Aion and Guild Wars Security Concerns Continue
There have been a few security concerns with Guild Wars accounts of late and some speculate the problem lies with a flaw in the NCsoft Master Account log in, claiming that at times people can be accidentally logged into another user's master account, giving that person full access to another users billing information and other game accounts such as Aion. ArenaNet Community Manager Regina Buenaobra recently posted a response to the problem on the Guild Wars Guru forums, debunking the rumor and stating what ArenaNet believes is the cause of the security problem and that measures are being implemented to help beef up the master account security.
ArenaNet has been discussing the issues pointed out by players in this and other forum threads on the issue with NCsoft. Again, we take these concerns very seriously, and we're currently taking measures to address them on several levels, and we will continue to do so.
There is a change in one of the NCsoft Master Account processes that is being enacted, and we believe this change will help quite a lot in enforcing account security, and we're very grateful to the folks involved who've worked today to get those measures in place, on a holiday, and many of them away from home. They've taken our escalation of this issue very seriously, are listening, and are doing what they can do to proactively help, and to take your concerns on board and make improvements in very short order.
The security team continues to research and additional changes might be put in place. If you try to change your password on the NCsoft web site now, you will notice one of these changes: you will be required to input the old password to change it to a new one.
I would like to reiterate one point again, because people continue to ignore this fact: The account hacks are not likely related to the NCsoft Master Account security concerns. Roughly half of the hacked acounts do NOT have an NCsoft Master Account, and very few account thefts involved a password change at all. The hacker(s) knew the account credentials, and they did not access the hacked accounts through NCsoft Master Accounts. The hackers had a list of passwords, which they used to steal accounts.
Again, our NCsoft Security team is continuing to investigate this issue, and there might be additional changes forthcoming.
Not everyone agrees with the response however, as some of the statement tends to be a little conflicting and vague. Guild Wars Guru poster Erys Vasburg has made a post detailing the problem and using links from Aion Source and Incgamers to help explain the potential issue.
One person at Aion Source posted that they had logged into another person's account while logging into their own and claimed to have had full control over the foreign account, but Community Manager Andrew 'Tamat' Beegle responded with this.
This is a known issue with the official website/forums and one that is purely cosmetic. We're working hard to correct this issue and should have a solution early next year. Fortunately those databases aren't linked so it would be impossible to make any changes to the master or game account. Your information is safe and sound!
Cosmetic or not, someone being able to make it that far is a bit of a concern for any gamer as a person can possibly get your account log in name, even if they can't make any changes, this could put someone a step closer to gaining access to an account if they wanted to. Despite Tamat's statement, many go on in the thread to state that posts have been made under their name in the forums and others claim various levels of account compromises.