Feedback talk:Gaile Gray/Archive Support Issues/Nov - Dec 2009

Support Issues
Current Support Issues Support FAQs NCMA Security Feature Bot Ban Details Contacting Support Account Security Death Counts Xunlai Tournament House Support Issue Archives Botwatch

Another Victim of Account Hacking

Hey Gaile Gray, My Account was hacked recently and I was able to take back control of it fairly quickly, at the cost of a few dear minipets and resources. My Incident # is 091010-006063.

The Minipets I have lost include the following: Mini Asura, Mini Lich, Mini Varesh, Mini Kuunavang<--(favorite of all).

I have All 3 Collectors Editions and when I lost what made the special versions somewhat unique, I feel as if something had been taken from me. The person who is currently helping me, states that what was taken cannot be restored, via any means even if there is proof that it was taken (Via logs or whatever), and even though the person who stole it could have been banned, the items could not have been restored to me, either via undoing transactions or something else. I honestly do not know what to do... I love the game, but the support end that was helping me, basically left me hanging, not even listening to what I was saying.

Thanks for any help you may be able to provide. Faithful Follower, Natures Demise 08:05, 1 November 2009 (UTC).

The only time items have been returned was when the culprits still had those items on him when he was caught. Once they've been resold to other players, they're gone for good.--Pyron Sy 08:27, 1 November 2009 (UTC)

ArenaNet literally cannot restore items on the live servers as far as anyone has ever heard. ··· Danny Pew Pew 17:50, 1 November 2009 (UTC)

This is really disheartening to hear. Normally when a password has been changed (as happened to my account), an email is sent to the corresponding email address. My yahoo is tied to my Master Account and my Gmail is tied to my GW Account. I recieved NO email stating it was originally changed, when the hacker took the account. The only time I recieved notice of a password change, was when I actually changed it myself, which leads to me believing they did not use the normal means of changing the password. How else can a password be changed aside from within? It is the item/perk that got me interested in the collectors edition of the game. I actually paid the extra for it. That is my question/comment/concern. Because if it was a poor password, then it is my fault stuff was taken. But if it was the servers being manipulated/hacked into, then why couldnt I get the item back if they didnt hack me, but the server? It wouldn't have been my fault then. Natures Demise 18:41, 1 November 2009 (UTC)

Gaile Gray has stated several times that they cannot create the stolen items to give back to you. I've never heard of a case where they tracked down the original stolen items and returned them to the proper owners, though some users have mentioned that this has rarely happened in the past. 23:02, 1 November 2009 (UTC)

What concerns me more than losing my items, is how the hacker altered my password without an email going to my account, yet when I changed the password, it emails me. That sounds more like an internal security issue on the server rather than someone knowing my info, since I have changed the passwords on my email accounts, and those email accounts not being stolen. Natures Demise 06:58, 2 November 2009 (UTC)

If it's really true that ANet can't create any items, how do they make stuff like the mini candy corns? I mean, it can't just come out of nowhere, can it? –Jette 07:25, 2 November 2009 (UTC)

I'm guessing it's probably going to happen through the use of a new account key on the winner's account, which will generate the item the same way as a collector's edition present or the mini Asura from the magazine codes, etc. Anet doesn't create the minis and trade the players with them. Rose Of Kali 11:53, 2 November 2009 (UTC)

My account has been hacked aswell (this saturday) and I'm waiting on support to reset my password (or any word from them), and I'm just wondering atm how long such things usually take. Gaia 00:50, 3 November 2009 (UTC)

Hi Gaia. I'm very sorry to hear that you experienced an incident. Did you make a purchase using a credit card in the last, say, 48 hours? If so, those incidents should be cleared up by tomorrow, according to the Billing Team lead, if you have filed a support ticket. If you did not make such a purchase, then you're not part of the recent incident, but the team will attend to you issue as soon as possible, of course. If you have not heard by tomorrow (Tuesday) evening US time, please feel free to post your Incident Number here and I'll take a peek at the ticket to see if I can shed some light on the timeframe you're looking at. -- Gaile 01:11, 3 November 2009 (UTC)

No I didn't make a purchase, my password was just changed without my knowledge, and saw somebody else logging on my account (so I'm pretty sure I just got hacked). Ty for the response and I'll keep an eye on my ticket today. Gaia 10:12, 3 November 2009 (UTC)

I don't see your incident number, Gaia, so I can't check this. Have things been sorted out yet? -- Gaile 04:59, 5 November 2009 (UTC)

(Reset indent) Natures Demise, I shared with the devs your observation that you did not get an email when your password was changed. We're actively investigating and reviewing the change process so we can ensure that emails are sent. In fact, we may be making some substantial changes to the entire system for changing passwords. So thank you for pointing out the lack of an email in the one instance of a password change, that was helpful information to have. -- Gaile 05:02, 5 November 2009 (UTC)

My ticket is atm 'In Progress' so i have good hopes it will be resolved soon. Ty for the interest and I'll let you know how things go. Gaia 05:10, 5 November 2009 (UTC)

Yuy, got my pw reset and my account back. 'Only' lost 350k, all mats, b/w dye, obsi armor and vabbian armor :( but at least he left most of the armor in tact.(hmmm now i think of it, that's over 1,200k down the drain, darn) Gaia 12:49, 5 November 2009 (UTC)

Thanks Gaile, If ya don't recall, I was the one who started talkin with ya on the last day of the Mad King Thorns' visits about the account issue. I managed to save up enough resources to get my Kuuna Undedicated, from someone. I hope you get some form of information back from the other Devs about this issue. I checked back on my Gmail and Yahoo email accounts, and the earliest emails I recieved, were that of NCSupport to change my password (When I changed it back myself). Any information is appreciated. Natures Demise 17:40, 5 November 2009 (UTC)

Wrongful Perma Ban code 045

Payment Fraud

→ moved from Feedback_talk:Gaile_Gray

Heya gaile hope your still around, I have heard alot of good stuff about you and after having my ticket untouched for the entire day with no response was hoping you can help me and/or shed some light on wth is going on with my account?

I bought the game last month triple version and have been playing it happily for a month, left wow for guildwars because of the feedback from friends I recieved and the research I did into the game, I play or have played every mmorpg there is since D&D 1.0 from gary gygax, but in all my days never seen one like guildwars that banned innocent folks for stuff they did not do and have documents to prove it, then when tickets are made having them not even be looked at or replied on.

I just recently purchased multiple upgrades to my account via the in-game store and have read online that many others have seen similar wrongful bans for fraud just for buying alot at once, wow any true gamer is gonna get what they want all at once not piece by piece. now I very unhappy with CS since I joined anet/guildwars so far it has been the worst of all the games I have played. VERY good game, very bad CS. They even perma ban right off without warnings and with no e-mail notifications or chances to dispute.

Please get back to me regarding this matter, I love the game but having to live through a wrongful perma ban for something I did not do is BS. I have a ticket in the support section of guildwars website and so far been all day with no reponse, funny they are around to ban accounts on a sunday but not to deal with paid consumers...lol. LilithChan 00:00, 2 November 2009 (UTC) ps- almost forgot to add it, support ticket #091101-001389 LilithChan 00:16, 2 November 2009 (UTC)

Yes support here is so terrible it just hurts,but look at it this way its even worse with games like AoC :) Lilondra 07:12, 2 November 2009 (UTC)

According to GWGuru this is a known issue by support and you need to contact them to resolve it. Currently, they're backed up with this problem because it is so common, so I would recommend waiting for your ticket to be resolved. Gaile is probably backed up with this as well. There have been a number of people who were banned for fraud accidentally and a number of people who feel they were hacked through the NCSoft store. For right now, I would recommend that everyone avoid buying from the online store. Karate Jesus 15:33, 2 November 2009 (UTC)

Actually, I should probably add this quote from Guru.

"This is confirmed happening for our German friends as well and on other various fansites.

Since yesterday there have been increasing reports of users in our forum that have had their account locked because of credit card fraud. Apparently, there was an error in the game shop making the credit card data not transfer properly. When the actual charge took place, there was no money available (because of the data not transferring correctly) so the affected users were then locked out automatically.

We have already requested a response from NCsoft/ArenaNet. As we get more information we will announce it.

If you have been affected you should contact NCSoft support. They will require the following data:

NCsoft Login (if available)

The last 4 digits of the activation code for the bank account / credit card used"

There ya go. Hope that helps. Karate Jesus 15:37, 2 November 2009 (UTC)

Actually no this is not my case, I am american not german, I JUST bought this stuff like october 31 and have documents to prove the transactions were successful both from ncsoft e-mail confirmation and from my visa statement both which show ncsoft got thier money yet I am still on a PERMA BAN not even a e-mail or other form of communication and issue is still unresolved and my ticket has not even gotten a response and it's now november 2 11:12am EST.

I have never EVER used any kind of mod or 3rd party software, never ever visit suspicious sites, and I run multiple security suites thus have no viruses and/or keyloggers and therefore have not been hacked. This is NCSOFT/ANET error PERMA BANNED on a sunday when ncsoft CS is closed the day after a purchase from thier store that was valid and successful.

Don't worry they have a ticket they just choose not to repond and/or even state whether or not it is being investigated at all and I am still PERMA BANNED wrongly from a game I paid for and spent over $117.50 on so far total, should be compensated for the time I am unable to play due to THEIR MISTAKE. Worst CS I ever seen in a game EVER. funny they seem to use the COMMUNIST view of guilty until proven innocent instead of the INNOCENT until proven guilty motto and for a CS are way to free with the PERMA BAN banhammer, most other decent mainstream mmo's reserve PERMA BANS for 100% WRONG, never got a Permaban in any other MMORPG EVER, they just reserve those for the worst offenders not the innocent customers ANET/NCSOFT seems to enjoy screwing...lol LilithChan 16:30, 2 November 2009 (UTC)

Nice, you found a way to put communist in there, you are so awesome. Cracko 16:31, 2 November 2009 (UTC)

Please LilithChan, even if you are not part of the German problem, because of it, support is totally backed up (also it happened over the weekend when they don't have a full crew). I have had nothing but positive experiences when dealing with support, and I'm sure they will get it worked out for you as soon as possible. Just be patient. Would you rather they not block your account if someone else were committing fraud with it, or hacked it? I mean, they simply block the account until they can determine the nature of the problem. -- Wyn talk 16:34, 2 November 2009 (UTC)

"This is confirmed happening for our German friends as well"

Lilith, note that the phrase used says "as well". It is commonly happening to americans, not just Germans. And as I said earlier, it is a common problem and Support is aware of it and probably backed up due to it. Give them time to work it out. It's only been 1 day since we became aware of this and we're already aware of hundreds of cases. Be patient. EDIT: Also, Support takes weekends off as well. They have lives and families, who I'm sure they enjoyed Halloween with. Karate Jesus 16:39, 2 November 2009 (UTC)

"I have been unable to play GW for 1-2 days now and am very distressed by this especially as I have heard nothing... blah blah blah." Holy shit. Go outside or something, they have a backlog and will get to you eventually. I'm astounded you expect next business day turn around for a game with no monthly fees, especially when there seems to be major issues at the moment. The block was applied automatically, that's why it occurred on a weekend and why the review was not instantaneous. Chill. When it's been like a week and you haven't heard anything you have grounds to bitch. Misery 16:45, 2 November 2009 (UTC)

Karate Jesus, did you check the time stamp on that quote? 24.197.253.243 17:30, 2 November 2009 (UTC)

Nope, should I have? Also, you can call me KJ. And this is a known issue as of the 31st from what I've heard and, as I said earlier, even support takes weekends off. Karate Jesus 17:32, 2 November 2009 (UTC)

(Reset indent) We shall see what the results are hopefully soon, finally at least got a reponse to my ticket. so now just waiting for them to get it sorted out, and as far as being a holiday you need to check federal database on holidays, halloween has never been a recognized federal holiday in the states and most of those who work still have to work on that date regardless, time off really depends on the employer as technically it is not a holiday. Maybe to those such as myself it is but only because it is samhain in pagan and neopagan traditions, But this thread has nothing to do with religion nor politics so I will elaborate no further in that direction.

now I will just have to wait and see something I have never been very good at, Patience and MMO withdrawl are alot less savory to me then nicotine withdrawl which though harder to quit then most drugs was somewhat manageable with coffee and extra food, and I have never been very fond of being ripped off anymore or less then anyone else, however being disabled what little I have after paying all my bills and food shelter, going to a game I am not even able to use due to an unjust ban without cause does make me less inclined to civility. For now I am just going to take and watch some boring reruns, and wait until such time as I recieve a reply into the results of their investigation.

Kinda pointless further hashing this out, does nothing to solve my issue and opinions are well.... opinions and everyone is entitled to theirs. For now having played every mmorpg under the sun since the 80's and seen the CS of them all, still feel rightfully in My Opinion, that it can be improved upon for this game, namely autobans should never be permanent that should always be reserved for worst case scenarios and only applied by a live agent to ensure good consumer relations. LilithChan 18:55, 2 November 2009 (UTC)

Nothing was said about it being a holiday, simply a weekend. Gaile for one does not work on weekends (other than responding here on her OWN time). They do not staff a full support team on the weekend, and with this current problem, I'm sure those that were there did the best they could to respond to as many as possible, as quickly as possible. I'm sure this will be sorted soon. Good Luck! -- Wyn talk 18:59, 2 November 2009 (UTC)

thank you wyn don't mind me, this game was my Birthday present to myself my birthday being the 3rd of november after all, so guess that compounds my negativity at being PERMA BANNED right out of the blue without cause, I as well do pray for a good outcome and for a day when they start being more reserved on the perma banning, as innocents do get caught in the crossfire if a game starts using PERM BANS over zealously, all bans not applied by a person should be temporal not labeled as PERMANENT and maybe folks will be less inclined to get quite so irrate.

Big difference between a Temporal Ban and a PERMA BAN in mmorpgs worldwide, PERMA BANS should be reserved only for Extreme Cases and Never handed out like candy by automated systems which can be and obviously are flawed. Blessed be, LilithChan 19:27, 2 November 2009 (UTC)

(Reset indent) I am very sorry to hear about this, LilithChan. As I posted above, there was an incident where a few accounts were erroneously blocked for payment fraud when their purchases were entirely legitimate. It is necessary for the company to be very careful about fraud, because it is such a terrible issue for any sort of on-line purchase, but yes, a few innocent folks got caught in the net. :(

The Support Team is aware of this and is actually shifting personnel to deal with the issue. They will be responding to tickets as quickly as they can, and I hope you will let me know when you get back into the game. Our apologies for this mix-up! -- Gaile 19:43, 2 November 2009 (UTC)

Ahh gaile, I seem to be ether reading my support ticket wrong or the CS rep just gave me a heart attack, is what he just said is going to happen actually going to be the case that just sounds way to good to be true, maybe I am reading this wrong but if not, I am both quite surprised and very very satisfied with the outcome as it would be exceeding expectations by a record breaking amount, was expecting hopefully something for my time and suffering but what he is offering sounds impossibly&insanely too good to be true? LilithChan 15:06, 3 November 2009 (UTC)

I am afraid I don't know exactly what you're reading, but if you're asking if the purchase you attempted to make will be give to you, for free, then the answer is "yes, it will." :) -- Gaile 04:41, 5 November 2009 (UTC)

ncsoft website security concern

→ moved from Feedback_talk:Gaile_Gray

If an individual managed to gain access to a players NCSoft account, then they could change the passwords for their game logins. The real problem is that they don't even need to enter the old password to get a new one, which is a common security measure. So without prior knowledge of game login email/password, a malicious 3rd party could take control of all a players accounts. --77.97.23.248 16:23, 30 October 2009 (UTC)

There have now been 4 threads on GWGuru concerning this same topic and around 4-5 in other places I've looked. Apparently, several people feel that they have been hacked through the NCSoft website. Several of them have screenshots and other proof that their passwords were changed from their NCSoft account page. It would be nice to get a response on this. Karate Jesus 18:42, 30 October 2009 (UTC)

I understand the concern, and I will be happy to take this to the team for discussion. -- Gaile 20:03, 2 November 2009 (UTC)

Also, this. Ɲoɕʈɋɽɕɧ 20:08, 2 November 2009 (UTC)

@Nostarch -- If you have a Support Issue, please place it on this page. Since your concern does not pertain exactly to the original concern in this thread, please make a separate topic. I would like to keep my posts focused on the Support Issues pages so that more players will see the information I share in case it has relevance to them as well as to the person who wrote about the issue. Thank you. -- Gaile 20:26, 2 November 2009 (UTC)

Its also been suggested the ncsoft account page does not limit the number of password retries when logging into an account. If that is true, an attacker only needs an account name then issue a brute force password attack to gain access. You may want to consider a maximum number of login attempts per account/ip, and possibly add some kind of captcha image validation to stop automated attacks. I'm worried that my account and other players may be at risk due to the poor security of the site. --77.97.23.248 21:52, 2 November 2009 (UTC)

There is a different kind of brute force prevention system in place. Instead of those irritating "You ran out of tries, please wait a lifetime to try again" ;) systems, the Guild Wars password system is set to take longer and longer to become available. It was explained to me a couple of years ago that this system does effectively the same thing: it prevents an automatic brute force program from working. The team felt this was more user friendly. However, I will pass along your concern and your suggestion to the team members I am writing this afternoon. -- Gaile 01:32, 3 November 2009 (UTC)

I would also like to point out that even if it only takes a tenth of a second to get from anytown, USA to Bellevue, 10 guesses per second is a comically slow speed for a brute force attack if the password is anything remotely resembling secure. You almost don't need anti-BF security with an online program (still helps though). –Jette 01:41, 3 November 2009 (UTC)

My points are of course directed specifically to the ncsoft account website, not the actual game client, although such concerns still apply to that as well. --77.97.23.248 01:45, 3 November 2009 (UTC)

I am glad you pointed that out, 77. I had not realized you were referring to the NCsoft site. I will amend my note to the managers on this subject. Thanks for the update. -- Gaile 03:41, 3 November 2009 (UTC)

(Reset indent) Update: I have been exchanging emails with a number of team members in two different states. One concern I took to the team was about not having "time outs" or other means of preventing brute forcing of passwords on the NCsoft site. Here is part of the answer that I received: "The account management secure site does indeed have velocity checks in place to prevent the brute forcing of master accounts. If too many attempts are made within a given period of time, the user will be temporarily blocked from making any further efforts to login. In addition, there are velocity checks on the action of attempting to change the passwords themselves." -- Gaile 20:10, 4 November 2009 (UTC)

I'd like to highlight something that was previously mentioned. The NCSoft account website does not require you to enter a Guild Wars game account old password in order to change passwords. See this screen capture from the site --Just One More Thing 20:45, 4 November 2009 (UTC)

Yes, and as I previously mentioned, I've taken several observations to the teams with whom I'm working. That is one of them. -- Gaile 20:49, 4 November 2009 (UTC)

While the lack of requiring the old password to be given might be a security concern, it can also be a good thing in the case you yourself want to change your Password because you forgot your Game Account Password for whatever reason. However since Account Security is a major Issue there could be a way like it is with Forums. If you want to change your Password through the NCSoft Page, the Site could send an automated email to your Game Accounts Mail (or your NCSoft Master Account Mail) containing a Link to be clicked which then either mails you a new Password or then (after clicking said link) lets you enter a new Password. This would increase Security while still having the possibility of changing your Accounts Password without knowing the old one. In case a new password is automatically generated after clicking the emailed Link the Password Change System should of course be changed to require the old password to be entered. The only Problem with this is that ppl that no longer have Access to their Email they entered when creating the GW Account would be screwed, but then there is always Support. (or a to be invented feature of changing an Account Name (aka the Email bound to an GW Account) which could be done manually by Support on request after collecting proof that the Account actually belongs to the person requesting the change. --SilentStorm 19:03, 10 November 2009 (UTC)

Erroneous Fraud Blocks: 1 Nov 2009

On Sunday, November 1st, a few Guild Wars accounts were erroneously blocked for payment fraud even though their purchases were entirely legitimate. It is necessary for the company to be very careful about fraud because it is a significant issue these days, but the Support Team discovered this morning that, unfortunately, a few innocent folks got caught in the net yesterday, and for that we apologize.

The Support Team is aware of this situation and is actually shifting personnel to deal with the issue. They will be responding to tickets as quickly as they can. Reinstatement takes a bit of time because each key must be adjusted manually (and some accounts have many keys), so please be patient while the team strives to remedy the situation. If your account was affected and you have not been reinstated by tomorrow evening (Tuesday, November 3rd) please feel free to post your Support Incident Number here and I will look into the matter for you. Again, we extend our sincere apologies for this mix-up! -- Gaile 19:51, 2 November 2009 (UTC)

Update: 2 November 2009

Those players who were involved in this specific incident will be happy to know that their patience and understanding will have a reward. Those of you who attempted to make a purchase and were erroneously blocked for "fraud" will find that the purchase price will be credited back to the you, and the item or items that you attempted to purchase will be given to you with our compliments. :) -- Gaile 01:12, 3 November 2009 (UTC)

D: Can I have a block next time? –Jette 01:14, 3 November 2009 (UTC)

Sure, my pleas... I mean, nope, sorry. :D -- Gaile 03:42, 3 November 2009 (UTC)

Sweet! That is a relief!Im duanuys the same user who wrote about the fruad block most recent help thread :DD

im still waiting hers my incident number 091102-002362 i cant even edit my support questionbecause my NCSoft account is also blocked Mr Corpser 22:36, 3 November 2009 (UTC)

Gaile im still waiting pls look into it pls incident number 091102-002362 Mr Corpser 17:25, 4 November 2009 (UTC)

@Mr Corpser -- According to your forum posts (and the ticket, which I just checked) you were back in the game yesterday afternoon. If that is not the case, please update your ticket so that the team knows that you are still blocked. -- Gaile 21:49, 6 November 2009 (UTC)

Hi, my ticket number is 091111-001964..is been 8 days and i never got reply back yet, so if u can help it would be appreciated,thx.Lady ed=D

Did you attempt to make a purchase the weekend of October 31st? -- Gaile 02:27, 21 November 2009 (UTC)

no i didnt, dont even have credit card =(,when i try to log in it said i was ban for payment fraud.Lady ed

Well, I see that you most recently updated on 17 November with a serial code. I am afraid this one did "fall through the cracks" as the saying goes. I will ping the team lead (a really nice guy) and I'm sure he'll get this looked at on Monday! -- Gaile 04:46, 21 November 2009 (UTC)

TY very much, u rock, =D.lady ed

It's my pleasure to help. Please let me know if you have not heard from someone by tomorrow (Tuesday) and I will inquire again for you. -- Gaile 20:45, 23 November 2009 (UTC)

I just heard from the Billing Team lead, who wrote: "I’ll ensure she receives a response today." :) -- Gaile 21:27, 23 November 2009 (UTC)

Update: 4 November 2009

Unfortunately, I'm not able to review individual tickets yet. I have sent for an update on the expected turn-around time on this issue and will post as soon as I know more. At this point, please hold tight and don't post a follow-up here (or via fan forum PMs or emails to me) until I find out when folks should expect to hear back from the team. Thank you. -- Gaile 20:23, 4 November 2009 (UTC)

Update: 4 November 2009 (Part 2)

I spoke with the lead of the Billing Team, and he told me that they are making progress on the account restorations, but it will take more time to get everyone back into the game. Team members are working overtime this evening, and the hope is that they will have everyone who wrote on Sunday, Monday, and Tuesday cleared up by tonight (US time). They still have an expanded number of people working on this matter, so we hope to get new reports turned around very quickly now.

Please do not make a phone call if you have already submitted a ticket. Please do not submit a duplicate ticket. Please do know that you are in the system, and you will be helped as quickly as possible. Here is one of Gaile's Lame Analogies (tm): Mom's cooking dinner, making good progress. But the kids keep calling her into their room to ask "Is dinner ready yet?" Every time they do that, cooking stops, and the dinner is further delayed. (See I told you it was lame. :) ) The point is, a phone call will not move you up in the queue, but it will take team members away from the ticket they are dealing with -- maybe yours! :) -- and that's not going to help anyone. So please, contact support once, and let them do their work.

I will post another update as I have more information. If a few of you end up not getting sorted after I've been told we have an "All Clear," you can count on me helping with those individuals cases. (But not just yet, please.) Thanks again for your patience. -- Gaile 03:36, 5 November 2009 (UTC)

Update: 6 November 2009

As of this hour, there are only 10 tickets in the queue for the erroneous "fraud" issues, so we are not only seeing the light at the end of the tunnel, we can feel the warmth coming off the lightbulb. :)

One note: I saw a forum thread where someone said his or her ticket was escalated because of a phone call. We do accept follow-ups, and we will look for and attend to tickets that have been misfiled (rare) or haven't gotten attention. But please know that we don't let phone calls override the queues, that someone calling in won't be able to queue-jump for faster service. If you've called before, or if you've filed a ticket, have confidence that you'll be helped as quickly as possible. (And feel free to update your ticket if you haven't heard in a few days.)

I wanted to share that we will be making some substantial changes to the way that Support resolves tickets of this kind. The reason for the delays in this and other reinstatement cases has been that each access key on each account has required replacement. As you can imagine, some people have a lot of keys on their accounts ( *raises hand* ) and that means each reinstatement takes time, what with disabling keys, adding keys, and maintaining proper records.

I proposed a way to change the process on Monday, and everyone was on board for making that change. I'm going to work with a couple of folks to see how we can expedite the new system. In addition, the agents have been retrained in the process of fraud reviews, and that will reduce the chance of this sort of incident happening.

So in a nutshell:

• We are working to reduce the chances of an erroneous fraud block. It is necessary for us to keep security high, because there are several hundred fraudulent attempts a day and we must maintain security against those. But we'll do our best to take care to not affect legitimate players.
• We will be moving to a process that more quickly resolves such issues, so in the unlikely event someone is accidentally marked for fraud, we'll be able to reinstate the account more quickly.

Please let me know if you have any questions or concerns. -- Gaile 21:35, 6 November 2009 (UTC)

Account Issue

Account Closed for RMT

first i would like to say sorry if this is not how you do it. I'm not sure how to contact gaile gray anyother way. I was blocked got an error 045 saying i was a gold seller/buyer. I first want to say i have never bought/sold gold with rl money. i dont even know who you can do that i cant even figure out how to use guru's auction page. My ticket number is 091102-001744. I woke up ealry today did the few normal chores and signed onto aol. I then went to guru and checked my sell thread. After checking my thread i surfed the riverside inn. after a little bit i signed onto gw. i chatted with my gl and then mapped to la.

I watched the trade chatter for awhile then i bought a tot stack for a nice price of 45k. and a few minutes later 2 dust stacks for 2.5k each. Then i spent a little while trying to and finally buying the 3 normal ele tomes i needed for my sin. By that time i saw it was getting close to 11am my time eastern time zone. I figured i should fix me and my mother lunch then do a chore before nic was found. But before i signed off i chated with my gl Pin Up Babe about the items in cof i needed for head pieces i set myself to away then went to lunch. after i think was a hour or so i came back to see i had error codeed 007. This isnt the first time i had this problems but this time i wasnt able to log back on.

It was then i discovered i had the error code 045 and why i had it. I freaked out to put it mildly. I have never done anything illegal in my life or on gw. I even have proof the last thing i bought before this was dust stacks a tot stack and 3 ele tomes! and the last thing i remember selling was a 170 cc tonics and before that a unded flowstone elemental i got on guru.

I never bought or sold gold for rl money. The way i make my money now in game is by feather running and making essences to sell in toa. last high end item i got was a chibi gwen which was a gift via zkeys from my friend Fergus Macregor who is in my allaince. Pin Up Babe my gl can vouch for me about what i did last in gw. Half is not most of my items i got were gifts from dear friends or a great find on guildwarsguru.com. The only time i sell stuff offline of gw was on guildwarsguru.com. Please i dont know what to do other then the ticket i sent it. i never done anything bad on guru and i people who can vouch for that. So please if i can do anything else or if this isnt how i contact you the right way please let me know and thank you for listening.

and sorry again if this is the wrong spot of this i am confused to where i should sent this too. --The preceding unsigned comment was added by User:Empress Luindy Amor (talk).

Gaile something is wrong here, i know this person well. She would not sell gold. Please help her. --Fergus 04:37, 3 November 2009 (UTC)

Forgive me, friends, if I confused you by moving this from its entry at the top of the page, but I felt it required a new conversation.

To the OP (I think your name is Empress?): I will look into this matter tomorrow. The staff is mostly off duty at this hour (it's part 9:00 PM Pacific time, and past 11:00 PM in Austin) so I need to look at this in the light of day when other team members are around with whom I can discuss this. Thanks for your patience. -- Gaile 05:00, 3 November 2009 (UTC)

Actually I looked at the ticket, and I think I know what happened. I have sent an email to the team lead and will follow up tomorrow. -- Gaile 05:04, 3 November 2009 (UTC)

Thank you, Silver Edge, for tidying the page and removing the duplicate content on this thread. :) -- Gaile 05:10, 3 November 2009 (UTC)

You're welcome. =D --Silver Edge 05:14, 3 November 2009 (UTC)

(Reset indent) Thanks Gaile! i just got a email i got my account back and on it now. But please can you or have someone email me why it happened to me? and what i can do to stop it from happening again? Will i have to screenshot my char before i go afk for lunch or chores each time? and should i change my pws for safety reason?

It is a bit scary, how do we avoid this? --Fergus 00:43, 4 November 2009 (UTC)

@Empress -- Support generally sends a detailed list of security suggestions when they reinstate an account. If you have continuing questions, please update your ticket and they will share that information with you. Alternately...

@Fergus and Empress -- please see this article for information that may be helpful. You will also find information on security on the NCsoft website in the Knowledge Base. -- Gaile 20:54, 4 November 2009 (UTC)

Ty Gaile--Fergus 22:20, 4 November 2009 (UTC)

You're very welcome. I am glad if that information was helpful. -- Gaile 03:41, 5 November 2009 (UTC)

Fraud Block

Ok so when i tried to log back onto Guild Wars today it gave me an error code=045 "Your Guild Wars account has been terminated due to payment fraud".

I recently got my account blocked (code45) because apparently of fraud and its still not reinstated. My credit card says the charges went through. I was able to play and get on November 2 at ~8am then when i went to get on again at ~12pm it gave me that error message. I didn't do anything wrong and i have all the proof to show i bought all the items i bought throught the in-game store Can you give us an update? incident = 091102-002001 68.92.151.121 03:16, 3 November 2009 (UTC)

Hi. I'm sorry to hear that this happened to you. If you will read just a few conversations up on this page (here) I think you will find all the info you need about this incident. (And some good news, as well!) Thanks. -- Gaile 03:40, 3 November 2009 (UTC)

Oh wow thankyou soo much! I was freaking out cause, i was like...no way i have enough money in the bank and all that..that just makes me feel so relieved thankyou again :)I wonder what happened for it too glitch like that...

