After hearing about a spate of account hackings going on lately, today I heard a theory about the hackings that has prompted some changes on these forums. Namely that hackers visit websites and take the names of leaders, officers and moderators (assuming that they will be semi rich), check the email address registered and names, and then try to brute force the PlayNC account. This is just rumour, but sounds vaguely plausible.

As a precaution, I've hidden all fields that display your GW, Steam and Aion account information to the public and made them visible to moderators and administrators only. If you wish to display this information to users, use your signature. This is at your own risk.

I'd like everyone to check that their email address registered here does not match that of their Guild Wars account log in (and for every other GW fansite you are registered on). You can change it through your control panel. I also suggest you hide it. If your username matches that of a character and you are worried about it, please pm me so I can change it for you.


These changes are not related to any hack or suspected hack that we have had here. These are purely precautions.

Good job. If only the other forums i visit have such smartthinking admins ^.^

I'll check my registerd mail, though my nicks are safe from email addresses.

Actually, went to remove my ign at guru, looks like they already turned of that option as well. Looks like it's really serious....

This post has been edited by Faure: Nov 27 2009, 02:47 AM

They did that 1-2 weeks ago, as a result of ANet saying that a load of accounts were hacked through getting IGN's off "a fansite" without naming which one, which of course led to panic. There has been no known breach there either.

Edit: Something else to check is that you're not displaying your date of birth anywhere as this info is used to reset an NCSoft password. Its all about not making it easy for someone to correlate information should they decide to google you.


As an additional security measure, all new forum registrations need to be admin approved as well as users' emails approved.

This post has been edited by Tasha: Dec 3 2009, 06:19 PM

Yesterday NCSoft's "GSU" Team released a statement stating that they could find no fault with their security system over the Christmas period. Take this message with a pinch of salt. Observably we have seen a large number of accounts being hacked, then the addition of new security measures to the Guild Wars client, followed by the NCSoft Master Account. After this the number of "I've been hacked!" threads decreased a lot but have been replaced by "I've had an odd email" threads. It seems those who have been accessing accounts have taken to phishing for their information. NCSoft's position is that this has no relation to the security measures they took. In other words they're covering their ass.

If you recieve an email saying your Guild Wars or Aion account is being suspended, do not click any links inside that email. You can read more information about the emails that are going around on Guru or Aion Source. There's an additional email now going around where the phishers directly ask you for account information (note the email address is a hotmail.com address). NCSoft will never do this.

All in all, keep yourself safe.

I get a shitload of those e-mails for World of Warcraft, which is hilarious since I've never owned a WoW account.

Phishing is funny

I received 1 Aion e-mail as well (and I don't own Aion), so just be vigilant

Guild Wars Guru Security Notice

Late Friday night the GuildWarsGuru database was accessed by an unknown third party. We caught it as it happened, but in that short space of time it appears they may have managed to obtain tables of user account information.

Their point of entry was a flaw in the WordPress software used to run the GuildWars2Guru.com front page. How they managed to get from there to the other databases is unknown right now, as it involved bypassing other security measures we have in place.

We've spent the 24 last hours tirelessly investigating what happened, patching up the exploit, and further strengthening security. It was important to inform the community as soon as possible, but we couldn't do that any earlier without advertising the sites vulnerability to others who may have more malicious intent.

So, what does this mean to you?

With the high incident of RMT hackings and phishing across MMO's rising we understand how serious this problem is, and the possible implications arising from this incident. Right now we assume the hackers motivation was simply to obtain the list of email addresses, for the purpose of sending spam. That may seem fairly mundane, but there's a big market for that information.

Anything more sinister would require the hacker attempting to crack encrypted passwords. The investment required to do that seems to far outweigh the questionable return, though we can't rule it out. As such, we urge you to change your Guru, Guru Auctions and Guru 2 passwords and/or emails as soon as possible. We also urge you to change passwords and emails for any other site or service you log in to with the same information you use on guru.

We apologize for this unprecedented breach, and can only assure that your security is of the utmost importance to us. We are gamers as well, and are doing everything in our power to minimize the damage from this by informing our community openly. If you have questions or concerns please feel free to post them here, and we will do our best to address them as swiftly as possible.

To further protect your account please see guides on Phishing, Security, PlaySmart and Passwords.

