Account Safety ??? ! ! !

[Sophie]

I really think NC should improve their account security setting. they should bound our account to the email we used to sign up the game, it shouldn't be changeable, even if it is changeable they should send a verification email to the original email not the new one. (I just tried to change my account email all i need is the password and it will send a verify email to the NEW email i just changed to, this is very unsafe.)

my friend's account just got stolen and been sold to someone else, all the information got changed and my friend couldn't do anything even that i found out at the first second the account has got stolen, because all information has been changed. The email got changed so we can't even reset the password.

 

Please if anyone agree with me reply under this topic and let this topic go to the top of this forums and let the NC know we need more safety for our account !!!!!

[Troska]

No Authenticator?

Ignorance is no excuse.

[AionCheesecake]

Use strong passwords, on your email AND your game. If they don't have your game password but they break your email password, they can reset your game password that way.

Don't use the same passwords on multiple accounts across the Internet.

Don't follow strange links, whether in game, on the forums, or in emails. NCsoft will never ask for your account password in an email.

Don't buy gold. Hell, don't even go to their sites. Just don't. Bad. Stay away.

Don't purchase power leveling services.

Don't sell accounts. Don't share accounts.

Do not pass go. Do not collect $200.

Try working with Support to recover lost accounts here: https://support.bladeandsoul.com/hc/en-us

I realize you cannot log in to Support with the lost account. Use a different account to do it.

Good luck.

Have fun.

[Sophie]

yea my friend is working on it right now and i know my friend will never go to those websites you just talked about, also my friend did use a strong password and the email password is different. 

i just really think the email should be bound to the account AND unchangeable it will be much easier for us to get back our account IF it got stolen.

[AionCheesecake]

That would be rather annoying if you lost access to that email (like a school email or some ISP-provided emails). That would be annoying for Support, too, to manually change your email, since you have to prove that account is yours and stuff, and that takes time away from more pressing matters.

 

Also use some legitimate antivirus/antimalware applications to scan the computer for any common malware.

[Fuz]

14 minutes ago, Sophie said:

 

i just really think the email should be bound to the account AND unchangeable

NO.

[Haishao]

NCSoft really never cared about this.

We never needed password to make changes once already logged in the account.

 

This was a real problem when Aion launched.  A bug sometime made you get in someone else's account when trying to login on their forum. Since we don't need password to make changes, some people started to spam the server with login query to get into random accounts and change their email and password.

People in Guild Wars were also affected because we needed NCSoft account to login the game at the time. Arenanet had to improvise some extra security and made it so we needed to enter the name of a character on the account to login.

 

Forgot to mention that NCSoft always said this bug never existed and that their security was fine.

 

[AionCheesecake]

I think CM-Ayase(?) mentioned that bug existed way back in the day.

Wayyyyyyy back in the day.

[Vinter]

2-step authentication. Tell your "friend" to use it.

[Killian]

2 minutes ago, Vinter said:

2-step authentication. Tell your "friend" to use it.

^ this

Unless someone's gonna steal your phone you should be good to go, that goes without saying also, don't lose your phone... but who tf does that anyway.

[Sophie]

LOL never know there is a 2-step authentication

alright i guess this is our negligence. told my friend about this and i also got this too

so NC does have something for account safety XD

[Angellbb]

On 2016/2/6 at 10:41 PM, Sophie said:

 

On 2016/2/6 at 10:44 PM, Troska said:

No Authenticator?

Ignorance is no excuse.

Your account has never been stolen, Don't you???  How could you say such thing after knowing someone met a terrible situation like that? What if the person lost his phone as well? THE SIMPLEST WAY IS TO SEND AN EXTRA EMAIL TO THE ORIGINAL EMAIL ADDRESS, DON'T YOU THINK THIS IS EASIER THAN SETTING UP AN Authenticator ?  

 

PLUS THE AUTHOR DIDN'T ASK YOUR USELESS OPINION. HE JUST WANT SOMEONE WHO AGREED WITH HIM TO REPLY THE POST. NOT SOMEONE LIKE YOU WHO THINK TO BECOME THE SMARTEST IN THE WORLD. STUPID. "IGNORANCE IS NO EXCUSE" LOL.

[Angellbb]

for the Authenticator , YOU CAN NOW UNLINK YOUR 2-STEP VERIFICATION BY USING YOUR EMAIL,

 

SO IF HACKER GOT IN YOUR ACCOUNT:

---> CHANGE YOUR EMAIL ADDRESS BY USING YOUR PASSWORD ONLY

----> REMOVE THE 2-STEP VERIFICATION

-----> CLEAN YOUR TOON'S INVENTORY AND WORSE NCOINS AND HONGMOON COINS (YES, HONGMOON COINS TOO, BECAUSE THEY CAN BUY COSTUMS IN THE STORE AND SALVAGE THEM. THE SALVAGED ITEMS ARE TRADABLE, AND THEY WORTH 5GOLDS EACH. ONE STORE COSTUM CAN SALVAGE SEVERAL ONES).