I'm real sorry you had to go through that stress. :( But all will be well, I'm sure. Do let me know if you need further help -- that's what I'm here for! :) -- Gaile 05:27, 3 November 2009 (UTC)

Ok Gaile thx, ok so i don't want to be a nuisance lol, but you said in the thread above about the fraud that if it isn't fixed by today (Nov 3) around evening time, is it possible that you can look into the matter for me? :D thx duan

hey Gaile its Duan reguarding the payment fraud block mishap. According to the message a few threads up about the whole situation, you advised the people with this problem to report back to you if this issue was not fixed by November 3rd in the evening time. Well i just wanted to say they have not fixed it yet, and i was wondering if you could look into it for me if its not too much to ask :) Thanks Gaile! Duan Uys

Hi. It's still a bit early, as I mentioned here. I apologize for the delay and am currently working on learning a clear timeframe for the team assisting the affected players. -- Gaile 20:33, 4 November 2009 (UTC)

You mean the support team hasn't even begun fixing the infected accounts yet?!

Please read above. Of course they have started fixing the affected accounts. I should have been more clear: I was waiting to get a timeframe for when the team anticipated having a body of tickets resolved. I received that update tonight, and you'll find it in the linked thread, as the second update of today. -- Gaile 03:40, 5 November 2009 (UTC)

Sorry my response was for another thread but you answered my question lol, so according to what you responded to the message below me. It says that all accounts that were affected between Nov 1-3 are to be addressed first, and should be fixed by tomorrow. And just to confirm you said that by tomorrow Evening November 5, if its still not fixed to address you that the situation has not bee taken care of. ok got it haha thx for all the help you must be getting rained help requests. I appreciate taking your time to help people like me who are a nuisance lol haha :P

I am waiting actual number to make a formal update, but a lot of tickets have been resolved in the last 24 hours, and I am hoping that yours was one of them. The team continues to work with expanded numbers to take care of players who were affected. You're welcome to provide me your Incident Number if you have not heard by, say, 6:00 PM Pacific time this evening, but I very much think you'll be sorted by then. -- Gaile 19:38, 5 November 2009 (UTC)

Thankyou i will update you at about 6pm pacific. I do hope that my account will be fixed,because it still not is. I understand that the entire support team is working on the issue. Thankyou again for helping us and keeping us up-to-date about the whole situation. As of 2:30 pm central time, my account is still not fixed, nor any update has been made on my support ticket if you would like just i will provide my support ticket number. 091102-002001 thankyou again Gaile Duan

Speak of the devil, as writing my above statement, NCSoft has contacted me and my account restored. Thankyou Gaile for keeping us up to date, and helping us with this error. :)

Well im still locked out, i might get fixed soon but i have little faith. im ganna leave my nuber just uncase Question Reference #091102-002362 ive gotten my money recredited so i know they are moving Mr Corpser

Please do not leave your number now. Please update this evening. It is 1:45 PM Pacific time. I would be happy to hear from people any time after 6:00 PM Pacific time. Updating tomorrow would be more than fine -- actually better, since the team is working overtime this evening. So tonight or any time afterwards, as is convenient for you. In wiki time, that means please do not update with your Incident Number until 01:00 on November 6th. Thank you for understanding. -- Gaile 21:50, 5 November 2009 (UTC)

According to the ticket, you were back in the game yesterday afternoon. If you have further issues, please update the ticket. -- Gaile 21:58, 6 November 2009 (UTC)

Can you *please* help my parents, Gaile?

Hello Gaile,

By now you are likely tired of hearing from people who are suffering from the unfair code 045 ban situation. While I am aware that putting another ticket on your plate to look at might be asking a bit much, I am requesting that you at least read my following situation.

My Guild Wars account hasn't been affected by a code 045 error, but my parents' accounts have. Both of them are senior citizens (61 and 72, respectively) and Guild Wars is the only computer game they play. Each morning before my father goes to work, he and my mom sign into their accounts on their laptops and run around in Pre-Searing Ascalon, collecting whatever items they need to obtain the daily Gifts of the Huntsman. My father and I occasionally team up to do missions together, and my mom basically just likes to run around and kill things with her Rhino hammer. Please understand that Guild Wars is a huge aspect in my family, as it is our primary means of bonding.

During the last day of the 2009 Halloween event, you could probably imagine the look of shock on my father's face when he saw that his account had been terminated for supposed payment fraud. The day before, he had surprised my mother by purchasing the Nightfall campaign both for himself and for her account. The resulting 045 error nearly put my mother into a state of depression because she thinks that she has lost all of her minipets and gifts that have been given to her over the months.

My parents arne't exactly computer savvy, so I have submitted support tickets to NCSoft using both of their email addresses. But to be completely honest with you, I have been less than happy with the assistance we've received. With the exception of one mass-generated response, both of their tickets have gone ignored for days. My mother now tries to log into her Guild Wars account several times each hour, hoping that she can miraculously access her account. My father, on the other hand, feels he has been betrayed by the only computer game he's ever invested any money in.

It is very difficult for me to comfort them and reassure them that they will have access to their accounts again when NCSoft isn't providing me with any support or assistance in this matter. If you can do ANYTHING to help me with this situation, I implore you to do so. Their ticket numbers are 091102-000053 and 091102-002073. I have updated their support tickets with their Guild Wars account names, primary character names, the last four digits of the credit card used to purchase Nightfall (which supposedly triggered the payment fraud flag) and our phone number in case we need to verify any information. If you can help us, I will personally climb through my computer and kiss you on the lips.

The obsession found above is quite alarming. 152.226.7.201 08:29, 4 November 2009 (UTC)

If you will read several of the session above you, you will see this was a widespread problem with purchases made in the last week. Support is in a backlog getting all the accounts restored, but they all will be restored. Also this quote from Gaile should make your parents feel a little better about the situation:

"Those players who were involved in this specific incident will be happy to know that their patience and understanding will have a reward. Those of you who attempted to make a purchase and were erroneously blocked for "fraud" will find that the purchase price will be credited back to the you, and the item or items that you attempted to purchase will be given to you with our compliments. :) -- Gaile 01:12, 3 November 2009 "

It may take a few days, but everything will be fine.--Pyron Sy 11:29, 4 November 2009 (UTC)

I am sorry to hear your parents' accounts were affected by the erroneous bans for "fraud." It's a very sad situation, and we're working as quickly as we can to reverse the error. Please find more information in this conversation. If you have further questions after working with support please feel free to update this thread. Thank you for your understanding. -- Gaile 20:00, 4 November 2009 (UTC)

Hello again. I just checked on these tickets and while both are unresolved as of this hour, the Billing Team lead told me that they very much hoped to have all tickets from November 1 - 3 answered by the time they went home (after putting in overtime) tonight. Since these tickets arrived on November 1 and November 2, that should mean they're addressed very soon, perhaps within a matter of hours. I will continue to try to track these, but could you please update if there's no progress by tomorrow evening? Thank you. -- Gaile 03:52, 5 November 2009 (UTC)

I just checked both tickets, and the issues were resolved and the accounts reactivated today. If you note any further issues, please let me know. (Oh and...um... no kissing needed, thanks. :) ) -- Gaile 21:56, 5 November 2009 (UTC)

I'd be impressed if they managed to make it through the computer. King Neoterikos 23:22, 5 November 2009 (UTC)

Oh, I don't know. I managed to modem about 400 people a piece of my birthday cake, so... *looks around* Errr... Never mind. :) -- Gaile 21:37, 6 November 2009 (UTC)

Recent Bans and Account Hacks

The recent influx of bans and account hacks

→ moved from Feedback_talk:Gaile_Gray

Hi, Gaile. I know you and support are already aware of all of these issues; however, I think it's now gotten to a point that the players need to be made aware of this. A good example of how wide spread this is can be seen by going to this GWGuru thread. Inde had sooo many people on his forums getting hacked and banned, that finally they just combined the majority of them into one giant, super thread. And that's just one forum. I've been looking at others and these issues seem to be everywhere. Many people sincerely believe that they were hacked through the NCSoft website and if that's true, it could be really "bad for business" so to speak.
Is there anyway you or support could check into the security of NCSoft's website and if there are issues, notify the players? I really hate to see players hacked just for buying something from NCSoft especially after the onslaught of accidental perma-bans. Karate Jesus 16:50, 4 November 2009 (UTC)

I've already taken the first step and warned my guild from purchases at the moment, only a few more million players to go. Tidas 16:53, 4 November 2009 (UTC)

I've warned people too, but that's not enough. Support needs to step in. Also, I would like to add that on the Aion forums, there seem to be many of the same issues. Obviously, the bans happened to both communities, but now I've noticed a large increase in the number of hacked threads on Aion fansites and many of them seem to think it was due to their NCSoft account's lack of security. Karate Jesus 16:56, 4 November 2009 (UTC)

I have been actively discussing the stolen/hacked account issue with devs inside ArenaNet and with a number of NCsoft team members, as well. We have many teams involved -- programmers, network team members, security team members, etc. -- so you can be sure this situation is being given a great deal of focus and attention.

While I cannot and would not say flat out that "It's not (something or other)" because we don't have enough information yet to make that statement, I can tell you that we carefully spot-checked a few accounts last evening, and at least one of them was not tied to a NCsoft Master Account. The hacked account was a straight Guild Wars account with no association whatever with the NCsoft site. So theorizing that there is a breach or a window of hacking opportunity on that site -- and that such a weakness is resulting in stolen accounts -- seems inaccurate, given the facts in front of us.

In my opinion, it would be an error to combine posts about accidental blocks for fraud and posts about stolen accounts. They are entirely different situations, and should be discussed separately, as they are being handled differently. I've already informed you as much as I am able about the fraud issue just above. (See this conversation, please.) And as I said, stolen accounts are a very different case. Both situations are being reviewed and both are being addressed as quickly as possible.

Everyone who gets an in-game message saying his or her account is blocked should contact support. If your account was hacked, you will most likely receive a message when you try to log into the game that says the account has been terminated. This is for your own protection, an attempt to prevent the RMT thief from stripping the account or using it to advertise gold sales. (Of course we cannot guarantee that the account will remain intact; the items may already have been harvested. But we lock down the account as quickly as possible in your best interests and will unlock it when you contact Support.) When writing, provide the error message that you received so that the team can quickly align your issue -- hacked account or erroneous "fraud" ban.

Please let me know if you have further questions and I will help as much as I am able to do so. Thanks for reading this and please feel free to share this with others, as you see fit. -- Gaile 19:57, 4 November 2009 (UTC)

I want to point out that the forum has two separate threads on the ongoing issues of account theft and accounts accidentally marked for "fraud." That will help keep the conversations topical and of more value to the individuals who are affected. -- Gaile 20:27, 4 November 2009 (UTC)

Gaile I think the security just has to go up on both sides.Just make sure its not as easy to make a bot try every F'en possible password.Lilondra 07:43, 5 November 2009 (UTC)

Interesting piece of trivia for you: If a bot tried a different password every second, it would take 278 years for it to break a truly secure password. Just FYI. :) -- Gaile 08:13, 5 November 2009 (UTC)

Another interesting piece of trivia: Most people don't use complex passwords, even though they should. Regardless of how secure an individual's password is, it's bad form for a company to know about and continue to allow bots to repeatedly perform failed log-ins in an attempt to brute force passwords from its customers. Just FYI ;) 65.207.54.194 17:31, 5 November 2009 (UTC)

And perhaps you missed this post that I made on that very subject?

"I have been exchanging emails with a number of team members in two different states. One concern I took to the team was about not having "time outs" or other means of preventing brute forcing of passwords on the NCsoft site. Here is part of the answer that I received: "The account management secure site does indeed have velocity checks in place to prevent the brute forcing of master accounts. If too many attempts are made within a given period of time, the user will be temporarily blocked from making any further efforts to login. In addition, there are velocity checks on the action of attempting to change the passwords themselves." (See above for the original post.) -- Gaile 19:32, 5 November 2009 (UTC)

I'm not inclined to support user stupidity at any rate, but a dictionary attack could still get in with relative ease with a paced rate, assuming they check the most popular password terms first. Not to mention, I didn't see anything about the game client in there. I think you said something about increased login delay in the client, but I can't recall where. 74.50.104.2 20:58, 5 November 2009 (UTC)

I am informed that both Guild Wars and the NCsoft Master Account system has these safeguards. -- Gaile 21:14, 5 November 2009 (UTC)

I keep asking Arenanet to implement an authentication method like the authenticator Blizzard has. Recently my brother received an email from Blizzard involving disabling his WOW account permanently due to gold selling. My brother didn't play the game for over a year. No authenticator sollution in place, and see what happened. So implement an authenitcator sollution, we are willing to pay for it, so why not do it. The business case is propably positive and all NCSoft games could take benefit out of it. Lower support cost, due to lesser support tickets. With a fee of i.e. 10 dollar for an authenticator, and a player base of milions across all ncsoft games willing to buy it, it's almost certain it will pay back. Now days with all the security issues in windows and all those different software you can't rely anymore on the carefullness of the consumer. The technology is to complex for that. So please take addition meassures so we can take our responsibility and buy it. Don't be a moa putting his head in the sand. Didis 12:06, 7 November 2009 (UTC)

Who are these "we" that all agree to pay 10 dollars for a little jumbled picture? O_o A "soft" keyboard for password entry is much easier to do, screws up keyloggers, and makes it a pain for brute force type attacks if it's moved around on the screen a little bit every time (making it harder to map its position on the screen for pre-programmed mouse clicks). Rose Of Kali 13:33, 7 November 2009 (UTC)

Key loggers and brute force....are two seperate security concerns. You have the client side and server side. Users have their own responsability to have taken security meassures in place to detect and clean the client side and not using third party programs in relation with the guild wars client. Anet on the server side has the responsabilty to have security meassures in place to detect brute force attacks on the website, authentication method between the gw-client and the server side of the gw-worldinfrastruture. You 're right i write in name of "we", and should phrase I. Would love to see a poll somewhere to investigate the want for such way of authenticating for the ncsoft master account and guild wars client-server authentication. Indeed building a virtual keyboard in the login screen, changing of position in time, should be a great way to answer the thread of keyloggers. Nevertheless, an authenticator, solves this also and adds the functionality that you are you and not some criminal organisation. you know how an authenticator works? I refer again to my brother, long time not logging in, never used thirth party tools, and still being hacked...an authenticator would save his achievements. To refer to the privacy statement on the guild wars website: Your privacy is important to ArenaNet and NCsoft. Maintaining the trust of our users is key to the success of our business, and this Privacy Policy is intended to make you feel as comfortable as possible visiting our website and playing ArenaNet games. I am not conformtable right know with all those hacks, risks etc...i would like to see more assurance. I even want to pay for it. 4,5 years down the drain by some individual with criminal intends, i would not like to think about it. Resume, Kali i believe you and i want the same and that is more assurance, how is all to Arenanet to decide. As a security specialist in the Netherlands i urg Anet to take additional meassures to give more comfort to consumers so privacy related information on the ncsoft website and players achievements in Guild wars are more protected. Didis 14:20, 7 November 2009 (UTC)

(ri) I though an authenticator was the jumbled numbers and letters that you have to type back in, and only a human can supposedly correctly decipher them. It appears that I'm wrong from your last comment. Mind explaining a bit what it is? Rose Of Kali 18:17, 7 November 2009 (UTC)

Captcha is the right word for the jumbled numbers and letters; authenticator(with regards to the context Didis used it in) seems to be a security certificate, which NCsoft already have(certified by Thawte). Pika Fan 18:27, 7 November 2009 (UTC)

Maybe this gives some inside of what i mean: http://us.blizzard.com/store/details.xml?id=1100000622

Protect your World of Warcraft account with industry leading account security - introducing the Blizzard Authenticator! The Blizzard Authenticator is designed as a supplemental authentication method for your World of Warcraft account, giving you the security of Two-Factor authentication. Each time you log in using the Blizzard Authenticator you are provided with a unique, one-time use password to use in addition to your regular password. Log in with both and you can rest easy knowing that your account is now even more secure from malicious attacks such as keyloggers and trojans.

It also ends the discussion of awareness of gamers to safeguard there assets by Arenanet. There is also a software mobile authenticator sollution. What Is a Battle.net Mobile Authenticator?

The Battle.net Mobile Authenticator is an optional tool that offers World of Warcraft players an additional layer of security to help prevent unauthorized account access. The Authenticator application itself is a small program that you install and access on your cell phone or mobile device. Didis 18:44, 7 November 2009 (UTC)

Interesting note of trivia: as long as people are capable of giving out their passwords, they will be tricked into doing so. The best password is one you don't know. –Jette 21:06, 7 November 2009 (UTC)

Why don't we just skip to the future and use iris scanners or DNA fingerprinting? Ow and for Belgians they could maybe put the Electronic identity cards they have to good use.

Anyway that authenticator seems nice and I would pay for it. Qaletaqa Hania 12:08, 8 November 2009 (UTC)

On a personal note -- just as a player -- I like the idea of an authenticator. But I wonder -- in a game that does not have a monthly fee, will people think that buying an authenticator is, I don't know, some evil scheme to *gasp!* make money? We have a surprising number of players who resent any sort of additional purchase. I actually had one tell me that all expansions and all new games should be free because back in 2005, he bought the original game. Never mind the cost of development, the funding of updates, the need to pay for continued support, or even the price of bandwidth, server space, etc., to allow people to play when they want, for as long as they desire. Somehow, selling Fractions was "evil." :)

So just in a casual question, how do you think such an item would be perceived? -- Gaile 21:42, 8 November 2009 (UTC)

Well, to continue the WoW analogy, they have a monthly subscription fee in addition to wanting you to pay for the authenticator and expansions... Not to mention payed server transfers, class changes, probably character name changes. So I think GW 1ups WoW in that department. — Poki#3 (talk) 21:51, 8 November 2009 (UTC)

@Gaile: Yes it might seem as an evil scheme to many, or even most players. But if it's optional they can still choose if they want that extra piece of security. Anyway if people think it's an evil scheme, let them. Blizzard has an evil scheme and are selling there soul by selling minipets for 10$ a piece. I think giving the option of that bit of extra security is not an evil scheme but shows that you care about the player. The "buy Aion to get Aion wings in GW" is a more evil scheme then this.

Most people playing games or either to young to understand or have no idea what it costs to develop a game, the funding of updates, the price of bandwidth, server space, etc...

To be honest I think Anet is running "low on cash" and are to busy with GW2 that implementing this would cost more then they would like to pay for it, because if not enough people buy it then it would have been a waste of time and money, wich is normal because it's business. A survey could help answering it and see if it's worth doeing it, compare the data of that survey with the time support spends on helping people get their "hacked" account back and compare the costs or something like that.

Have a good day. Qaletaqa Hania 08:49, 9 November 2009 (UTC)

Personally, I'm fairly sure that a Guild Wars authenticator would be received better than, say, paid character face customization. Plenty of people are already buying name changes, face changes, sex changes, and storage panes from the in-game store - an optional extra layer of security would probably be welcomed, and sell well. Did you ask the same questions when the decision to add all the current microtransaction items was going around the office, Gaile? Of course there will be people who think it's just a ploy to make more cash, but it's not like plenty of people don't already think that about the plethora of goodies already offered; none of which, I might add, would be as solid of a purchase as this one. -Faer 07:04, 14 November 2009 (UTC)

You could also look at it from another side. All these new purchaseable upgrades from April were something that nobody had to buy, and they didn't really add anything special to your account. You could get extra storage packs in-game to compensate for purchasing the panes, remake a char if you don't like it, etc. - you didn't have to buy any of it. OTOH, making a security feature purchaseable can be viewed very differently, many people will feel like they have to buy it because it's actually important. This will make these people feel forced to pay more money without getting any actual game content. I think this would look bad for ANet, but that's just me. Rose Of Kali 23:20, 14 November 2009 (UTC)

I think making accounts nearly impossible to compromise would look good, even if it did require players to drop 5-10 bucks on the token. Better than the current system of accounts being hacked, temporarily closed, and nobody ever knowing what exactly happened because all they ever hear is "stop downloading keyloggers" from support. A lot of people feel like they have to buy a security suite for their computer, and are forced to do so without getting any extra power or use out of their PC, but that doesn't mean ESET looks bad because they sell security to people. -Faer 19:01, 16 November 2009 (UTC)

It's one thing to buy protection for your entire PC, and another to pay the same for limited extra protection for a single game client. Rose Of Kali 02:27, 17 November 2009 (UTC)

My point is that authenticators have shown to be useful tools defending against account thefts, and given the state of the issue at this point, they would be an excellent way to help end the problem. Nothing good is going to come of the current "it's not my fault, it's yours" way of handling the issue. I'd love a free auth key solution, but the chance of that happening is slim given that simple things that have been asked for since the game hit the shelves are costing players $10-15 a pop. Best we can hope for is something in the $5-10 range, or for somebody to man up and fix the problem that is causing authenticators to be needed in the first place. -Faer 00:16, 20 November 2009 (UTC)

First, what "simple things" are you talking about, and how can you know if they're simple? Name changes, face changes, hairstylists? Not simple. And please, if you're suggesting that we fulfill the wishes and desires for these not-so-simple things without cost, you're living in a fantasy world. Today we rolled out new content, without cost. Halloween saw the addition of new quests, without cost. Each holiday event sees new content, again without costs. Updates? Skill balances? Monthly tournaments? Contests? Yours, all with no charge. Consider: Our game does not charge a monthly fee, and we're offering some things that certain games, with a monthly fee, offer at a greater cost! Come on, be fair! :)

Secondly, we can't "man up" to something that, despite hundreds and hundreds of hours of research, we cannot establish is "ours" to own. Right now, if we say "It's not us" it's because we can say that with hand on heart, as truth. If we say, "At this point, all evidence - and believe me, we're looking! -- says that the source of the problem is external to the game," then obviously that is what we believe... in fact, that is what everything supports. And if we learn differently, we'll say it. Right now, I don't think there's "manning up" to be done. Fansites say their security is sound. We've looked internally and can't identify a breach. I guess it'll be while before someone can flash their XY chromosome. :D -- Gaile 01:02, 21 November 2009 (UTC)

All I am suggesting is that ArenaNet or NCSoft provide players with optional additional layers of security. I care not about name-change microtransactions or how bloated the code for them may be; as for the rest, free updates are great for those of us that can still access the game, but the people who are losing accounts to whatever hole is being exploited don't care about things they no longer get the benefit of or miss out on while stuck in the middle of the retrieval process. It is those people who I'm looking out for, here. -Faer 04:25, 24 November 2009 (UTC)

I agree with you. But it's really important to balance "I want to get into the game right away and not fuss with all these security measures" and "I am willing to take the extra time (or make the extra investment) to protect my account." Just as there's a balance between "You say you lost your account, here you go" and "You say your lost your account, please let me be sure that you are truly the owner before I give it to you (for your own security)."

We have been talking in depth about security at ArenaNet and NCsoft and I agree that it could be beneficial to offer additional, optional means to secure accounts while ensuring we're taking every step we can to protect them through the normal processes. My concern with what you said was the use of the word "hole." If "hole" commonly means "a breach in security" then I have to quibble about the word. Accounts are being stolen, yes, but we do not know through what means the hackers/thieves are getting account credentials. The thefts actually do not appear to be coming from a game or network security breach, so I'd rather not use "hole" to describe the situation. I hope that makes sense. -- Gaile 07:45, 24 November 2009 (UTC)

I use the word "hole" because, though we haven't yet found it, something is being used to gain access to accounts belonging to even the most paranoid of players. You guys can't find anything wrong on your end, and we (speaking specifically of Guru, and assuming the other fine community centers are doing their best as well) can't either; we're both sure that whatever is going on isn't due to some leak of vital information from a client, or page, or <insert other ways information can be leaked here>, and yet even some people who are major security nuts are getting caught in the wave without a surfboard. So even though to the best of our knowledge there are no flaws with our security, we tighten that security further to make doubly sure that we are doing the best to protect our users and fellow players - and still, somehow, the problem persists. There are many cases of account thefts being the fault of someone visiting a malicious website, or running a malicious script cleverly coated in "free riches for you!" glaze, so it's usually easy to attribute occurrences to such behavior, but with the current scale of things and the amount of previously mentioned security buffs also getting fragged, one can only assume that despite our best efforts, there is a hole somewhere we have yet to find and plug. It is for this reason I personally strongly support the introduction of an authenticator tool, be it in the form of a nifty keychain piece (like the Blizzard Authenticator proudly hanging off of my own, as well as about a million other nerdy items I won't go into detail about), or a small application for the PC/mobile phones/what have you that performs the same function. I think the benefits of adding such a security option at this point would outweigh the potential negative feelings about its introduction. -Faer 21:58, 24 November 2009 (UTC)

The only problem with voluntary security measures is that they are only effective if people use them. Now, of course, if offered the opportunity to use an authenticator, I would. However, before I had my account stolen - probably not, simply because I thought I was taking enough safe measures. Hind site has certainly proven otherwise to me, I became too complacent, and that's why I became a victim. Had I been able to abide by that old "being able to follow your own advice" adage, I probably wouldn't have been hacked. So I don't see a voluntary security measure helping the overall problem, nor will an intrusive one that requires more and more steps/activity required by the user. HanokOdbrook 01:59, 26 November 2009 (UTC)

Pre-WW2, nobody was worried about a single bomb wiping out millions of people in an instant. Post-WW2, it's on everybody's mind all the time. Similarly, pre-account theft spree, plenty of people took their safety for granted, and figured they were okay with what they had. But now that the bomb has been dropped, things are different. People who lose their accounts are wondering why, and people who haven't yet are wondering if and when they will. An auth key is no more intrusive than having to type in your password every time you want to log in, given that we have the option to have our clients log in automatically. Now is the time for security and action. It's time to start preventing launches rather than reacting to them. -Faer 02:39, 27 November 2009 (UTC)

(Reset indent) We can have our clients log in automatically? Rose Of Kali 14:02, 27 November 2009 (UTC)

Kind of, yeah. — Poki#3 (talk) 14:57, 27 November 2009 (UTC)

My gw account got banned as code=045

hallo gaile,

sorry my english is not so good, because iam german.

my account was banned on saterday evening. 40 minutes after my account was banned i create a ticket. 091031-001555 ---> 31.10.2009 16:52 answer came from gm tyler at 31.10.2009 19:23. after this time i hear nothing from the support and my account is banned this time. i send all documents to the support.

my question is, you wrote that all tickets who wrote on the 1 - 3 Nov 2009 becames an answer.

Update: 4 November 2009 (Part 2)

I spoke with the lead of the Billing Team, and he told me that they are making progress on the account restorations, but it will take more time to get everyone back into the game. Team members are working overtime this evening, and the hope is that they will have everyone who wrote on Sunday, Monday, and Tuesday cleared up by tonight (US time). They still have an expanded number of people working on this matter, so we hope to get new reports turned around very quickly now.

my ticket is from the 31.10.2009 and now we have friday the 6.11.2009 and i cant play gw.

thx

peter

Guten tag, Peter. I am very sorry that there has been a delay in getting you your answer. I looked at the ticket, and while it's written in German (so I am afraid I cannot read it very well at all) I do believe you may have been caught in the same issue that I mentioned in my updates on this page.

The US Team Lead told me that they have just 10 tickets in the queue at this hour, so I am hoping that you are already back in the game. However, I am not sure if that is so. I will write the team lead for the European team, and he will be back in the office and I am sure will look into this matter on Monday. Again, I am very sorry -- (perhaps that is Ich entschuldige mich?) -- for the problem! -- Gaile 21:47, 6 November 2009 (UTC)

thank you for the help and this answer. i hope that i can play gw on monday or tuesday.

and it was right "ich entschuldige mich"

Human Rights Questions

Security up due to safeguarding human rights in online games?

Maybe Arenanet and NcSoft should take note of this document and translate this into a competetive advantage within the business and (to be) published games: http://www.coe.int/t/dghl/standardsetting/media/Doc/H-Inf(2008)008_en.pdf It's a document written by the European committee about the human right safeguarding in online games. More specific...safeguarding security, safety and privacy of children and young people. Sinscerely i think the privacy policy on the guild wars website does not comply with international law and legislation.

The line in the privacy policy statement on the guild wars website: (4) Privacy Protections for Children - In order to protect the privacy interests of younger Internet users, we do not allow children under the age of 18 to use our services without the consent of their parents. is too shortsighted with regard of above mentioned document.

Further on is stated: We have established and maintain reasonable security procedures to protect the confidentiality, security and integrity of your personal information. We use encryption, Secure Socket Layers, and other technical measures (such as off-site backup, security testing, and password protection), and we implement off-line efforts to further protect this information, including limiting employee access to personal information and updating our employees regarding our security practices and privacy policies. Please recognize, however, that "perfect security" does not exist on the Internet.

I agree that "perfect security" does not exist, but every business should have a security plan, periodically evaluated by assessing risks taking new technology and knowledge into consideration. This is also what the Federal trade commission advises (for particular businesses it's obligatory). Maybe these are good readings: http://www.ftc.gov/bcp/edu/pubs/business/idtheft/bus23.shtm and http://www.ftc.gov/infosecurity

Due to new technology and for the sake of safeguarding the security safety and privacy of our children and young ones i would like to see more ways to secure on the client side. The meassures spoken of in the privacy statement on the guild wars website are almost all server side meassures. Lastly i want to ask to do a little test. Create a master account on the Ncsoft website. Enter on the registration details page the birtday of a child younger then 18, after creation is done, add a guild wars account to it. And then play. If this is possible without parental agreement there is a flaw in the registration and implementation of the privacy policy of Guild Wars. I can't test this, or i should take another identity, and that's illegal. Yours Didis 18:38, 7 November 2009 (UTC)

And parents have no obligation to know what games their children buy/play, and they shouldn't have read the user agreement and notices on the box before allowing them to play the game? Of course hardly anyone reads them, but people are warned they exist even before buying them by the writings on the box. You're just seeking issues in my opinion. The responsibility is the parent's and not Anet's. 145.94.74.23 18:49, 9 November 2009 (UTC)

"The responsibility is the parent's and not Anet's." While you may personally feel that way, if the law says otherwise then tough cookies the responsibility has been shifted from parent to corporation. 65.207.54.194

The person buying the product is a responcible party... unless minors can get their own credit card or the laws made to age verify the purchase in the store is not done then thats where it rests... If your letting a minor or your child play this game and you didn't observe the warnings then its the parents/guardians fault... otherwise every game that is ever made has to get pokemon'ed (which is a pretty dang violent game) MrPaladin † talk 19:46, 9 November 2009 (UTC)

And, again, while you may personally think it is not Anet's responsibility if the law says otherwise no amount of hemming and hawwing will remove the responsibility from Anet. And take note OP linked to a law about the collection, storage, and distribution of information about minors (equivalent to COPPA in the USA) - which has nothing to do with the /content/ of the game (making that cute little "pokemon'd" quite irrelevant). If the gov't says you can't collect information on minors, then it is Anet's responsibility to be sure they are doing everything within their power to abstain from collecting information on minors. It's as simple as that. Also, take note that I've made no judgement one way or the other if Anet is doing a satisfactory job.65.207.54.194 20:00, 9 November 2009 (UTC)

What information do they have of minors that is not secure? MrPaladin † talk 20:48, 9 November 2009 (UTC)

Are you daft?

