tucky Posted February 18, 2016 Share Posted February 18, 2016 Hello, Warning for you all : My bro's account got hacked this morning. He doesnt know how. The "fun" thing is, if someone gets into you ncsoft account via the website (keylogger or something), they can change your pin code without a simple mail verification. The pin code which is supposed to be a protection against keyloggers can be changed if the hacker gets your password via a key logger. Very clever, ncsoft. And the fail doesn t stop here. The hacker can also set up the 2 step authentificator via the website WITHOUT a mail verification. So now his account is probably stripped of everything, and he cannot get to it. Good job Ncsoft. Maybe you shouldn t skip security 101 courses next time? You know, like requiring MAIL VERIFICATIONS for security changes in account! To sum up : don t be like us and believe the pin code actually protects you. It's just for looks, and to make you click like a dumbass at the game startup, thinking this somehow protects you. IT DOES NOT. Set up the authentificator in advance before some hacker gets trough ncsoft dumb security policy. Link to comment Share on other sites More sharing options...
LiriC Posted February 18, 2016 Share Posted February 18, 2016 Hang on you lost me at "security" system What security ? :)))) Ncsoft has none. Link to comment Share on other sites More sharing options...
tucky Posted February 18, 2016 Author Share Posted February 18, 2016 Yup i thought being in the game industry for 10 years + maybe they would have learned a few things... Guess not. 20 moonwater stones and 100 g down the drain. He had all of our savings. we liked this game so bought premium. Not going to continue if one can be hacked so easily... Link to comment Share on other sites More sharing options...
Traenor Posted February 18, 2016 Share Posted February 18, 2016 It serves you right. There arent random "hackers" on the internet that spread keyloggers around for no purpose. Do you think the hacker was like:" I got the user/pw for some random game, i'll download it just to screw with that guy!" ??? Im 99.9% certain that you, or your brother, without your knowledge went on one of those "buy gold at xxxxx" sites that are spammed on chat. Link to comment Share on other sites More sharing options...
Remlnx Posted February 18, 2016 Share Posted February 18, 2016 With all the respect, if you get hacked its not NCSoft mistake, but yours. 99% of hacking is because keyloggers and they dont just grow on your computer by themself. Use simple tools like Spybot S&D + SpywareBlaster + AV + firewall and you hardly get hacked. Personally i use Comodo Internet Security since years and never had a problem. Said that, i agree there must be a double verification before change the pin or add a sms verification is even better. Link to comment Share on other sites More sharing options...
Vexe Posted February 18, 2016 Share Posted February 18, 2016 Next time, don't (try to) buy gold and don't give your password to any "friends". Link to comment Share on other sites More sharing options...
TopKEK Posted February 18, 2016 Share Posted February 18, 2016 While the bandwagon goes "dun go round sharing ur info" which I wholeheartedly agree with, I think yer all missing the point (aside from LiriC)... Where the security at BnS? The fact that they can't even get rid of bots in both game and forum shows there's nothing to protect BnS from any threat like hacks or DDoS... But then again at the end of the day, common sense is what will truly help... don't share accounts whatsoever.... Link to comment Share on other sites More sharing options...
tucky Posted February 18, 2016 Author Share Posted February 18, 2016 1 hour ago, Vexe said: Next time, don't (try to) buy gold and don't give your password to any "friends". Assume much? I earn my gold. If you don t have anything useful to say, don't say anything thanks 1 hour ago, Remlnx said: With all the respect, if you get hacked its not NCSoft mistake, but yours. 99% of hacking is because keyloggers and they dont just grow on your computer by themself. Use simple tools like Spybot S&D + SpywareBlaster + AV + firewall and you hardly get hacked. Personally i use Comodo Internet Security since years and never had a problem. Said that, i agree there must be a double verification before change the pin or add a sms verification is even better. NCsoft's security is full of holes (no mail verification for security changes, REALLY?). If it wasn t the case i wouldn t have been hacked period. So yeah, people may have to do all these things because ncsoft skipped security 101 i guess. Is it ok though? Hell i don't think so. Link to comment Share on other sites More sharing options...
Vexe Posted February 18, 2016 Share Posted February 18, 2016 You didn't get hacked period. You did something that gave away your password in some form. "Not useful"? I'm giving you an advice on how not to lose your account next time. :) Link to comment Share on other sites More sharing options...
Rationality Posted February 18, 2016 Share Posted February 18, 2016 *gets 'hacked' doing nothing* Am I doing it right yet? Link to comment Share on other sites More sharing options...
LightningSora Posted February 18, 2016 Share Posted February 18, 2016 its kinda your "bro's" fault to begin with, if he didn't want his account to get hacked he should stop clicking links from unknown people, downloading exe files, etc etc. yes, I agree that the pin system is useless, you don't even have to do a recovery, since the game plays itself in windowed fullscreen, if you get backdoored, he can see you press the buttons. at the end of the day its not NCSOFT's fault. Link to comment Share on other sites More sharing options...
Haishao Posted February 18, 2016 Share Posted February 18, 2016 NCsoft always claimed they had fine security. It was obvious it is not in 2010 when hundred of accounts got stolen because of a login bug on aion forum that made people land in random account and were able to change verification email without the password. Few hundred of accounts were stolen that way, even people that weren't playing aion. NCSoft always claimed it was hacker with password lists. Link to comment Share on other sites More sharing options...
tucky Posted February 18, 2016 Author Share Posted February 18, 2016 Oh well i give up NCsoft's security is fine. It's all my fault. I'm dumb and they have top notch security. *rolls eyes and runs away from these forums* Link to comment Share on other sites More sharing options...
