem incapable of finding out who is who. Pathetic.</p></b></blockquote> <br>
Don't go down the route of calling NCSOFT and spend weeks like others did. go to aion homepage. click support on top left, use the web support. Tell them that your account has been compromised, you will get an auto response in seconds - fill up all the info it aska. It will look like this :
-For assistance accessing your NCsoft master account or a game account, please provide the following information:
-- What first and last name did you use when you created the account?
-- What physical address did you use when you created the account?
-- What date of birth did you use when you created the account?
-- What are the 20-digit serial codes for all games you added to the account?
-- What is the Unique Account ID for the game account you are referring to? (This was sent to you via e-mail on the date your game account was activated with a subject header of "Game Account Activated.")
-- What are the last 4 digits of the credit card or the 20-digit game time card code originally used to activate the account?
Fill that in asap and wait for response. this usually takes arround a day or so. Most people delay filling in this info and end up waiting for long period of time.
Goodluck and I hope you get your account back unharmed
It's not only the companies faults but lately hackers has started to go on rampage and I haven't heard anything legally was done or is being done on them. Maybe they should improve internet security too because a game developer can't do everything alone when everyone's suffering these hacks imo.
I have some very spicey word for this post but I will stay polite :P
Don't be so naiv. It is 100% NCSOFT's fault. When i reset pass for another game i get a link sent to my e-mail saying click on this link to confirm the changes within 24 hours or the last pass reset request will be invalid.
Now that is some double checking security. It is standard amongst most MMO games. NCSOFT failled to setup standard/basic security and we players are suffering for it.
MY Aion account was hacked too, & I don't even have one!
Loads of false emails going round, WoW, Aion, even EverQuest had this problem for a few years though nowhere near the scale that goes on now.
Never go to a link from an email like this, treat them as suspicious always & go to the website by typing in the address yourself in your browser bar, don't even copy paste from the email.
However, there is some genuine hacking going on, my NCSoft account got compromised recently (I did use to have a CoH account) & my long-since abandonded WoW account got hacked too, & I've not even so much as logged into the website for either game in years (4 years+ for my WoW account).
I've gone through the process of updating passwords for both to something strong just on the offchance I ever go back, but it's a pain in the ass I could do without, still, ladt thing I want is some scumbag fucking people over using MY accounts, so I took action.
Okay, well I contacted support & they sent me that e-mail with all the questions (it was real), I filled them out and got my account back the next day.
This morning, I turn on my computer and find out two IP#'s have tried getting my password. These people are friggin relentless. The IP's traced back to both Korea & Malaysia. Now, I don't know if they're just going through there or not, or if people in Korea & Malaysia are being @$$hats or not, but its really driving me insane.
NCSoft needs to get a handle on this crap, bring out some authenticators and quick, or more and more people are going to lose their accounts to these morons and theres not a darn thing we can do about it, but continuously beg for our account back via support.
It's a darn shame.
-----------------
I would just like to add that I have never & will never click a link in one of these e-mails, even if I'm remotely sure that its from NCSoft, I will type out the address and find a way to get where I need to go via their site. NCSoft, Blizzard, etc. I have never & will never click on one of these links.
Furthermore, I reformatted my computer the day my Aion account was hacked, to make darn sure that there wasn't any keylogger on my computer. So far, they've gone through "Ask a Question" to try and get my password. I don't know how they usually do it, but these e-mails I got notifying me this time, were different then the last ones, but they were also real.
Okay, well I contacted support & they sent me that e-mail with all the questions (it was real), I filled them out and got my account back the next day. This morning, I turn on my computer and find out two IP#'s have tried getting my password. These people are friggin relentless. The IP's traced back to both Korea & Malaysia. Now, I don't know if they're just going through there or not, or if people in Korea & Malaysia are being @$$hats or not, but its really driving me insane. NCSoft needs to get a handle on this crap, bring out some authenticators and quick, or more and more people are going to lose their accounts to these morons and theres not a darn thing we can do about it, but continuously beg for our account back via support. It's a darn shame.