Someone says "company X has legal responsibility Y and I don't think they're doing enough."

You say "I don't think company X should have legal responsibility Y."

I say "Well it doesn't matter what you think they should or should not be responsible for, the law says company X has legal responsibility Y."

And now you ask "How are they failing to fulfill their legal responsibility Y?"

Do you see what's wrong with that? I have never said they are failing to protect information. I said asmuch in the very posting you responded to ("...I've made no judgement one way or the other if Anet is doing a satisfactory job"). Stop being contrary just for controversy's sake and pay attention to what you're responding to plz. 65.207.54.194 14:21, 10 November 2009 (UTC)

I thought it was a clear question that was not answered... perhaps if I put it as your saying... ummm "I think company X does not meet the criteria for legal responcibility Y, they already secure information thru method Z for all users... How are they failing to fulfill their legal responcibility Y?"... MrPaladin † talk 14:35, 10 November 2009 (UTC)

Go look at the conversation outline again. 145.94.74.23 claimed ANET had no responsibility - a factually incorrect claim. I corrected it. End of story. All this bawwing about whether they do a good job completely misses the point - I never address that. If you want to biatch at OP, make it clear that's who you're addressing.65.207.54.194 15:49, 11 November 2009 (UTC)

the game is 12+, not 18+, simples Headchopperz 19:53, 11 November 2009 (UTC)

K then instead of my question being directed at you I then turn it to the OP... I thought this thread was still on topic... User:MrPaladin 12:30, 12 November 2009 (UTC)

If i want to discus this with fellow gamers i would have started the topic on my own talkpage. I adress my question to ArenaNet general and Gaile Gray specific. Sorry too many times i have been disappointed of the bitching and nagging against eachother gamers, without having a constructive addition to the content of the topic started. But then maybe my disappointment is reflected in this post due to the information that gw2 will be released somewhere in 2011, believing the conference call of the ceo of NcSoft. Didis 23:27, 13 November 2009 (UTC)

Account hacked: ref 091107-001118

→ moved from Feedback_talk:Gaile_Gray

So, reading everyone's postings here, I am screwed? It happened in like a 5 hour period that I wasn't away, I changed my password back but I was already cleaned out (11 chars almost full and all storage panes) :( Fred K 22:40, 7 November 2009 (UTC)

I am sorry this happened. Submit your ticket ASAP (or perhaps that is your ticket # above). Be sure to take other sensible precautions: check your anti-virus software, run complete scans, use a safe computer to update other passwords, etc. Good luck.   — Tennessee Ernie Ford (TEF) 22:49, 7 November 2009 (UTC)

That is the scary part, I am anal about my computer security. I have firewalls and antivirus, complex passwords. I am a very safe user, I am a computer science masters student, and I can't figure out where they got me. They already had my password, because they didn't have to do a recovery, they must have logged in and changed it from the old one to a new one. This suggests a key logger, but I cannot comprehend where i picked one up. I have 3 or 4 computers that I can recall playing from in recent months, I guess I need to look closely and try and figure it out. Maybe support can give me some insight into this too so I know where to look. Fred K 23:02, 7 November 2009 (UTC)

I have a thought to share. The most reasonable conclusion that we have been able to draw, so far, is that the hackers are getting account credentials external to Guild Wars and external to the NCsoft Master Account. They are then hacking their victims by using the actual credentials, as if they owned the account. Most victims have used those credentials elsewhere. Maybe their game account and their email share credentials; maybe they use the same in the game and in a fan forum. Some of the largest forum software programs (the ones whose names you know) and some of the major social networking sites have very grave security issues. It clearly is possible for a hacker to acquire a list of where you're active and what passwords you are using. And that ties in with what I see in researching hacks. The hacker may try three or four passwords, but he's gotten those passwords somewhere, he's not guessing. (Velocity systems will slow this down, but they will not prevent access when someone has legitimate passwords.)

I want to emphasize that we're looking at every level of our systems -- both Guild Wars/ArenaNet and NCsoft -- but we're not finding any sort of weakness. I've talked to a lot of hacking victims and I have the stats, but I won't go all formal on you. Let's just say that a significant number of victims (the vast majority) confess that they were using a weak password. Many say they use the same password everywhere or use it in places where hackers naturally would look, like the game and a fan forum. Others can't be sure exactly where they may have used the same credentials, but admit it is possible that they did. Our Security Operations Team feels this it is this shared credentials situation that is allowing the hacks to happen.

So the best advice I can give you is as follows:

• Do not use your Guild Wars user name anywhere else.
• Do not use your Guild Wars password on any other site, in any other game, or anywhere else.
• Do not post in a way that reveals your user name (such as for trades).
• Consider not posting with your in-game characters names. If someone is targeting you, it's harder to find you if you have a unique forum name and a unique set of character names that are not known on the very site from which someone may be getting your personal credentials.
• And of course, don't download programs, do run frequent virus/trojan checks, do keep your virus protection up to date, etc., as I outlined on the Account Security Page.

I cannot guarantee you that taking these precautions will protect your account. But I can tell you that not following these practices could put you at risk. And honestly, I don't see how there is anything we (ArenaNet) or our publisher (NCsoft) can do to enhance security when someone acquires your credentials externally and uses them to get into your account. -- Gaile 02:21, 8 November 2009 (UTC)

Seems to me that the short version here is "Don't use GWGuru." elix Omni 02:29, 8 November 2009 (UTC)

Why allow someone with a chineese IP to change the password on an EU players account then? When they bother to tell you that your password has been reset they give you the IP address of where it came from. OK, so it is highly likely that is is a fake IP, but the fact that that particular IP has changed a large number of GW acocunts passwords should be enough to give someone a clue about what is going on and stop it before more genuine players are hurt.

Agreed with Felix, have heard this exact problem time and time again. Also, question to Gaile: is it possible at any time in the future that the team will finally allow to change the GW login name? I used my most frequently used Email address to log into GW, and one of the first advices all over the place now is to use a unique one. Changing it is the only way for me now, and it is not currently possible. Rose Of Kali 02:39, 8 November 2009 (UTC)

I knew, as I typed the above, that someone would ask about changing a user name once tied to an NCsoft Master Account. It only took minutes for that question to arise. :) And I know that this is something that we need to make changes to allow. In all honesty, I have been working for nearly 5 years to get this change made, but there are reasons why it hasn't happened, mostly related to the fact that multiple teams need to be involved, the change it not a trivial one, and naturally great care must be taken to ensure that security remains high.

However, in light of the recent increase in account thefts, I've taken the opportunity to bring this up yet again. (As I wrote that email, I could almost hear a few folks sighing, at my persistence. ;) ) I will ask about this again next week, for I have a meeting with some folks who may be able to shed a bit of light on when we can make it possible to change a Guild Wars game user name for an account that is tied to an NCsoft Master Account (formerly called a PlayNC Account). If I get info, I'll share it. If I don't get info, count on me to continue to try to get it. :D -- Gaile 02:46, 8 November 2009 (UTC)

To be honest with you, Gaile, the change may not be a trivial one, but in terms of providing as many means as possible for account security, and in light of the many stolen accounts that have occurred recently, and in the past, I think 5 years and going is way to long to have this bit of minimal security implemented. Everyone in this situation could probably be doing a better job at minimizing potential hacks, but this is one of those "dropped the ball" moments on Anet's part. HanokOdbrook 06:48, 8 November 2009 (UTC)

Dozens of people and companies have your email address. But unless you use a weak password, none of those entities can steal your account. While I think we need to allow the changing of the user name, that is not the be-all and end-all for this situation, for appropriate personal security and a complex password are the key. -- Gaile 07:08, 8 November 2009 (UTC)

I didn't mean to suggest it was. It just seems like one of those things that bring about the "duh" moment after the fact. After all, hind site is supposed to be 20/20, and I am still continually second guessing myself on what I could have done to prevent this incident. HanokOdbrook 07:31, 8 November 2009 (UTC)

I stumbled upon a paper written by several security related people for the Europeon Network and information security agency (Enisa) in 2007. One of the author's is Adam Martin from NcSoft UK (he departed in 2008). The report states the need of stronger end-to-end authentication in online worlds. By cooperating in writing this paper, NcSoft agrees in my opinion with the need to take additional meassures to ensure end-user security is settled in more stone. When will NCSoft, and therefor also ArenaNet take their own statements serious? The link to the research paper: http://www.enisa.europa.eu/act/it/oar/massively-multiplayer-online-games-and-social-and-corporate-virtual-worlds/security-and-privacy-in-virtual-worlds-and-gaming/at_download/fullReport http://www.enisa.europa.eu/act/it/oar/massively-multiplayer-online-games-and-social-and-corporate-virtual-worlds/survey-on-security-issues-in-virtual-worlds/at_download/fullReport. In additional Square enix has decided early this year to implement an authenticator way of end-to-end security. Reuters press release from march 2009. http://www.reuters.com/article/pressRelease/idUS75347+31-Mar-2009+PRN20090331 Another read, stating the need for higher authentication in online games: http://www.google.nl/url?sa=t&source=web&ct=res&cd=30&ved=0CCsQFjAJOBQ&url=http%3A%2F%2Fnparc.cisti-icist.nrc-cnrc.gc.ca%2Fnpsi%2Fctrl%3Faction%3Drtdoc%26an%3D8914038%26article%3D3&rct=j&q=authentication+methods+online+gaming&ei=MaP2Su7RONWF4Qb5utjSAw&usg=AFQjCNGxOUIgw7_nSJWIvkGTxXU1M8YYFQ Or does NcSoft / Arenanet this again: http://www.joystiq.com/2006/03/02/ncsoft-sued-over-identity-theft/ Didis 11:37, 8 November 2009 (UTC)

Squeenix is also introducing a flipping Cloud Strife cologne, what's your point? The majority of these issues are caused by people who do not have adequate security measures. If your password isn't 10+ characters and contains a capital letter, a lowercase, a number and one of the following: $ # % & ~, then you can expect it to be broken. I also recommend Avira Antivirus, Windows Firewall if you're running 7 or later or ZoneAlarm if you're on XP or before and Common Sense 2010™. Letting that guy offering you 100K for a dedicated mandragor imp access your account is probably not a wise decision. Account theft and security have always been issues in online games and no matter how well ANet secures their servers, if the player does something dumb and gets their account stolen, there is nothing that can be done to prevent it. If your argument is that ANet should do the best they can to restore lost items and other things, then I agree wholeheartedly with you but would like to point out that, for the most part, they already do. The reason why they can't simply recreate items and reassign gold has been stated a million times before. If you have some sort of ingenious system to help prevent account theft and keep people from stealing items without becoming a gigantic pain in the ass in the process, then by all means, go ahead and tell us. I'm sure if you have some idea that equates to Joe waving a magic wand and killing bots, ANet would be more than happy to try. Otherwise, there's simply nothing more that can be done. –Jette 12:39, 8 November 2009 (UTC)

From my experience, there is always something more that can be done - it's just a matter of doing it. That goes for the server side as well as the user side. As a NetAdmin, I have to deal with user issues on a daily basis, and it doesn't matter how secure you think you are, the bad guys are always finding the holes, so don't assume this issue is due to lack of user common sense alone. The question of the e-mail log-on seemed obvious to me when I first installed the client and input my first access key. That's why I made sure to step up on other measures to ensure my account security. Could I have done better? Of course, there are things I look back on and say I should or shouldn't have done this or that.

But it's a moot point now, what we need to do is first, find the root cause(s) of this latest round of hacks to close what holes there are and educate the player-base on best practices going forward. Next, we need to think about how to implement a system that allows victims to get some kind of recompense, regardless of what allowed the hack to occur (unless they violated the EULA, natch). Third, we need to think of how to implement better security measures on the server side to prevent accounts from being hijacked, even with the proper log-on credentials. My initial thought on this (after finally being able to get a couple hours of sleep this night), is to have some form of MAC address filtering. If would could associate MAC addresses with our accounts as we do product keys, then even if the bad guys get our account info it is useless unless they use one of the systems that has its MAC associated with the account. HanokOdbrook 4:35, 8 November 2009 (UTC)

While I respect the assertion that you need to be safe, I had an 8 character randomly generated password with letters, numbers, and symbols. Also, I use different passwords in many different places on the net. But, computers being my primary profession and hobby, I have to say that I probably have login credentials to well over 100, 150 websites, computers, servers across the net. At this scale, having a different password for every single login is monumentally prohibitive. Why can't Guild Wars do what certain other MMOs have done and implement optional [two-factor authentication] like [PayPal's Security Key]? A common security paradigm is that perfect security would require 1: something you know, 2: something you have, and 3: something you are. It would be nice if we could move from the basic and fairly antiquated idea that just a random string of characters is sufficient security for something, that in this case has taken me years to build up and appears may be gone in a matter of 5 or 6 hours. Fred K 15:37, 8 November 2009 (UTC)

* Do not use your Guild Wars user name anywhere else. When I first setup my account over 4 years ago, I had to enter an email address. Which is my Guild Wars user name. Nowhere was there any mention you should a non-functional email address. Right now, it's too late as I can't change my address anymore (for over 3 years). It should be possible to change your Guild Wars user name. I feel very uncomfortable that somebody out there knows my user name. And I can't do anything about it. The password can easily be hacked again as they only need to try and try again. No lock-outs, no time-outs, nothing. And then, the question remains, how did they manage to change my password without me knowing about it? When I changed the passwords on all my accounts (including the master), I got an email that somebody (which happpend to be me) had changed the password... --Lady Rhonwyn 17:25, 8 November 2009 (UTC)

Hi, Lady R. I do not suggest you use a non-functional email address. I suggest you set up and use a functional email address exclusively for Guild Wars. I suggest you use an extremely complex password, and use it only on the game account in question, which naturally means that your game password and the password associated with that dedicated email account are different. I suggest you keep your user name confidential, and never use it for forums, contests, websites, others games, or any other application. I suggest you not reveal your in-game character names in public media. And pleas note -- as I have said many times on this page, according to the team that handles game and network security, there are velocity checks on password use, and an endless, non-timed trial to access an account is not possible. Lastly, yes, I am concerned about the lack of email notification for a password change, and I have been pursuing this for the last several days. We are definitely working to amend that, so that each password change prompts an email to the player. -- Gaile 21:31, 8 November 2009 (UTC)

The problem with that is the typical user will only have two or three addresses that they will use, and having them create a whole new one may not sound all that impractical, but then where will it end? I have nearly a dozen different e-mails I use on a regular basis for specific purposes. Even now it tends to be more of a PIA then it was worth when I originally started out. Having one more that I would to upkeep (especially if that's where p-word and account changes/info will be going) really starts getting to be a bit much. It would have been much better to have a user name as a log on instead of an e-mail address. It's very rare that I go to a website now that requires logging on with strictly with an e-mail address (what happens if I need to stop using that address for some reason?). Most now have you create a unique user name and only require an e-mail address to be associated with that user name for contact purposes. Naturally you can change that e-mail address as needed without having to change the user name. HanokOdbrook 04:26, 10 November 2009 (UTC)

(Reset indent) Many of you have shared very reasonable and well-thought concerns and ideas about increasing player security. The suggestions that I am giving you (see above) are by no means our final word on the matter. The suggestions are what I can offer you now, and I hope that you will avail yourself of the observations and suggestions, as you are able. We are discussing several means of giving account holders additional tools for security, and I hope that we will be able to speak about those in the near future. In the meantime, thank you for your continued suggestions -- they are welcome. -- Gaile 21:33, 8 November 2009 (UTC)

Yes, now I wished I had taken another email address... But that's after the fact :p Oh, and about that non-functional email, if you create an account after buying online, you have to enter a username, which then gets extended with a @plaync string. And my second account has a non-functional email address as we moved 3 years ago and have now a different internet provider :D But, as we're talking 4 years after the fact, I'd love an opportunity to change my username to something else than my email address (and as HanokOdbrook mentioned, I had the option of 3 at the time, and I took the longest I had... I can't even fill it out completely on a NCSoft report!). Well, it's too late for me, but I do hope that new people will take note of this and will learn from my mistakes. --Lady Rhonwyn 07:36, 10 November 2009 (UTC)

People were able to change their email address in the past however, right? Like when you could change ur password through the client. Was all that changed with the ncsoft account implementation a few years ago or have people never been able to do that? --adrin 08:02, 10 November 2009 (UTC)

To preface my position, here is the list as I can best recall of stuff that I lost: User:Fred_K/Hacked_Account. Support has only given me a canned message that it is all gone (in 5 hours between 3am and 8am). I first find it hard to believe that some of the items could be fenced that quickly in the dead of night. Secondly, the majority of the stuff that disappeared would have gone to RMT buyers - why can't they be banned and their possessions forfeited back to me? Security is a policy decision that involved prevention, detection, and remediation. Obviously prevention failed at some website (rumors are GW Guru). This isn't quite the fault of NCSoft, but I would have never had an account there if they ever made an auction house. As for detection, there are no mechanisms in place to either detect someone's account being strip mined or password being changed by an IP that likely originated from a different country hours after they logged off. But remediation... This is where I have a hard time accepting the stance taken. In my case, I have spent over $200 on this franchise and logged thousands of hours; "sorry, so sad, too bad" just doesn't cut it. It is a policy decision, a cost benefit analysis, that leaves myself and many other recent victims with nothing to show for their time invested in this game and this company. They are telling us that they have considered it, but it is not worth their time, money, or effort to help us out. Personally, I have a hard time convincing myself to stay or spend any more money on this franchise; it is apparent to me after this that I am not worth their time. Yes, my login information got stolen from somewhere else, I am irresponsible. The problem is though, no security is perfect (on the user or system side) and NCSoft needs to consider this when dealing with their users who are in many cases loyal and dedicated customers. I apologize that this is somewhat of a rant, but my mood is sour from all of this and I just need to express my frustration while it is still fresh in my mind. Fred K 05:07, 12 November 2009 (UTC)

Additionally, with the opinion support has toward this, I feel like I'd have better luck with the RMT guys. I bet they'd sell me my gold back faster than support will ever do a thing about it. With everything I lost, trying to buy gold would be far more worth it to me than trying to farm it all back. The fact that I'd rather quit than farm it back gives me nothing to lose; the only reason I hesitate is that some other poor player will become the victim in place of me. Fred K 06:25, 12 November 2009 (UTC)

There is that point. I was in the customer service business for many years, and even now still deal with that aspect of it in the tech business. There is something to say for providing service above and beyond what would normally be expected - especially in today's economic climate. We certainly can't hold Anet responsible for things that happen outside of their control, but I don't think it's too much to ask that when those things happen, they have mechanisms in place to minimize the impact, regardless of the how and why. That's just stepping up the customer service level. I have made some suggestions in terms of having hacked accounts being able to recover lost items, and I hope Anet is tracking all of this and keeping logs of what was stolen from these accounts (in terms of the rare/high end items), that way, at some point, we can at least make the effort to get those particular items back. To me, that is the least that can be done for your long-time, dedicated customer, and is the SOP of all the successful companies I have worked for in the past. HanokOdbrook 11:08, 12 November 2009 (UTC)

@adrin: yes, you are able to change your login name as long as you haven't connected your GW account to a master NCSoft account. Which I did over 3 years ago. And I think a lot of people have done so by now (especially after april and the free Xunlai Storage Pane action back then). --Lady Rhonwyn 15:27, 12 November 2009 (UTC)

Question

Can you report verbal abuse directly to the support team? If so is it different from filling out this, or the same? Thanks ¤Dark ';~;' Chaos¤ 19:06, 8 November 2009 (UTC)

Hi DC. The form you've linked to is the NCsoft website report form, and that is an excellent means to contact support and let them know about the verbal abuse situation. One can use any of the means on the page to which this links: support, including a simple email. However, I happen to feel that the support form is the best and most efficient means to report the matter because it asks for all the relevant info at the beginning, which allows the team to get started on their investigation promptly.

Incidentally, someone said "How can I use the form when my account was hacked? I don't have access!" But the Support Account is different than the NCsoft Master Account. In other words, you might be Teddy Bear on your NCsoft Master Account and use an entirely different user name and password for the support form. This ensures that even people whose NCsoft Master Account was hacked can access and get help from Support. -- Gaile 21:49, 8 November 2009 (UTC)

Thank you for the help! ;D ¤Dark ';~;' Chaos¤ 21:31, 9 November 2009 (UTC)

Account hacked: Incident: 091107-000974

Hi Gaile, I would appreciate you checking on the situation of this incident, to see what kind of time frame I am looking at. Now, in response to your statement from above as quoted here:

"There are many reasons why stolen items seldom can be retrieved and returned. Primary amongst them is that items are often exchanged (sold, traded, merchanted) multiple times. Say someone offers you an item at an attractive price, you accept, and then trade it to a friend. Maybe it goes through a few more trades, as items do even in a short period of time. What if we get a hacked account report and discover that the item that you bought legitimately, and which was traded legitimately to several other people, was a stolen item? From whom do we take it? The last buyer? No, for that would make him a victim of the hacker just as much as the initial victim. Obviously, we'll action the account thief to the best of our ability, and many accounts are terminated every day. But the issue with items is just more complex.

Another scenario: A hacker steals an item, sells it to a merchant, and then uses that gold to buy items from legitimate players. The item is gone -- we cannot spawn items nor get an exchange from the merchant -- but do we then go to people who make what they thought were legitimate sales and take away the gold they were paid for their items?

Sometimes -- very rarely -- we have a clear-cut path that enables us to return items. When we can, we do. Many people who read this page can attest to that, for I've talked to some of them personally and have returned the items they lost. But for most cases, it's simply not possible. Not because we don't care. Not because we don't try. But simply because we cannot do it in a fair and equitable way. -- Gaile 01:05, 3 November 2009 (UTC)"

I certainly can understand that there really can be no fair way to resolve this issue - someone will get hurt. But I think we might want to take a page from legal system. If someone breaks into my house and robs me blind, I certainly expect the police to do their utmost in tracking the culprits down. If they are able, they then will make attempts at tracing where all the stolen merchandise has gone. What they find is then confiscated as evidence. It doesn't matter who the current holder of that item is, or the circumstances of how they obtained that item - they are in possession of stolen property which will be returned to its rightful owner. As the victim of robbery, I certainly wouldn't want the police to tell me I am out of luck - I should have used a better deadbolt on my door or bricked up the windows on the first floor of my house. And I certainly don't expect the person who is in possession of my belongings to get to keep them simply because they engaged in what in their eyes may have been a legal transaction.

But all that aside. It is my understanding that gold seller accounts and bot accounts are banned on a regular basis. What then happens to any or all of the gold/items that those accounts may possess at the time the account is locked out? Certainly I would think, in light of the current situation, that once these accounts have been determined to be used for illegal activity, any and all possessions of those accounts should be divided up among those players who have lost gold/items due to account hacking. It may not end up being the exact items that were originally stolen, but at least we would no longer have to worry about starting those accounts over from scratch - especially with several years worth of time invested in those accounts. That's just my thought on that matter. HanokOdbrook 06:44, 8 November 2009 (UTC)

It is Sunday evening. You filed this ticket today, Sunday. I would greatly appreciate not being asked to follow up on a ticket that is only hours old, particularly on a weekend. Please give the team time to research the matter and look into the Situation before asking me to get involved. My involvement is seldom required and is never appropriate until the team has made their determinations about the incident in question.

As far as "splitting the income" from sales, I would say that is nearly impossible. Most account are stolen by RMTs and many are stolen in a single day. It would take an act of Soloman to try to fairly and equitably divvy up the gold from sold items in such a situation, so I do not see that this would be a practical or reasonable outcome to most account thefts. I will consider this further during the work week. -- Gaile 06:55, 8 November 2009 (UTC)

My apologies, I guess my fervor of trying to track the source of this issue down has gotten the better of me. I actually didn't expect you to be back around until Monday, and initial response to my ticket log was fairly quick, which I guess made me expect to hear from the Account Rep sooner. I wanted to get this logged here (and a possible time frame of when to expect a response) just in case I didn't have the opportunity to check on it in the next few days, due to some RL commitments (which will hopefully take my mind off this incident for a little while). As an aside, I am glad to see you are still involved with the game (for some reason, I thought you had gone elsewhere entirely), as much as I appreciate Regina and her efforts at filling your shoes, there will never be another like our Gaile!

In terms of returning ill-gotten gain back to the players, I was even thinking (in my tired but restless brain), of some sort of system that would allow players to get back on their feet - especially in terms of things like re-acquiring end game rewards (Deldrimor Talisman, birthday minis, etc.) and other hard to acquire items. I don't think anyone here is too concerned about the basic weapons and the like that are somewhat easily replaced. But in terms of the more trying to rebuild characters and heroes who have had runes and armor stripped, it's almost impossible to get them properly re-fitted in order to get back into the game without the necessary gold and raw materials. It could be something like a special access key we would add to an account that would provide a set amount of gold, or "vouchers" that could be taken to NPCs and exchanged for lost items. Perhaps, if even feasible, add an NPC specifically for this purpose that could help us re-acquire those one-time only awards, such as the Talisman, or the hard to get ones like our B-day minis. HanokOdbrook 07:35, 8 November 2009 (UTC)

If you want to compare real life to the virtual world here's a better analogy. If your car gets stolen, if it's not recovered within 24 hrs, chances are you aren't getting it back. It's been hacked into sellable parts in a chop shop somewhere. That's real life. If the police bust the chop shop, they are not going to track down all of the people who purchased those parts, take them back and then put them back together to give you your car back. -- Wyn talk 07:00, 8 November 2009 (UTC)

Thank you for that analogy, Wyn. I think it is very apt. While I have heard of people getting stolen property back, I have never heard of the police returning money for items that were stolen and then sold. -- Gaile 07:04, 8 November 2009 (UTC)

True, but you are still not left empty-handed - at least there's the opportunity to be compensated through the use of Insurance. The big problem here is that we do not have such an option. We can still do everything we think is right in terms of protecting accounts, but beyond that, when the worst happens, it would be nice to know that we don't have to try to start all over again with nothing. I am fortunate enough to have only had one account hit, so I can tolerate the loss of all but that rare and one-time only stuff, but I also now have to worry every time I log in that my other accounts may be next, and any progress I make today will be gone tomorrow. I really feel sorry for those players who only have one account and are left with nothing and no means with which to get even basic stuff back. We can go on for days about doing this or doing that better in terms of user account security, but as an old policeman friend of mine once said, "Theft due to stupidity is still theft." Security can always be better, but we need something in place to help those who may have thought they were secure enough, when it turns out they weren't.HanokOdbrook 07:35, 8 November 2009 (UTC)

To extend the real-life analogy, now you have to become a loose cannon bad-ass no-nonsense hard-boiled cop on the edge who's not afraid to get down and dirty. Then track down the criminals who stole your car and raid their hideout in a 30-minute fight scene consisting largely of the lead gunning down mooks with a handheld GAU-18 (wtf) which culminates in a massive, $30M explosion in gigantic 1920x1080p native resolution. Are you a bad enough dude to rescue the president get your junk back? –Jette 08:57, 8 November 2009 (UTC)

No need if there's an option to get "account insurance" that helps replace the stolen items. HanokOdbrook 4:35, 8 November 2009 (UTC)

Well you have to extend that anology another way. Lets say you have money in a safe deposit box in a bank vault (Your account/password on anet's servers). Now someone breaks through the bank's security and steals all your goods. Is the bank totally off the hook? No, because your money is insured.

To be honest, I'm not putting the full blame on arenanet's security. There's alot of stupid people who use stuff like "abc12345" or "secret" as their password. However, there are those users who have been sure to secure their accounts (not downloading any programs, have virus protection, have complex passwords, etc.) but got it stolen in a batch with other people as well. What about them? Do they get any compensation when their personal security is strong, but the server is unable to protect them? --adrin 02:01, 9 November 2009 (UTC)

No they do not, because it is their fault for putting their faith in the company in the first place. Pika Fan 02:09, 9 November 2009 (UTC)

Faith in a company is not misplaced, when it can be shown that the company is doing what it can to ensure account security. We are still researching this matter, but if I can tell you that the breach came external to the company -- at currently appears to be the case -- and if I could tell you with complete accuracy that the breach was not the result of insecurities on the game server or the corporate network, wouldn't it be unfair to say that, somehow, the company is responsible for a security breach? Wouldn't that be like saying that a door lock company is responsible if your house is burglarized, even if you do not turn the lock in the door? Security involves all the parties involved, not just the person building the lock. You are responsible for turning the lock in the door. Building strong game and network security is our responsibility. Using those systems by following proper personal security procedures is your responsibility.

Let's wait and see how the outcome of the investigation before anyone jumps to an improper conclusion. -- Gaile 05:13, 9 November 2009 (UTC)

But customer service is your responsibility. We all know the dangers of the Internet, and we all no that amount of security is 100% fool-proof, even Anet's servers. So at the very least, when the inevitable happens, it would be nice to now we are dealing with a company that had the foresite to put measures in place to limit or even reverse the damage that was done. That's just providing top notch customer service. Do you think my company would be able to survive in today's business world if we took that same stance with our customers. They don't want to hear me say, "Sorry, but you should have applied those Server updates last week like I told you to in order to prevent that hacker from compromising the system and deleting your user information. There's nothing we can do to help you at this point." No, regardless of what happened, it is my responsibility to do what I can to recover that information and lessen the impact for that customer. HanokOdbrook 11:28, 12 November 2009 (UTC)

Let me say something, alot of people who do get "hacked" use hotmail and/or gmail accounts, there was a recent incident where many of those got "hacked" thru phishing. Also if you save your e-mails containing passwords etc... you are an idiot.

And I bet there are alot of fake GW websites that will put something on your account if you fill in your password and username, because "It's the only way we can do it without it getting your account blocked". That's one explanation of someone getting access to your account.

