Tip-tap-tippy-tap-tap-tap. That’s me treading carefully so I don’t wake the vicious, slumbering Litigation Beast. Not that it’d necessarily wake up anyway, but some people have accused NCSoft’s response to a recent security scandal (related to MMO player accounts) of having a slight whiff of porky-pie about it. As those accusations aren’t proven, I’m wearing my Ballerina Shoes of +4 vs dangerous sweeping statements.
These are the key facts to this story: 1) There’s been a sudden, large spate of apparently hacked Aion, Guild Wars, City of Heroes et al accounts. 2) there’ve been reports of an apparent security hole in the NCsoft master account (an umbrella login for multiple NCsoft games), which has caused some players to find they’d somehow logged in as other players. Could these two things possibly be related? NCsoft says no. Hmm. Where’s Poirot when you need him?
Back on New Year’s Day, one of their community managers popped up with this:
The account hacks are not likely related to the NCsoft Master Account security concerns. Roughly half of the hacked acounts do NOT have an NCsoft Master Account, and very few account thefts involved a password change at all. The hacker(s) knew the account credentials, and they did not access the hacked accounts through NCsoft Master Accounts. The hackers had a list of passwords, which they used to steal accounts.
So what’s the source of these hacks/stolen passwords, if it’s not the rumoured master account loophole? Some players are convinced it’s a matter of yer everday phishing and keylogging scams/hacks being lumped in with this particular dangerous foul-up. They also point out that it’s a bit odd NCsoft have now stepped in and tightened the security on the master account page if it’s not related to this flood of compromised accounts. Though, frankly, it’s the sensible thing to do regardless.
So who’s right? Who knows? Wherever the blame may lie, it’s an unfortunate thing to happen during the Season Of Holiday – both for players finding their games were all messed up and for the poor NCSoft staffers who had to come sort it out while they were supposed to be doing the miseltoe and wine thing.
Anyway – change yo’ damn password, foo’. That’s the really important thing.