The saga of NCsoft account security continues with the confirmation that an existent exploit in NCsoft’s systems. Not too long ago, I reported on Scayth, an Aion player whose account was compromised while it was inactive. The account was looted, and one or more of the characters may have been used for gold farming purposes.
Thanks to Scayth’s ongoing updates over at Aionsource, he was able to procure a reply (finally) from NCsoft over the account issues. The full image is below, but I will summarize:
- The majority of accounts compromised have been through social engineering, viruses, fansites, and keyloggers.
- The account was never hacked, the individual characters were. The account itself was not in any danger.
- The hacker was able to use packet manipulation to access different characters at whim. The process is “very complicated” and did not give them full access.
- Few characters can be accessed in this fashion, Scayth just happened to be one of the unlucky few, among 10 others who were also restored.
- The process tricked the system into believing that the character belonged to that account.
- The servers were hotfixed to prevent this that same day.
What will come next in the NCsoft security saga? MMO Fallout will certainly be here to cover the events.
MMO Fallout 
I think I was recently a victim of this sort of theft. I hadn’t played Aion or logged into my “master” account for probably close to a month. I received an email that my subscription had auto renewed. Since I haven’t been playing I was going to see if I could I could get a refund and re-up when I feel like playing more again. Long story short I got the email Thursday night and Friday morning at work I was in the process of trying to login and a friend calls excited to see me finally logged in again but wondering if I had the day off work…no I didn’t. He and some other players found my character botting. I couldn’t get logged into the client and started my support ticket with NCSoft. 33ish hours later (today) all I get from the person who replies is them saying they have reset my passwords and that I should scan my computer for viruses. I work in IT and I keep my stuff clean but I did it anyway and there where NO infections. I’m kinda pissed it took them so long to respond to a customer security matter like this. I’m fairly certain that I will not continue playing just due their lack of security and poor response time security related matters.
Hello TekWarren,
I’m glad to see you got your account back, but from your explanation I think I can conclude that you are not a part of this exploit. Obviously I am taking NCsoft at their word, but according to the screenshot only a tiny group were affected during the day that the exploit was known, and they were all rolled back to how they were. Furthermore, your account was stolen, and this exploit did not give access to the account, just characters.
We could go back and forth all day about whose fault it was that your account was stolen, but there are a multitude of ways it can happen. I once had my credit card stolen not because of my own wrong-doing, but because one of the vendors I used my card at had their database broken into.
Right now all we have confirmation of is a short lived packet manipulation exploit, and as much as we would like to lap up claims of login exploits, the reason I dropped the topic after the first time was not only NCsoft’s confirmation that the effects were purely cosmetic (You could see the account page, but couldn’t edit anything) but that they had implemented security features to calm down any speculation (requiring the old password to change to a new password).
One thing NCsoft is doing wrong, however, is their response to the people having their accounts stolen. If you are going to accuse someone of buying gold or powerleveling services, have the guts to ban them when you do. And players can say whatever they want to someone who has their account stolen, but it is never, EVER, in a company’s interest to patronize a customer in the way I’m seeing NCsoft doing to their customers. People who have their account stolen are angry enough, and the more you go against them, the closer their finger moves towards the “cancel subscription” button.
Until there is confirmation, the alleged security breach will remain just that: Alleged. Unless someone would like to take up where 2006 left off and start another class action lawsuit against NCsoft, such a security breach has happened before.
Cheers,
Omali