Another one is people give out there account info to easily, I have been asked by someone to do a quest for them and I said "Ok, but i'll need access to your account", he changed his password and I got the info and did the quest for him. What I did say to him after I did it was "Please never do that again, not everyone is as nice as me and might steal your account/items". After that he changed his password again, wich is good but this just shows that people often trust strangers to much. I knew the guy for several months when he asked that.

@Gaile: Is the third example against the EULA? because it's not account sharing, it was a favor I did because he had alot of trouble doeing it. It was a one-time thing. If it is just add the first flag to my account.

Anyway back to security. There are alot of things that can explain an account beeing "hacked", i'll name some: keyloggers, packetsniffing, ignorance, idiocy, phishing, and more...

My point is that I doubt there is a problem with NCSoft and/or Anet security protocols. There is always room for improvement, but when will it be enough? never. People will always find something to cry about.

Last thing I wanna say is that, 90% of the safety of your account depends on you not NCSoft or Anet. I have been playing online games for about 8-9 years, I have about 25+ game accounts atm, none using the same password, I do not have that info stored on a pc but on a USB stick, if I lose the USB stick it wouldn't be a big deal because the files are encrypted. And if someone does crack it then they need to know the password to the file it contains, anyway it would be to late for them to access any of my accounts because I would already have changed all the passwords. Never got an account hacked or stolen, given some away tho.

"It wasn't my fault, must be theirs." what a joke. Qaletaqa Hania 08:20, 9 November 2009 (UTC)

The not-so-distant asiasoft-maplestory fiasco was a joke. Whenever you change your password on their main site, your account gets hacked. I actually tested that out and created an account on a recently reformatted computer and put some money in it, then changed passwords. The next day, the account got hacked. Good joke. Pika Fan 08:41, 9 November 2009 (UTC)

The fact of the matter is, a straight-up (unchangeable!) login + password = full account access just does not cut it any more (if it ever did). A user can do everything humanly possible to be safe, and still get hacked under such a system. The reason simply being that all scanner software and security patches are in response to security problems, the hackers are always the ones in the lead. Holes pop up all the time, through no fault of the user. Things like external authenticators, IP locks or on-screen keyboards can really help a lot though. And even though an insurance policy for items is not possible (I know Anet cannot roll back or generate items), character delete locks should be completely doable. On another note, I got to wonder how it would help to keep character names secret. I mean, since when was it possible to connect a character name to a user name? (If it is possible, I am kinda surprised that Anet would admit to a security hole of that magnitude).--Lensor (talk) 15:58, 10 November 2009 (UTC)

On the topic of keeping names secret, if you know a certain character in game has a decent amount of cash, determined by peeking in on trade chat in spamadon, then seeing that character's name on a forum with easily compromised security gives the incentive to crack the forum's database to retrieve login info. Since it's a given that several people use the same login for multiple items, at the very least you've got the email address tied the the game account. Keeping your characters secret helps keep you out of the eye of aggressive account thieves.--Pyron Sy 16:35, 10 November 2009 (UTC)

Seeing how the first "tip" was to not use the same e-mail/password anywhere else at all, I do not see how keeping character names secret would add extra security. Unless she meant it like "in case you are using your GW login/password somewhere else, do not flaunt your GW wealth around too", which is sound advice albeit a bit insulting.--Lensor (talk) 17:01, 10 November 2009 (UTC)

I will be happy to explain. If an external site is insecure, and someone manages to obtain account credentials, having one's name as a "Top Trader" or "the person who has a gazillion ectos to trade" can provide an impetus for a hacker to focus on accessing that particular account. And a lot of times, one's character name may be Fred the Warrior and their account email address may be fredthewarrior@someemailprovider.com.

One of our security agents was able to find every one of a sample list of hacked accounts that I sent him with a simple Google search. I don't mean he acquired their credentials but he did learn where they were active, and knowing one point of data can lead to others.

So the suggestion about keeping one's character names a bit on the private side is intended as an idea about achieving, perhaps, an extra means of security. It may be overdoing the matter; that's up to you to decide. After all, the suggestion about character names does not form the main thrust of my advice, which concerns using unique user names and unique password. -- Gaile 04:28, 12 November 2009 (UTC)

To summarize potential problems:

1) Some jerk hits Inde over the head with a tire iron and dumps him in the Hudson.

2) He pops open the database on the server in Inde's garage, which contains all of the passwords, e-mails and any other information stored server-side on GWGuru.

3) He does a quick search for the account with the most high-end sales, then logs into GW, use that account's name and PW, and if this person is lucky, he suddenly has access to a really rich account. He then changes the password, strips the account and transfers it all over the place so the stuff can't get retrieved, and moves on to the next richest account.

Thankfully (or perhaps not), there are ways of doing this without committing first-degree murder, many of which do not involve the owner of the site realizing their security has been compromised. You should never use the same password except on anything you're prepared to lose control over. Actually, I just don't recommend using sites like Guru to trade, but you do what you want. –Jette 04:47, 12 November 2009 (UTC)

Aaah, but there's the kicker. Yes, using different creds for each and every site increases security, but if there is the chance to lose control over information, who should we trust? Let's say I use the same creds for my game account logon and for my bank account logon. Who should I trust? How do I know who has the more secure servers? That's the irony. Every company requiring logon creds is going to tell you the same thing, and what that they are say in essence is that the security on THEIR own servers aren't going to be an issue, but you can't trust any other company's servers. The truth of the matter is, Anet's servers aren't any more or less secure than any other servers out there (speaking on general terms of course). So at the very least, knowing that any server can be compromised at any point, there should be more measures in place to minimize or reverse the impact of when that happens. After all, my bank does it, regardless of how or why; my credit card company does it, regardless of how or why; heck, I have even dealt with eBay sellers who have provided refunds for merchandise lost in the mail (and I the same); why should we expect any less from a game company we have invested hundreds of dollars and many hours/years of our time supporting? HanokOdbrook 11:28, 12 November 2009 (UTC)

It's not Guild Wars Guru. Inde 06:32, 12 November 2009 (UTC)

OH GOD HE'S BACK FROM THE DEAD EVERYBODY RUN –Jette 07:39, 12 November 2009 (UTC)

If that's the case, then there are more breaches that we don't know about. The only places GW related I have ever used over the course of these four and half years are Anet's own things (store, site, XTH, NCSoft site, official wiki), Guru, the unofficial wiki, and Incgamers GW forum site. And have made all attempts to remember to use separate creds for each. HanokOdbrook 11:36, 12 November 2009 (UTC)

Account Hacked after purchase thru InGame Store

My GW account was hacked, raped, & stripped after buying 2 Xunlai storage panes (they email receipts, that's the ONLY way to get my account login / email address) thru the Ingame store. I wanted to take advantage of the sale going on after the Halloween weekend to have more space to store things. I am going to TRY and be as brief, specific, and constructive as possible and try to NOT digress too much, but it's just VERY frustrating dealing with the people in Support. My ticket #091103-000377 - I guess the MOST frustrating and confusing part of the whole ordeal is: how these thieves were able to login to an account based in the US from China, WHILE I WAS LOGGED on! Once they get your login info, i guess it's easy enough to trace, then they must do something to get you to disconnect (i received 3-007 messages in a row), so they can "watch" you login again after being disconnected to get your password, or they may just have some password crack program after getting your login and the 007 messages were a result of them logging into my account while i was logged in. some background info: my router has a DOUBLE FIREWALL (not software, but hardware) plus the Windows firewall, no keystroke logger, virus, trojan etc on my computer, i used a full 13 digit password (changed from time to time) that ABSOLUTELY NO ONE knew but me - the whole process took from 35-45min to almost completely wipe me out (12 characters + bring a pre character to post). i can & will elaborate as needed with more details in subsequent posts or directly via email as you choose. --Nrdkblnd 14:25, 13 November 2009 (UTC)

Just to followup out of curiosity - when the RMT's are targeted, just what specifically is closed off or banned? Their account logins, access keys, IP addresses? Because then NCsoft / ArenaNet would benefit due to these RMT's having to continually buy new game keys & also some job security for the Support team to continually track down these "thousands" of accounts on a weekly basis. --Nrdkblnd 14:43, 13 November 2009 (UTC)

And that last part they will never answer, at least not truthfully. It could very well be due to what you said, but it could also be to prevent releasing information that makes it easier for RMTs to continue their "business." Rose Of Kali 17:42, 13 November 2009 (UTC)

My professionalism prevents me from using expressions like "Are you nuts?" But I'm going to slip that in there just as a little nudge. :) Are you suggesting that the company would somehow allow RMTs to flourish because we'd sell more games when they replace closed accounts? Think about it! NCsoft is a multi-billion-dollar company. Would they risk their global reputation to sell a few games? A thousand games? A million games? NCsoft is in this industry for the long haul, and reputation is critical!

You should know this important fact: RMTs seldom buy games. They steal them. They steal them from people who buy their gold or items. They steal them by injecting Trojans onto game or forum accounts and keylogging the passwords. They steal them through social engineering. They steal them through hacking fan forum databases, finding people with shared credentials, and taking over the account. For every new account an RMT buys -- if they buy any at all -- we're looking at the costs of assisting dozens if not hundreds of their victims. There's a seriously horrible cost/benefit ratio to selling an account and having to resolve 20 support claims (each of which is probably more costly than the profit from a game sale).

We spend thousands of dollars a day taking action on all sorts of accounts, from cheaters to harassers to RMTs. We are highly incented to keep the RMTs out of the game, and we put our dollars where our philosophy is by paying for staff to remove them. And we remove them not because we want them to buy a new game, but because their activities have a harmful effect on legitimate players. If our diligence drives some RMTs out of Guild Wars -- and it has in the past -- we help support the game economy and we reduce the security risks of RMTs trying every means under the sun to steal your account. -- Gaile 21:29, 13 November 2009 (UTC)

Can anything be done legally/within the USA Law about the RMT hacking game accounts? I'd imagine some prison time ought to be served for that kind of business (costing anet money and hacking personal accounts). - Chrisworld 00:51, 14 November 2009 (UTC)

I am not a lawyer and can answer this only informally. It is my understanding that nearly all RMTs are located outside the United States, and that the vast majority are in a country that handles issues dealing with copyrights, intellectual property, etc., very differently than most countries handle those matters. RMTs are big business in this country and from what I've read, they are not regulated or controlled in the way they would be in most nations. Prosecution of RMT owners in accordance with United States law isn't possible when they are outside U.S. jurisdiction and the host nation does not agree to said prosecution. -- Gaile 01:31, 14 November 2009 (UTC)

RMT businesses are so popular in other countries that the governments have in some cases actually taken steps to prevent the companies that own the game from exercising the right to ban RMTs, as was the case in Taiwan (I think) a few years ago. ANet had to relocate all Taiwanese accounts to American servers in order to get around that, as I recall. –Jette 01:40, 14 November 2009 (UTC)

Basically no, legally there isn't anything they can do. Most RMT businesses are in china and china has really odd laws about virtual property and intellectual property. All anet can do is protect itself the best it can. There is an argument for blocking internet traffic from china, but then the flip side of that is that it punishes the legitimate player in china and also only through social inclusion and exposure to the people from the rest of the world can we hope that the Chinese people will question their government and its policies upon human rights etc..., however this is getting a tad off topic and into global socio-political areas. So in short, anet can do nowt about it. -- Salome 01:49, 14 November 2009 (UTC)

Technically, in IL at least, if done knowingly is a class 4 felony (at least):

"Class 4 felony: access with purpose to scheme, defraud or deceive; damages computer or alter, delete, or destroy program or data in connection with scheme, defraud or deceive; if offender accesses computer and obtains money or control of money in connection with his/her scheme, defraud or deception; class 3 felony if any of the above are 2nd or subsequent offense; class 4 felony: if value of money, property, or services is $1,000 or less or if 2nd or subsequent offense obtaining data or services; class 3 felony: if value between $1,000 and $50,000; class 2 felony: if value $50,000 or more."

I am pretty sure computer hacking is defined as illegal in most countries, RMT aside, especially when malicious damage is done to data or if one obtains money from it. Fred K 01:59, 14 November 2009 (UTC)

As said China has funky laws in comparison to most western countries, thus the laws in america aren't really an issue here. -- Salome 02:04, 14 November 2009 (UTC)

Anet should just post some anti-communist propaganda on a bunch of websites with the spoofed IPs of RMT farmers/traders. That would take care of the problem from the inside (terrible I know but I have no sympathy for these guys.) Fred K 02:21, 14 November 2009 (UTC)

Another idea I just had in the same vein of thought is to make some drastic change to the game content such that it is declared forbidden by the Chinese govt. If getting caught risks life and limb for these lowlifes that would be a nice deterrent too. Subversive thinking, I know, but it seems like the current approach is like trying to hold back a flood with a chain link fence (or some other like analogy.) Fred K 02:32, 14 November 2009 (UTC)

I think trying to piss off the Chinese government is probably not the best policy one could take here. You can't hold all chinese people responsible for a hacked account. Maybe fred you should try thinking more inside the box than outside. -- Salome 02:46, 14 November 2009 (UTC)

(Reset indent) I wanted to get back to something that Nrdkblnd said in his original post about the use of the NCsoft or In-Game Store. While I'm not saying "that's not it" to anything right now, I can tell you that the intensive level of research I conducted on previous incidents did not reveal a connection between store use and security breaches. Believe me (or those I interviewed who read this page) the questions I ask are exhaustive and detailed. 'Bout the only thing I don't ask is the player's shoe size or blood group. ;) Ok, that's a bit of an exaggeration, but I do ask a lot about things like downloads, third-party program use, XTH membership, chat program membership, connection to an NCsoft Master Account, and more than 30 other points of data.

I take all the info that I get from the hacking victims and input it into a spreadsheet. (Survey participation is voluntary, btw.) Naturally some points of commonality are more prevalent than others. For example, more people are members of a large fansite than a small guild forum. More have an NCsoft Master Account than don't. But there aren't exact parallels; there hasn't been a striking "Eureka!" moment, as much as I have hoped for it. In short, nothing points to the store; nothing indicates that making a purchase there will increase your account vulnerability at all, for many victims buy their games at a brick-and-mortar location and never use the IGS at all. I do thank you for bringing this up, though, because I will expand my survey to gather another bit of specific data in the future. -- Gaile 03:04, 14 November 2009 (UTC)

"Technically, in IL at least, if done knowingly is a class 4 felony (at least)" this is where the part about nearly all RMTs are located outside the United States comes into play. It's nice that Illinois has that law, but it means absolutely nothing to the companies based in places like China and Taiwan. Those governments actually make a great deal of money from businesses that "steal" other people's copyrighted work (just go to your nearest grocery store parking lot and find the guy selling Chinese bootleg dvd's for $5 out of his trunk). Also, as for your "loss" it's all pixels. You have not lost anything of any real world value, you still have access to the game which is all you have paid for, so assigning a felony class level based on your loss is moot. There is no law enforcement agency, or court in the world who would assign a real world value above the cost of the game to the items that were "stolen". -- Wyn talk 03:16, 14 November 2009 (UTC)

Salome, the only reason I pick these out is because support indicated this was where the source of my particular account compromise happened. Also, what I say there is somewhat tongue in cheek, obviously I am legally helpless in this situation; it would just be nice if something could punish these guys. I feel karma did not shine well on me: I had just hooked up some noob ranger with a ton of bows the day before I got hacked. My reward for a good deed is this, and some Chinese guy is off scott free.

Gaile, I would be more than willing to volunteer for any further dialogue if I could be of assistance. I am pretty computer savvy and could maybe give you some good information.

Wyn, you miss the point. Even money and RMT aside, the statute outlines alteration, deletion, or destruction of data as a class 4 felony; there is no arguing that this qualifies. Class 3 only comes into play if money is involved, which as you say is disputable. But, as I just said, my "loss" of pixels is indeed a class 4 felony, because that "loss" involved the alteration of my data. As such, my felony claim is indeed not moot, at least by IL law, or most others. You are arguing that I could hack any company or person, and as long as I didn't do monetary damage it's fine and dandy; I think the law in most places considers hacking illegal regardless of monetary loss. Fred K 04:27, 14 November 2009 (UTC)

No, you missed the only 2 points you need to know: China and Taiwan don't effing care and Anet has no way of getting China and Taiwan to do anything about it because of point 1. Now, please stop the circular argument, it's getting really annoying. Pika Fan 23:25, 14 November 2009 (UTC)

Sorry, just because they don't care doesn't make it not illegal. JUST BECAUSE IT IS ILLEGAL DOES NOT HELP ANYONE, I GET THAT PART. I am tired of the circular argument too, I am done here. Fred K 02:27, 15 November 2009 (UTC)

Now get the part where it's not illegal for them. Don't be so xenocentric. elix Omni 04:16, 15 November 2009 (UTC)

I can think whatever I damn please. Please don't forget Guild_Wars_Wiki:No_personal_attacks when throwing around pejoratives. Fred K 07:18, 15 November 2009 (UTC)

You can, but you'll be wrong. elix Omni 07:22, 15 November 2009 (UTC)

Not to point this in the other direction or anything, but how is he being xenocentric, isn't that when you prefer something from another country, instead of your own? Not that I don't believe you all have a point, but Fred is wrong here, and there's nothing that can be done about any of this. As I'm sure myself/Gaile/anyone can tell you, this road has been explored to it's dead end more times than any of us are willing to count, my advice would be to let it go, as the only outcome here is what's already happened, and maybe some bannings. -- Tha Reckoning File:User Tha Reckoning Sig2.jpg 07:28, 15 November 2009 (UTC)

^ Wiki bannings. -- Tha Reckoning File:User Tha Reckoning Sig2.jpg 07:29, 15 November 2009 (UTC)

Yeah, I was hoping no one would catch that. I couldn't think of the inverse. Ethnocentric I suppose. elix Omni 07:31, 15 November 2009 (UTC)

Grammar nazi points for me. -- Tha Reckoning File:User Tha Reckoning Sig2.jpg 07:32, 15 November 2009 (UTC)

Semantic nazi. My grammar was impeccable. elix Omni 07:34, 15 November 2009 (UTC)

Good point. -- Tha Reckoning File:User Tha Reckoning Sig2.jpg 07:37, 15 November 2009 (UTC)

What you are still not getting is I am not making any claim about Chinese law, because I know nothing about Chinese law. Something can be illegal here and not illegal there at the same time, one does not preclude the other. You are calling me "wrong" and whatever else, but I am only stating that such activity is illegal in my current jurisdiction, even if the perpetrator is outside of my current jurisdiction. I am not claiming that this will result in punishment or has any effect outside of defining it as illegal. As such, I think there is pretty clear international opinion on the illegitimacy of what they are doing, so I can't see how I am being xeno or ethno centric. Also, there are clear signs that Chinese law is slowly moving to come into line with international expectations on this issue [[1]] [[2]], so I don't see how my view is being seen as so extreme. I apologize for dragging this out more, but this has moved from disagreement to name calling over my viewpoint which you are still not fully grasping. Fred K 08:00, 15 November 2009 (UTC)

(Reset indent) Okay, the chinese govt did it wrong. Now let it go? The discussion is pointless, has been for a while now. -- Tha Reckoning File:User Tha Reckoning Sig2.jpg 08:03, 15 November 2009 (UTC)

Question reguarding new policy

What about those of us who have made usernames on fansites with our character names? Should we ask the said site for a username change or are we playing russian roulette? Katherinezoltin 04:16, 14 November 2009 (UTC)

Katherine, my suggestion was only an extra measure that some people may wish to take, and it was directed mostly at people with massive wealth or a lot of special, rare items. It's not a primary level of concern, and you should not worry overly much about changing your user name. You notice, I have not changed mine. :) -- Gaile 05:20, 14 November 2009 (UTC)

Thankies Gaile, I was slightly paranoid for a moment is all. ^^" Katherinezoltin 05:43, 14 November 2009 (UTC)

NCsoft master account reset [Incident: 091106-003431]‏

Hi Gaile,

Again, thanks for taking the time to speak to me yesterday regarding my account theft. Please review my situation and let me know if there is anything that can be done to salvage some of what I lost. I lost approximately 1,070K plat, 40+ ecto, all the common crafting materials were full, some of the rare materials were almost full, many gems, Minipets including Varesh, Asura, Destroyer, Gray Giant, Rurik, at least 2 sup vigor runes, multiple gold weapons, including gloom shields. I'm sure you're aware of the drill by now. As I've been trolling various GW forums, it appears many older accounts like mine were targeted.

Also, as we discussed, I just have a staggeringly hard time believing GW is the only MMORPG in history that can't resotre accounts. I would like a detailed explanation as to why this is. On a separate note as a suggestion, why not seize all the items and gold of the RMT accounts getting banned and try return it to players? Someone is losing an account which has "stuff" in it. Why not use that "stuff" to reimburse the hacked players. As many other people have noted, I strongly feel there is a large security flaw in the NCSoft master account. In my specific case, my NCSoft master account was hacked which then led to access to my GW game account. I'm fairly confident when I say that unless this lack of security is corrected ... and very soon, many of your oldest and best players will likely not return for GW2, or any other A-net/NCSoft game for that matter. Because of this flaw, I will be forced to get an entirely new e-mail address, change my passwords for ... just about everything in my life now. Thanks for your help. 68.57.86.60 16:42, 12 November 2009 (UTC)

I believe that most of the accounts that are used to hack and transfer money/items or used as bots are just temporary mule that can be banned without much loss. All items and money must then be transfered to another safer one which cannot be banned for the previous cited abuses, and from which they will be sold. This is just a guess btw ^_^ M3G 17:04, 12 November 2009 (UTC)

Quote from Gaile when I asked about this up a bit on the page:

"As far as "splitting the income" from sales, I would say that is nearly impossible. Most account are stolen by RMTs and many are stolen in a single day. It would take an act of Soloman to try to fairly and equitably divvy up the gold from sold items in such a situation, so I do not see that this would be a practical or reasonable outcome to most account thefts. I will consider this further during the work week. -- Gaile 06:55, 8 November 2009 (UTC) "

My thinking, and part of my reason for expanding upon my suggestion posted on the Feedback Portal, is that if those items cannot be returned individually, then how about they be placed in a "pool" accessible by NPC "merchants." A system can then be set up to allow victims of stolen accounts would then be able to retrieve items matching ones that were stolen. HanokOdbrook 17:24, 12 November 2009 (UTC)

And if 50 people lost the same item, who gets it? First come, first served? That hardly seems fair, when someone is hacked during his sleeping hours, and he learns that someone else got the only (insert item name here) available during the time he was eligible for items. And how long would he be eligible to get items from this "merchant?" And how much code would have to be written -- it boggles the mind -- to track that Fred retrieved his Icy Dragon Sword, but Mary bought one to replace the one she lost and therefore isn't eligible to get one from the merchant. Or is she? And to note that Tom got 142 of the ectos he lost and has another 10 coming, where Jenny had 20 coming, but found 5, so still a has 20 coming from the "merchant."

Don't get me wrong -- I like good ideas! But I'm bound to provide some insight into the complexity of their implementation. I see a number of drawbacks to this proposal, but naturally welcome ideas on how such a concept could work, even if it ended up being only as a point of discussion and not something that we could implement. -- Gaile 23:13, 12 November 2009 (UTC)

What is with all the Fred references? Starting to take a liking to me? :P Anyway, it's easy to see that a free for all is not a good idea, but why not allow the devs to allow item creation? It seems simple... you backup your data on a server, your bank guarantees your accounts, the idea behind all that is to give recourse after a security breach... it seems naive to assume nobody will ever get compromised; why not help them when it happens? 76.16.166.146 02:18, 13 November 2009 (UTC) (sorry forgot to login) Fred K 02:18, 13 November 2009 (UTC)

I guess you're just that kind of special guy, Fred. Anyway, I appreciate what you are saying Gaile, and this is one of the reasons why I want to get this dialogue going - so we can figure out how to resolve this issue for GW1, and ensure that measures are already in place to prevent the necessity of this dialogue for GW2. The fact of the matter remains, this type of issue will only worsen as the MMO genre grows, so it's time to get measures in place that will allow for recovery when it does happen.

If we will run into the problems that you mention above, then how about we institute merchants for specific items and use the voucher system that allows for recovery. The normal merchants are coded in such a way that they never run out of inventory. We then should have this for the rare items and one-time-only items (Minis, the three end game reward items, and the very rare drop items like the ID sword and such). Any account that gets hacked needs to initiate a support ticket for investigation. Once Anet determines this was a true hack, that account is issued in some manner, a means to recover those items, and a set amount of gold to enable purchase of necessary materials for armor and weapon re-equiping. Have the vouchers come with an expiration date. The fact that someone may purchase a replacement really shouldn't have a bearing in this scenario, where the merchants would have the unlimited inventory, as that person would be free to purchase said item regardless of a hack or not. HanokOdbrook 13:54, 13 November 2009 (UTC)

Out of curiosity, how is it that accounts are stolen to begin with? Do people really use the same email for Guild Wars as they do for everything else? I mean, it would be great if a dictionary attack wasn't even remotely effective against the game client, but at the same time, what kind of password are you choosing that is so easy for a dictionary attack to discover? I apologize if I sound bitter, but with the number of account hacks that we see every day and the numerous more we certainly don't see, it is no longer an issue of improper security on ANet's part, but a matter of unsafe practices by users. You certainly don't use the year you were born in as your PIN number, or at least I'd desperately hope you didn't, so why would you take less care with anything else? ··· Danny Pew Pew 21:24, 12 November 2009 (UTC)

I need to get into the account-stealing business, because apparently letting people who do not understand basic security farm 1,000+ platinum and a bunch of armbraces for you is way faster than killing smite crawlers. –Jette 23:46, 12 November 2009 (UTC)

Wow. Flame on. Thanks for the support you two. Okay, so to specifically answer the issues brought up. 1. I began playing and set up all my account information 4 years ago when this type of security breach simply didn't exist. 2. Yes, I had been using my e-mail address for everything. 3. No, my password would not easily been broken through a dictionary attack as ... well, my password was not in English. 4. No, give me some credit at least. I do know a few things about password security to recognize the stupidity of birthdays, pin numbers, etc. 5. I haven't actually been farming in ... at least 2 years. I hadn't needed to. I had more than enough money up until Friday to purchase what ever I wanted to and I only tried smite runs a few times. Boring. Until Friday, none of my personal accounts had been hacked or even locked due to hack attempts. Ever. There are however several documented issues as to A-net/NCSoft's security that even a cursory google search will reveal. This needs to get fixed. This is not my fault no matter how much I get flamed. NCSoft's security was broken. Not mine. No keylogger, no virus, no written password, no exchange of passwords to anyone else, No one who has my e-mail information knows enough about me to break my password.

I am concerned that you've blamed the unauthorized access to your account on NCsoft or ArenaNet. That simply is not an appropriate thing to say. Google posts do not necessarily equal fact, although if you wish you can email me the links and I'll be happy to review them. NCsoft has historically been very open about security issues in the past and I believe that NCsoft and ArenaNet would be forthright about any internal vulnerabilities if they were discovered today.

We are reviewing security at every level. We have identified a potential breach via one fansite; we've been told that many others may be at risk. In your personal situation, you may believe (or know) that those vulnerabilities don't relate to your account theft. But since we are still looking into this, it's too early to lay blame anywhere other than with the known issues, and it's highly inappropriate to draw any conclusions, including one that leads you to believe that ArenaNet or NCsoft is responsible for your account's loss.

I sympathize for the loss of your items, I truly do. But I think everyone should be responsible and appropriately accurate about statements of blame. An internal vulnerability has been disproved on every level of investigation we've conducted thus far. -- Gaile 21:14, 13 November 2009 (UTC)

With all due respect, There have been way too many hackings lately, and even going to log onto my NC account I tested the limit of account lockout-wrong password inputs (on my own account) and there is no limit. That (which invites brute force attacks) mixed with the fact that changing the password and changing the GW game password requires no knowledge of the original password(s) makes me very uneasy about the NC Account website and I do not trust it, along with many others. Something needs to be done about it. - Chrisworld 00:48, 14 November 2009 (UTC)

I asked about the prevention of brute-force attacks and was told "Yes, there are velocity checks for both the game and the NCsoft system that prevent brute-force attacks." The checks may be different that what you expect. For instance, the system doesn't refuse you entry after XX tries, or make you wait YY minutes after you've failed a few times. Instead, the system increases the time allowed between tries and that increase may be subtle and unnoticed in casual use. But having been told by the security team that there are such measures, I would like to know what you expected to experience that lead you to flatly state there are no such checks. I can request testing of this by ArenaNet's QA Team, but I will ask their time only after prudent research on my own, because they are incredibly busy right now. Thanks for any information you can give me. -- Gaile 02:31, 14 November 2009 (UTC)

Why not handle it like some of the ones that WOW uses now. I don't remember the name, but its the program that generates a new lockout every 6 seconds. You can use it from your desktop and it runs as an app from a cellphone. Make it almost impossible for an account hack by password generators, or brute force. Then when you sit down to play. Get the generated key and rock on! There are many ways that this can be fixed. Several nice ways. Also backing up the player account info on server. Then investigate and replace once hack has been proved. Blizzard commonly returns hacked players Items and gold, on a regular basis, so saying its that difficult isn't really truth full, its more of we don't wanna fool with it.I can say this for cetain. Many of us with old accounts, will be buying GW2. If we get hacked and lose all of both games, I bet they will lose a lot of people... This issue has been comeing to a head for quite some time. Digital "Virtual" properties are becoming more and more common. So are their thefts. and Large companies have proven time and time again, as a consumer of said properties. You have NO OWNERSHIP rights. If its lost or stolen, they just expact you to purchase it again and again. Xbox live is another prime example where when you are hacked, you are just screwed. They could care less. As digital properties are sold more and more, this is going to lead to major trouble for consumers. The sims and Sims 2 ect is another good example. I created a sims account with EA when the sims 1 came out like almost 10 years ago. at some point I lost and forgot my ea account in fo in that 10 years. now I am denied access to all digital addon properties and items. Forever. Cant register a new account because the serial is already used. EA thought they would be sly with the sims 3 and make it to where you can only play about 1/3 of the game without registering on thier forums with the serial. In 8 years if you wanna play it again and you have lost and or forgotten that password... your out of luck. My brother who was only like 12 when GW came out made his master account with plaync. and somewhere in those 4 or 5 years forgot his logon. and mom threw away the jewel case to prophecies. He has the disks, just not the serial. He also has the serials and boxes and disks of all the expansions. Only missing the prohecies key, and NcSoft still wont give him his account info or reset his account. Even though, he has factions/NF/EOTN, and a few addons, with reciepts, and the original boxes and serials and all. Thats real reasonable. The expansion serials are all associated with the prophecies account seeing as you can add them from the game. But thats still not enough eveidence of ownership. READ: ONLY HAVEING A HARDCOPY(ORIGINAL JEWEL CASE) OF THE PROPHECIES WITH THE SERIAL PRINTED ON IT IS ALL NCSOFT WILL TAKE AS TRUE OWNERSHIP. ALL THE EXPANSIONS SERIALS DONT MAKE A BIT OF DIFFERENCE... They told my brother that any further inquires into the master account associated with those keys will result in a full ban on the entire account. Sounds to me like they are fine with screwing over their players and pursue it actively. The only answer or recourse he has is basically buying a new copy of Prophecies and all the expansions basically 200.00$ worth all over again, and making a new master account. After trying to help him sort it all out I am positive they sit with glee just waiting for the chance to make someone completely buy new copies of everything. There is 0 protection or recourse for any of us as players. If Ncsoft continues on this corse, they wont make it in the long run, their reputation will be to far gone. I hate to see it because I love their games. Remember what I said here, it can happen to you. Hungryarmadillo 05:04, 14 November 2009 (UTC)

I am awfully sorry, Hungryarmadillo, but I just can't read the comments above, it just forms a wall of text. (It's Friday night and I've had a stressful week, so please forgive me my shortcomings.) I suggest you go back and make paragraph breaks, please!

