tucky

Ncsoft's "security" system

Recommended Posts

tucky   

Hello,

Warning for you all :

My bro's account got hacked this morning. He doesnt know how.

The "fun" thing is, if someone gets into you ncsoft account via the website (keylogger or something), they can change your pin code without a simple mail verification. The pin code which is supposed to be a protection against keyloggers can be changed if the hacker gets your password via a key logger. Very clever, ncsoft.

And the fail doesn t stop here. The hacker can also set up the 2 step authentificator via the website WITHOUT a mail verification. So now his account is probably stripped of everything, and he cannot get to it. Good job Ncsoft. Maybe you shouldn t skip security 101 courses next time? You know, like requiring MAIL VERIFICATIONS for security changes in account!

 

To sum up : don t be like us and believe the pin code actually protects you. It's just for looks, and to make you click like a dumbass at the game startup, thinking this somehow protects you. IT DOES NOT.

Set up the authentificator in advance before some hacker gets trough ncsoft dumb security policy.

 

Share this post


Link to post
Share on other sites
LiriC   

Hang on you lost me at   "security" system

 

What security ? :)))) Ncsoft has none.

Share this post


Link to post
Share on other sites
tucky   

Yup i thought being in the game industry for 10 years + maybe they would have learned a few things... Guess not. 20 moonwater stones and 100 g down the drain. He had all of our savings. we liked this game so bought premium. Not going to continue if one can be hacked so easily...

Share this post


Link to post
Share on other sites
Traenor   

It serves you right. There arent random "hackers" on the internet that spread keyloggers around for no purpose. Do you think the hacker was like:" I got the user/pw for some random game, i'll download it just to screw with that guy!" ???    Im 99.9% certain that you, or your brother, without your knowledge went on one of those "buy gold at xxxxx" sites that are spammed on chat.

Share this post


Link to post
Share on other sites
Remlnx   

With all the respect, if you get hacked its not NCSoft mistake, but yours. 99% of hacking is because keyloggers and they dont just grow on your computer by themself.
Use simple tools like Spybot S&D + SpywareBlaster + AV + firewall and you hardly get hacked.
Personally i use Comodo Internet Security since years and never had a problem.

Said that, i agree there must be a double verification before change the pin or add a sms verification is even better.

Share this post


Link to post
Share on other sites
Vexe   

Next time, don't (try to) buy gold and don't give your password to any "friends".

Edited by Vexe

Share this post


Link to post
Share on other sites
TopKEK   

While the bandwagon goes "dun go round sharing ur info" which I wholeheartedly agree with, I think yer all missing the point (aside from LiriC)... 

Where the security at BnS?

 

The fact that they can't even get rid of bots in both game and forum shows there's nothing to protect BnS from any threat like hacks or DDoS...

But then again at the end of the day, common sense is what will truly help... don't share accounts whatsoever....

 

Edited by TopKEK

Share this post


Link to post
Share on other sites
tucky   
1 hour ago, Vexe said:

Next time, don't (try to) buy gold and don't give your password to any "friends".

Assume much? I earn my gold. If you don t have anything useful to say, don't say anything thanks

 

1 hour ago, Remlnx said:

With all the respect, if you get hacked its not NCSoft mistake, but yours. 99% of hacking is because keyloggers and they dont just grow on your computer by themself.
Use simple tools like Spybot S&D + SpywareBlaster + AV + firewall and you hardly get hacked.
Personally i use Comodo Internet Security since years and never had a problem.

Said that, i agree there must be a double verification before change the pin or add a sms verification is even better.

NCsoft's security is full of holes (no mail verification for security changes, REALLY?). If it wasn t the case i wouldn t have been hacked period. So yeah, people may have to do all these things because ncsoft skipped security 101 i guess. Is it ok though? Hell i don't think so.

Share this post


Link to post
Share on other sites
Vexe   

You didn't get hacked period. You did something that gave away your password in some form.

 

"Not useful"? I'm giving you an advice on how not to lose your account next time. :)

Edited by Vexe

Share this post


Link to post
Share on other sites

its kinda your "bro's" fault to begin with, if he didn't want his account to get hacked he should stop clicking links from unknown people, downloading exe files, etc etc.

 

yes, I agree that the pin system is useless, you don't even have to do a recovery, since the game plays itself in windowed fullscreen, if you get backdoored, he can see you press the buttons.

 

at the end of the day its not NCSOFT's fault.

Share this post


Link to post
Share on other sites
Haishao   

NCsoft always claimed they had fine security.

It was obvious it is not in 2010 when hundred of accounts got stolen because of a login bug on aion forum that made people land in random account and were able to change verification email without the password.

Few hundred of accounts were stolen that way, even people that weren't playing aion. NCSoft always claimed it was hacker with password lists.

