We received some feedback on this particular post and I wanted to clarify a few things concerning NCWest security.
There are discussions on Aion Source forums and other Aion related forums and websites about the recent wave of hacked game accounts by the gold selling companies and what NCSoft is doing about it. There is a vocal group of people on these sites and forums blaming NCSoft for having their accounts hacked (or their friends’ accounts hacked). In one of these I came across the strip published below and found it to be very humorous. Here’s why. I find it absolutely ridiculous that it would be possible in any way to have the security so severely breached in a multi-million dollar company like NCSoft. That’s why I posted it under the humor category.
In theory there would be two points of entry for hackers to access your account data. In theory they could hack into NCSoft’s site and get the data from there. Without going into much detail I find this idea so ridiculous it amuses me. I’ve been in much smaller companies than NCSoft and that idea would be ridiculous even there.
The other point of entry are players themselves. They download something onto their computer, visit a site promising them easy leveling, browse an “underground forum” promising them inside secrets of the game or click a link in an email that looks like it comes from some official source. What you get is a program or a Trojan that keylogs you and gets your private information. To paraphrase Tamat, in almost all cases the reason for compromised accounts is RMT related activity initiated by the players themselves.
Occam’s razor (the simplest explanation or strategy tends to be the best one) guides us to one simple conclusion:
There are no security breaches in NCSoft and they are certainly working very hard to prevent one from ever happening.
I would suggest you all rather read Scott Jennings’ article that describes the steps you can take to protect your computer and account from being compromised.
We, at Aion Life, will also try and join the fight against RMT in our own way. We hope we’ll be able to make some sort of announcement concerning this in the next 10 days.
No comment needed.
Glad to see this cleared up! I was worried that some of the humorous postings around the web were legitimate. Keep up the good work with MMORPG-Life!!
From Wikipedia:
“…Therefore, according to the principle, a simpler but less correct theory should not be preferred over a more complex but more correct one. It is this fact which gives the lie to the common misinterpretation of Occam’s Razor that “the simplest” one is usually the correct one.”
You got an interessting sense of humor since you seem to deny the reality of multi billion companies, the government, the military and other high security getting hacked on a regular basis. I would suggest you open a newspaper or news site every now and then instead of making up jokes like “many money, many safe!” ^_^
I had my aion account hacked about 3 hours ago
I have never used so called RMT companies, powerlevelling companies or other related service
No one other than me knew my NCsoft account security questions, which were set half a year ago on another computer, so it’s pretty much impossible a keylogger is to blame
I barely log into the official NCsoft site, nevermind phishing sites
So who else could be to blame if not NCsofts security?
Ask any aion player how many botters they see on a daily basis, is it really possible that hundreds of players are stupid enough to fall for phishing sites every day?
Also, I think that its stupid that NCsoft allow someone to simply log in and change security questions, which are used to recover accounts, instantly. Even the most cheap, failure MMOs have some kind of cooldown or email verification required.
The hackers literally logged in and changed all my details in 3 minutes.
What the Author should have have said is that most hacked accounts are due to malware on the users PC. I don’t play this game, but I do play others and almost all of them are having major hacking issues.
The one I play most of the time opted to reduce security by using the ever-so-easy to get email address as the account name.
My account there was hacked within 5 days of the security change. I ran a complete battery of anti anything software and had 0 detections.
The “big-company-can’t-be-hacked” drones forget that those companies are the main target, not the user PCs. If a hacker gets into a major company’s system, then they get boasting rights since any level hacker can get into a home PC. It’s the difference between stealing a Yugo and a B12 Bomber: who would be the better thief?
As for the guy who used another PC to set up his account: Sorry to say that it is more likely that you had a keylogger back then on the other PC. Information stolen by keylogger usually takes about 6 months before it is used.
Except the MitM attack, hackers do not go through keylogger dumps immediately. The information sits in a file amoungst hundreds of others while the hacker goes through one at a time. Your information would be 1 of X hundreds that the hacker got for that one day. It takes time to go through all that info and is why more often it is 6 months or more before it is used.