But let me address one thing I did pick out: We do not accept only Prophecies access keys as proof of ownership. That's a policy from two years ago. I've been in my position for 1 year and 7 months, and one of the first things I did when I accepted the Support Liaison position was research current policies and facilitate some significant changes, with the help of Support management and team members. It was awful that the team was saying, "You moved four times and lost your Prophecies Access Key. Too bad you have the other keys, you're out of luck." Such a policy was very user unfriendly, and we do not have such a policy now!

If your brother had difficulties in retrieving an account, I can only conclude it was an account for which ownership was disputed. Perhaps someone else had the Prophecies key (the key with which the account was started) and your brother had subsequent keys, I don't know. But if that were the case, it's impossible to attribute "ownership" because of the conflicting information. If your brother truly was told "We won't help you" under the exact parameters you described, please give me the incident number and I will investigate, for that is not supposed to happen. -- Gaile 05:32, 14 November 2009 (UTC)

I would like to give the info, but unfortunately the last communication from NcSoft, was that any further inquiry into the account would result in a ban of the account. At this point, at least the account is still usable. He just couldn't get his free storage, or purchase any additional features on the account. If it ever gets hacked its just a loss I suppose. If there was some assurance the account wouldn't get banned for further inquiry I would be glad to forward the e-mails and the support number.. But the thought of a complete loss of 200$ worth of game doesn't exactly motivate. Help would be greatly appreciated, but not at a total loss. Hungryarmadillo 04:13, 15 November 2009 (UTC) Additional note, The only dispute of ownership was on Ncsofts part. He wanted to purchase additional stuff from the store but couldnt access the master account because of the lost password. We did provide the keys...to every thing but prophecies. Problem we had is some how his copies and my copies were packed away in a box together. So not knowing which keys went to which account was likely the issue. If you have some way to deal with this I would greatly appreciate assistance, but Im kind of afraid of both accounts being lost. Kind of an odd situation really. We could both provide both sets of information and keys. and I know my master account info. Are the keys for each game listed there? I dont think they are, I think I checked. Hungryarmadillo 04:18, 15 November 2009 (UTC)

Is there an "official Ncsoft email" I can contact you at? or can I send it through official support with your attention to it? we can both send the info and the account keys to you. or whatever you request.I ended up with the keys with me when I left and the boxes. Thanks for your quick response. Maybe I was wrong about what I said. Your statement was more helpful than anything we got in correspondence. Just tell me what you need and where to send it... Thank you again. Hungryarmadillo 04:36, 15 November 2009 (UTC)

In the Toolbox on your left you'll find "E-mail this user". — Poki#3 (talk) 17:51, 15 November 2009 (UTC)

Gaile, I have updated my support ticket with new information. I believe the thief left a customized weapon in my inventory. I understand you work for A-net/NCSoft and have access to information we do not. Likely, it's information you don't want to share due to additional threats to security. To address your concerns from above with my previous posts, try to look at from a player's perspective. Perhaps other unethical peope are setting up A-net/NCSoft as the fall guy for all hacks in general and this most recent epidemic of hacks specifically. However, the responses players are receiving who have paid money to play the game are ... decidedly lacking in any sort of support. In fact support's initial response is to ... blame the player. "Since we know our servers are secure ..." I think you know the rest of the line. There is no help at all from support, they just default to blaming the player and it makes us all very, very angry.

I will say all the evidence so far points to A-net/NCSoft as the security leak and the responses from support don't go to reassure players this is not the case. So, as would anyone, the default response is to blame right back and so far, I feel justifiably so. Essentially, the answer is "sorry you got hacked ... ya well, thanks for your money, we're not going to do anything." I feel this points to an insider at A-net/NCSoft. No one who got hacked cares one little bit for the amount of RMT bans/fraud accounts/whatevers completed in a week, month or year. Why? Because the one that matters didn't get banned ... if in fact that's how players are being ripped off.

Based on my review of the forums of the sheer numbers of players being hacked within the last three weeks, I see estimated losses of 10B in gold and assets. This level of security breach with no compensation to the players who paid for the game is simply not acceptable. The problem is that no matter how much support claims it's not their fault, it is until support/A-net/NCSoft proves otherwise. There appears to be no investigation going on; no attempt to retrieve player items; not even a detailed response of "we looked into your claims and found that ... we tried to do XX, but were unable to locate your stuff due to ... whatever." To my knowledge, A-net/NCSoft has been touting the same line of "oh well, sorry" since the game was released. Four and a half years of the same response? No improvement in security? No player compensation at all? This is what makes us angry and look to blame A-net/NCSoft. BTW, I still haven't heard what sort of investigation of my items/gold is going on. I'm simply trusting that you're looking into it. — The preceding unsigned comment was added by 68.57.86.60 (talk) at 03:51, 16 November 2009 (UTC).

First, 68, is that you who posted? Please sign your post so I know for certain. If not, who posted immediately above? Secondly, can you post your incident number? I incredibly busy, can't find it, and would appreciate that help, if you don't mind.

Now to the gist of what I want to say. What sort of "evidence" do you have that "points to A-net/NCSoft (sic) as the security leak?" Because I have oodles of evidence, and months' worth of research and analysis that does not point to ArenaNet or NCsoft as the responsible party for the breaches. I am not saying "It's not us!" I am not so foolish to say that until I know what is is when it is not us, you see? But I can say that we've had a lot of very fine brains working on this (and then, there's mine, but we won't go there ;) ) and nothing points to a breach or a weakness within the game, the game servers, or the NCsoft network. Honestly, nothing points that way.

I go into these with a completely open mind, and I view the issue with complete lack of bias. No, actually, my bias lies in finding the source of the problem, no matter where it lies. I've personally interviewed a lot of players who have been hacking victims. When I do that, I enter their responses -- which I am sure are honest and forthright -- into an enormous spreadsheet. What you do when analyzing a hacking incident or a security breach is to look for what I call "data intersections" or points the victims have in common. "Do they all belong to XYZ fansite?" No. "Do they all use the XTH?" No. "Are they all NCsoft Store customers?" No. And so it goes. I have not seen anything that leaps out, and a lot of other people have reviewed my reports and nor have they had that "Ah ha!" moment. I wish that we did. Even if we learned the issue was something internal -- that it was "us" -- at least we'd know and that would be best for all of us.

But we don't know. And with all due respect, you don't know either. So please, comments about how we aren't looking deeply into this matter, or how we have your money now and don't care enough to resolve the issue aren't just rude, they're inaccurate and they're unfair to those of us who are working days, nights, and weekends on this issue. They also make no contribution whatever to a subject that we really need to focus on. We do care deeply and we'll continue to care, continue to investigate this, and continue to work on a resolution until we nail down how the hackers are getting account credentials. Once we know that, we'll take whatever steps we can to prevent them from using those credentials. And that, again, will be best for all of us. -- Gaile 04:40, 21 November 2009 (UTC)

I checked the history to confirm that comment was made by "68" and I've helped him sign it. --Silver Edge 05:01, 21 November 2009 (UTC)

Also, I think the incident number you're looking for is in this section's heading. --Silver Edge 05:05, 21 November 2009 (UTC)

Umm. Yes, yes, I knew that, I was just... umm... checking to see if that number was accurate. *snicker* Ok, truth is, it's been a long day, and a very long week and I blew by the subject line. Thanks for your help, Silver. :) -- Gaile 06:13, 21 November 2009 (UTC)

(Reset indent) As was explained in the ticket, the item you found on your account belonged to another player who was also hacked. It is not unusual for the hacker to shift things around as he/she strips the accounts of the victims. An item, and the name of the person to whom it was dedicated, does not necessarily point to the hacker, as it did not in this case.

As also previously stated, we were not able to retrieve your items. We regret that this is the case, but the person who accessed your account is part of an RMT network, and they work very efficiently to strip accounts and hide their ill-gotten goods. A detailed explanation of the reasons that we are unable to return items is supplied on this wiki page and in the Support Issues archive. -- Gaile 06:38, 21 November 2009 (UTC)

Okay, first it is me, the OP who started this discussion. I'm not signing anything because I don't want any part of my new identity hacked again. Now, maybe I'm not making myself clear enough. I do not care who hacked into my account. I want my stuff back and I want it back now. As I indicated above, you have not proved to my satisfaction that A-net/NCSoft is not culpable in my theft. Until you prove otherwise, the company is to blame in my mind. Until you show me some other site I belong to that got hacked as you've suggested ... it's all A-net/NCSoft. This hacking garbage has been going on since the game was created and A-net/NCSoft has done nothing to 1. put a stop to it or 2. compensate the players who were damaged. Yes, the same players who pay not only your salary and give you a job, but every single person at A-net/NCSoft. I, and I feel very comfortable speaking for the others who were hacked here, am extremely angry at A-net/NCSoft's continued lack of action when players are hacked. You want to point out that I'm being rude and insulting. Okay. Here's a scenario for you ... I've logged over 5200 hours playing this game; I've provided valuable help to other players; feedback for developers at GW regarding skill balances; game play, etc.; I earned over 1M gold playing honestly in this game and have dedicated a substantial portion of my life and real money (in expansion purchases) to playing this game. I log in one day and find all that's been wiped out. Then when I turn to the exact people who are supposed to 1, stop things like this and 2 help me. I get told, "sorry, nothing we can do." Do you honestly not see a problem with that? Seriously?

You spoke in an earlier post about the company's reputation. This is where A-net/NCSoft is going to continue to get crushed in the market place. This is why WoW is still defeating A-net/NCSoft in the market place after 7 years! These exact reasons. I provided support with extensive and valuable information in my original support ticket that should easily lead you to finding my items. If you can find someone swearing in some random chat channel, you absolutely can find my stuff. I scanned through the archives and found nothing to indicate any detailed reasons why my items can't be restored. The only thing I find is the same, tired, old line of "we are unable to support this ... ." GW would be the only MMORPG in history that can't do this. I have read your posts and responses to people who get hacked. "I'd really like to help you. I'm sorry it happened. There's nothing I can do." Actions speak much louder than words, Gaile, as I know you know. Do I believe you when you sympathize. Yes. However, A-net/NCSoft's actions are clearly pointing to a complete lack of caring or even acknowledgement of responsibility to its players. You said you find it insulting and rude to people who are working days, nights and weekends on this issue. Really? I'm seeing four and a half years of the exact same response? What work is A-Net/NCSoft doing to help players? Honestly? Banning "thousands of RMT accounts each week?" Clearly that isn't working. Insanity is doing the same thing over and over and expecting a different result.

I know ultimately you're not going to respond to my post and will likely delete it. I do hope you read it first and take it to heart. Your company's reputation and your customers are being damaged and you're not compensating them at all. That needs to stop and stop now. Restore players' items when they get hacked. It's the only right thing to do if you want to be a part of a quality product.

^^above unsigned is not me^^ I want to stay a little more on the side of constructive criticism, this is a bit more harsh than i would put it, but amen. Fred K 01:01, 30 November 2009 (UTC)

Agreed. Seriously, something has to change. The guy was understandably pissed, but he's completely right. Rose Of Kali 10:51, 30 November 2009 (UTC)

Something strange just happened

So I was in Pre-Searing - I map traveled to Ascalon City by clicking rapidly maybe 4 times. I was taken to a character selection screen. It had only 4 slots, none of which had a created character. I logged out, logged back in, and had my screen with all my characters. What happened and where did I go? I thought about making a character but seemed like I might mess up my account doing so. This ever happen to anyone? Fred K 21:14, 15 November 2009 (UTC)

I just checked, this is repeatable. Fred K 21:15, 15 November 2009 (UTC)

Not an isolated case. I can do the same thing for kamadan. 98.248.90.248 21:17, 15 November 2009 (UTC)

Have you always been able to, or did I just discover a new bug? I think it has something to do with the four clicks translating into two map travels, which confuses the game in some way. Just my best guess. Fred K 21:21, 15 November 2009 (UTC)

Never tried until i saw this. I tried creating a new character and it just said all the slots were full. 98.248.90.248 21:29, 15 November 2009 (UTC)

Old bug. Also, this is not the place to post such things. — Poki#3 (talk) 21:46, 15 November 2009 (UTC)

Ok my bad, this is the first time I've ever come across something like this. Where to report in the future? Fred K 22:17, 15 November 2009 (UTC)

Feedback:Main. There are pages devoted to bug reports. — Poki#3 (talk) 02:15, 16 November 2009 (UTC)

Thanks, everyone. It's great to get those bugs on the proper pages, and allows me to focus on the support issues instead of doing traffic control. :) -- Gaile 04:41, 21 November 2009 (UTC)

botnetz

Why are bots prohibited? I understand the prohibition of RMTing and all the bad things that happen because of it, but I don't see why I couldn't just get a bot to do work for me if, for example, I decided I wanted to be rich and didn't want to put up with terribad UWSC groups and just do it myself with a bot and 8 accounts. Or smite/600, or what have you. I mean, I totally get prohibiting them in PvP, that's just common sense, but players are basically already allowed to cheat in PvE anyway, and not playing with other people is encouraged. So what gives? Logically speaking, if I have the skills and technical proficiency necessary to create a script to make a bot do something for me, I would need at least the skill necessary to perform that task manually. –Jette 02:56, 17 November 2009 (UTC)

I like this question, and I'm anticipating a response that either A) skirts around the question with distraction tactics B) says bots are bad by fiat, or C) doesn't answer. -- Tha Reckoning File:User Tha Reckoning Sig2.jpg 03:10, 17 November 2009 (UTC)

I'd like to wait for Gaile's answer before we start making rants about lololorororororolol anetz is bæd. There might be a legitimate reason, I'd assume it would have something to do with people distributing bots that aren't bots at all, just account-stealing programs, and gullible people who don't demand source code falling for that trap. That's the only reason I could think of. –Jette 03:15, 17 November 2009 (UTC)

I wasn't ranting, I assumed there would be a response at least, surely that's enough to hope for. -- Tha Reckoning File:User Tha Reckoning Sig2.jpg 03:16, 17 November 2009 (UTC)

rororororororororororor –Jette 03:17, 17 November 2009 (UTC)

Lol what does that even mean? -- Tha Reckoning File:User Tha Reckoning Sig2.jpg 03:25, 17 November 2009 (UTC)

I am not Gaile. However, I'd like to point out a few things:

1. Logical flaw: Just because you have a bot doesn't mean you wrote it. Anet has no way of knowing if you wrote the bot you're using or if you downloaded it from someone else. This also brings me to my next point:
2. Infinite scalability. Once you've written a bot, that means you (and all your friends) can run it on as many accounts as you have, 24/7 (barring technical difficulties). Running 3 accounts simultaneously for 24 hours straight effectively is not a humanly feasible task, regardless of heroes, consumables, or builds-of-the-week.
3. If people were allowed to bot, the line between the proverbial "haves" and the "have-nots" is going to be drawn between people who bot and people who don't, and it's going to get wide fast. Assuming a bot is at all efficient, it will make at least as much money in a given time period as a human player farming the most lucrative farm, thus players would effectively be punished for taking their chars out of bot mode in order to actually play them. Goodbye to any remaining semblance of an economy.
4. Allowing bots means explicitly condoning third-party programs, which quickly becomes a headache for Support, as hordes of the less security-conscious download "super_fast_guild_wars_farmbot_(definitely_not_a_trojan).exe" off whatever the happening P2P network is for the kids these days.
5. It's a game. You're supposed to play it. That's the whole idea. - Tanetris 03:26, 17 November 2009 (UTC)

1. Logical flaw: Just because you have a bot doesn't mean you wrote it. Anet has no way of knowing if you wrote the bot you're using or if you downloaded it from someone else. This also brings me to my next point:

ANet also has no way to know if you ask your little brother to play your second account for you.

2. Infinite scalability. Once you've written a bot, that means you (and all your friends) can run it on as many accounts as you have, 24/7 (barring technical difficulties). Running 3 accounts simultaneously for 24 hours straight effectively is not a humanly feasible task, regardless of heroes, consumables, or builds-of-the-week.

Again: it is if you ask someone else to do it while you're in bed.

3. If people were allowed to bot be invincible, the line between the proverbial "haves" and the "have-nots" is going to be drawn between people who bot speed clear and people who don't, and it's going to get wide fast. Assuming a botfarm is at all efficient, it will make at least as much money in a given time period as a human not invincible player farming the most lucrative farm, thus players would effectively be punished for taking their chars out of bot invincible mode in order to actually play them. Goodbye to any remaining semblance of an economy.

ftfy (fixed that for you).

4. Allowing bots means explicitly condoning third-party programs, which quickly becomes a headache for Support, as hordes of the less security-conscious download "super_fast_guild_wars_farmbot_(definitely_not_a_trojan).exe" off whatever the happening P2P network is for the kids these days.

If I had any vestiges of human empathy left in me, I might care about that. I do not, on both counts.

5. It's a game. You're supposed to play it. That's the whole idea. - Tanetris 03:26, 17 November 2009 (UTC)

But people don't play it as is. They farm it, and virtually nothing else. Letting people use bots would be a slight change at worst.

@Reckoning: Rollo Lowlo –Jette 03:34, 17 November 2009 (UTC)

I thought that henchman name was a joke, wow. -- Tha Reckoning File:User Tha Reckoning Sig2.jpg 03:39, 17 November 2009 (UTC)

Going down the list quickly: Having someone else play for you is neither infinitely scalable (limited number of human beings on the planet, if nothing else) nor as reliable as a bot (your little brother may also want to sleep, for example. Or play his own account, or do any number of other things). The line between SFers and non-SFers is nothing compared to the potential line between botters and non-botters. Your empathy doesn't matter, as you aren't in the position to make the rule decision; your not agreeing with it doesn't invalidate the arguement. If someone happens to enjoy farming (hey, different strokes for different folks), then that is playing for them. Else, they're missing the point too. - Tanetris 04:33, 17 November 2009 (UTC)

No offense, Tanetris, but I don't think you quite understand how Guild Wars bots work.

• Given that Guild Wars is not at all client-side, you have zero access to in-client controls. Unlike client-side games, you only have the interface to work with. This makes things considerably more difficult and immediately counters your "infinite-scalability" idea. You can only run as many bots as you have computers, more or less. (There are some more advanced scripting techniques that could theoretically allow you to run bots on multiple GW instances, but the amount of script overlap you have to deal with is literally exponential.)
• Also, given that you have only the interface to work with, you either have to write the bot yourself or move your interface items to the exact pixel locations that the author used.
• Regarding efficiency, writing a bot that could ever be as efficient as a human would require an intense amount of programming. Again, a bot only has the interface to work with.
• ANet could very well allow bots under the same terms they allow MGWML and TexMod to be used.

If I'm wrong about the fact that any potential GW bot must use the interface as its only means of function, I apologize preemptively - I've yet to hear of a Guild Wars bot being written and distributed en masse, so I've always assumed it had to be interface based. (I've also drawn this conclusion from watching bots in JQ and various outposts.) ··· Danny Pew Pew 19:35, 18 November 2009 (UTC)

Unless ANet has intentionally obfuscated signals to prevent bots and other exploits, any bot writer worth a damn would be sending signals directly, rather than working with the interface. Most bots that have been created thus far *do* likely work as you suggest, by ordering the bot to perform tasks at the "human" level; that is, ordering the bot to move the mouse, click, press keys, etc. That's a terrible way to do it, though, for a number of reasons. A good bot would not be programmed to press the 8 key to use holy wrath, for example; it would be programmed to send a signal to the server signifying that the player wanted to use holy wrath (or skill 8, or however those signals are sent). This saves time, memory, etc. It also allows bots to do things "smartly." When I use cheatengine to fly 50,000 feet above the ground, I can click anywhere on the map and it will try to send me to that location. Sometimes it'll take a while, but eventually I'll get there. That rather implies that gw.exe sends a signal that basically reads "move to (Y, X, Z) coordinate" to the server. The player can initiate that signal by clicking somewhere, but clicking is a very variable action -- the signal is not.
Mostly irrelevant, but it makes it possible to use a bot on different accounts without needing to move the interface around. The other problems Danny mentioned are still quite real, though. –Jette 21:28, 18 November 2009 (UTC)

Packet crafting is actually quite tricky and it requires careful inspection and documentation of the clients' packets. I'd argue that that's beyond the talents of even your average programmer given the network aspect. ··· Danny Pew Pew 21:52, 18 November 2009 (UTC)

"Intercepting packets" consists of pulling Joe Kimmes into a van on his way home from work and making him listen to Glen Beck radio broadcasts nonstop until he talks. –Jette 00:32, 19 November 2009 (UTC)

I lol'd at work. ··· Danny Pew Pew 00:39, 19 November 2009 (UTC)

(Reset indent) In short, the game is designed to be played by human beings, not bots. The economy -- always a delicate and critical design factor in a sound game like Guild Wars -- is created with a certain expectation of activity, accomplishment, even ability. Bots aren't human, and don't have a human's real-life constraints. They don't eat, sleep, or take bio breaks. They may not fumble, or fail, where humans have some degree of likelihood that they will do so, from time to time. Therefore, what a real player can gather legitimately may be exceeded, sometimes many times over, by a bot doing the work. Or where a human may tire of doing the same 30-second run to make a few pieces of gold, a bot will do the same run endlessly.

Guild Wars, like most games, is based on a supply-and-demand economy. Automated gold-gathers or ecto-harvesters, or short-runners who do extremely redundant functions on a 24/7 basis, significantly damage the economy for all players, including those who decline to use cheats, exploits, or bots. (And obviously, creating "Bot Wars" was not in the plans, so let's not head down the "everyone's doing it, let it go" path.)

As you must be aware, RMTs use bots, and RMTs are a provably negative influence on games on many levels, from ad spamming to economic damage to, perhaps most critical these days, account thefts. For more information, I invite you to read this article. -- Gaile 05:26, 20 November 2009 (UTC)

So, running around cheating, calling other players a niggerfag and selling ectos for double-digit prices is all cool, but stomp one mob of undead with a smite script out of boredom and you're put to death? >_>; Well, I guess I'll let it go, I wubs my new smite crawler <3333 –Jette 15:16, 21 November 2009 (UTC)

I used to be Anet's b**** so to speak, because I tried to see their side. I'm running out of things to defend now. The day has come where I'm with Jette on this one, except I don't have a smite crawler. Rose Of Kali 15:52, 21 November 2009 (UTC)

Could have just said B) Bots are bad by fiat. I'm with Jette too. -- Tha Reckoning File:User Tha Reckoning Sig2.jpg 16:04, 21 November 2009 (UTC)

I have no problem with people taking advantage of loopholes in guild wars mechanics (e.g. permaform); such farmers earn their gold by performing an activity that many of us would find horribly boring. In contrast, botting rewards players for doing nothing. If we allow botting, why not simply award every player an extra 1 ecto for every hour of play?   — Tennessee Ernie Ford (TEF) 19:41, 21 November 2009 (UTC)

Right, you have no problem with what makes a game not fun, because that's what a game is supposed to be, boring, mind-numbing and skill-less. Pika Fan 20:02, 21 November 2009 (UTC)

Whoa, your Debate Teacher, Ms. Gaile, is going to have to give someone an "F" for logic and a D- for presentation. ;) We deal with nasty language, cheating, and account thefts every day of the week, every week of the year. We also deal with botting, because the game and the game economy are not designed to accommodate botting. Comments like, "You missed that guy in District 3 of Kamie who said 'pooh pooh' so ergo you suck and ergo I should be allowed to cheat" are, excuse me, lame.

If you find something mind-numbing, don't do it. If certain things are boring, move on to something else. There are millions of areas to explore, missions to do, quests to solve. If you feel you must farm, then farm. But don't automate your greed and then point a finger at the devs and say "You should let me cheat, let me mess over legitimate players with excessive wealth, because I'm greedy and I feel like it." It's silly to say "You didn't nerf a certain skill, therefore I'm entitled to cheat." Say what? That's like telling the cop, "You didn't catch that guy speeding across town, so I get to speed without penalty." The game has rewards. Cheating has penalties. If you want more rewards than you get in normal gameplay, then farm. But it's wrong for someone to say "I want more than normal rewards, I'm going to cheat, and I'm going to bash the developers because they want me to play as intended." -- Gaile 20:32, 21 November 2009 (UTC)

One more thing: Did you /report the people you witnessed using racist language? Do you /report people you see scamming? Do you help other players do so, too? "Better to light a single candle than to curse the darkness." -- Gaile 20:36, 21 November 2009 (UTC)

Excuse me? If you were referring in part or whole to me, I was directly replying to his condoning exploiting loopholes in game mechanics, I have no problem with people thinking bots = bad. In fact, botting IS exploiting loopholes in game mechanics. SF is just the "legal" form of such exploitation. Pika Fan 20:57, 21 November 2009 (UTC)

Nope, PF, not you. (Sorry for the confusion.) In fact, I wasn't really pointing at anyone, just taking a position on the false "logic" of "if you miss this (bad thing), then I can do that (bad thing) and you cannot/should not/are evil to take action against me." I'm not equating racists with botters -- not at all! But I am pointing out that the UA that everyone accepts before playing and the Rules of Conduct that apply to all of us within the game do call out the unacceptable nature of both. And players report both. And Support will take action on both. And that is as it should be. -- Gaile 21:01, 21 November 2009 (UTC)

Responce Time

First off I'm not here to complain! I'm just curious what the average response time is of the account support team. Why I want to know? My best guess is my main account got a error 045 you got hacked error on it. So I posted a support ticket, gave the relevant info and am now waiting for them to look at the matter. Support ticket nr: Incident: 091117-000936 if you're curious. I'm not asking for any preferential help or what ever, i got a second acc that i can still play on. I'm just worried about my oldest Character on there. I hope whoever caused the whole 045 error didn't cause any unrepairable dmg to my characters. Items i don't care about those can be replaced, but if they deleted my chars... that would hurt. So basically i just wanna know how long it usually takes for account support to look at a ticket and basically give it back to its rightful owner. Thanks for reading and doing a great job as support liaison. DBZVelena | (Talk page) 20:31, 18 November 2009 (UTC)

Gues the anwser to this question is 48 hours if you follow the above guideline of submitting a support ticket. way to go Account Support! No Chars got lost only items so I'm happy. Got a new goal: farm till i can re-craft a new fow armor set.DBZVelena | (Talk page) 22:19, 18 November 2009 (UTC)

I am glad that you are back on your account. The response time for tickets varies by the numbers the team has in its queue at any given time. You should get an automated response in a minute or two, and a human response (often with a referral to another team member) within a very short time (usually well under one hour, often within 5 or 10 minutes). After that, response time varies from a few hours to a day or two, depending on the exact circumstances within the ticket and the queue for the person to whom it was referred. -- Gaile 06:42, 20 November 2009 (UTC)

Support Issue: Disconnects after 19 Nov Build

As of this hours, we are aware that a number of players are experiencing connectivity issues since the new build went up at approximately 8:00 PM Pacific time. (Build Reference here.) The team is working on this matter right now; we hope to have a fix for this very soon. We realize that it is frustrating to have this happen and we're very sorry for the fact that some players are experiencing trouble getting into or staying in the game.

I will post an update on this as information becomes available. -- Gaile 05:38, 20 November 2009 (UTC)

Update: 10:15 PM Pacific--19 November

Two issues have been identified as the cause of the connectivity issues. The team has already identified one issue and has developed a fix for it. In the meantime, one of our key server programmers is looking into a second issue, and we hope to have a fix for that one very soon as well. We'll roll out the fixes just as soon as they're completed and tested. Quite honestly, that could be a few minutes or a few hours, but please know we're on the case! -- Gaile 06:18, 20 November 2009 (UTC)

Update: 10:43 PM Pacific--19 November

The team identified both factors that appear to have been causing the connectivity issues and a Live Build is being distributed now. You should see the in-game message by, oh, 11:00 PM Pacific (that is, in about 15 minutes or so). Please quit and rejoin the game so that your files are updated and the problem is solved. Thanks for your understanding while we corrected the issues. -- Gaile 06:45, 20 November 2009 (UTC)

Thank you for taking the time to post the updates.   — Tennessee Ernie Ford (TEF) 07:02, 20 November 2009 (UTC)

Well, thank you for the note, TEF. It gets lonely late at night; glad someone was around to read the news. *lol* -- Gaile 04:43, 21 November 2009 (UTC)

If you are going to stay late most nights and weekends, posting updates on the wiki during your personal time...the least we can do is stay up to read 'em (and spread the Good Word of Gaile to our guildees). Thank you again. :-)   — Tennessee Ernie Ford (TEF) 08:49, 21 November 2009 (UTC)

Yes, thank you Gaile. This is the kind of communication many people have been asking for. It would be fantastic if it could extend to non-critical updates as well (not this degree of detail, but at least some notes on the ongoing process, you know, like shining that distant flashlight in a dark tunnel - Regina's post about the upcoming changes to SF was exactly that). And thank you for the work you do. I hope I'm not just speaking for myself when I say that even with all the moaning and QQing, we do appreciate what you and the team do for the game and for the players. Rose Of Kali 11:44, 21 November 2009 (UTC)

Account banned

Hello, Gaile! I have had my guildwars account for a year long, I didnt get to play it too much because of my job. recently I quit my job so I have some more spare time to play guildwars. I created a nightfall character and it only took me 4~5 days to beat nightfall. throughout the time I didnt trade with anyone, no interaction with anyone, and I didnt beat all the mission within one try. I didnt stay in one map for too long and most certainly didnt use any of the third party programs.