Aion Source got hacked too on the 24th. Visitors had a trojan downloaded onto their pcs, resulting in hackings to both Aion and the PlayNC master account. This was not picked up by users' anti-virus software until after it was too late. It has been speculated that a browser with Ad-blocker or NoScript could have prevented users from contracting this trojan.

Sorry if people feel I'm harking on about security stuff. I don't really want to be. But the sheer volume of people who have had their details phished, keylogged or brute force cracked from them in the last 4 months is unprecedented. It isn't just affecting NCSoft games. WoW, LOTRO, Gaia Online and other MMOs have all been affected.

EDIT: Just heard a report that Wartower has been attacked too. (Wartower is a German GW community site)

Yay new security alert.
http://www.escapistmagazine.com/news/view/...n-Game-Accounts

The TL:DR version: Hackers have managed to get hold of 2 million NCSoft accounts through means unknown (probably though a trojan such as Infostealer.Gampass but possibly through forums)

What this means for you:

While browsing forums and the wiki I've seen a sharp rise in the number of people being banned for "payment fraud". It seems (although I'm awaiting confirmation) that the fraudsters log into the compromised PlayNC Master Account, buy an account of something with a bad creditcard or through paypal and charge back the payment hoping to get a free game from NCSoft presumably for botting purposes. NCSoft then close down the master account. Hello ban in every game and account.

NB: In general Guild Wars accounts seem to be untouched. It may be that NCSoft and ArenaNet have tightened up their security enough that Guild Wars is a harder target than the Master Accounts themselves.

This post was made on Guru earlier today by Kuntz, a person who has been around in Guild Wars for a long time and is the creator of KSMod (approved by ArenaNet as a usable 3rd party mod). When the hackings that spawned this thread were at its height, he attempted to see how easy it was to get hold of people's credentials. Below is a section of his post.

I acquired a total of 200,000+++ database accounts from various Aion and Guild Wars fansites. After writing some text parsers and other various tools to sort and consolidate them into one giant ass file, I had 185,000 e-mails with matching MD5 hashes and Salts in a format hashcat liked.

I then set out and downloaded some simple dictionaries, the two best ones were milw0rm's and Argon's List ver2. I made another text script to consolidate and remove duplicate words from the dictionaries, and once again, form a giant ass dictionary. I can't remember how many words there were, but it was something like 40 million.

So here we go, I have a Quad Core at 4.4GHz, 1680MHz memory at CAS 6, and a 4GHz QPI bus, and it took almost exactly 5 hours to dictionary attack all 185,000 accounts.

Now before I give you the stats, I want to explain to you my theory that I wrote down before I set out to do all this. My theory that was that 1% of fansite users are dumb enough to use the same email and password as their game accounts.

Boy was I wrong.

-185,000 forum/gamesite accounts (email and hash+salt)
-54,366 used easily guessed passwords (md5 cracked) (29.4%)
-Of those 54k, 10,900 were the same email/passwords as used on NCSoft accounts (20%)

In several hours over the course of a weekend, in my spare time, I gained access into 10,900 NCSoft accounts purely based on the stupidity of people using the same email/passwords on various fansites as their NCSoft account.

<other stuff removed>

So let this be a lesson to you all, don't be one of the 20% of morons out there that use the same password on dirty fansites like Guru and your game account. You will get hacked eventually, and all the A/V firewall spybuster software in the world wont protect you from being a dummy.

So while it won't save everyone's account (some people will just be unlucky :/), please make sure that email addresses and passwords stored on forums do not correlate to your Guild Wars, NCSoft or any other game accounts you may own as much as possible. It won't help if you've already been compromised but it will help in the future. Make passwords to games as long as possible with alphabetic and numeric characters that are not words. Run preventative measures on your OS and browser (such as NoScript on Firefox and Spybot Search And Destroy) so you minimise the chance of your system being compromised. Don't log in from systems you don't trust.

I hope I'm preaching to the choir

Yeah, I got my NCsoft account hacked, even though I didn't have the same password on both of them. Not sure if it's related to this but it sure sounds close. Got the account back though, so it's all good.

gw / ncoft needs autenticators imo

with free minis!!

*hugs core hound*

Thank you for the update Sam.

Ian...