MamaBear

To every player you are not safe

Recommended Posts

MamaBear   

  NCSoft is not secure and you are not protected, your account is not protected unless you have The 2 step setup. 

for the past 3 days I have been battling with (South Korea, China) For my account that I have payed money on.

On my account the items that you can sell are all gone and sold for gold. Health potions you name it. They even tried to log in to my Email.

I have no cell phone so I had to look up a way to use the 2 step set up thing and I found one. So I use that now, If you have been hacked do not expect to get a reply for 2 days. Do not expect to get your items back and your hard work. I had all my chars gold taken. I'm saying this because I don't want this to happen to you guys. I have 2 useless chars now because I never got to finish them and there build because some one took my own gold/items for my weapons and items. Do not expect to get a refund, They will not give you a refund and will mostly blame you for "giving out" your password when that is incorrect and they do not want to admit that they have a breach in there security. 

I'm not doing this to gloat and not to be salty I'am doing this for you guys so this do's not happen to you. I now know not to ever spend money on this company again. I hope this dos not happen to you and I wish you the best because I'm really sad that this has happend not only to me but to a few other players I know. Even lowbies (lvl 8) Everything from stash that could be sold was sold.

 

Here is a IP address from this person that logged in today on my account. 

Name and Shame. I had more but I removed them I had 3 Different Ip's trying to log in to my account. From China and one from south Korea.

 

Share this post


Link to post
Share on other sites
Korene   

Stuff like this pisses me off. I don't care what people say "I have friends from that region".... "They aren't all bad". Frankly who cares the good suffer with the bad sometimes. China needs to be banned and especially korea why are they on this server? They have their own. I'll tell you why NA is well known for throwing infinite cash towards mmo's what poverty stricken fool wouldn't get in on that. All this " well they will find a way to switch their ip" okay well let's make it hard for them right now the door is wide open we can at least lock the door. If they want to find a way to pop the lock open we can deal with it from there 

Share this post


Link to post
Share on other sites

All those hackers that does this crap, along with scammers and bots needs to be torture and die a slow painful death. Thanks for letting us know and damn that fricken sucks, hope you get your things and money back.

Edited by TopDollar

Share this post


Link to post
Share on other sites

I'm sorry, but I'm going to stop you. With the way the accounts work in blade and soul, I'm going to have to say this was your own fault. I wouldn't have said anything if you weren't trying to scare people, but yeah, now I'm going to have to.

 

Accounts ALREADY work with a two step system. You log in with your login name and password, and then you, with your mouse, select your specific number key to let you in. While it is, sadly, easy to grab someone's account information if you, say, have a keylogger you are unaware of, no keylogger is going to tell them what your number code is, as the only way to enter it is to select from numbers that are randomly placed each time. I will say that again.

 

Even if they COULD TRACK WHAT position the numbers were in with your mouse ONCE, which would already be a pretty awesome technical feat, it wouldn't HELP them. The numbers would not be in the same positions they were when you logged in, which means that even if they followed the sequence you did, they would have the wrong number.

 

SO. What this means is...YOU, have been doing something you are not supposed to, or doing something that allows for bloatware or malware to be installed on your computer coupled with other programs you were intentionally trying to install. They CAN brute force your PW and login name, that is a possibility, but if they had that kind of capability, to just enter all up in NCSoft's database, why is it just you, and not a major problem blowing up right now. If they REALLY DID just up and yank your password from the database, and you've no malware or keylogger to tip them off, it would be more than just you, and it would be done quickly.

 

BUT EVEN THEN, if they got your PW and login...they'd need that number. And the ONLY way they'd have it without you giving it to them is if you made it simple enough to GUESS. And if your SIX NUMBERS are so easy to figure out that they can be GUESSED, you didn't do your own due diligence to protect your account.

 

I'm not saying this is right, or that you deserve to have people messing with your stuff in any way at all, but YOU, OP, are trying to claim that no one is safe, and that NCSoft has been compromised, a claim you have no evidence to make, and a very serious and potentially damaging one.

 

Right now, if I were the company running this game, I would look at potentially suing you for libel. You've no right at all to claim what you have.

