The few of you who caught my brief Tweet-splosion yesterday already heard the sad news: my Guild Wars account has been hacked.
I haven’t logged into the game in about a week, and that was just to patch the game to the latest build and see who was on. I do not visit Guild Wars fan sites, fan forums or anything else nor have I used the PlayNC Store in well over a year or so.
How did I learn of this, then? I received an email from NCSoft Support yesterday morning informing me that my password reset was successful. Eh? I absolutely did not apply for a password reset. I quickly loaded the game and to my chagrin the password had indeed been changed!
I manually brought up NCSoft’s Support site – just in case the email was faked in a phishing attempt – and sure enough the password reset was also a support ticket. Damn it!
So today a GM has passed this along to Account Services to attempt a resolution. Assuming Arena.net keeps server logs, it should be easy to retrieve the password and reverse any actions taken in-game since the change. However it’s also NCSoft, and I have little to no faith in them for much of anything.
Here’s the thing: If I change my password on my bank’s website, or even something as simple as a forum site, I am always sent an email for verification prior to the reset taking place. Just in case, you know, someone applies for a reset using my account… Yet NCSoft, with a history of security problems, just goes ahead and changes the password then informs me of it? Gee, with security like that I can’t fathom why problems are so rampant…
I will keep saying this forever: I wish Arena.net would break from NCSoft; they – and we – deserve better.
on 
on 
Entries (RSS)
Seconded. The numerous flaws and blatant security issues of NCsoft and the poor support (try to get back your own account, it’s extremely hard) will cost them customers for sure if this goes on in GW2.
Thankfully their latest anti-bot campaign is much more successful. Apparently they try to improve. There is a lot to improve, unfortunately.
I wish you good luck and that all your chars will be restored or were not touch at all.
First of all, that sucks… I’m sorry you got hacked.
Second, yeah, it’s freakin’ crazy that they change the password *then* email you about it.
Thirdly, what security they do have is pretty weird. Like the “enter the name of a character on this account” thing.
That really sucks, sorry to hear that your account got hacked.
And to just send an email after the password got changed, that is quite stupid for a company who should know better.
Does the password change involve any of these “what is your mother’s maiden name” type of questions? Unless you can write your own questions those systems may provide a false sense of security.
At least you got the email…I never got one, and they actually shut down my account, as someone kept trying to login and blocked it.
Sad affairs there.
Good luck on this.