 

Edited by Haishao

Share this post


Link to post
Share on other sites
tucky   

Oh well i give up NCsoft's security is fine. It's all my fault. I'm dumb and they have top notch security. *rolls eyes and runs away from these forums*

 

Share this post


Link to post
Share on other sites
Vexe   

No one said their security would be worth crap, lol. Doesn't change the fact that you visited some highly suspicious site or gave away your password

Edited by Vexe

Share this post


Link to post
Share on other sites

Maybe your bro should stay clear of porn sites or advice him not to download and run every silly thing some hackers post on forums or send by email?

Share this post


Link to post
Share on other sites
Vexe   

I highly doubt you'd even get malware that steals Blade & Soul passwords from anywhere unrelated to Blade & Soul. xp

Share this post


Link to post
Share on other sites

This community is so...

 

BnS does nothing to protect your account, everybody blames you. Also, I'm sure there are other ways of getting keyloggers than buying gold so how about we stop making wild accusations?

 

@OP: Run, never look back, the game isn't worth putting up with these kinds of people and Ncsoft does not care.

Share this post


Link to post
Share on other sites
Dlacik   

Actually there is an e-mail check when you try to log into your ncsoft account through web from new IP. Not sure if there is same check when you log in through game launcher.

Share this post


Link to post
Share on other sites
Vexe   
9 minutes ago, Centimani said:

BnS does nothing to protect your account, everybody blames you. Also, I'm sure there are other ways of getting keyloggers than buying gold so how about we stop making wild accusations?

 

What ways are there of getting keyloggers that would lead to losing your Blade & Soul account?

I'd say it's pretty much only

1. Visiting gold farmer spam / forum spam websites or opening other highly suspicious links.

2. Trying to download bad software (B&S hacks).

3. Believing impostors (stuff like "your account was hacked, go to *phising website* and change your password" or "your account is bugged and will be deleted in a week, please give us a password so we can fix it")

Edited by Vexe

Share this post


Link to post
Share on other sites
1 minute ago, Vexe said:

 

What ways are there of getting keyloggers that would lead to losing your Blade & Soul account?

I'd say it's pretty much only

1. Visiting gold farmer spam / forum spam websites or opening other highly suspicious links.

2. Trying to download bad software (B&S hacks).

3. Believing impersonators (stuff like "your account was hacked, go to *phising website* and change your password" or "your account is bugged and will be deleted in a week, please give us a password so we can fix it")

 

1. Shady link on the forums.

2. Downloading addons from unofficial websites.

3. Sharing your computer with somebody (it might even be a friend doing this, who knows?)

4. Phishing

 

All options that have nothing to do with buying gold or doing anything illegal by op.

Now can we stop the witch hunt?

Share this post


Link to post
Share on other sites
DeKus   

The "security" system is just there to create the wrong impression of safety. As long nothing happens, the illusion works. ^-^

 

One of the most important things today is: Use a different PW for all accounts.

Why?

Because your game accounts get hacked, when someone steals data from XYZ and the combination from e-mail/accountname + PW apply to other accounts. And about password strengths always remember the "correct horse battery staple"!

Share this post


Link to post
Share on other sites
nimix   

I think the main issue here was that the google authenticator could be added without e-mail verification. Not the part where his brother doesn't have good personal security.

Share this post


Link to post
Share on other sites
Rief   

@tucky Sorry, but TBH blaming NCSoft security system is kinda unfair.

 

1. Like you said yourself, someone got your account. Via keylogger or whatever, this are not the mistakes of NCsoft.

2. NCsoft provide additional security in form of 2 step authenticator, that you and your brother did not use it is also not the fault of NCsoft. If you and your brother used it, #1 the leaked/stolen account is probably more difficult to access.

 

Share this post


Link to post
Share on other sites
1 minute ago, Rief said:

@tucky Sorry, but TBH blaming NCSoft security system is kinda unfair.

 

1. Like you said yourself, someone got your account. Via keylogger or whatever, this are not the mistakes of NCsoft.

2. NCsoft provide additional security in form of 2 step authenticator, that you and your brother did not use it is also not the fault of NCsoft. If you and your brother used it, #1 the leaked/stolen account is probably more difficult to access.

 

 

I agree, you should know better than to play a game published by ncsoft.

 

/s

 

they can change your pin code without a simple mail verification. The pin code which is supposed to be a protection against keyloggers can be changed if the hacker gets your password via a key logger. Very clever, ncsoft.

And the fail doesn t stop here. The hacker can also set up the 2 step authentificator via the website WITHOUT a mail verification.

 

Share this post


Link to post
Share on other sites

you don't understand how is the pin code system works 

when u log in the security system asks for verification code , which have been send to your email and when u verify it

u can choose to save your IP (this option is useless if you are using VPN or your ISP gives you Static ip)

so you don't have to open your email every single time you need to enter the game or the forum just insert your username and password 

 

when they have created the bin code system they didn't create it to protect your account in case of your email have been hacked 

if your email have been hacked ,then all the hacker needs to do to get your account is to reset password

and that is not ncsoft fault it's yours the system works just fine if u didn't get your email hacked just like any other system

 

so check your pc for trojen or keyloger , or check your fiend's pc who knows your account info

 

their account protection system is the good but ingame protection against cheats and bots is really bad 

Edited by LordStark

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now