I'm glad you got your account back. I agree with you as well, authenticators or something should be implemented.
As for those IP's being traced back to Korea and Malaysia... they could easily be bouncing their connection to avoid traces like that. To be honest it's not too hard, but determined people can and will trace them right back to their source. Just takes a lil bit more
Authenicators should become a standard IMO. I have one for my WoW account, not only for the bonus minipet that comes as a gift. It gives me a safe feeling that I could post my account info right now to you all and laugh at everyones attempt to try and get it.
Alot of tiems, the hackers get the players email from forums...because alot of people use their ingame name or account name as their forum name too. And alot of fan foryums are not as swecure as official ones. You also need to make sure you have teh box in your forum profile info the on that asks you if you wnt your email address shown or not..make sureyou have NOT shown. Some forums automatically list it unless you tell it not to.
Hackers can also sometimes find you by googling yoru username so every place you ahve ever posted under that user name shows up...they just put hits in till they find one that gives your IP address or email..an IP addres can be traced if you know what you are doing. It may seem like alot of effort but its nto really..programs can run thousands in an hour.
I have been a victim of a hack before...and it was traced back to me using my ingame name on a forum...i never thought much of it till it happened to me.
The email source does look legit, but I still don't believe account info could have been leaked from the inside like people have claimed. If that was the case, then NCSoft could have some big lawsuits on their hands.
This is not directed at you but Im quoting your post because so many people have said; it sure looks dodgy but if there was anything to it, NCsoft would have had major lawsuits already.
Well, if you count NCsofts largest customer base, based in Korea, there have been 3 lawsuits, 1 still in progress, two which NCsoft lost. On the 2 occasions they lost, they had to pay a number of people money back, for leaking personal information which was then used by third parties for commercial benefit. Now if you read the general rundown of the lawsuit by googling it for a few minutes, even when found guilty NCsoft never admitted to any wrongdoing. It was allways mistakes with the database, mistakes which caused vulnerabilities, or mistakes which caused information to be directed to the wrong parties...
Dodgy, very dodgy.
Personally in the case of Aion in the west, I dont believe they are handing out information to goldseller companies. I do think however they have had problems with their website security and exasperating the issue, they have had a somewhat less than stellar costumer support team in place. All of that has given the game a poor rep in that department. But if you couple AION with the lawsuits filed by L2 players in Korea against NCsoft, then the company has a very very very bad rep sheet.
Since we cant know the outcome of the billion dollar lawsuit on ID theft, what we can say is that on previous occasions NCsoft has had a very soft attitude with regards to subscribers account information and in 2 cases made it public (by mistake) - and in the last lawsuit they had such lax restrictions regarding signups that 250.000 people had their IDs stolen by goldsellers using their IDs to make accounts with NCsoft. The latter is only possible because NCsoft account filters allowed for bogus adresses when creating accounts.
The email source does look legit, but I still don't believe account info could have been leaked from the inside like people have claimed. If that was the case, then NCSoft could have some big lawsuits on their hands.
This is not directed at you but Im quoting your post because so many people have said; it sure looks dodgy but if there was anything to it, NCsoft would have had major lawsuits already.
Well, if you count NCsofts largest customer base, based in Korea, there have been 3 lawsuits, 1 still in progress, two which NCsoft lost. On the 2 occasions they lost, they had to pay a number of people money back, for leaking personal information which was then used by third parties for commercial benefit. Now if you read the general rundown of the lawsuit by googling it for a few minutes, even when found guilty NCsoft never admitted to any wrongdoing. It was allways mistakes with the database, mistakes which caused vulnerabilities, or mistakes which caused information to be directed to the wrong parties...
Dodgy, very dodgy.
Personally in the case of Aion in the west, I dont believe they are handing out information to goldseller companies. I do think however they have had problems with their website security and exasperating the issue, they have had a somewhat less than stellar costumer support team in place. All of that has given the game a poor rep in that department. But if you couple AION with the lawsuits filed by L2 players in Korea against NCsoft, then the company has a very very very bad rep sheet.