 

***** That's what happened with my bf's account, he has his 2-step verification, and yet his account had been stolen!!!!! EVERYTHING in his account IS GONE ****

 

IF YOU DONT HAVE THE MOBILE DEVICE THAT LINK WITH THE 2-STEP VERIFICATION, THEY CAN SEND THE 6 digits - CODE TO YOUR NEW EMAIL!!!! . OTHER MEANNING ---> USELESS FOR HAVING A 2-STEP VERIFICATION

 

THE INSTRUCTION LINK IS BELOW:

https://support.bladeandsoul.com/hc/en-us/articles/207270586-Two-Step-Verification-OTP-Authentication-Removal

[Song]

2 minutes ago, Angellbb said:

Authenticator  DOESNT WORK ANYMORE, YOU CAN NOW UNLINK YOUR 2-STEP VERIFICATION BY USING YOUR EMAIL. THEY WILL SEND THE CODE TO YOUR EMAIL!!!! IF YOU DONT HAVE THE MOBILE DEVICE THAT LINK WITH THE 2-STEP VERIFICATION. THE INSTRUCTION LINK IS BELOW:

 

https://support.bladeandsoul.com/hc/en-us/articles/207270586-Two-Step-Verification-OTP-Authentication-Removal

What do you mean the authenticator isn't working? I literally just used it to log into my account an hour ago. 

[Angellbb]

1 minute ago, Song said:

What do you mean the authenticator isn't working? I literally just used it to log into my account an hour ago. 

IF SOMEONE STOLE YOUR ACCOUNT, AND CHANGED THE EMAIL ADDRESS, HE CAN EVEN REMOVE THE 2-STEP AUTHENTICATOR WITHOUT YOUR MOBILE DEVICE, BECAUSE YOU CAN CLICK THE "LOST MY MOBILE DEVICE" AND GET THE REMOVE CODE FROM THE NEW EMAIL ADDRESS... SO IT'S USELESS. THE HACKER CAN CHANGE EMAIL ADDRESS --> REMOVE 2-STEP VERIFICATION --> CLEAN UP YOUR TOONS. 

 

IT'S A CYCLE. 

6 minutes ago, Song said:

What do you mean the authenticator isn't working? I literally just used it to log into my account an hour ago. 

WE DONT NEED OUR 2-STEP VERIFICATION TO CHANGE OUR EMAIL ADDRESS!!!!!!!!!!!!

[AionCheesecake]

SET UP 2-STEP VERIFICATION ON YOUR EMAIL ACCOUNT, TOO, SINCE THAT'S WHERE THEY GOT INTO YOUR ACCOUNT IN THE FIRST PLACE.

CHANGE YOUR EMAIL PASSWORD.

SEND IN A SUPPORT TICKET ABOUT YOUR ACCOUNT BEING STOLEN.

THIS THREAD IS FROM THE BEGINNING OF FEBRUARY.

WHY ARE WE SHOUTING.

[AionCheesecake]

What email do you use?

[Gapy]

12 minutes ago, AionCheesecake said:

SET UP 2-STEP VERIFICATION ON YOUR EMAIL ACCOUNT, TOO, SINCE THAT'S WHERE THEY GOT INTO YOUR ACCOUNT IN THE FIRST PLACE.

CHANGE YOUR EMAIL PASSWORD.

SEND IN A SUPPORT TICKET ABOUT YOUR ACCOUNT BEING STOLEN.

THIS THREAD IS FROM THE BEGINNING OF FEBRUARY.

WHY ARE WE SHOUTING.

Wrong. I have been hacked too few hours ago and no one was on my email (checked the logins and no one beside me was loged to email). My game just crashed and got something about authentication has been changed. I couldn't login anymore. My e.mail is changed and i cannot get new password since the email doesn't exists anymore. After 10 mins friend told me that i am loged in. Prolly all the stuff is gone now. All i could do is send a ticket and hope i get account back (this account i made just for that). So they can get into your account somehow and it doesn't matter what security you have.

 

@Angellbb    Did NCsoft gave back anything that was stolen ?

[AionCheesecake]

For the love of all that is holy (not @ you, Gapy; mods must have deleted the angry person), answer the question, then. What email provider are you using?

You can't get into your account without clearing the IP-check first, and that IP check goes to your original email.

What they've been doing is getting into your original email, intercepting the mails sent to it, getting into your account (since they now have the code to get by the IP-check), changing the info on your account, and profiting.

[Gapy]

No i checked my email. The only person that has been into my original email is me. No other logins have been recorded in last 28 days. i am using gmail btw...

[AionCheesecake]

Do you have mobile authentication set up on your gmail account? Like I said earlier, they can't get into your account without getting by the IP-check first, and that goes to your original email...unless I've utterly lost my mind? Stranger things have happened today.

I'd like to congratulate you on being the first compromised gmail account I've heard of so far. :P

 

Make sure your antivirus is up to date, and use it + Malwarebytes to scan your computer for any unwanted nasties.

Did you have a strong (and different) password on your game and email accounts?