Share this post


Link to post
Share on other sites
MamaBear   
8 minutes ago, Froggyman said:

I'm sorry, but I'm going to stop you. With the way the accounts work in blade and soul, I'm going to have to say this was your own fault. I wouldn't have said anything if you weren't trying to scare people, but yeah, now I'm going to have to.

 

Accounts ALREADY work with a two step system. You log in with your login name and password, and then you, with your mouse, select your specific number key to let you in. While it is, sadly, easy to grab someone's account information if you, say, have a keylogger you are unaware of, no keylogger is going to tell them what your number code is, as the only way to enter it is to select from numbers that are randomly placed each time. I will say that again.

 

Even if they COULD TRACK WHAT position the numbers were in with your mouse ONCE, which would already be a pretty awesome technical feat, it wouldn't HELP them. The numbers would not be in the same positions they were when you logged in, which means that even if they followed the sequence you did, they would have the wrong number.

 

SO. What this means is...YOU, have been doing something you are not supposed to, or doing something that allows for bloatware or malware to be installed on your computer coupled with other programs you were intentionally trying to install. They CAN brute force your PW and login name, that is a possibility, but if they had that kind of capability, to just enter all up in NCSoft's database, why is it just you, and not a major problem blowing up right now. If they REALLY DID just up and yank your password from the database, and you've no malware or keylogger to tip them off, it would be more than just you, and it would be done quickly.

 

BUT EVEN THEN, if they got your PW and login...they'd need that number. And the ONLY way they'd have it without you giving it to them is if you made it simple enough to GUESS. And if your SIX NUMBERS are so easy to figure out that they can be GUESSED, you didn't do your own due diligence to protect your account.

 

I'm not saying this is right, or that you deserve to have people messing with your stuff in any way at all, but YOU, OP, are trying to claim that no one is safe, and that NCSoft has been compromised, a claim you have no evidence to make, and a very serious and potentially damaging one.

 

Right now, if I were the company running this game, I would look at potentially suing you for libel. You've no right at all to claim what you have.

I have a fresh computer the only game I have on here is NCSoft. I have only logged in on my Email and Ncsoft, I do not own a cell phone so please do not tell me that It's my fault. I Have not done anything wrong so please do not push the blame on me. You do not know me like I said I was warning players.  Like I said I was not the only one that was effect in this matter. I do not have a key logger, I use Bleeping computers anti logger, so I see no point to go in that part Say what you want but I do have the Ip I do have the proof that I have sent to NCsoft that shows the Ip and the log in attempts and the mailed items and gold. I have all ready gotten a hold of NCsoft. Sue me if they want I have the right of freedom of press and speech.

Edited by MamaBear

Share this post


Link to post
Share on other sites
Primula   
9 minutes ago, Froggyman said:

Accounts ALREADY work with a two step system. You log in with your login name and password, and then you, with your mouse, select your specific number key to let you in. While it is, sadly, easy to grab someone's account information if you, say, have a keylogger you are unaware of, no keylogger is going to tell them what your number code is, as the only way to enter it is to select from numbers that are randomly placed each time. I will say that again.

 

Even if they COULD TRACK WHAT position the numbers were in with your mouse ONCE, which would already be a pretty awesome technical feat, it wouldn't HELP them. The numbers would not be in the same positions they were when you logged in, which means that even if they followed the sequence you did, they would have the wrong number.

 

I'm not defending OP but you clearly don't understand how a keylogger can work.

A keylogger is perfectly capable of capturing video, though personally if I were to make a keylogger which can additionally take your pin, I'd have it check for the client starting, then start capturing images in an area around your mouse cursor (size of pin buttons) every time you click and then do OCR to get the numeric value of the button clicked or a more lazy way would be to just send the images to remote server.

Edited by Primula

Share this post


Link to post
Share on other sites
MamaBear   
Just now, Primula said:

 

I'm not defending OP but you clearly don't understand how a keylogger can work.