Since we cant know the outcome of the billion dollar lawsuit on ID theft, what we can say is that on previous occasions NCsoft has had a very soft attitude with regards to subscribers account information and in 2 cases made it public (by mistake) - and in the last lawsuit they had such lax restrictions regarding signups that 250.000 people had their IDs stolen by goldsellers using their IDs to make accounts with NCsoft. The latter is only possible because NCsoft account filters allowed for bogus adresses when creating accounts.
I was doing some reading and I do believe you, just am disappointed by it because of their lineup of titles, Guild Wars shouldn't have to suffer. Would be nice if ArenaNet gets a huge player base with their near future launch of Guild Wars 2, and decides to become an independent company... but that is unlikely, if even possible.
Alot of tiems, the hackers get the players email from forums...because alot of people use their ingame name or account name as their forum name too. And alot of fan foryums are not as swecure as official ones. You also need to make sure you have teh box in your forum profile info the on that asks you if you wnt your email address shown or not..make sureyou have NOT shown. Some forums automatically list it unless you tell it not to.
Hackers can also sometimes find you by googling yoru username so every place you ahve ever posted under that user name shows up...they just put hits in till they find one that gives your IP address or email..an IP addres can be traced if you know what you are doing. It may seem like alot of effort but its nto really..programs can run thousands in an hour.
I have been a victim of a hack before...and it was traced back to me using my ingame name on a forum...i never thought much of it till it happened to me.
That's an interesting point, I actually have never even thought about that! To be honest, I'm not one for in-game forums, this is pretty much the only forum I come onto. I do create new, specific email addresses for most games though, especially P2P ones, and never use it for anything else. IE: "username"."gamename"@domain-name.com and stuff like that. I find it pretty secure as it has then ONLY ever been used to create the account, and that is it. If information is then still leaked, I would know where it has come from.
And no, it wouldn't be an issue of forgetting so many email accounts, as all I have to do is remember my acc name, and the game I'm trying to log into... not too difficult to be that honest.
Comments
I've never been hacked. There has to be something that you're doing, probably something that you don't even know of. Out of the MANY years I've had my NCsoft account, nothing has happend. Even my old WoW account when it first came out, nothing.
So I also am having a hard time believing that this is something from "the inside" (tin foil hat mode engage). Now if there was solid proof then you can possibly come to that conclusion.
Assuming you bought the game yourself (not from another person) and still have your box you can get the account back 100% of the time. First thing you need to go is to go the NCSoft support pages, create a new account and open a ticket telling them what is going on. Calling is a bad idea. Use their support site.
Usually they will just ask you for the information that was on your account when you first registered the item (stuff like address, cc last 4, etc). Most of the time that will get your account returned because you will know the info and the other person wont. If for whatever reason that does not get the job done you'll go thru an account verification process where you'll have to send in the UPC from the box and the verification key along with proof of your ID (copy of driver's license, etc). Once you do this you'll definitely get the account back.
I've never been hacked but when Lineage 2 came out someone tried to say they had bought a copy of the game with the same CD key as mine. NCSoft sent me a prepaid Fedex label and had me mail in the info described above. After they got it they unlocked my account and gave the access back to me. From now on is any issues happen with my account all I have to do is prove my identity and they'll give the account back to me.
I got the same e-mail a couple of days ago and besides the bad english is was pretty obvious that is was someone looking to get my password. Are you by any chance a member of aionsource? They got hacked and the hackers sent everyone on the list this e-mail. Anytime you get something like this think 3 times before you click on it.
*Link to aionsource article saying what happened:
www.aionsource.com/forum/showthread.php
EXACT same thing happened to me and when I contacted NCSoft they wanted me to give various info, such as last 4 digits in my CC nr, serial nr and etc. Then after a week they replied again and said they wanted MORE info. Like my CoX serial number which the account also was linked to. I said that I havent played that game in a year and no longer have the box with the serial nr (the game was garbage so I just threw it away).