While I was playing just like any other players, I was logged out from the game, when I tried to log back in, it said that I was banned 045 permanently because I was using third party program. Then I went to the plaync web to file a complain and all I got from them was this account will not get resumed. Through the help of Jason Yu, he told me to try to contact you. Could you help me find my account back? Or at least show me if there is any evidence of me using third party program? Thank you very much! truely`` Reference #091103-000089 --The preceding unsigned comment was added by User:Yus2e4 (talk).

Hi. I understand what you have said, and I did look into this and discuss it with the Support Team. After looking at the game logs again, it seems clear that you were playing the game, not botting. We are sorry for the error. Your account is unblocked and you're free to join Guild Wars again. Thank you for your patience while we reviewed this! :) -- Gaile 18:39, 20 November 2009 (UTC)

Gaile, thank you very much! Was finally confirmed that, at this moment I am very excited. Thank you for your help! (=^w^=)

Glad to help. :) -- Gaile 06:21, 21 November 2009 (UTC)

Stolen Accounts

Was Help Requested

I want to talk to a few of those folks whose account recently have been stolen. If you're willing for me to call you to ask a few questions -- to help in our detective work :) -- please send me an email at SupportLiaison@Arena.Net. List the following:

• Your (real) Name
• Your User Name
• Your Account Support Incident Number
• The date your account was stolen
• A current email address
• Your telephone number, with Area Code
• Days and times when I can reach you, including your time zone (so's I don't call you at 3:00 AM)

Right now I'm focusing on North America only because you're local and our hours sync. If I need more volunteers, I'll add other regions later. (It goes without saying that anything I learn from local calls will benefit everyone.)

Thanks for any help you can give us, and I look forward to talking with you. -- Gaile 00:12, 24 November 2009 (UTC)

It goes without saying, but do not reveal your password in your email (or anywhere else). :) -- Gaile 00:14, 24 November 2009 (UTC)

Email sent. Hope I can help if we end up talking. Fred K 04:54, 24 November 2009 (UTC)

Thanks a lot for all your help, Fred! -- Gaile 07:46, 24 November 2009 (UTC)

No problem, ever wanna talk for an hour and a half again in the dead of night, I'm your guy! :P Fred K 08:10, 24 November 2009 (UTC)

I'll also send my e-mail as soon as possible - hopefully when I get home from work tonight. HanokOdbrook 18:02, 24 November 2009 (UTC)

Thanks for your help as well, Hanok. :) -- Gaile 00:34, 26 November 2009 (UTC)

No prob - glad to do whatever I can to help. If I think of anything else that might be relevant, I will send you another e-mail with the info. HanokOdbrook 01:17, 26 November 2009 (UTC)

Thanks to everyone I've talked to so far. I really appreciate your taking the time to answer my questions. I believe that the info you gave me will be a key element in addressing a lot of the stolen account issues! -- Gaile 00:34, 26 November 2009 (UTC)

Update: 1 December 2009

I am continuing to gather data that relates to these incidents, and of course the development and support teams are actively involved as well. I think the best step now is for me generally to gather the info via a responding email rather than via a phone call, except in certain unusual situations. So if you write, I may ask you to answer a set of questions via email or I may call you, if you don't mind.

I will get in touch with the players who have contacted me, and again, thank you so much for your assistance. -- Gaile 22:32, 1 December 2009 (UTC)

Can we maybe know what site this is, like myself I am sure there are many users who may have an account on such a site yet have not visited there for years. How does a advisory on that site help someone if they won't see it? This is the kind of information that should be in a game alert, or at the very least posted here. Fred K 06:08, 3 December 2009 (UTC)

Hacked Account)

Hacked; Incidents 091208-001954, 091208-002001)

Hello Gaile, I'm at my wits end after summitting a support ticket 6 days ago for a password reset on a storage account. In the past Guild wars support had always been very prompt. Now l can't even get a response to see if my account has been hacked. I'ts very stressful and frustrationg to go day after day with nothing because l have my account linked to my NcSoft account. Why is it possible to reset a password if the account is not linked to an NcSoft master account. I just cannot for the life of me understand this. I have excellent antivirus/firewall software. My passwords are always strong. My other two accounts are fine and so is my Aion account. I did change the passwords on my accounts just a few weeks back. I've sent all the relevant necessary details to support, just......nothing.... *SOB* My most valuable items are on this account. It has a separate email to my other accounts. Hardly anyone would know any of the character names, its rarely used and only in guild halls..Please, please, please...l just want a password reset so l can see... SiMana 118.208.11.63|118.208.11.63]] 23:51, 4 February 2010 (UTC)

Hi, Gaile. My game account and my wife's, have been hacked today at the same time (one hour of difference). Both of them are linked to same PlayNc account so, my suspicion is that the security breach occurred in the very system of NCsoft. I do not know yet the extent of damage, but if any items, or the PJ's, had gone, NCsoft must take responsibility and recover everything we lost. Despite all the security measures we have implemented the players, in the last days have been hacked too much accounts. If this is not a failure of ncsoft, whose is it? Best regards, --Magolossum 23:09, 8 December 2009 (UTC)

Isn't that technically account sharing? Or does that only apply to the actual game accounts and not the master account? The fact that they were breached together does not necessarily mean it was because of them being linked on the master, your hardware at home is on the same network, and a local breach would likely affect both accounts as well. Only an in-depth investigation could narrow down the possible cause. Rose Of Kali 01:48, 9 December 2009 (UTC)

You can link one plaync account to two gw accounts. I know, got mine linked to my 'defective' account and main account. -- riyen ♥ 02:31, 9 December 2009 (UTC)

Yes, but you are the only one playing both accounts, while these guys are husband and wife. Rose Of Kali 02:56, 9 December 2009 (UTC)

Recall that the password change was made directly from my PlayNC account and add the fact that I'm from Spain and the ip's that are outlined in the mails notificating the passwords change are from China, close to Korea. Besides, my PC was formatted one week ago, have antivirus and my wife does not use her account for several weeks. According to the times that were changed de passwords, was first hacked my wife's account and one hour later, mine's; and in the same alphabetical order in which they would be listed in the PlayNC account. Oh, and I have another game account linked with a different PlayNC account and has not been hacked (for now).--Magolossum 07:57, 9 December 2009 (UTC)

So it seems like they cracked the PlayNC login, changed your passwords, and then accessed the game accounts. Rose Of Kali 13:50, 9 December 2009 (UTC)

That's it. In addition, I could not log yet into my PlayNC account. Do not works any of the usual password I use, or the answers to key questions to ask a new password. It's as if they had also changed the password to my PlayNC account. --Magolossum 14:57, 9 December 2009 (UTC)

Most likely they hacked your PlayNC account, changed the password on it so that you can't stop them, and then changed passwords on your GW accounts and robbed them. Now just wait what support says, there's nothing more you can do. Rose Of Kali 15:07, 9 December 2009 (UTC)

Gaile, is it normal that the technical service has give me only the security recommendations for the accounts and a request for a new e-mail two days ago and from this day I have not received any news about my stolen accounts? Thanks. --Magolossum 19:58, 11 December 2009 (UTC)

Unfortunately, it seems, that is the standard reply that you get from support these days about security recommendations on your side.Reborn007 --The preceding unsigned comment was added by 86.13.174.118 (talk).

Hello to everybody,

I am very worried about this particular case, because this user is a founder member of the spanish Guildwiki, and a personal friend. And I am worried because of the posibility of losing the characters, and the long time for an answer that this is taking. To be honest, one week without a clue or an answer (not automatic one...) or some kind of official comment here, knowing that this case is like many others around, plus the lack of known procedures of recovering accounts (at least, not known by us, users)... All this is making me think that maybe this support service (I mean both Anet and NCsoft) need to be seriusly improved to face the future. After more than four years invested in GW (I know it's just a game and free time) if this happens to me, I'd quit. Completely. No GW2, no NCSoft ever, no matter what.

I know I'm just another client, no more (and no less) than that. But my free time is limited, and I am free to choose how to spend it. And as a client, and as a SW designer and developer, I demand a certain level of quality. I am talking about care and attention to the costumer. And options for us: a wow user has the option to buy an authenticator, a wiki user can ask for a new temporary password in his email. PlayNC master account should be improved, and support team should have answers and solutions, not just automatic responses.

I have always been very satisfied with GW, the product, from a profesional point of view is superb. But if I cannot even get a simple "Don't worry, if you suffer this kind of problem, and you prove to us that this is your account, we can restore your important stuff (and characters)" then I'll consider if I really want to spend my free time here and not somewhere else. This could become another great game screwed up for no technical issues, wont be the first, and wouldn't be the last one. But right now, it's not too late, please, at least give him an answer (and the rest of people in his case). Thank you very much for your time and patience reading me. --Zarza 16:46, 15 December 2009 (UTC)

(Reset indent) Magolossum, I have reviewed the tickets, as well as my poor grasp of the Spanish language allows me to do. :( I will send this to the team manager and ask for a response, as I feel the tickets may have been missed. I apologize for the delay in responding to you. If the team has asked you for a new email address, they may feel that your email account was jeopardized, so if they did ask for that you may wish to provide them with an alternate email address. But I will follow up and ask that someone respond as quickly as possible. -- Gaile 19:03, 16 December 2009 (UTC)

Hi, Gaile. Thanks a lot for your interest. I do not think my tickets are lost (in fact, a query from my survivor account, so far, neither has been answered for three days), so after a week without news from techical service in Spanish (just when I sent a new e-mail address), I decided to forget it and turn my issue to technical support from UK. I hope they can help me better. Kind regards. --Magolossum 21:44, 16 December 2009 (UTC)

Thank you very much :). Could it be that the spanish tech support is slower because of the "changes" than NC Europe suffered last year? Anyway, we'll keep this note updated. BTW, and just in case, Merry Xmas ;) --Zarza 12:43, 17 December 2009 (UTC)

The UK support team has contacted me this morning and requested me the usual stuff. I have just finished to send all the information requested. I hope all is Ok and have my account restored soon. Thanks, Gaile. --Magolossum 21:04, 17 December 2009 (UTC)

Still no answer. How long does it take to restore an account? --Magolossum 20:44, 21 December 2009 (UTC)

(Reset indent) Dear Gaile. I thought that changing from the technical service in Spanish into the UK would be better to recover my accounts, but I see that I was wrong and that the technical services of NCsoft in general does not work. Many days has passed since the theft of my accounts and I have not yet recovered them, despite having sent all the requested information. I feel demoralized and abandoned by NCsoft. I am so disappointed that even recovering the accounts I do not know if I will return to play GW. In fact, I enter the game with the survivor account only for a daily update of the Zaishen missions for the guildwiki. I'm seriously considering not to buy the future GW2, and devote myself to other games. Gaile, tell me honestly if you think it's normal what is happening with the technical service and if you do not see good reasons for people to stop playing GW. These days I have been looking through many forums of GW and the general impression in all of them is the same: the NcSoft service technician is nonexistent. NCsoft is giving a bad image. Understand that I can no longer recommend the GW to my friends, nor the future GW2. You are losing many potential customers. I, personally, are about to quit the game if not resolved immediately the theft of my accounts. Gaile, you are still in time to save face. Please, I ask you to do what is necessary so that I can retrieve my accounts as soon as possible. I do not want to miss this Christmas events, as would be the final reason for not returning to the game. Thank you very much and merry Christmas. --Magolossum 17:44, 23 December 2009 (UTC)

Still no answer from technical support, Gaile. Could you, pls., do something? --Magolossum 23:43, 29 December 2009 (UTC)

I have sent an email about this matter to several team members, and I am hopeful that someone will respond soon. You mention needing assistant from Technical Support, but I believe this is not a technical support issue, but one that needs to be addressed by our Billing and Account Support Team. I am sorry that I cannot assist directly, but I do hope that you'll hear soon from someone who is able to work through the situation with you. -- Gaile 07:12, 1 January 2010 (UTC)

Gaile, my apologies for posting in another thread, but since you did not answer my post and you did to another who had a similar problem, it bothered me a little. Sorry. With respect to "technical support", is a bad expression on my part, actually, I should have said "Account Support", which is where I presented my problem. Thanks for your efforts, but understand that after so many days without a solution, or anyone tells me anything (and losing the Wintersday event), it is very disheartening. --Magolossum 11:44, 2 January 2010 (UTC)

Hello again, and Happy New Year. I am really sad to have to come here again for the same matter, but to be honest I just can't understand this. First of all, I am not speaking of may friend's behalf, this is just my personal opinion, and I would like to express it as politely as I am able. It's been nearly a month, a whole month, since this happened. Yesterday Magolossum got at last news from the spanish support... the automatic response about sending the numbers and codes... I understand these are special days, with holidays and everything, but... don't you think it's a little bit too much? (form Dec 9th till Jan 3th)

On the other hand, the UK support have all the information requested about the accounts since Dec 17th. Again, a delay because of holidays I understand... but... still no word from them. It looks for us as if writing in your user page and asking you to look personally into the matter is the only way to get some kind of answers and this should not be like this. I try to understand what could be happening, but the only idea that comes to my mind, besides christmas, is that there could be SO many incidents than the teams can't just answer in reasonable time. But that thought worries me even more, maybe it's better the option that the team may be one person for each country and they both broke their legs and then went on holidays (because I don't think they have that much holidays). What I am really trying to say is that the problem is not only that my friend and his wife recover their accounts, this is a problem of trust and quality of service between the company and us, customers, this relation is being severely damaged and I really hope that, when finally the storm of the stolen accounts is over, you (not *you* but your team and department) have time to review what has happened, and how to improve the response in time of crisis (if that was the problem). I do not know if it's too late to rebuild that trust, let's hope so. Thank you very much for your attention Gaile --Zarza 09:59, 5 January 2010 (UTC)

Not too long ago I received a reply from the Spanish support with the new passwords for NCsoft and GW accounts. I have enter to these accounts and have seen the damage. At first glance, we lost all our materials, money, supplies, gems, gold and green miniatures not dedicated, runes of vigor, elite books, scrolls of entry and other things yet to be determined. I'm sure that NCsoft will not take any responsibility for the theft of all this, or for losing the Wintersday event due to the delay, right? With reference to what was said by my good friend Zarza for the delay in resolving this problem, only add that the UK Support has asked me this afternoon a new email address, and that "For security reasons we will not accept any web - based e-mails such as hotmail, msn or gmail. " This is something new. Can you confirm this information? In any case, I deeply appreciate your efforts in this matter. Now I have other considerations that arise, but I will open the corresponding threads. Best regards, --Magolossum 21:32, 5 January 2010 (UTC)

Yes, this has been a good Three Kings present. Thanks again for your attention, and let's hope that everything goes back to normal :) --Zarza 09:14, 7 January 2010 (UTC)

Magolossum -- I am glad to hear that your ticket has been responded to, while sorry that there was loss on the accounts to which the hacker gained access.

I am very glad that you shared that comment about setting up a new, acceptable email account with me. I am not aware that we do not accept web-based email accounts. In fact, I specifically believed we would accept their use for a game or NCSoft Master Account. However, I need to check with team members in both Austin and Brighton to find out the facts. I believe I will have an answer early next week, and again, thank you for making me aware of that quote, so that I can learn more and, if needed, help ensure we have a consistent and reasonable policy in use by both teams. -- Gaile 03:56, 9 January 2010 (UTC)

Hello Magolossum. I have checked your ticket and it does not appear it has been answered, so I mentioned it in an email to the team lead. Also, we will be addressing the "no web-based email" requirement that you were told about. We have come to feel that the policy -- and it wasn't consistently applied -- needs to be changed. I believe that we will consistently be accepting web based emails such as Yahoo, Gmail, and Hotmail from now on.

Please let me know if you have not gotten assistance by end of business on Tuesday. -- Gaile 18:55, 11 January 2010 (UTC)

Hi, Gaile. The only ticket I have active at this moment is #091208-002614. My last consulting was about to erase, for security reasons, all of the tickets were I put the key codes and key card photos. I have not received reply yet about that. Thanks. --Magolossum 20:07, 12 January 2010 (UTC)

Hi again. I have checked back with the team about this. I see you've sent a note, and I want to know the status. -- Gaile 05:06, 21 January 2010 (UTC)

(Reset indent) Hi, Gaile. I have stressed several times to Account Support to remove the tickets or at least erase the data and pictures of my key cards, but they refuse saying that "your application does not correspond to the services we can offer and I'm afraid we can not help in this issue". I do not understand this refusal as I think it's not very difficult to clear a ticket or part of it. I would be grateful if you could confirm if this refusal is justified. By the way, if I understood correctly the threads below, it's possible to change the name of a main NCsoft account. It' possible to do the same with a support account? Thank you very much and best regards. --Magolossum 18:53, 26 January 2010 (UTC)

Hello. I am not a support agent, and I do not have their level of experience in dealing with literally thousands of tickets. I do have access to many of the tools that they use, however, and I do not know of any way to "erase" or remove content from a ticket. I have tried to do that in the past, and I could not identify such a function in the support system. For example, I made an error in one of my notes on the ticket and I could not remove content or delete the note, I had to make a second note on the ticket to correct the first comment. I also do not know of a way to remove entire tickets from the system, or to remove images from a ticket, either. I am pretty sure that if the team members is telling you it's not possible, it truly cannot be done.

I just checked with a team member, and he tells me it is not possible to change the user name on an NCsoft Master Account. If you have security concerns, please express them in detail to the agent with whom you are conversing in the ticket, and he or she will tell you the best route to take to re-secure the account. But if you are asking for the team to do something that is not possible within the system, I'm afraid that they will not be able to assist you in that specific task. -- Gaile 19:20, 26 January 2010 (UTC)

Update: 15 December 2009

I've noticed a number of comments about NCsoft Master Accounts and hacked game accounts. It appears that some players are assuming that there is a connection, that if you have an NCsoft Master Account (NCMA) you may be at increased risk of account theft. We have conducted extensive research on this factor, and I have data as current as this morning that shows that this does not appear to be true. Of a cross-sampling of accounts, nearly half did not have an NCMA at all. I hope that this information puts your mind at ease on any perceived "risk factor" regarding whether a game account is tied to an NCMA or not, for that truly does not seem to be an element in the current situation.

Today, as many have already noted, we changed the in-game account security messaging to make it more noticeable. (Feedback given in an existing thread will be relayed to the Live Team.) More information on the subject of account security will be coming soon. -- Gaile 21:34, 15 December 2009 (UTC)

Allow me to quote someone who said it better than I can: "[Y]our past commentaries suggest that you do not understand the problem. You have posted... that your investigative strategy is to find the common thread that links the account thefts together. However, it is a virtual certainty that you have multiple individuals, likely with different strategies, attacking the integrity of game accounts in multiple ways. If you're looking for an archvillain behind it all, you're going to discard correct hypotheses about how accounts are being hacked due to evidence that doesn't fit your approach." It's obvious that some accounts are being stolen via the NCMA -- all those people, both in GW and in Aion, getting "your NCMA account password was reset" e-mails. It's also glaringly obvious that the NCMA has some huge security issues -- confirms when you've guessed a valid username, confirms when you've guessed the right answer to 1 password reset security question, gives away GW username, requires no confirmation and no GW credentials to change GW password, etc. (There's a bigger collection of really obvious flaws posted on Guru.) Denying that the NCMA has major security problems when it so obviously does only fuels an impression that either you do not understand the problem well enough to solve it or that you are not being straight with the community. 23:45, 15 December 2009 (UTC)~

Allow me to disabuse you of an erroneous assumption: My statements do not in any way pertain to the totality of our research, nor do they relate to a sole or singular approach being taken in investigating hacking/theft incidents. We are most definitely not looking solely for a commonality of attack. We are not looking exclusively for a single person or entity involved with account thefts, although we know nearly all are being carried out by a specific group in a certain location. Some players have publicly stated an assumption about NCMA security and its purported "connection" to account thefts. With support from the Community Team and the developers, I have informed people that such an assumption is wrong, as above.

Please do not take my comments out of context, nor perceive in them a singularity of view on our part, for that would most definitely not be factual. Do not assume that your comments -- tantamount to "Because you are looking behind the door, you are not seeing the burglar in the closet" -- represent the truth of the situation, for they do not. Research covers a wide variety of points of evidence that merely includes the NCMA, but does not focus upon it with any single-faceted vision whatsoever.

As far as your concerns about the NCMA and processes connected with it, I believe that all those observations are known to the NCsoft team. However, I will review the thread in question and will be sure to send a single message with all valid concerns to the team, for their focus and action, as possible. Thank you for encapsulating several valid comments in a single thread. -- Gaile 00:04, 16 December 2009 (UTC)

I'm not sure I'm seeing the thread to which you referred. Could you please provide a link so I'm getting the full set of comments? Thanks again. -- Gaile 00:27, 16 December 2009 (UTC)

Gaile, the previous quote was from this post in this thread. There was also a recent discussion on account security in this thread on the same site. Know that I do appreciate your advocacy with NCSoft on our behalf, but I am puzzled and frustrated that something as simple as character length and symbols in passwords can not or has not been made consistent between game log in and NCSoft log in. I realize that you have made this same request(increased password strength) before. MisterB 01:29, 16 December 2009 (UTC)

This thread contains the most discussion of specific weaknesses with the NCMA: http://www.guildwarsguru.com/forum/update-wednesday-december-2-2009-t10415403.html Pay particular attention to posts by Martin Alvito in the last 4 pages. Also, the scenario described by Shasgaliel and confirmed by I D E L E T E D I is particularly disturbing. 01:24, 16 December 2009 (UTC)

The same user later consolidated specific weaknesses with the NCMA in this post: http://www.guildwarsguru.com/forum/showpost.php?p=4979526&postcount=154.

Concern about Trade Thread

I place at least partial blame for the current spate of attacks on a forum thread on Guild Wars Guru in the Ventari's Corner High End. That thread is closed now, but I still wonder how much of a driving force it has been. Are they carrying out the attacks? Heck no. Are they promoting the attacks? You decide. Here is an excerpt:

C/O 37,500e (Actual offer is for 5000 REAL Dollars, but I am not interested in cash so I converted the offer into what the person would have to buy from an illegal online site)R/B Met(I will not take the cash though, buy the ecto from a gold site then talk to me)'

The full sale thread is here: http://www.guildwarsguru.com/forum/showthread.php?t=10409228&highlight=miniature+pets

I wonder if A-Net keeps stats on how many ecto the average person has in their chest and how many random players would have to lose everything they have accumulated to satisfy the demand created by that one mini Panda. And that thread is FULL of ultra rares.

I have written a post on Guil Wars Guru > Site Feedback asking Inde to consider placing a top limit on public sales of ultra-rare items. If you would like to weigh in you can find it here: http://www.guildwarsguru.com/forum/showthread.php?t=1041404070.129.45.70 15:29, 25 November 2009 (UTC)

I think that once something goes over 1,000 ectos in trade, something is seriously wrong. These items simply shouldn't exist. Rare items, like Eternal Blades or even mini Polar Bear are fine, gives the no-lives something "eite" to hunt, but anything beyond that is just asking for big trouble. I've seen a mini Kanaxai on Ebay for $5,000.00USD. That should not be happening. Rose Of Kali 18:08, 25 November 2009 (UTC)

I love that there are rares in the game. Rare weapons, rare mini pets, rare tonics, all of it. I like knowing that there are things that are beyond my grasp. It keeps me reaching. But, when someone says, "...Buy the ecto from a gold site then talk to me" there should be some far reaching repercussions.70.129.45.70 18:35, 25 November 2009 (UTC)

Account Hacking [Incident: 091128-000955]

Hi Gaile, I recently had my account hacked and was suggested by a friend to talk to you about it. They took a great deal of stuff (anything of real value to them basically). I'm not sure what exactly you could do about it, but I know you're always extremely helpful and nice, so I thought I'd give it a shot to see if you could help me. Just let me know what I should do from here. Thank you. Capcom 05:45, 29 November 2009 (UTC)

Basically She (or anyone at Arenanet) cannot restore any lost items. All then can do about it is see who did it. --Dominator Matrix 06:03, 29 November 2009 (UTC)

Hi Capsule Computer. I'm sorry to hear about the situation. :( As you may have noted in other comments I've made, tracking stolen items is extremely difficult. That means we only very rarely have the capacity to restore items, but I know the team will look to see if that is a possibility and if it is, will get back to you. In the meantime, you can rest assured -- as you asked in your ticket -- that those responsible for the account theft will be dealt with as directly and as firmly as possible. -- Gaile 23:50, 1 December 2009 (UTC)

Hi would be nice to actually recieved an update to your support ticket, when your account is hacked to notify you that anet have actually looked into the incident, found the culprit and dealt with the culprit. Instead of ignoring a support ticket and hoping it will go away. As to items not being restored. we all know the stance is that they cannot be returned as it would mess up the game, but each item as it's own specific code. Yours truly, a very frustrated GW player

Do you feel that's a good use of resources? Sure, it'd be nice, but I'd far rather have a team supporting me (my game account, retailer, bank, whatever) spend their time catching hackers or helping other customers with existing issues than writing me to do follow-ups. I sense that some of the desire for more info is based on the satisfaction of knowing "Heck, yeah, they caught the #*@*%^#$ who stole my account." And I admit there's value in that. But if they've assured me they will deal with the culprit, I tend to believe them. And I guess I expect them to be looking forward, nor backwards. *shrug* Matter of differing opinions, I guess? :) -- Gaile 00:58, 3 December 2009 (UTC)

I think I am reading this wrong....if someone say, broke into your house, your neighbors house, the guys across the streets house---you would NOT want to be informed if they were caught?? I DO think that people deserve to have some kind of closure on something like this......and you said it was only about 20 or 30 people....thats not lots of people to email. People have been violated whether it was by their own fault or someone else's....most would want somekind of relief knowing that the fiend was no longer out there....its only good customer support to finish a support ticket by informing the individuals that the one who did it is NO LONGER out there..would make me sleep better at night. Cosyfiep 08:44, 4 December 2009 (UTC)

The point I was getting Gaile, is that support have NOT assured me at all that they will deal with whoever or whatever hacked who or which site/pc, just pointed the finger greatly at the person who owns the account, that it is always THEIR fault. Nothing is 100% secure wether it be a small time player to the server owners, as the last update as shown there was a loophole in a supposedly secure URL. Most honest people spend a vast amount of their own time in accumulating items and plat to trade. I just think that the whole situation of 'it's the player fault and not the game operators fault' scenario that gets a lot of people back up and also as cosyfiep said.... it is only good customer support to finish a ticket!

But I believe (to the last comment) that Support does give that assurance, saying something along these lines: "If an infraction is proved to have taken place, we will take action against the person who was responsible." I have also seen responses that include verbiage such as, "We have confirmed that your account was hacked and we have closed the account of the person responsible." If I may get back to my original point, I merely wanted to say that it wasn't necessary -- to me -- to have a support agent write back and say "Yeah, we did what we said we were going to do and we blocked the person who hacked you." They already told me they would, and as I stated above, I felt that I was given sufficient assurance that the matter would be dealt with appropriately. I understand that others may want the additional contact. I still must point out, though, that the process of sending that follow-up takes time away from verifying incidents, closing the accounts of hackers, and getting other victims back into their accounts. It is not without "cost," if you follow my meaning. So as I said, as players we may not agree on how much information is enough, and how much is overkill; I do believe it's sort of a personal opinion and not generic across all players.

But as Support Liaison, I will check on our messaging to account hack victims to ensure that we are giving as much information as possible. And I'll be happy to check into the feasibility of follow-ups, as well. -- Gaile 00:09, 15 December 2009 (UTC)

when the police came to my door and helped me file a report about the break in, they said the same thing "we will catch the guy"....guess what, they NEVER did....its more of a canned response than just about anything else you hear now. A REAL response is what people want (and yes I have contacted the police many times to only get the same 'we will catch them' response)....its not much comfort when you cant be sure its really meantCosyfiep 21:31, 15 December 2009 (UTC)

I'll post the question: Agent Zed has one hour left in his work day. In that one hour he can catch X account thieves and restore account ownership to Y real owners, or he can send emails to people telling them what he did yesterday. Time and personnel are not unlimited. What is the best use of our friend Agent Zed's time here? -- Gaile 00:08, 16 December 2009 (UTC)

Your agent zed needs to get better time management skills. But I will help you out, do the 'catching' tonite and FIRST thing the next day set aside time for 2 or 3 emails. If he does this everyday he should be able to email about 20 people each week....if he is really smart he can have the beginnings of an email already started on his computer. It really doesnt take THAT LONG to type up a quick reply or finish filing a report (if zed is a real police man he would be required to do that anyways!) Its only good customer service! Cosyfiep 02:23, 16 December 2009 (UTC)

So essentially, "make more time?" :) Agents handle dozens of tickets a day on any number of issues: stolen accounts, player interaction complaints, spamming issues, gameplay questions, and more. So sending out 3 emails a day isn't really a satisfactory answer if many more than 3 a day want a response. Too, the process isn't aligned, that is, it is seldom possible to aid a player and close an account at the same time, so data needs to be retained, tickets need to be reopened and reviewed, communication potentially needs to take place between agents, etc. I'm not saying "We won't do it." I'm asking, yet again, if that's the best and most effective use of our agents' time. -- Gaile 20:26, 16 December 2009 (UTC)

Not make more time, use time MORE WISELY...please read what I wrote and not what you expected to see. And that was 3 emails explicitly for the hacked account people who are not getting ticket closure mentioned before. I worked in HR for many years and was able to multi task, and do things as they came in (not waiting for their deadlines to approach). IF you are SOO swamped then you either need to hire more people or train them to utilize their time more adequately, and prioritizing their tickets as well. (gameplay question is really more important than closing a hacked account?????). The most 'effective' use of your agents time is doing thing correctly, quickly and efficiently. (In our previous example that agent would be staying at work until his paperwork was complete--which would be REQUIRED.). Cosyfiep 01:18, 17 December 2009 (UTC)

I've never been a fan of circular arguments, and I think we're caught in one here. It seems strange to say it's simply a matter of instructing employees to "use time more wisely" and then state that we should make employees work mandatory overtime (of an unspecified length). The arguments seem to counter one another.

I understand that some percentage of players would like an email of this type. I understand that a smaller percentage even expect that contact. However, as I have tried to point out, the process of sending follow-up emails may not be the best use of time, when time is finite (and it always is). At this point, since the original question was answered more than two weeks ago, I'm going to archive this thread. I intend no offense in doing so, but I, too, must keep an eye on using my time as wisely as possible. :) -- Gaile 04:40, 17 December 2009 (UTC)

Hacked [Incident: 091130-000093]

Hi Gaile, My account was hacked at 3pm on November 29, 2009 I sent a support ticket right away and it is taking longer than usual for them to give me an answer. I have sufficent information to prove the account is rightfully mine. I know that you can not restore any lost items but, i know you can help me get my account back. Let me know what you can do thanks 75.62.18.173 Tanner

Have you considered that November 29th is a Sunday? And depending on which time zone you live in, that's approximately a 24 hr window. Also Gaile is usually resorted to after support has replied (in that magical 24 hr time frame). ~Celestia 11:12, 30 November 2009 (UTC)

"Thanks for getting in touch to ask about your account.