Vexe Posted February 18, 2016 Share Posted February 18, 2016 No one said their security would be worth crap, lol. Doesn't change the fact that you visited some highly suspicious site or gave away your password Link to comment Share on other sites More sharing options...
SinKiller Posted February 18, 2016 Share Posted February 18, 2016 Maybe your bro should stay clear of porn sites or advice him not to download and run every silly thing some hackers post on forums or send by email? Link to comment Share on other sites More sharing options...
Vexe Posted February 18, 2016 Share Posted February 18, 2016 I highly doubt you'd even get malware that steals Blade & Soul passwords from anywhere unrelated to Blade & Soul. xp Link to comment Share on other sites More sharing options...
Centimani Posted February 18, 2016 Share Posted February 18, 2016 This community is so... BnS does nothing to protect your account, everybody blames you. Also, I'm sure there are other ways of getting keyloggers than buying gold so how about we stop making wild accusations? @OP: Run, never look back, the game isn't worth putting up with these kinds of people and Ncsoft does not care. Link to comment Share on other sites More sharing options...
Dlacik Posted February 18, 2016 Share Posted February 18, 2016 Actually there is an e-mail check when you try to log into your ncsoft account through web from new IP. Not sure if there is same check when you log in through game launcher. Link to comment Share on other sites More sharing options...
Vexe Posted February 18, 2016 Share Posted February 18, 2016 9 minutes ago, Centimani said: BnS does nothing to protect your account, everybody blames you. Also, I'm sure there are other ways of getting keyloggers than buying gold so how about we stop making wild accusations? What ways are there of getting keyloggers that would lead to losing your Blade & Soul account? I'd say it's pretty much only 1. Visiting gold farmer spam / forum spam websites or opening other highly suspicious links. 2. Trying to download bad software (B&S hacks). 3. Believing impostors (stuff like "your account was hacked, go to *phising website* and change your password" or "your account is bugged and will be deleted in a week, please give us a password so we can fix it") Link to comment Share on other sites More sharing options...
Centimani Posted February 18, 2016 Share Posted February 18, 2016 1 minute ago, Vexe said: What ways are there of getting keyloggers that would lead to losing your Blade & Soul account? I'd say it's pretty much only 1. Visiting gold farmer spam / forum spam websites or opening other highly suspicious links. 2. Trying to download bad software (B&S hacks). 3. Believing impersonators (stuff like "your account was hacked, go to *phising website* and change your password" or "your account is bugged and will be deleted in a week, please give us a password so we can fix it") 1. Shady link on the forums. 2. Downloading addons from unofficial websites. 3. Sharing your computer with somebody (it might even be a friend doing this, who knows?) 4. Phishing All options that have nothing to do with buying gold or doing anything illegal by op. Now can we stop the witch hunt? Link to comment Share on other sites More sharing options...
DeKus Posted February 18, 2016 Share Posted February 18, 2016 The "security" system is just there to create the wrong impression of safety. As long nothing happens, the illusion works. ^-^ One of the most important things today is: Use a different PW for all accounts. Why? Because your game accounts get hacked, when someone steals data from XYZ and the combination from e-mail/accountname + PW apply to other accounts. And about password strengths always remember the "correct horse battery staple"! Link to comment Share on other sites More sharing options...
nimix Posted February 18, 2016 Share Posted February 18, 2016 I think the main issue here was that the google authenticator could be added without e-mail verification. Not the part where his brother doesn't have good personal security. Link to comment Share on other sites More sharing options...
Rief Posted February 18, 2016 Share Posted February 18, 2016 @tucky Sorry, but TBH blaming NCSoft security system is kinda unfair. 1. Like you said yourself, someone got your account. Via keylogger or whatever, this are not the mistakes of NCsoft. 2. NCsoft provide additional security in form of 2 step authenticator, that you and your brother did not use it is also not the fault of NCsoft. If you and your brother used it, #1 the leaked/stolen account is probably more difficult to access. Link to comment Share on other sites More sharing options...
Centimani Posted February 18, 2016 Share Posted February 18, 2016 1 minute ago, Rief said: @tucky Sorry, but TBH blaming NCSoft security system is kinda unfair. 1. Like you said yourself, someone got your account. Via keylogger or whatever, this are not the mistakes of NCsoft. 2. NCsoft provide additional security in form of 2 step authenticator, that you and your brother did not use it is also not the fault of NCsoft. If you and your brother used it, #1 the leaked/stolen account is probably more difficult to access. I agree, you should know better than to play a game published by ncsoft. /s they can change your pin code without a simple mail verification. The pin code which is supposed to be a protection against keyloggers can be changed if the hacker gets your password via a key logger. Very clever, ncsoft. And the fail doesn t stop here. The hacker can also set up the 2 step authentificator via the website WITHOUT a mail verification. Link to comment Share on other sites More sharing options...
LordStark Posted February 18, 2016 Share Posted February 18, 2016 you don't understand how is the pin code system works when u log in the security system asks for verification code , which have been send to your email and when u verify it u can choose to save your IP (this option is useless if you are using VPN or your ISP gives you Static ip) so you don't have to open your email every single time you need to enter the game or the forum just insert your username and password when they have created the bin code system they didn't create it to protect your account in case of your email have been hacked if your email have been hacked ,then all the hacker needs to do to get your account is to reset password and that is not ncsoft fault it's yours the system works just fine if u didn't get your email hacked just like any other system so check your pc for trojen or keyloger , or check your fiend's pc who knows your account info their account protection system is the good but ingame protection against cheats and bots is really bad Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.