They didnt respond and I can just assume that the hacker now has my account. *shrug* I was done with the game but no way in hell I am going to buy another game from NCSoft. A hacker robbed me of my account and they seem incapable of finding out who is who. Pathetic.
My gaming blog
I guess you clicked a link or attachement in the email to get conveniently to the lost password website?
Let's play Fallen Earth (blind, 300 episodes)
Let's play Guild Wars 2 (blind, 45 episodes)
@ Yamota
You do know that anyone can send you an email with matching email address to that of NCSofts support email? Check the message source to see the actual sender, usually a hotmail or gmail address. You can even see the IP it was sent from. Take the IP and do a lookup, they usually are based in China.
So in other words, you may have been victim of a scam to give them your account info needed to actually retrieve your account, thus making it extremely difficult for NCSoft's support to know you are the original owner. If they needed the info to get a hold of your account, you gave it to them.
Well if the hacker got your nc account by first hacking your email they could feasibly provide a last 4 and serial number too (I'm not saying that happened I'm just pointing out that the hackers could provide basic information and appear to be just as legit as you).
If you wanted your account back you could have gotten it. You may have had to jump through hoops to get it but in the end there is no way a hacker can prove that they are you (the person who's name is on the account) and that's what it would have boiled down to.
I'd say something's definitely wrong over at Aion's HQ if they're able to get email addresses of users (not just Aion, but other NCSoft games). Same happened with WoW, the phishing mails are rampant and I get one a day now even on emails that aren't linked to my ganes anymore.
Email source:
Delivered-To: XXXXXXXX@gmail.com
Received: by 10.204.103.202 with SMTP id l10cs772363bko;
Fri, 25 Dec 2009 01:00:04 -0800 (PST)
Received: by 10.151.19.8 with SMTP id w8mr18564380ybi.224.1261731603853;
Fri, 25 Dec 2009 01:00:03 -0800 (PST)
Return-Path: <support@ncsoft.com>
Received: from ncmail07.plaync.com (ncmail07.ncsoft.com [206.127.155.163])
by mx.google.com with ESMTP id 37si19620815yxe.30.2009.12.25.01.00.02;
Fri, 25 Dec 2009 01:00:03 -0800 (PST)
Received-SPF: pass (google.com: domain of support@ncsoft.com designates 206.127.155.163 as permitted sender) client-ip=206.127.155.163;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of support@ncsoft.com designates 206.127.155.163 as permitted sender) smtp.mail=support@ncsoft.com
Received: from ncdcweb10.ncdc.ncus (unknown [172.30.138.135])
by ncmail07.plaync.com (Postfix) with ESMTP id A769F2A60276
for <XXXXXXXX@gmail.com>; Fri, 25 Dec 2009 09:00:02 +0000 (UTC)
Received: from localhost (ncdcweb10.ncdc.ncus [127.0.0.1])
by ncdcweb10.ncdc.ncus (Postfix) with SMTP id 8C2D13510346
for <XXXXXXXX@gmail.com>; Fri, 25 Dec 2009 09:00:02 +0000 (UTC)
To: XXXXXXXX@gmail.com
From: NCsoft Support <support@ncsoft.com>
X-Mailer: Mailer::1.0 (http://www.gossamer-threads.com/scripts/)
Subject: =?iso-8859-1?q?Password=20Reset=20Success?=
Message-Id: <20091225090002.8C2D13510346@ncdcweb10.ncdc.ncus>
Date: Fri, 25 Dec 2009 09:00:02 +0000 (UTC)
Someone at 95.143.40.65 has reset your Aion (Europe) Game Account password for account XXXXXX. If you did not make this change, please contact support immediately at support@ncsoft.com.
Im not an email expert but it looks like a pretty legit mail from support@ncsoft.com since it says: domain of support@ncsoft.com designates 206.127.155.163 as permitted sender.
And the first thing I did when I got this mail was to go to my plaync account page and try to log in (not by following a link in the mail). After which I emailed support@ncsoft.com about the problem (again manually and not by following any links).