 

 

(regardless, please change the password on your email account AND set up mobile authentication if you can)

[Hatsunya]

On 6.2.2016 at 5:41 AM, Sophie said:

I really think NC should improve their account security setting. they should bound our account to the email we used to sign up the game, it shouldn't be changeable, even if it is changeable they should send a verification email to the original email not the new one. (I just tried to change my account email all i need is the password and it will send a verify email to the NEW email i just changed to, this is very unsafe.)

my friend's account just got stolen and been sold to someone else, all the information got changed and my friend couldn't do anything even that i found out at the first second the account has got stolen, because all information has been changed. The email got changed so we can't even reset the password.

 

Please if anyone agree with me reply under this topic and let this topic go to the top of this forums and let the NC know we need more safety for our account !!!!!

So you're blaming NCsoft because your friend got keylogger?

 

Do you seriously think that anyone with skills to hack ncsofts servers / email hosts servers to get information about your or your friends account. Nope they wont so yeah how about do first step and make sure your computer is secure and do frequent scans

 

[Angelllbb]

10 minutes ago, AionCheesecake said:

Do you have mobile authentication set up on your gmail account? Like I said earlier, they can't get into your account without getting by the IP-check first, and that goes to your original email...unless I've utterly lost my mind? Stranger things have happened today.

I'd like to congratulate you on being the first compromised gmail account I've heard of so far. :P

 

Make sure your antivirus is up to date, and use it + Malwarebytes to scan your computer for any unwanted nasties.

Did you have a strong (and different) password on your game and email accounts?

when my bf's account hacked, he didn't get any email regarding IP address changed or anything.

 

Plus, you have never experienced being stolen, you wouldn't understand how it feels.

All my bf's properties in the game had lost. NCcoins, Hongmoon coins, Golds, 100x soulstones and more. and yet, the NCsoft support team only agreed to recover the golds.

There are 3 in total here, gapy is not the first, the author is the first.

As I said before, even with 2-step authorisation on email account, it doesn't work. please review my previous post.

We don't have much to ask. we only want the NCsoft team can send a confirmation email/acknowledge email to original email address as well.

And, our password is strong as the password indicator said. upper case, lower case, with symbol. You are not the only in this world who can make a complex password.

 

Finally, the only person that is shouting is you. Who doesn't know the situation and tried to play smart here.

 

 

[gothicshark]

On 2/6/2016 at 7:52 PM, AionCheesecake said:

Use strong passwords, on your email AND your game. If they don't have your game password but they break your email password, they can reset your game password that way.

Don't use the same passwords on multiple accounts across the Internet.

Don't follow strange links, whether in game, on the forums, or in emails. NCsoft will never ask for your account password in an email.

Don't buy gold. Hell, don't even go to their sites. Just don't. Bad. Stay away.

Don't purchase power leveling services.

Don't sell accounts. Don't share accounts.

Do not pass go. Do not collect $200.

Try working with Support to recover lost accounts here: https://support.bladeandsoul.com/hc/en-us

I realize you cannot log in to Support with the lost account. Use a different account to do it.

Good luck.

Have fun.

All good suggestions, however to make things simple, invent a away to remember a password for each site that is seemingly random.

 

Example: Have a key phrase that you use. "I like Cocacola " then depending on the website ad a number letter to the phrase which makes sense, also randomly replace letters with symbols and numbers. 

 

ie: Blade and Soul: "1Blik3NC0c@colaS" in my example I swapped the spaces for the BNS of blade and soul, and replaced a couple of letters with numbers and symbols. 

example2: "lApplelikeiPhoneCocac0la" good for an iPhone. the letter "I" I used a lower case "l". These kinds of passwords are significantly harder to crack than a properly spelt  word with a number most people use. 

[AionCheesecake]

1 minute ago, Angelllbb said:

when my bf's account hacked, he didn't get any email regarding IP address changed or anything.

 

Plus, you have never experienced being stolen, you wouldn't understand how it feels.

All my bf's properties in the game had lost. NCcoins, Hongmoon coins, Golds, 100x soulstones and more. and yet, the NCsoft support team only agreed to recover the golds.

We don't have much to ask. we only want the NCsoft team can send a confirmation email/acknowledge email to original email address as well.

The only person that is shouting is you. Who doesn't know the situation and tried to play smart here.

Sweetheart, Husband had his AA and WoW account stolen. Trust me, I know. I fought Trion for over a month trying to get his account back (at all), and they refused to give it back. You know how they got in (on both AA and WoW)? His email. I found the emails in the deleted email bin (slackers didn't empty the trash). They got in with his email, changed all the information on his account, stripped the account for all that it was worth, used a stolen credit card to buy $100 worth of whatever ArcheAge's coin was called, which soon got the account banned for fraud, and we didn't find out until I was looking for something in his email and found that batch of emails. Good nyerking times, yo.

 

At least NCsoft agreed to recover your gold AND gave you the account back.

 

Guess what, though? If they got into your original email, they would have deleted that acknowledgement email too. They would delete everything because that's what these people do. They're in the business of selling gold/accounts, and they're very good at it.

 

Change your email passwords. Change providers if you have to. Set up 2-step authentication on your email. Don't reuse passwords anywhere. Maybe even see if your email was compromised here https://haveibeenpwned.com/

 

And posting in all caps is considered shouting on the Internet. Do avoid doing that.