A keylogger is perfectly capable of capturing video though personally if I were to make a keylogger which can additionally take your pin, I'd have it check for the client starting, then start capturing images in an area around your mouse cursor (size of pin buttons) and then do OCR to get the numeric value of the button clicked or a more lazy way would be to just send the images to remote server.

I know exactly how a key-logger works, I build computers for a living and I remove unwanted software. I know what I speak and I speak what I know.

Share this post


Link to post
Share on other sites
Primula   
Just now, MamaBear said:

I know exactly how a key-logger works, I build computers for a living and I remove unwanted software. I know what I speak and I speak what I know.

Well you clearly don't know enough.

 

Building computers & removing software != programming experience.

Edited by Primula

Share this post


Link to post
Share on other sites
MamaBear   
Just now, Primula said:

Well you clearly don't know enough.

I have no time for childish acts. I simply can inform the players of what is happening. Freedom of press and speech. I don't want to argue with anyone. You do not know how I feel with the amount of things I'v lost. You are not me end of story period.

Share this post


Link to post
Share on other sites

He is actually saying he didn't have the 2 step authenticator set up. So at the time he didn't have the second step to manually input the number code.

 

With that said, Accounts being hacked and stolen isn't anything new, hence the need for the authenticators. What is curious though, is how you would have an Ip of someone logging into NCsoft's servers.

Share this post


Link to post
Share on other sites
Just now, MamaBear said:

I have a fresh computer the only game I have on here is NCSoft. I have only logged in on my Email and Ncsoft, I do not own a cell phone so please do not tell me that It's my fault. I Have not done anything wrong so please do not push the blame on me. You do not know me like I said I was warning players.  Like I said I was not the only one that was effect in this matter. I do not have a key logger, I use Bleeping computers anti logger, so I see no point to go in that part Say what you want but I do have the Ip I do have the proof that I have sent to NCsoft that shows the Ip and the log in attempts and the mailed items and gold.

Okay...from the beginning.

 

1. You were OBVIOUSLY hacked, at least in part. MY point to YOU, is that YOUR PERSONAL NUMBER for your account is not "hackable" in the way that they might be able to grab your password and login. In order for them to have taken your number, you would either have had to give it to them, which I don't think you did, or it would have to have been EASY TO GUESS, which IS 100% your fault. That doesn't mean I think you should have been hacked at all, or that they shouldn't help you. What it DOES MEAN

 

2. You are taking an instance that happened to you, and claiming NCSoft's security has been compromised. That is a SERIOUS claim to make against any company, and although you can prove YOUR account was tampered with, you can't prove anything more than that, so again, YOUR COMPROMISED ACCOUNT doesn't equal EVERYONE'S ACCOUNT IS COMPROMISED.

 

3. Where are these other people? Bring them here, let's see it. All of my guildmates are level 45 with 700g and all of their homgoon skills unlocked at HM5. I can say whatever I want, it doesn't make it true unless I can prove it.

 

I take fault in your accusing an ENTIRE company of being compromised. Someone has obviously been messing with your account, which is not okay, and I am legitimate sorry. I pay to play this game, I'd be really upset if I woke up and all of my stuff was gone, but that's never going to happen to me because my number is something you'd NEVER GUESS.

 

If it were not against the rules, I would put my PW and Login on the forums, because even with it, you'd never get into my account. SO IF SOMEONE DID, YOU ARE PARTLY TO BLAME. AND YOU SHOULD NOT ACT LIKE THEIR WHOLE SECURITY SYSTEM IS COMPROMISED. THIS is exactly what you are claiming. And you are wrong.

Share this post


Link to post
Share on other sites
Primula   

I'm not being childish, just informing that the pin entry is not enough security against a keylogger.

 

Also do note that I said 'how a keylogger can work' not 'how a keylogger works'.. because not all keyloggers are sophisticated.

Though the bots in this game aren't dumb, they're programmed to counter classes, so I'm pretty sure if the same people are hacking accounts they'd build a keylogger that is capable of getting your pin too.. because it really isn't difficult.

 

2step auth is the only decent security measure, the pin entry on client launch is useless.