So this is not a phishing attempt. Someone, somehow, managed to reset my password since the mail from nc soft support is legit and the fact that I could no longer log into my account shows that. Also my secret questions were changed so I could no longer reset the password either.
Last step, where I gave up, was when NCSoft wanted my CoX serial number (linked to same account) and I no longer had that number since I havent been playing it for over a year (and did not intend to ever do it again). So come to think of it, not only did the hacker get my Aion account but also my Lineage 2 and CoX accounts since they were all under this NCSoft thingy.
So Hacker 3 Customer (me) 0
Last time I ever buy something from NCSoft, EVER.
My gaming blog
I get same bogus email all the time when I dont even have the account anymore. Its fake ncsoft website trying to steal ur account and password. Funny thing is the email was only used for that Aion account and nothing else and somehow they know the email address? someone from the inside had to give them that info or ncsoft was hacked.
I guess you clicked a link or attachement in the email to get conveniently to the lost password website?
This was mentioned several times previously in this thread. It isn't a phishing email. It was a legitimate email from NCSoft.
Anyway, I agree it is a problem. Information like this doesn't conveniently just get out on the web for any fool to pick up and have access to. Either there are some leaks inside the company, which is not that likely, but can happen. Or, you have a virus that wasn't specifically designed to pick that information up, but managed it. Damn packet sniffers.
I'd do a full virus and spyware scan on your computer.
Keep on top of NCSoft till you get your account back. They cannot deny you recovery of it, you have everything you need already. I wish you luck.
- Ross
The email source does look legit, but I still don't believe account info could have been leaked from the inside like people have claimed. If that was the case, then NCSoft could have some big lawsuits on their hands.
Lawsuits or not, doesn't mean it can't happen. It's very unlikely, but it still happens from time to time.
- Ross
<blockquote><i>Originally posted by Yamota</i>
<br><b><blockquote><i>Originally posted by Splinki</i> <br />
<b>
<p> </p>
<p>Well my inactive Aion account was hacked this morning. I spent a whopping $70 or so on the collectors edition (thinking it would be a great game and all) and I had plans to go back and check out all the new stuff that they were adding in this year, only to turn on my computer this morning and find an e-mail telling me someone from some IP had changed my password while I slept.</p>
<p> </p>
<p>I tried using the "Forget Password?" option, and thus far I cannot answer my questions correctly, it just tells me they're wrong. I didn't know it was possible to reset my questions, and my password was friggin big and it had letters and numbers, I am shocked that they could change it.</p>
<p>I've contacted NCSoft. I'm wondering if any of you had your account hacked; how long it took you guys to get your accounts reinstated? Right now I'm pretty pissed off and I'm pretty worried that that $70 account is lost forever. I mean I can provide NCSoft with even the game code I used to sign up... I'm hoping I am not going to be permanently fubared.</p>
<p> </p>
</b></blockquote>
<p>EXACT same thing happened to me and when I contacted NCSoft they wanted me to give various info, such as last 4 digits in my CC nr, serial nr and etc. Then after a week they replied again and said they wanted MORE info. Like my CoX serial number which the account also was linked to. I said that I havent played that game in a year and no longer have the box with the serial nr (the game was garbage so I just threw it away).</p>
<p>They didnt respond and I can just assume that the hacker now has my account. *shrug* I was done with the game but no way in hell I am going to buy another game from NCSoft. A hacker robbed me of my account and they seem incapable of finding out who is who. Pathetic.</p></b></blockquote>
<br>
Don't go down the route of calling NCSOFT and spend weeks like others did. go to aion homepage. click support on top left, use the web support. Tell them that your account has been compromised, you will get an auto response in seconds - fill up all the info it aska. It will look like this :
-For assistance accessing your NCsoft master account or a game account, please provide the following information:
-- What first and last name did you use when you created the account?
-- What physical address did you use when you created the account?
-- What date of birth did you use when you created the account?
-- What are the 20-digit serial codes for all games you added to the account?