In order to better assist you with this account-related issue, I will transfer this question to our Account Support Department. An Account Support team member will be in contact with you very shortly."

That is what i was responded with. And i haven't gotten back to.~Tanner

Hi there, Tanner. I just checked your ticket and I believe you're back on your account now. If that is not the case, please let me know. -- Gaile 23:46, 1 December 2009 (UTC)

Divine Aura

→ moved from Feedback_talk:Gaile_Gray

Hello. I have been asking this everywhere without single answer and even sent E-mail to ANet, why my Divine Aura is not working? First I bought Guild Wars Nigthfall Colelctors Edition and did /special and I got Varesh minipet. Then I bought Factions and after that Prophecies Collector's Edition. I have tried everything and I do not get them. I hope you could help. Playing Is Srs Bsns 18:44, 30 November 2009 (UTC)

Try /dance. ··· Danny Pew Pew 19:44, 30 November 2009 (UTC)

I did, didnt work Playing Is Srs Bsns 12:06, 1 December 2009 (UTC)

I didn't know there where any unused Prophecies CE keys left. In any case, the Prophecies campaign key in the box should add the Divine Aura, just like the Factions and Nightfall CE campaign codes include the special dances. Click the Edit Account button on the Character select screen. The DA should be listed there. You don't have to do anything to activate it. Are you sure you didn't get a normal Prophecies key instead? — Poki#3 (talk) 12:46, 1 December 2009 (UTC)

I checked edit screen but it didnt say anything like i got proph collectors edition on my account. BUT i i got colelctors edition game activation card, box, headset and stuff :o but no DA i herd this has happened to some other ppl aswell Playing Is Srs Bsns 15:28, 1 December 2009 (UTC)

If you haven't contacted Support, do so. With all the recent hacking problems, it might take them a few days to get back to you, but I'm sure they will. ··· Danny Pew Pew 21:21, 1 December 2009 (UTC)

Oh, I am confident this has nothing to do with hacking. Did you purchase a new, sealed box from a reputable retailer? We've seen a few resales, sometimes with non-CE access keys (or with non-functional keys) so that's my first guess on this one. (If I had your account user name I could look it up right now, but I do not want you to write that here.) The best thing to do, really, is to contact support so they can look into the matter for you. Please feel free to leave the incident number here afterwards and let me know what they tell you. I'm curious about this one and would like to know the outcome. -- Gaile 22:28, 1 December 2009 (UTC)

My bad if I sounded like I was saying this had to due with hacking. I meant that Support might be swamped with the hacking issues so it could take them longer to reply than usual. ··· Danny Pew Pew 22:34, 1 December 2009 (UTC)

Actually, Danny, that was my oversight. My brain was pondering probabilities while I was posting. *note to self: ponder after posting.* ;) Thank you for clarifying, though. -- Gaile 23:07, 1 December 2009 (UTC)

Haha. No problem. ;o ··· Danny Pew Pew 23:23, 1 December 2009 (UTC)

I sent E-mail and they replied. They asked activation card codes and I sent them and they also offered help by phone (noty). Incident number is [Incident: 091203-001711]‏ Last answer was:

Discussion Thread

Response (Ari) 12/04/2009 08:59 AM

Hello,

I am transferring your ticket to the Guild Wars Team to further assist you. Someone will be in contact with you as soon as possible.

Thanks,

Ari

NCsoft Account Support

Well, I'm still waiting for someone to contact me. Thanks for all help. Playing Is Srs Bsns 14:57, 5 December 2009 (UTC)

Well, it's only been a day or so. You have to give them time to respond.  :/ Not to mention that this is the weekend, so they might not even be working until Monday. Be sure to renew it if it automatically gets closed, but that only happens after 3 days, iirc. –Jette 16:57, 5 December 2009 (UTC)

(Reset indent) Cool they told me its normal acces key, not CE. Pretty fun. Playing Is Srs Bsns 19:08, 9 December 2009 (UTC)

I am sorry you were stung by an unethical reseller. :( -- Gaile 00:11, 15 December 2009 (UTC)

Hey, load issues.

→ moved from Feedback_talk:Gaile_Gray

Sorry If this is the wrong page but, could use some info, Whenever I try to acsess a guild hall, it gives me code=007, and character's that were in the Gh are unplayable, this only happens with the Gh. Just recently started, but gets annoying.Smerf 00:59, 2 December 2009 (UTC)

Well, yes, that would be annoying! I'd say you should submit a Support Ticket. A support email or ticket can be routed to any of three teams: Game Support, Technical Support, or Billing/Account Support. I rather think this will start with Game Support and may move to Technical Support, based on your discussions with the first team. So click here --> support -- to see the many ways you can get in touch with the team so that they can help you out with this. (Do feel free to let me know how it sorts out -- I'm always interested in learning about outcomes.) Good luck! -- Gaile 01:06, 2 December 2009 (UTC)

Would this happen to be the correct link? email?Smerf 01:13, 2 December 2009 (UTC)

Yes, that is correct. (And I am going to move this to the Support Issues page, for tidiness. I'll put a redirect so you can find again, if need be.) -- Gaile 01:15, 2 December 2009 (UTC)

With the help of tips from the support team, I decided to call my IPS as soon as the line opened up. They informed me that this should Only be temporary. :) -Smerf 21:04, 2 December 2009 (UTC)

Ah, thanks for letting me know! You hold that ISP to it, then, and if it's not better soon, give 'em another call. -- Gaile 00:59, 3 December 2009 (UTC)

I've had the same problem with another map though some time ago, and launching the game with -image suffix helped. Dunno for your situation but might help as well. M3G 13:14, 3 December 2009 (UTC)

Good news, the Provider was right, Issue resovled. I'm Glad.Smerf 02:57, 4 December 2009 (UTC)

Very happy to hear the news, Smerf. -- Gaile 00:12, 15 December 2009 (UTC)

Phishing attempt?

I got an e-mail wich looks suspicious on a e-mail address I don't use for GW (well that I no longer use for GW).

It's in chinese so I don't understand it, I clicked the first link and it was goeing here on the official guild wars website, wich looks like I cancelled a password reset. The second link went to http://www.guildwars.nctaiwan.com/.

My question is what this e-mail is? I don't think it's a phishing attempt because it only leads to the official website, but is someone using my e-mail address for a GW account? -- Qaletaqa Hania 08:57, 6 December 2009 (UTC)

Ow I just tried to login with that e-mail, and it looks like I forgot about an account wich is now blocked, getting the reason why it has been blocked (code=045). I'll contact support to see what is goeing on because something is wrong, i'll post the ticket number here later. Qaletaqa Hania 09:32, 6 December 2009 (UTC)

Reference # is 091206-000944. This is most likely to be a trial account I once made, so i'm not worried, but it did make me curious to how they (the ones that asked for a password reset) got access to it. -- Qaletaqa Hania 10:25, 6 December 2009 (UTC)

Solved :). No real harm was done because as I suspected it was a trial account I once made, also figured out how they (Gold Sellers) got access to it. -- Qaletaqa Hania 17:06, 9 December 2009 (UTC)

Qal -- glad it was resolved. Now, if you're willing, I'd sure like to know how the RMT got access to that account. I know a lot of ways they do it, but I'm always eager to learn more. Drop me a line at SupportLiaison@Arena.Net if you'd rather share that info privately. Thanks for your help. -- Gaile 00:16, 15 December 2009 (UTC)

Qaletaqa mentions how the RMT got a hold of that account in his comment in the #PlayNC accounts and password changes section [3]. --Silver Edge 04:53, 15 December 2009 (UTC)

Yes that is indeed what I think has happened. Couldn't have been a keylogger, because that was the only account accessed and because I didn't access that account in ages. Also I don't download third-part programs (only third-party program I use now and then is Texmod wich I scanned after I downloaded it). I also eliminated other options and the most likely thing that happened I said in the section that Silver Edge mentioned. Here it is again:

"My fault was using the same e-mail and password on a GW related website (unofficial website), that website got hacked and their database got stolen."-- Qaletaqa Hania 08:58, 15 December 2009 (UTC)

Hacked: (Incident: 091205-000370)

Hey Gaile, My account was hacked around 9 pm on Dec 4th, 2009. I sent a a couple support tickets (got a little impatient) right away. I still haven't got any help though from support. I have some of the CD keys but I don't know if they are enough. I've been playing for 4 years, and this is the first time this has happened. If you could be of any help at all, that would be greatly appreciated. Thanks sandoshD.

It appears this was resolved last week. (Sorry I forgot to post when I checked.) Please let me know if you need further assistance. -- Gaile 00:22, 15 December 2009 (UTC)

Potentialy Legal Issue

Attention: Gaile Gray (or relevant Staff of ArenaNet / NCSoft)

Well, here i am posting this on the official Guild Wars Wiki in hopes someone at ArenaNet or NCSoft can see it and please provide us with an answer. First this is the link as to where I got my concern from http://www.guildwars.com/products/guildwars/features/default.php where it clearly states the following statement:

"WILL THERE BE A SUBSCRIPTION FEE FOR *GUILD WARS*? ARE THERE ANY OTHER FEES, SUCH AS FOR PATCHES OR UPDATES?

There is no a subscription fee of any kind, anywhere in the world and there are no hidden fees. You do not have to pay for the streaming updates that will take place on a regular basis, nor for additional content that we will provide between the campaigns of *Guild Wars*."

So now you are charging us for costumes, which I was not under the impression that any content for the game would be chargeable, other than of course expansion packs and new campaigns. Some people may not see this as a big deal, nor does it affect gameplay. However, if I open my inventory I am forced to see costumes, and the for sale when I log in to the game or store etc. so yes to me, it does affect my gameplay. When other players in town are going on about them, and that you are poor etc. if you can not afford them does affect my gameplay, because I do not want to see others gloating about their circumstances. Example, if I see someone with a Panda Miniature, and they have earned it thats awesome for them. However if they bought in game gold for real money, shame on them.

Nota Bene: Having the luxury of being able to purchase say more storage, extra character slots, character name changes, appearance changes, unlocking skills or pets is more of a gray area, because there are remedies to it in game free of charge. yes you can create a storage character, and or use equipment packs, you can always delete and remake a character or delete one to make another if full and manualy capture or purchase skills.

I do not see those examples as such a big deal, however it still violates their advertising as stated above. The most severe which crossed the line was addition of costumes, since there is no way to earn them all for free in game. Giving a pre order item etc. is not a bad thing wither, what happens if you pre ordered EotN and decided you did not like it, however that is a gamble you take when doing such. So what happened to this game that was supposed to be as advertised? I really want an answer to this.

A good remedy might be (if you are having money problems at ArenaNet / NCSoft to maybe ask players for a donation and give a title like "Eternal Supporter of Guild Wars" to entice people. It's not a bad thing, as because I would surely donate money because of enjoyment I get from this game, instead of adding in items and content to game that is chargeable, even though on this acocunt alone I have bought all 3 games + expansion, then added in all 3 Collectors Editions to this same account to the games, and also added several in store purchases.

But what ever happend to your promise, the one that sold me and millions of others that there would be no hidden fees so on? Why does ArenaNet and NCSoft at any given moment rag about games like Perfect World Online that use a smae model? Even Dungeon Runners is the same as Perfect World in that respect. No matter how you see it, false advertising is wrong, and therefore you mislead consumers such as myself in doing this kind of stuff.

Will anyone at ArenaNet care to offer up an explination, as my emails back and forth regarding this tell me to go here to explain it for "legal reasons"? So now that this is in the open, please do something. But if this will not be addressed I can always take another remedy such as going to the same media you go to and expose this, flood the itnernet with this or even seek legal counsel in regards to your false advertising type of cash grabbing situation. -User:Adam J. 20:09, 22 December 2009 (UTC)

There is no subscription fee for Guild Wars. There will not be a subscription fee for Guild Wars. There is no "legal issue" here, nor is there any sort of reversal of our original statement. You never pay for patches and updates. We have not said, "You will never pay for a single thing, and we'll continue to generate bunches of things that you'll get without charge." The purchase of extras is entirely optional and does not affect gameplay. For example, the addition of a slot to hold items you do not wish to buy does not affect your gameplay, any more than seeing a slot for a shield affects the gameplay of Rangers. :) Many of the extras currently in the game were asked for by players who fully understood that the addition of those items would come at a modest cost. (There are posts all over the forums, to this effect, concerning things like extra storage space, skill packs, etc.)

The statement in the FAQ is both truthful and accurate. I'm sorry if you misunderstood it, or believed it promised you more than you reasonably could expect. If you believed that you would get free additions of every kind, forever, and for free, then you were mistaken. There is no case to be made for "false advertising," for the addition of items with an associated cost is entirely separate and unrelated to the "no subscription fee" statement. And in the end, as you yourself point out, you may buy the optional extras, or not buy them, as you will. -- Gaile 21:06, 22 December 2009 (UTC)

"nor for additional content" <--- I would like a definition of "Additional Content" since that term is being used without reference to anything in particular, so as it would mean any additional content whatsoever in the context being used. Adding any content in to the game and charging for it does not add up. Honestly, I would have never bought the game knowing that chargeable items would be added into the game at all, as the statement seems to now contradict itself in it's entirety.

If anything based on your statement to me it points out inconsitencies in the marketing statement, as there is no indication that NOTE: some content will be introduced in to the game which there may be a small charge or not. I can say EXAMPLE: "Free ham sandwiches for life", but I would need a disclaimer of exemption or liabilities. Such things are common place in marketing such as lotteries offering say 1 million dollars, where it shows that the payout is based on "X" amount of currency for such a duration of time, as a structured settlement.

So, therefore based on such statement that it is and confirmed accurate, then any in game content added in would be non-chargeable. (And to comment about a shiled slot for rangers or any other single caster, you have an option to use a sword or shield, or single handed weapons because you can change secondary professions and skills, thus it is there as it would require it to be for all proffessions; and no I was not referring to the subscription fee aspect, I am referring to the "nor for additional content" which is inbetween Guild Wars campaigns...) -User:Adam J. 21:30, 22 December 2009 (UTC)

I understand what you're saying but as a professional writer, and as someone who is incredibly (perhaps even obsessively) involved with words, phrasing, and issues of communication on a daily basis, I respectfully disagree with you. The word "content" in the normal context of a computer game does not refer to optional features like storage panes, PvP Unlock Packs, or costumes. We do content updates -- the offering of quests during the Halloween event is one example, Sorrow's Furnace in 2005 is another -- and we offer that content for free. We also, often in response to player request -- offer extra features that players have the option to purchase, the purchase of which does not affect gameplay in any way whatsoever. If someone were able to buy an Uber Sword that allows him to inflict more damage than is available to non-buyers, then that would be against our principles. If someone gets to buy a new outfit, that does not affect you or any other player.

I regret to say that you may be dissatisfied with any response, no matter how sound, correct, or logical. If that's the case, I'm sorry that I cannot give you an answer that is more pleasing to you. But I have given you the answer that is correct, and having done so, I consider the matter truly asked, answered, and resolved. -- Gaile 22:46, 22 December 2009 (UTC)

Well Gaile, last I checked there was a difference between a lawyer and a writer. Maybe find a proper answer for me from your legal department. I do not mean disrespect by that comment, but you can't be a Judge, Jury and Executioner at the same time. -User:Adam J.

Question:

"Will there be a subscription fee for Guild Wars? Are there any other fees, such as for patches or updates?""

Answer:

"There is no a subscription fee (sic?) of any kind, anywhere in the world and there are no hidden fees. You do not have to pay for the streaming updates that will take place on a regular basis, nor for additional content that we will provide between the campaigns of Guild Wars."

Aside from the error in the answer there is nothing wrong with the question and/or answer.

I don't see false advertising. The costumes are a different kind of content, I classify it as extra content not additional because it doesn't "add" anything to gameplay. Zaishen Quests and Dhuum are additional content and they didn't charge us for it.

@Adam J:"I would like a definition of "Additional Content" since that term is being used without reference to anything in particular"

It's also the reason why there is no "legal issue". If I would follow your reasoning then they should have given the campaigns for free, yes they are a campaign but they are also additional content. -- Qaletaqa Hania 22:56, 22 December 2009 (UTC)

""WILL THERE BE A SUBSCRIPTION FEE FOR *GUILD WARS*? ARE THERE ANY OTHER FEES, SUCH AS FOR PATCHES OR UPDATES? There is no a subscription fee of any kind, anywhere in the world and there are no hidden fees. You do not have to pay for the streaming updates that will take place on a regular basis, nor for additional content that we will provide between the campaigns of *Guild Wars*.""

There are no fees for game updates and patches. There were no fees for extra content like Sorrow's Furnace, Codex Arena, Zaishen Menagerie, Domain of Anguish, UW, FOW...none of those things had a fee. And as such, Anet's been honest in their advertising. You're streching things very far making the connection that the costumes, character appearence changes and additional xunlai space is extra content in the same measure as adding Sorrow's Furnace. Its not. None of the things Anet charge for are playable, none effect your game, none are required, none are needed to make your experience better or worse. These are optional items that have little to do with the actual content and are for people who feel like having a little extra. You mention Perfect World...well, I have news for you, Perfect World and Runes of Magic (I;ve played both) do the same thing as Anet...they have extra, optional items you pay for like mounts, armor sets, gems and so on. You had best forward this "legal" letter over to their developers as well, and let your attorney know you have a growing case.--*Yasmin Parvaneh* 23:23, 22 December 2009 (UTC)

Actually Qaletaqa Hania, if you read their terms on the page I linked above, it does mention clearly that new campaigns will cost money, that is not what I am saying here. Content being added to the game - per sey IN BETWEEN chapters (IE adding dhuum or Sorrows Furnace etc., will be provded at no charge. Costumes and things of those nature would also fall under that category if you read what that page says. Please read the above URL which is their own official page.

And as far as *Yasmin Parvaneh* 's comment, first Inever said this was a legal letter, if so it would not be posted here, it is merely a concern that ArenaNet should take up with their legal counsel and adivse further. Adding in costumes etc, do affect gameplay, it is in how you define it. Sorrows Furnace doesn't affect my game play if you want to say that thing's don't or not for a player. What I am referring to is again if you read on their official page, they insinuate that any content added in to Guild Wars (and yes the provisions on the page do show a seperate note that new campigns etc. will cost money, however there is no mention of things novelty or not being introduced in to the game at a cost. If they were up front that page would have said something like NOTE: Certain features may be implemented in to the game obtainable by purchase directly from the PlayNC store. Example: "Free Gas for Life" is different legaly than "Free Gas for Life* *Limit 50 liters per month for 25 years, non transferable, valid only at such and such locations etc." They have to have 100% clarity in their advertising, as Perfect World and Dungeon Runners clearly states free play, however things are purchaseable from them, so therefore there can be no confusion, as their exclusions are listed. User:Adam J. 23:49, 22 December 2009 (UTC)

I fail to see the "legal" issue here, even potentially. Anyone trying to take this to court would be laughed at by the judge. Rose Of Kali 23:55, 22 December 2009 (UTC)

Anet takes up anything they do with legal council before the release anything. They're a business, the know the laws or the would not be in business. Gaile and Regina have beemn trained in how to talk to people, for the most part, and have a pretty solid idea of what their company can, and can't get away with legally. If you're calling it a legal issue, and attempting to make that point, be prepared for people like me to rebut the the statements and find flaw with your argument. Again, no one is forcing you to buy the costumes and like the game you used as an example, Perfect World, offer the same optional items that have nothing to do with the gameplay, I hope in all fairness you are QQ'ing to them too. That is how companies that do free to play games stay in business, as I'm sure you're aware, money doesn't just float down from they sky. There is no legal issue here.--*Yasmin Parvaneh* 00:04, 23 December 2009 (UTC)

In Perfect World, you cannot play at a high level without spending money on Hierograms, cash shop items that automatically replenish your HP or Mana when it runs low. A friend of mine spent 1000 pounds on Perfect World in under a year. There's nothing like that in the Guild Wars cash shop, thank God. elix Omni 00:09, 23 December 2009 (UTC)

Well Rose, this is why you are not a judge nor a lawyer are you? In courts around the world there have been far stranger things that have happend. See The point of my truth in advertising "speech" here is to bring awareness to this situation. One example is When Best Buy Corporation in Miami, Florida, had an error online showing a 52" plasma Television being offered for $9.99, However when people got to the store they would not honor it. And why? Well on their website it clearly states that in any cases such as that, the company reserves a right to protect their property and make omissions from typographical errors etc., as they had a good Limitation of Liability Clause, which stated that in "non-verbatim"; "In case of error in pricing or typographical errors, we reserve the rights to not honor it. That case made the news pretty quickly. See because they covered their assets, no one could do anything. You will see those kinds of things everywhere. Once you read what ArenaNet has said verbatim, on their site with no clauses then it makes my point in itself.

Aside from that Rose, when you back in 2008 had some immigration troubles, you would have liked it if someone was there for you to help you understand the laws better, or to protect your best interests, would'nt you? How woulld you feel if someone just said such a comment like it would get laughed out of a court to you? we have a legal system in North America which helps protect us if needed, it is justice for all, not for some sadly.

User:Adam J. 00:20, 22 December 2009 (UTC)

"Adding in costumes etc, do affect gameplay" I am really curious how purely cosmetic changes affects your gameplay? Do they make your character stronger, make them run faster, jump higher? Do they give the players that have them a strategic/tactical advantage over those that don't? In what way do you define something affecting gameplay? As for your suggestions that ArenaNet ask players to donate, that is exactly what these optional features are. Those who wish to support the company pay a minimal fee in return for a cosmetic item/change (rather than a title). No one is forced to purchase them. -- Wyn talk 00:29, 23 December 2009 (UTC)

As a practicing lawyer, I would just like to say I don't see any legal issue here. -- Salome 00:31, 23 December 2009 (UTC)

@Adam: Do not bring the immigration into this, you have no idea what you're talking about. It is a very personal issue to me, and I understand the laws relevant to my case better than some self-proclaimed "immigration" lawyers I've talked to, sadly. Understanding them now doesn't mean I can jump the loopholes that exist, as I got stuck in one in 2001 that is still hurting me today. I've been in immigration and civil court, and seen and heard a few things worth laughing at. Rose Of Kali 00:38, 23 December 2009 (UTC)

Obviously, it does affect my gameplay experience. How you ask? What if I have Masklophobia? ( A fear of costumes and or mascots / masks) (I am not saying I do BTW) So it is pretty strange to ask a question or make an assumption based on stating: "How does it affect your gameplay?" all people take things and or perceive thigns differently. wether it be a physical or mental experience, it is part of which keeps us all "Human" what if i do not want to be reminded seeing in my inventory a space for costumes? -User:Adam J.

Oh and Rose, if you do not know contractual law, then do not tell me what a judge or jury may honor or not. Besides, how do you know that I am not a law student or anything? And besides if you were stuck in a loophole, than a lawyer would be of help. besides Rose, this is a personal issue to me obviously too.

Affecting your game play experience, is not the same as affecting game play. Not having these optional features does NOT block you from and playable areas, nor do they provide additional abilities to characters that have them. Your example of someone with "masklophobia" is total nonsense, as people with those types of issues would not be playing a role play game where avatars are dressed up in "costumes" (all armor is simply a form of costume) to begin with. Stop grasping at straws because you don't want to (or possibly can't) fork out $10 to support a game you love. -- Wyn talk 00:54, 23 December 2009 (UTC)

Adam I AM A LAWYER! (for the second time) Their is no legal issue present here. -- Salome 00:56, 23 December 2009 (UTC)

@Salome: if you are a practicing Lawyer if you dont mind me asking, where did you matriculate, what type of law do you practice, how long have you been practicing? and can you base a case against that "their" advertising is not misleading as a neutral party? would you kindly at least cite me some references on how this is not valid? I can dig you up a few cases that actualy much in same as this.

If one enters in to the contract or end user liscencing agreement for this game, after researching what it was about and using the above link on this page to determine if they would want to play a game that has paid for content such as costumes or not, then finding out that there is paid content available after the contract was accepted based on the advertising material, would it not nulify it? Would it not result in a breach of contractual services on both parties and acceptable party or mediator decide what would remedy this accurately?User:Adam J.

Unfortunately, I cannot afford a lawyer that could build a case for my "loophole," which happens to exists on both the US and the Ukrainian side of things. Plus, pursuing such a case would take longer than doing it the "cheap" way, i.e. waiting it out, which is exactly what I'm doing. But anyway, my case does not belong in this discussion. As for the relevant case, you seem to be clinging to straws and bringing up irrelevant disorders after Gaile told you there is no issue after your OP. Rose Of Kali 01:07, 23 December 2009 (UTC)

Rose, I know Gaile said one thing, but such a thing I do not feel it is best left in her hands alone as she can not see the contractual side of things such as a lawyer would see it, a.k.a "pacta sunt servanda". It would be better for her to get the proper answer from their legal department, thus having them relay the message for clarification, because in how you define content, and how there is no LoL clause in the case being given, it is best to have one of their representatives to give the answer.See having people who can not or speak on behalf of the issues at the question at hand only complicates such things in the end.User:Adam J.

(Reset indent) Enough. The initial question has been answered respectfully, fully, and truthfully. We seem to have wandered off the topic, and I invite you to continue your discussions on your own user pages. To the initial post, several players have responded, in addition to my comment, to point out the error that Adam J has made demanding free features in addition to free content. Adam, you are not entitled to the items you are demanding for free. And you can be assured, our legal counsel carefully reviews all sales and marketing materials. Further, the legal counsel and our community team members know I'm engaged in this discussion, and they all have confidence that I am aware of how to address the questions. I'm going to archive this thread now; there is no need to have the wiki visitors subjected to yet another circular discussion, for you truly do have your answer. -- Gaile 01:26, 23 December 2009 (UTC)

Feedback issue

Repeating the "Potentialy (sic) legal matter" thread

Well, it is nice to see how my last issue was "swept under the rug" by Gaile - still not a very clear answer was provided to me which is rather upsetting. This is not very good customer service for my topic, so now I will ask for escaltion on it to an appropriate member of their legal department staff. I will gladly give them my email address so they can send me what they say, so I can take measures from there. All I am asking for is a formal explination of why they mislead me when I purchased this game, based on the text located at: http://www.guildwars.com/products/guildwars/features/default.php section:

Will there be a subscription fee for Guild Wars? Are there any other fees, such as for patches or updates?

There is no a subscription fee of any kind, anywhere in the world and there are no hidden fees. You do not have to pay for the streaming updates that will take place on a regular basis, nor for additional content that we will provide between the campaigns of Guild Wars."

And yes when you read that verbatim it is not 100% clear that some content would be chargeable inbetween campaigns; as it states that no content in between games would be chargeable, option or not to use. Hence, that is what I am trying to find out why I was deceived when I purchased this game. As I said if I knew that at any point chargeable content in game that would be brought in, wether you think it affects my gameplay or not, I might have considered even buying the game in the first place. If you are not a member of ArenaNet or NCSofts legal department, please do not answer this. I do not care if it sits idle forever, nor do I care if you ban me from wiki or make my in game life hell for speaking my mind, I just want that answer I am seeking. User:Adam J.

Your question has been answered, and you will find it in the archives. There is no "sweeping under the rug" there is an honest, direct, and legally-sound response, given with the input of our legal counsel, as I made clear.

If you wish to contact the legal team, please feel free to check the Knowledge Base, look up the address, and send a letter. Posting this on the Support Liaison's user pages is asking for a response from the Support Liaison. Which you have had. And which you will not get again. -- Gaile 01:59, 23 December 2009 (UTC)

Well Gaile, I am sorry to bother a support liason about this, I tought it was your job to take a look at an issue and escalte to antoher department if it is unresolveable, and as you said yourself, you are not the final judge on some things. So I will try to find their email address for the legal department and send them an email on this. --Adam J.

"check the Knowledge Base, look up the address, and send a letter." Letter /= email. I highly doubt you are going to get any sort of direct response from the legal department electronically. -- Wyn talk 02:08, 23 December 2009 (UTC)

(Reset indent) This matter is not "unresolveable." (sic) As I stated earlier, our legal counsel has already reviewed and approved the sales. There is no "potentialy (sic) legal matter" here. Your position is in error, and the question has been properly and fully answered. Demanding that someone other than me answer on my pages and insisting that your post remain in place indefinitely are both entirely inappropriate. Persistence will not change the answer you have been given and the answer you will continue to receive: You will be and have been given content; you may be asked to pay for features. It's really that simple. -- Gaile 02:12, 23 December 2009 (UTC)

Fansite Security Breach

We learned today that one of the trading sites associated with Guild Wars may have experienced a security breach and its account database (including user names and passwords) may be in the hands of hackers. So far we have identified more than 20 Guild Wars account that appear to have been accessed by unauthorized individuals who may have been involved in the fansite's database breach.

Our security recommendations have never been more timely, particularly those that suggest that you always use a unique password for every single account that you own.