Edited by Primula

Share this post


Link to post
Share on other sites
3 minutes ago, chinmi said:

how to enable 2 step ?

 

In settings there is a 2-step verification button, It pairs with the google authenticator.

Share this post


Link to post
Share on other sites
MamaBear   
4 minutes ago, Froggyman said:

Okay...from the beginning.

 

1. You were OBVIOUSLY hacked, at least in part. MY point to YOU, is that YOUR PERSONAL NUMBER for your account is not "hackable" in the way that they might be able to grab your password and login. In order for them to have taken your number, you would either have had to give it to them, which I don't think you did, or it would have to have been EASY TO GUESS, which IS 100% your fault. That doesn't mean I think you should have been hacked at all, or that they shouldn't help you. What it DOES MEAN

 

2. You are taking an instance that happened to you, and claiming NCSoft's security has been compromised. That is a SERIOUS claim to make against any company, and although you can prove YOUR account was tampered with, you can't prove anything more than that, so again, YOUR COMPROMISED ACCOUNT doesn't equal EVERYONE'S ACCOUNT IS COMPROMISED.

 

3. Where are these other people? Bring them here, let's see it. All of my guildmates are level 45 with 700g and all of their homgoon skills unlocked at HM5. I can say whatever I want, it doesn't make it true unless I can prove it.

 

I take fault in your accusing an ENTIRE company of being compromised. Someone has obviously been messing with your account, which is not okay, and I am legitimate sorry. I pay to play this game, I'd be really upset if I woke up and all of my stuff was gone, but that's never going to happen to me because my number is something you'd NEVER GUESS.

 

If it were not against the rules, I would put my PW and Login on the forums, because even with it, you'd never get into my account. SO IF SOMEONE DID, YOU ARE PARTLY TO BLAME. AND YOU SHOULD NOT ACT LIKE THEIR WHOLE SECURITY SYSTEM IS COMPROMISED. THIS is exactly what you are claiming. And you are wrong.

I think you are missing the point I simply want everyone to try to do the 2 step setup ( authentication ), It gives you a random pin each time.  End of story, I can complain if I want and I can and if they want to sue me sure they can but they would be breaking my amendments. I simply ask everyone to please do the authentication. Not everyone has a cell phone to do it or less a I phone. 

Edited by MamaBear

Share this post


Link to post
Share on other sites
MamaBear   
7 minutes ago, Kaizokuoni said:

He is actually saying he didn't have the 2 step authenticator set up. So at the time he didn't have the second step to manually input the number code.

 

With that said, Accounts being hacked and stolen isn't anything new, hence the need for the authenticators. What is curious though, is how you would have an Ip of someone logging into NCsoft's servers.

It tells you who logs in to your account by IP.

Share this post


Link to post
Share on other sites

I was unaware the two step authentication process was voluntary. As a brand new account, I was forced to do this before I could play. I logged into blade and soul, and it came up with a screen with a bunch of numbers, and I'd never even told it a pin. Going to my account on the website I was informed I would need to make a pin in order to log in. So unless I lied to, or they changed it, this seemed like a NECESSARY step they make you take before playing the game? Again, I'm being dead serious, I was not ALLOWED to play until I picked out a pin, and I made a brand new account to play BnS, because at the time I couldn't remember my credentials for the old one.

 

You can rant and rave if you want, but I've said what needed to be said, NCSoft security is fine, this is an unfortunate, but isolated incident that happened to you, and I am convinced you had something to do with it.

Share this post


Link to post
Share on other sites
MamaBear   
3 minutes ago, Froggyman said:

I was unaware the two step authentication process was voluntary. As a brand new account, I was forced to do this before I could play. I logged into blade and soul, and it came up with a screen with a bunch of numbers, and I'd never even told it a pin. Going to my account on the website I was informed I would need to make a pin in order to log in. So unless I lied to, or they changed it, this seemed like a NECESSARY step they make you take before playing the game? Again, I'm being dead serious, I was not ALLOWED to play until I picked out a pin, and I made a brand new account to play BnS, because at the time I couldn't remember my credentials for the old one.