-- What is the Unique Account ID for the game account you are referring to? (This was sent to you via e-mail on the date your game account was activated with a subject header of "Game Account Activated.")
-- What are the last 4 digits of the credit card or the 20-digit game time card code originally used to activate the account?
Fill that in asap and wait for response. this usually takes arround a day or so. Most people delay filling in this info and end up waiting for long period of time.
Goodluck and I hope you get your account back unharmed
I have some very spicey word for this post but I will stay polite :P
Don't be so naiv. It is 100% NCSOFT's fault. When i reset pass for another game i get a link sent to my e-mail saying click on this link to confirm the changes within 24 hours or the last pass reset request will be invalid.
Now that is some double checking security. It is standard amongst most MMO games. NCSOFT failled to setup standard/basic security and we players are suffering for it.
MY Aion account was hacked too, & I don't even have one!
Loads of false emails going round, WoW, Aion, even EverQuest had this problem for a few years though nowhere near the scale that goes on now.
Never go to a link from an email like this, treat them as suspicious always & go to the website by typing in the address yourself in your browser bar, don't even copy paste from the email.
However, there is some genuine hacking going on, my NCSoft account got compromised recently (I did use to have a CoH account) & my long-since abandonded WoW account got hacked too, & I've not even so much as logged into the website for either game in years (4 years+ for my WoW account).
I've gone through the process of updating passwords for both to something strong just on the offchance I ever go back, but it's a pain in the ass I could do without, still, ladt thing I want is some scumbag fucking people over using MY accounts, so I took action.
Good luck getting your problems resolved.
Okay, well I contacted support & they sent me that e-mail with all the questions (it was real), I filled them out and got my account back the next day.
This morning, I turn on my computer and find out two IP#'s have tried getting my password. These people are friggin relentless. The IP's traced back to both Korea & Malaysia. Now, I don't know if they're just going through there or not, or if people in Korea & Malaysia are being @$$hats or not, but its really driving me insane.
NCSoft needs to get a handle on this crap, bring out some authenticators and quick, or more and more people are going to lose their accounts to these morons and theres not a darn thing we can do about it, but continuously beg for our account back via support.
It's a darn shame.
-----------------
I would just like to add that I have never & will never click a link in one of these e-mails, even if I'm remotely sure that its from NCSoft, I will type out the address and find a way to get where I need to go via their site. NCSoft, Blizzard, etc. I have never & will never click on one of these links.
Furthermore, I reformatted my computer the day my Aion account was hacked, to make darn sure that there wasn't any keylogger on my computer. So far, they've gone through "Ask a Question" to try and get my password. I don't know how they usually do it, but these e-mails I got notifying me this time, were different then the last ones, but they were also real.
I'm glad you got your account back. I agree with you as well, authenticators or something should be implemented.
As for those IP's being traced back to Korea and Malaysia... they could easily be bouncing their connection to avoid traces like that. To be honest it's not too hard, but determined people can and will trace them right back to their source. Just takes a lil bit more
- Ross
Authenicators should become a standard IMO. I have one for my WoW account, not only for the bonus minipet that comes as a gift. It gives me a safe feeling that I could post my account info right now to you all and laugh at everyones attempt to try and get it.
Alot of tiems, the hackers get the players email from forums...because alot of people use their ingame name or account name as their forum name too. And alot of fan foryums are not as swecure as official ones. You also need to make sure you have teh box in your forum profile info the on that asks you if you wnt your email address shown or not..make sureyou have NOT shown. Some forums automatically list it unless you tell it not to.
Hackers can also sometimes find you by googling yoru username so every place you ahve ever posted under that user name shows up...they just put hits in till they find one that gives your IP address or email..an IP addres can be traced if you know what you are doing. It may seem like alot of effort but its nto really..programs can run thousands in an hour.
I have been a victim of a hack before...and it was traced back to me using my ingame name on a forum...i never thought much of it till it happened to me.
This is not directed at you but Im quoting your post because so many people have said; it sure looks dodgy but if there was anything to it, NCsoft would have had major lawsuits already.