 

You can rant and rave if you want, but I've said what needed to be said, NCSoft security is fine, this is an unfortunate, but isolated incident that happened to you, and I am convinced you had something to do with it.

There is 2 types of Pin one that changes randomly and one you know by heart I went with the one I know by heart. I do not own a phone. You are allowed to skip the 2 step setup if you do not own a phone, witch I do not.

Edited by MamaBear

Share this post


Link to post
Share on other sites
Just now, MamaBear said:

There is 2 types of Pin one that changes randomly and one you know by heart I went with the one I know by heart. I do not own a phone.

I don't even....

 

I am NOT TALKING about the authentication using google or a phone, I am talking about the numbers you remember, the one you just said in the very beginning you didn't have. GO LOOK at the sheet of numbers when you play blade and soul. They are in DIFFERENT LOCATIONS every single time. You know your own pin, so you type it in, whatever it happens to be, but your mouse would have to go to different locations every time, because instead of the six being in the corner, now it's down on the bottom, or what have you.

 

This means that even if they had a keylogger, unless they put one on your computer that was so amazing it could see your screen, it wouldn't give them the correct number. The authentication from google uses RANDOM numbers everytime, what I am saying is the IN GAME KEYPAD for that option CHANGES every time you log in, so the numbers are not in the same place.

 

Which means logically that again, unless you downloaded something you shouldn't have, your number was too easy to guess. EITHER WAY IT ISN'T a PROBLEM with their security, which was your initial claim.

Share this post


Link to post
Share on other sites
MamaBear   
5 minutes ago, Froggyman said:

I don't even....

 

I am NOT TALKING about the authentication using google or a phone, I am talking about the numbers you remember, the one you just said in the very beginning you didn't have. GO LOOK at the sheet of numbers when you play blade and soul. They are in DIFFERENT LOCATIONS every single time. You know your own pin, so you type it in, whatever it happens to be, but your mouse would have to go to different locations every time, because instead of the six being in the corner, now it's down on the bottom, or what have you.

 

This means that even if they had a keylogger, unless they put one on your computer that was so amazing it could see your screen, it wouldn't give them the correct number. The authentication from google uses RANDOM numbers everytime, what I am saying is the IN GAME KEYPAD for that option CHANGES every time you log in, so the numbers are not in the same place.

 

Which means logically that again, unless you downloaded something you shouldn't have, your number was too easy to guess. EITHER WAY IT ISN'T a PROBLEM with their security, which was your initial claim.

Well then I guess you need to take my freedom of speech away because I can speak what ever I want. So if it's my fault it's my fault the only one here to get blamed is me. End of the story. I simply and have said over and over. Do the 2 step setup.  To be safe just in case they do have anything easy to guess. You are blind, I said this meany times. I'm done with this topic. I have no idea why you are fighting me about this. I have lost the items not you I'm angry not you. I'm sad Because I lost hours of work not you. If NCsoft do not like what I said earlyer they would of removed my topic. Simple as that.

Edited by MamaBear

Share this post


Link to post
Share on other sites
18 minutes ago, MamaBear said:

Well then I guess you need to take my freedom of speech away because I can speak what ever I want. So if it's my fault it's my fault the only one here to get blamed is me. End of the story. I simply and have said over and over. Do the 2 step setup.  To be safe just in case they do have anything easy to guess. You are blind, I said this meany times. I'm done with this topic. I have no idea why you are fighting me about this. I have lost the items not you I'm angry not you. I'm sad Because I lost hours of work not you. If NCsoft do not like what I said earlyer they would of removed my topic. Simple as that.

Look, I don't appreciate being called blind just because you can't/won't understand what I have to say to you. But I guess if we are just going to delve into name calling now I think I'll just be done. That's really disrespectful.

 

Edit: Clearly the only way this ends is if I report you. So that's what I'm going to do. I'm sorry for my involvement in this, but I will end it.

Edited by Froggyman

Share this post


Link to post
Share on other sites

Oh joy, another thread that becomes "Only my view is right" and is filled with threats and insults.

 

Well, aside from requesting a lock, we only have one proper action.

 

e74.gif

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.