Well, if you count NCsofts largest customer base, based in Korea, there have been 3 lawsuits, 1 still in progress, two which NCsoft lost. On the 2 occasions they lost, they had to pay a number of people money back, for leaking personal information which was then used by third parties for commercial benefit. Now if you read the general rundown of the lawsuit by googling it for a few minutes, even when found guilty NCsoft never admitted to any wrongdoing. It was allways mistakes with the database, mistakes which caused vulnerabilities, or mistakes which caused information to be directed to the wrong parties...
Dodgy, very dodgy.
Personally in the case of Aion in the west, I dont believe they are handing out information to goldseller companies. I do think however they have had problems with their website security and exasperating the issue, they have had a somewhat less than stellar costumer support team in place. All of that has given the game a poor rep in that department. But if you couple AION with the lawsuits filed by L2 players in Korea against NCsoft, then the company has a very very very bad rep sheet.
Someone over at aionsource, made a little compilation of links: http://www.aionsource.com/forum/aion-discussion/103261-ncsoft-does-have-security-flaws.html
Since we cant know the outcome of the billion dollar lawsuit on ID theft, what we can say is that on previous occasions NCsoft has had a very soft attitude with regards to subscribers account information and in 2 cases made it public (by mistake) - and in the last lawsuit they had such lax restrictions regarding signups that 250.000 people had their IDs stolen by goldsellers using their IDs to make accounts with NCsoft. The latter is only possible because NCsoft account filters allowed for bogus adresses when creating accounts.
This is not directed at you but Im quoting your post because so many people have said; it sure looks dodgy but if there was anything to it, NCsoft would have had major lawsuits already.
Well, if you count NCsofts largest customer base, based in Korea, there have been 3 lawsuits, 1 still in progress, two which NCsoft lost. On the 2 occasions they lost, they had to pay a number of people money back, for leaking personal information which was then used by third parties for commercial benefit. Now if you read the general rundown of the lawsuit by googling it for a few minutes, even when found guilty NCsoft never admitted to any wrongdoing. It was allways mistakes with the database, mistakes which caused vulnerabilities, or mistakes which caused information to be directed to the wrong parties...
Dodgy, very dodgy.
Personally in the case of Aion in the west, I dont believe they are handing out information to goldseller companies. I do think however they have had problems with their website security and exasperating the issue, they have had a somewhat less than stellar costumer support team in place. All of that has given the game a poor rep in that department. But if you couple AION with the lawsuits filed by L2 players in Korea against NCsoft, then the company has a very very very bad rep sheet.
Someone over at aionsource, made a little compilation of links: http://www.aionsource.com/forum/aion-discussion/103261-ncsoft-does-have-security-flaws.html
Since we cant know the outcome of the billion dollar lawsuit on ID theft, what we can say is that on previous occasions NCsoft has had a very soft attitude with regards to subscribers account information and in 2 cases made it public (by mistake) - and in the last lawsuit they had such lax restrictions regarding signups that 250.000 people had their IDs stolen by goldsellers using their IDs to make accounts with NCsoft. The latter is only possible because NCsoft account filters allowed for bogus adresses when creating accounts.
I was doing some reading and I do believe you, just am disappointed by it because of their lineup of titles, Guild Wars shouldn't have to suffer. Would be nice if ArenaNet gets a huge player base with their near future launch of Guild Wars 2, and decides to become an independent company... but that is unlikely, if even possible.
That's an interesting point, I actually have never even thought about that! To be honest, I'm not one for in-game forums, this is pretty much the only forum I come onto. I do create new, specific email addresses for most games though, especially P2P ones, and never use it for anything else. IE: "username"."gamename"@domain-name.com and stuff like that. I find it pretty secure as it has then ONLY ever been used to create the account, and that is it. If information is then still leaked, I would know where it has come from.
And no, it wouldn't be an issue of forgetting so many email accounts, as all I have to do is remember my acc name, and the game I'm trying to log into... not too difficult to be that honest.
- Ross