We have closed the game accounts of those involved in the account thefts. We will be watchful for further episodes. And we will be contacting the fansite owner to continue gathering information related to this incident. -- Gaile 21:48, 9 November 2009 (UTC)

Is it possible to say the name of the site? Not for slanderous purposes, but so that players who use the site can know and change passwords if needed (mine are all different, but just saying). Karate Jesus 21:52, 9 November 2009 (UTC)

Well, the biggest is Guru Auctions I assume. But they haven't posted anything about it on the forum. Obie Quiet 22:01, 9 November 2009 (UTC)

Hi KJ. I knew that question would arise. I've talked to the Community Team and at this point, they would rather we not mention a site name because we have not had a chance to interface with the site, or to gather all the info we need to confirm the matter with 100% certainty. Perhaps the site's name will be mentioned once we have more details, but at this point, anyone using the same password on any site -- fansite, forum site, trading site, social networking site, email site, whatever -- should change passwords so that each one is different. It shouldn't take a breach for all of us Internet users to keep security in the forefront of our minds, but this thread may alert a few more people to this very real issue and may help a few more folks increase their security. -- Gaile 22:05, 9 November 2009 (UTC)

I would hope Inde would post right away if Guru was involved.--*Yasmin Parvaneh* 22:07, 9 November 2009 (UTC)

Knowing which site would be good, or if anyone's learnt if any of the trading sites have owned up to this situation would be nice. Not telling us is kinda stupid, just makes me regret signing up to the out-of-game stuff... so, why didn't you guys have an in-game auction house/market place again? ~~000.00.00.00~~ 22:20, 9 November 2009 (UTC)

Something about how information about items is stored and transferred between client and server made it unreasonably pain-in-the-ass-ish to create an in-game auction house for GW1. This question is about as old as GW itself, and unfortunately has been negatively answered somewhere I can't remember. Rose Of Kali 01:47, 10 November 2009 (UTC)

One non-professional programmer made an auction house for a game that a dedicated team of professional programmers can't. Pika Fan 04:30, 10 November 2009 (UTC)

Give that me, a cookie, cos he earned it if that is the case. Regardless, it would be nice to learn which site has been struck, so I can delete my account/profile with them if I'm with it. ~~000.00.00.00~~ 04:57, 10 November 2009 (UTC)

What are you talking about, Pika? It's one thing to make an auction house on a web site, and another to do it in the GW game client. Rose Of Kali 15:39, 10 November 2009 (UTC)

He's referring to Shard making a persistent auction house for NWN. Great job on his part, but it really has no bearing on why there isn't an auction house in GW.--Pyron Sy 15:41, 10 November 2009 (UTC)

If GW became open-source one day, I am willing to wager my beloved stuffed pikachu that some whoru programmer would be able to come up with an addon for an auction house, or something similar. Pika Fan 17:22, 10 November 2009 (UTC)

I'm willing to wager my beloved blow-up doll that if it didn't require an extensive amount of resources that ANet didn't have, we'd already have an in-game auction house, seeing as they took the time to build the Zaishen Menagerie and an entirely new arena. ··· Danny Pew Pew 21:05, 10 November 2009 (UTC)

Except that we were once told that scaling knockdown durations could not be done. We must accept everything that anet says as the truth I guess.Pika Fan 16:15, 11 November 2009 (UTC)

Except that they hired a new programmer who just happened to come up with an idea of how to modify that mechanic without breaking anything. Bad example, Pika - I expected better from you. ··· Danny Pew Pew 19:06, 11 November 2009 (UTC)

Actually, you just supported my argument "Scaling knockdown durations can't be done" "Anet hired a programmer who knew how to do it without breaking anything" "Auction houses can't be done" "Pretty sure there is someone in the world out there who knows how to do it without breaking anything". See where this is going? Pika Fan 07:54, 12 November 2009 (UTC)

Thanks, Gaile. I had assumed that would be your answer and it's a fair one. I'll warn the people I know and thanks again. Karate Jesus 19:29, 10 November 2009 (UTC)

Hi, my account was stolen. A few days previously issued items to the Guru Auctions. But there did not use your e-mail and password from the game. The only site where I used the password and email of the game was the party Xunlai Tournament House. Anet blocked my account and now I have a problem finding the activation keys to the game. Misio Puchaty. -- User:zbik84

Hi my account was also stolen and it appears that my plaync account was also hacked. I have never been to a trade site or any forums that require a login. My plaync account has no affiliation with my game accounts (I have 3). It appears to me that the breach is at ncsoft itself. They can blame it other sites all they want but there is no justification for it. You need to remove the link at Plaync to any game accounts and you will be much safer.

Update: 2 December 2009

We did confirm that one fansite had a security breach. The website owner has been very open and forthcoming about the issue. The webmaster posted on the site to let site visitors know about the situation and to urge site members to update their credentials in order to eliminate matching credentials on the site and on any game account.

We appreciate the fansite staff’s cooperation and believe that the enhanced security that the webmaster suggested will help prevent further breaches related to that site’s issue.

As mentioned previously, all fansites for which we have current contact information have been contacted by the Community Team to heighten their awareness of security concerns. -- Gaile 00:52, 3 December 2009 (UTC)

Now that you have confirmed the compromised fansite, are you able to officially mention which it was? I don't think there is any downside to over-informing people when it comes to account security. Failing that, could you at least make an effort to address all the false accusations that have appeared on your wiki page? It concerns me that so many assumptions have been made, and no steps have been taken to clear those up now that the issue has been resolved. It's very well for the representatives from those fansites to come here to try and point out the facts to clear their name, but it's obviously not an impartial and official message, so many will dismiss it. Snowy 12:12, 8 December 2009 (UTC)

Going to assume that's a no. -JR- 14:46, 16 December 2009 (UTC)

Hacked Accounts: Research Continues

We've seen comments on this page, on the Guild Wars Wiki in general, and on fan forums that show a rising concern about account thefts. And it's true that the number of hacked accounts has risen somewhat over, say, a year or two ago, even while it's not a major crisis. Security is of paramount importance to us, as we know it is to you. I wanted to give an update on what we've done and what we've learned so far:

• ArenaNet and NCsoft have taken a hard look at both game and network security, and no breaches have been discovered. We've worked independently and collaboratively to research the matter and will continue those efforts into the future.
• We've contacted fansites and let them know of certain database breaches that have taken place on fan forums and trading sites. Certain popular forum programs have security updates several times a year because they are targets for hackers, and as a result they experience security breaches from time to time.
• We've been in continued contact with a fansite that did experience a relatively-minor database breach. The site owner has made visitors aware of the problem and has taken steps to beef up security.
• We've interviewed a few hundred victims of account thefts about security matters, including their participation in external sites, their use of third-party programs including chat software and social media, how they use ArenaNet and NCsoft resources, and more than 30 others points of data.
• Tonight or tomorrow, I will be emailing a small number of players to interview them about a few questions related to security issues. These aren’t hacking victims, this time, but we feel the info they can give us will be invaluable in continuing our analysis of the whole issue. If you get an email that seems to come from me, it probably does. But feel free to ping me via this wiki email address to verify, if you wish to do so. And remember, I will not ask for your account credentials or other confidential information, nor will anyone else from ArenaNet or NCsoft. -- Gaile 04:04, 21 November 2009 (UTC)

Thanks for the update, Gaile. I'm sure most of us here are willing to lend any help that we can. HanokOdbrook 07:31, 21 November 2009 (UTC)

I sent out 60 emails this morning. I waited for the weekend to pass because it seemed a good idea to hold on contacting players until the work week started in case I needed to liase with other team members about the situation. I am looking forward to talking to folks to see what I can learn that will help us with our analysis of the situation. -- Gaile 21:25, 23 November 2009 (UTC)

Question regarding password change

→ moved from Feedback_talk:Gaile_Gray

Hi Gaile, I've always wondered why when we change our password via the plaync site, we are limited to: "Your password should be between 8 and 13 characters, beginning with a letter, and containing only numbers and letters. It must contain at least one number." Why can't we use symbols, and why this poor limitation whereas the non tied account can put at least a password 20 characters long with no problem? Kind regards Kokiri99 21:33, 23 November 2009 (UTC)

I think those are very good questions, Kokiri. I can tell you a bit: The systems for game passwords and NCsoft passwords was created by entirely different teams. That's why they are not identical in what they require and/or allow. I agree with you that having an option to use symbols would be very good. I'm not sure that 13 character is any less secure than 20, but I like more options, so I'd agree raising the ceiling on character numbers would be nice, too. But let me say that despite understanding and even agreeing with the points you've made, I do not foresee a change in the immediate future. I will request one, but Guild Wars is just one of many games, and the NCsoft team must balance requests from numerous teams as well as the unique design elements of each.

So thank you for the inquiry and I will ask about it. In fact I was writing an email to half a dozen team members this very minute, so I'll add this question and request. If I learn more I will post it on the Support Issues page in the future. -- Gaile 22:37, 23 November 2009 (UTC)

Thank you very much for your quick reply.

In your account security tips you recommend "you'll do best to have random letters, numbers and perhaps a symbol or two". I'd quote truecrypt for additional tips : "a good password is a random combination of upper and lower case letters, numbers, and special characters such as @ ^ = $ * + etc. We recommend choosing a password consisting of more than 20 characters (the longer, the better)". Well, with all these recent security problems, regardless people who use the same password everywhere or keyloggers and malwares which i'm sure there are people who are very cautious not to have or play on linux, a strong password is the best protection.

I really hope this password limitation from the plaync site will be raised in a near future, and maybe the ability to change the user name too.

Thanks again. Kokiri99 00:07, 24 November 2009 (UTC)

I talked to the producer of Guild Wars (original, not 2) today and he assured me he'd follow up on the question. He remembers my asking it before, and we are both sure he forwarded the question to the NCsoft team. We'll see if we can get an update on a timeline and if they cannot make the change for some reason, we'd like to know that too, of course. -- Gaile 01:01, 3 December 2009 (UTC)

I would like to thank you, it seems now even if you have a NCsoft master account, you can change your password in game : I was able to change it and I could add symbols :) , there's still a limitation of 15 chars (?) but it's a very good step regarding security. Kokiri99 10:41, 18 December 2009 (UTC)

Edit: I just realized that I was wrong from the beginning about the password limitation from the tied or non-tied accounts. I always thought that the extra chars above 15 were taken into account even non displayed. I discovered that when changing my accounts' passwords which were supposed to be 20 chars+. It seems that's the limitation when changing your password in game has always been 15 characters (correct me if I'm wrong). Sorry for my mistake.

Well now with the possibility to change it in game and with symbols allowed, I feel more secure, nevertheless the limitation could be a little higher and applicable to the NCsoft master account too. Kokiri99 13:31, 18 December 2009 (UTC)

Hijacked Account [resolved]

Just thought I'd drop this in here to give some hope to those who have hacked accounts and are waiting for them to be returned and some info on my own hacked account;

lets start by addressing the basics on the security page link Account Security

• I did not buy gold or items from an RMT.
• I did not sell anything for real money.
• I did not trade game accounts or access keys (game, buddy, trial) for in-game payment.
• I did not share my game account.
• I did not buy a used account.
• I did not use the same email/passwords on forums and other unofficial sites.

• I did Use a unique user name and a unique, complex password for Guild Wars.

If typing passwords like ydNRwr0Hro don't make my account secure I don't know what will, that is a good example for the rest of you people when you get your account back again, don't use simple words for your passwords sure there easy to remember as words but just keep in mind that word you used for a password is probably in some hackers word database. some password systems even allow you to use things like this too 2I6wT,^fx? the longer and the more scrambled it is the better.

• I did not use third-party programs. ( but this is a little ambiguous considering we all run all sorts of other games/programs which might have had a consequence too GW, which is untended )

• Keep your email secure, it was.

• And I do run anti-virus/anti-spyware software.

So where is the hole in the security ? I'd polite suggest that the security whole is at NCSoft binding accounts to a website is not a good plan, especially when accounts can have the password changed without confirmation from the email account to change the password, there should be a system where if you change the password it emails the account holder for confirmation by clicking on a link in the email to confirm it, this is a huge oversight on NCSofts part there for it is them that are at fault.

Here are some suggestions to improve security in the future, and a way to give back some of what has been stolen.

1. make sure when a person changes there password, that the email address is sent a confirmation.
2. The hall of monuments is an excellent record of what that character had for armor, place a crafter there whom will re-craft armor you've had for no free as long as you've stored it in your hall of monuments you can get it back again, this armor will be UN-SALVAGEABLE meaning that you can put runes in it, you can take them out and it'll still destroy the armour but you will get 0 materials out of it, this goes for anything else stored in the HoM too.
   1. mini pets restored in this way are unable to be traded or dropped
   2. weapons same deal unable to be traded or dropped, and assigned to the character.
3. put an in game password to access you chest, once you log in and type it in it remembers it for that session only.

This would go someway into restoring what is lost, while I understand that items cannot be given back there are still things NCSoft/ArenaNet can do to make some sort of reparations for what was lost.

Finally I'd like to thank the staff that fixed restored my account to me, 091205-000578 Nickolaus, GM Grackle & Alexander. it may take them awhile but they do get there in the end.

http://guildwars.incgamers.com/ Injector

I'm glad you got your account back. Things that you suggested have inherent problems: many dedicated pets have been resold, armor and weapons destroyed, so the HoM is not such a reliable record as it seems at first. Double passwords I welcome, there is even a game that requires a separate password for each character on the account, which I like very much, but many people find these annoying. Email confirmations are currently troublesome, because many people no longer have access to the Email they used as their GW login. But something needs to be done to enhance security, there is no doubt about that. Rose Of Kali 14:15, 9 December 2009 (UTC)

And so what if said armor, pets and weapons are destroyed? It's just for the looks since you can't trade it away if you remake these items with what Injector suggested, just like PvP armor and weapons. Note that we are talking about DEDICATED items that can be remade, so even if you trade it away, people can't abuse by passing items around for others to "unlock". It would certainly solve a lot of problems caused by hacking. Pika Fan 10:40, 12 December 2009 (UTC)

PlayNC accounts and password changes

Seems like many (dare I say "most?") of the recent hacks were blamed on a compromise of the PlayNC account and a resulting password change, leading to stripping of the linked accounts. A proper course of action for Anet and NCsoft right now would be to work on that area of the breach.

Modify the password change system, make it more robust, so that a compromise of the PlayNC account does not automatically lead to the compromise to all associated game accounts. Also, do everything you absolutely can to allow players who had linked their game accounts to a PlayNC account to change their GW login Email. Many of the login Emails are no longer accessible by players for many reasons, and that is a big problem in itself, which disallows some very effective security measures (such as email confirmation of password changes).

Thx for your attention, I hope this is on top of your to do lists right now, as it should be. Personally, I'd rather wait another month for new content, but feel safer about what I already have. Investigating is all great and necessary to punish the guilty, but prevention and mitigation of damage to affected accounts is better. And PLEASE, keep us posted on the situation, so far all we've heard is that you are "investigating" things and gathering data, is there really no other progress or any plans to change the system? Rose Of Kali 14:08, 9 December 2009 (UTC)

^How about also taking a clue from this guy and making an IG security.http://wiki.guildwars.com/wiki/Feedback:User/C0mm4nd3r/The_Ultimate_Anti_Account_Thief_System --SirBoss 14:45, 9 December 2009 (UTC)

Problem is Rose, is that both anet and NCsoft deny! that the security breaches have come from THEIR supposed secure site and totally put the blame on the players own security......

Actually it most likely isn't Anet and/or NCsoft's fault, alltho they could improve security by adding something like a simple verification e-mail asking if it was actually you changing your password or e-mail address. Anyway that would still suck if you use the same password on your e-mail account.

I got lucky it was only a trial account that got hacked. My fault was using the same e-mail and password on a GW related website (unofficial website), that website got hacked and their database got stolen. That is most likely the thing that happened to the other people that got hacked, if their NCsoft account got hacked is because they used the same username, password and/or e-mail on an account used on a GW related website.

When I found out an account was hacked I went like "What did I do to get my account hacked?" and I checked everything and found out what I did wrong while most people just point the finger to Anet and/or NCsoft. The reason why many people do think it's Anet and/or NCsoft's fault is because when one person pointed the finger to them (without having any proof), someone else sees it and does the same (again without any proof), it's a piramid effect. Qaletaqa Hania 19:05, 10 December 2009 (UTC)

There is a difference between "it's Anet's fault" and "the PlayNC master account was breached." It may not be directly Anet's fault, but the PlayNC accounts get breached, and it leads to very bad things happening because of the password change system which hands all of the linked accounts to the hacker on a silver lined platter.

The fact of the matter remains that their password change system is dangerous. As Q said above, sharing credentials lead to a breach of the master account, but it was the password changing system that lead to the breach of the actual GW account. Had the hacker been unable to change the password without confirmation of the old one, the GW account would not have been breached even if the master was breached. Anet is not directly responsible in this case, but they need to be proactive and put more hoops between the hacker and the "loot," the more the better.

Also, I used my primary email as my GW login 4 years ago, and that email is known in all kinds of places now, the amount of spam I get is quite indicative of this. Unfortunately, there is NOTHING I can do now, because I linked it to my master account. I also don't have the fancy encoded password keepers, so yes, I do have a small number of passwords I use on most things, each with it's own level of security, so to speak, and I vary them slightly place to place, but they do repeat. The thing is, most people do it similarly, they share passwords for the sake of remembering. But passwords can be changed anytime, which I do. However, I can't change the email I use to login. This is bad, and we all know it. In fact, the login should be a username, not an email, the email should be attached to the username with the ability to change it.

These are the two main weaknesses I'm getting at: the inability to change the login Email (yes, most people linked them to the master, so I don't care that you can change it BEFORE you link it) and the weak password changing that is currently in place. You simply cannot deny that these are very dangerous weaknesses that need to be addressed. There is plenty of room for improvement beyond that, but you can't slide this under the rug and keep pointing at the user's faults. Rose Of Kali 22:23, 10 December 2009 (UTC)

I'm getting tired of this drivel that it's the users fault as I stated on a forum when you have passwords like "kF231@##!1X" and you still get hacked you have issues, with not just your security on the website, but employment fraud brought into question, with an employee running off with the user database which is possible breach and a reason why there have been so many, not to mention because it's on a website it can be brute forced hacked into, all because there is no cross checking with email confirmation that you did indeed ask for a password change, my 2nd account I changed the password on yesterday and it STILL 24hours later has not been informed that the password has even changed at all although it has, this is an abominable situation and needs to be addressed effectively and openly.

Right now you have hundreds of users complaining all over the net about there accounts being robbed, GW2 are going to suffer because of this, one of the things I checked up on when I got GW 4 years ago was the level of complaints about the game and not all the hype on how good it was, these pages are going to rediscovered by others in the future searching the same thing.http://guildwars.incgamers.com/ Injector

Good point injector and you are not going to a get a company to admit it's liability in any security breaches as they would be inundated with lawsuits for lost items and gold and so on......anet is a subsiduary company to ncsoft so it is equally liable if they're were any security breaches.I am not saying that either anet or ncosft are 100% responsible because yes some players do share and are very lapse in what passwords they use, but in other cases like many others you wouldnt be able guess someones password so easily with a combination of upper/lower case letters and numbers. Yes there needs to be improvement on the current situation and you would have thought that by now the company wether it be anet or ncsoft would have at least tried to beef up what everyone is asking for, the only reason I can think of and many others have said is that they dont want to change it back to where you had to click confirmation emails when you wanted to change either accounts log in email/passwords, as it would give players the option then to be able to exchange or sell acounts which is breaking eula rules.Reborn007 --The preceding unsigned comment was added by 86.13.174.118 (talk).

"they would be inundated with lawsuits for lost items and gold" WUT? There is no monetary value attached to any of the "lost" items, so there would be no grounds for suits. No court in the world is going to apply punitive damages to the loss of in game/pixelated items. Those people whose accounts have been hacked, have, as far as I understand it, gotten them back, so there is no "loss" other than the time they have spent in the game. If they were not able to get their accounts back, the most that they could possibly sue for would be the initial cost of the game, plus any additions they have spent for character slots/upgrades, all of which would be covered in small claims. Please base your arguments in reality, not some gamer's dreamworld where all their pixel gold and elite items are worth going to court over. -- Wyn talk 02:56, 11 December 2009 (UTC)

REGARDLESS OF FAULT in the recent breaches, the two things I pointed out need to change, as they provide absolutely no barrier between a website username/pass breach (easier than hacking the game login) and complete stripping of the in-game account. Rose Of Kali 03:36, 11 December 2009 (UTC)

At least the in game password change forces you to type your old password before giving you the right to give yourself a new password, PlayNC doesn't even do that it's so weak you can just change it period no questions asked, no confirmation. Injector

Well, there is no in game password change for people with plaync account names. They can only be done through their master account. -- Wyn talk 04:11, 11 December 2009 (UTC)

"WUT? There is no monetary value attached to any of the "lost" items, so there would be no grounds for suits."

You sure there are no grounds for suits? Privacy law, In some countries companies have to do what they can to keep personal information as secure as they can, if the company is aware of a flaw, or someone has pointed out a security flaw, then they are at risk of beeing sued. Also NCsoft already has been sued once already for losing account data in 2006, don't know how it ended tho. So they already have a "bad" record, but if anyone has told them about a flaw in their security then they know there is one, wich is a bad thing for them because if they don't act on it then they are at risk of beeing sued if i'm correct.

Also it might have no monetary value according to you (wich it does, you bought the games and/or bought other things thru the in-game store) but it can have sentimental value, and when something is stolen that has sentimental value it can cause mental distress. Wich can also be a reason to sue, but I highly doubt that would work in a case like this.

Since they sell games internationally they have to comply with international law.

I'm not a lawyer and don't know much about it but there is a well known magazine in Belgium that is part of ICRT (International Consumer Research & Testing) wich might check out the security on the NCsoft website (since it has a shop) when asked. They have a legal department etc... so they would know alot better. They mostly check quality/price ratio stuff etc... and i've seen some articles about e-bay and/or paypal.

Anyway, I won't contact them because I don't wanna put the time, effort and/or money in it.

@Injector: You need the password to get into the NCsoft master account, so even if they asked you to give the "old password" then they still could change it to a new password, but yes a confirmation e-mail would be an improvement. But if someone uses the same password for their NCsoft Master account and e-mail address then they can still be screwed. -- Qaletaqa Hania 05:45, 11 December 2009 (UTC)

Bah these types of cases are beginning to happen.http://www.virtualjudgment.com/index.php?option=com_mojo&Itemid=26&p=14 http://www.massively.com/2008/10/21/dutch-court-convicts-2-minors-of-stealing-virtual-items/ --SirBoss 14:47, 11 December 2009 (UTC)

You say that changing the password through the master account is already passworded by the PlayNC password required to log in in the first place. This is not the same as requiring the IN-GAME old password before choosing a new one. These are different passwords. O_o Choosing a new in-game password through the master account should require the old in-game password, and if you forgot it, you have to prove account ownership through support. This is how it should be. Rose Of Kali 17:15, 11 December 2009 (UTC)

/agree --Ellisia 18:40, 11 December 2009 (UTC)

I agree to, I was talking about the NCsoft Master account password only and didn't even think about the password(s) for the game account(s). I was tired when I wrote the previous comment. -- Qaletaqa Hania 22:14, 11 December 2009 (UTC)

Has there been any respons to this? I mean if they can get in through Ncsoft, EVERYONE who has an account linked is at risk. And since you'l have an ncsoft account when you buy things in the gw store, buying things could put your account in great risk. I just don't understand why they don't act uppon this atm. People are still at risk. from what I've heard (multiple times), they even hack paypal after purchases through NC-soft. And I never did get why Ncsoft requires you to use a WEAKER password than gw. You can't use symbols! Fix this PLEASE :(. I bet it'l take an GM account to be hacked to get this fixed (if NCsoft listens even then)(and I hope it doesn't). --Ellisia 09:39, 12 December 2009 (UTC)

Totally agree Rose that Ncsoft need to beef up their side, but come on Ellisia, do you think that they would admit that some of the account hacks are part of a flaw in their security and also do you think that if an GM account was hacked they would still do anything....NO...because they are not losing any money in any of this, it is only the poor players that suffers. another point to make is that all items/gold in game have their own piece of code a bit like DNA. Restoring items just means that there would be too much work in getting the rightful items to thier rightful owners. It does not put them in a great position for GW2 as I have seen through threads that they are seriously thinking of staying away from the sequel, due to this whole hacking business. User:Reborn007

Actions can be a respons too, for example: they allow the use of symbols in the ncsoft password, they increase the possible length of the password, they ask for the old password for gw acounts, they add character locks,... (restoring isn't needed if they can't get in or delete your characters)(and I don't expect them to restore accounts, I know it would be a hell of a job to keep it going and not have frauds). And they are losing money, maybe not visible on the surface, but everyone who walks away after a hack isn't going to get friends into the game, buy new chapters,... . And a feeling of insecurity isn't good PR either. I don't expect a "we have a security risk" or something in that manner, I don't even want them to do that, what I do want, is that something gets done about it(and i'm bolding things because they should be noticed in these walls of text). This isn't something cosmetic, this is one of the most important, if not the most important isue in a game. If thousands of hours of work can be taken away in seconds, what's the point of having a hall of monument, or even playing the game. --Ellisia 10:57, 12 December 2009 (UTC)

Hey guys. Let's start using passwords that are random assortments of lowercase and capital letters, along with numbers and punctuation if possible. I bet that would probably solve the problem. I would love to see the passwords that the people who have been hacked use. On top of that, I'd be willing to bet it's the same people who get their Facebook accounts phished. There is a post somewhere on this site where a user thought that his 5-character pure numeric password was a good one. I mean, really. ··· Danny Pew Pew 00:43, 15 December 2009 (UTC)

Yes of course there are people who choose stupid passwords, that doesn't mean other possible problems with security should be overlooked -_-. Seriously if you are a hacker, what would you do? Try and hack each account individualy, or try and hack a site that doesn't even allow passwords to be as strong, but gives you full access to every game-account connected to that master-account, without having to know the passwords for each of them. And on top of that you prevent the owner from changing the password himself (without contacting support). If we have a thing like a masteraccount in place, shouldn't it be safer than the individual accounts? (in case you'r wondering it's not safer ;)) --Ellisia 01:39, 15 December 2009 (UTC)

You want to know what my old password(s) was well your in luck my safe just opened and I can get my code book out, it only opens for 2minutes a day :), lets see plaync was "Xj7goN9emuFuh", the game account was "ZcDz5GAyolrED" nb: DO NOT USE THESE FOR YOUR OWN ACCOUNTS! just in case you are wondering I know I was, at password length of 13, trying 500,000 passwords a second with 1 computer using lower/upper case characters will take 12861917392 years to brute force crack. if they'd allowed us to use punctuation or the full ASCII table 3782158995863 years Injector

Guru is striking up a petition, not a QQ thread.

→ moved from Feedback_talk:Gaile_Gray

Maybe you should have a look. I know NCSoft and ArenaNet are VERY seperate companies. But just forwarding the word on. There are LOTS of people on guru that think something is wrong, and lots of people who play the game post on guru. I'm sorry Gaile if this is NC's fault and not ArenaNet's. But we as a community have finally had enough with this horseplay. ArenaNet thrives with NCSoft and if this continues because of NCsoft I'm quite positive it will or already has had an impact on A.Net. People who have lost their accounts in such ridiculous matters this past year look like lost customers and lost sales to me. I don't know how you guys view it. I realize you are all working hard on things but take the time to look over on Guru, finally an actual petition thread is up and there are already 7 pages in less than one day with /signed. We care. http://www.guildwarsguru.com/forum/showthread.php?t=10416402 - Chrisworld 20:06, 10 December 2009 (UTC)

I dind't find a topic on wiki anywhere (and I don't have a guru account, something with getting no confirmation email), but I just have to add /signed to that list. Improving account security is above gw2 on my list. --Ellisia 20:35, 10 December 2009 (UTC)

I'd just like to point out a fairly important distinction: It is not Guru striking the petition, it is the Guild Wars community striking the petition with Guru as the vehicle. The staff of Guru are not responsible for the the petition, other than ensuring it meets the guidelines of the forum. It is a community creation. -212.159.32.123 22:33, 10 December 2009 (UTC)

Oh, of course. I know that. But usually when someone refers to "guru" they mean the community. Like every week when Nick is found usually the talk page says something like "guru found him" or something along those lines. Sorry for the confusion. - EDIT: The thread has been closed and moved to a different discussion.: http://www.guildwarsguru.com/forum/showthread.php?t=10416505 - Chrisworld 03:13, 11 December 2009 (UTC)

I have been reading that thread, and I admire a lot of the ideas that are coming out of it, particularly the ideas of a practical nature. Some are good, some aren't so good, or are not do-able, but overall, there's a lot of value in a thread that offers honest, player-driven input on a critical matter. You will be hearing soon about this matter, but I can tell you that we do continue to keep security at the forefront of our priorities on a daily basis, and the current concerns expressed by players have only heightened our focus. -- Gaile 02:54, 15 December 2009 (UTC)

Thank you for the respons ;) --Ellisia 08:56, 15 December 2009 (UTC)

Come on keyfob! :D --★KOKUOU★ 09:39, 15 December 2009 (UTC)

The most stress among players are the hack threads on guildwarsguru I guess. Remove them and everything will be fine.62.133.217.232 10:55, 16 December 2009 (UTC)

Not quite sure what you are referring to there, but I can assure you that nothing gets removed from Guru without being in breach of the forum rules. :) -JR- 14:45, 16 December 2009 (UTC)

62.133.217.232 do you like ostriches by any chance:p?--Ellisia 19:02, 16 December 2009 (UTC)

In game issues with DirectSong

Hi Gaile, sorry to bother you about that as it is not strictly an ArenaNet matter: some people (including myself) have switched to Windows 7 64-bits and cannot listen to their DirectSong music tracks ingame anymore (it still works fine when using the media player). Some (such as myself) have no DirectSong icon anymore in their Sound tab in the Options menu in game; one other guy succeeded to get the DirectSong icon back in the game though it says something is bad with Direct Song and the music is still not playing the external tracks.

Previously I was on Windows XP 32-bits and Windows Vista 32-bits and everything was working Ok for me.

See:

• getting music to play ingame
• Windows 7 64-bits (my own entry)

As I've written there, I've posted a ticket at DirectSong's support page a bit more than one month ago but I still have not feedback from them. Should I write a ticket to Guild Wars/NCsoft support as well?

Thanks. Jaxom 01:59, 11 December 2009 (UTC)

There's no "s" in 64- or 32-bit.  :/ Anyway, if I remember correctly, DirectSong basically fell off the planet some time ago, and while some of it still works, trying to get support is like asking the IRS for a pot of gold. Did you bother reinstalling whatever software is necessary to use DS? And make sure to run everything (GW and DS) as root (administrator), otherwise it may not work correctly because M$ can't do anything right (well, except Consolas ♥). –Jette 10:20, 12 December 2009 (UTC)

Not to mention, and I hate to have to reiterate this, but Guild Wars is not officially supported for Windows 7. (Feel free to correct me. Since it's a few thousand times better than Vista I would certainly appreciate if it was.) ··· Danny Pew Pew 22:49, 12 December 2009 (UTC)

The DirectSong "Software" is just a text file with paths to the music, and codes so it knows where to play them, and a dll you place in the game folder. If you're not getting the icon, then the dll is not loading. I don't have Vista/7, but running the game as an admin should fix the dll loading. After that you have to make sure that the songs are in the right place, and that there's a path to the folder where you have the songs written in your registry. To make that registry entry use this. Unpack it into the folder where you have your folders with the music, and run it. — Poki#3 (talk) 17:38, 13 December 2009 (UTC)

Thanks. Since I am the one that did provide help on most DS issues described on the DS talk page, I think I am pretty sure that I know how it used to work under Windows XP and Vista 32-bits. Here the issue is Windows 7, 64-bits, the way Guild Wars and the directsong DLL interract with each other and possibly WM12. But thanks for sharing anyway. Jaxom 07:38, 14 December 2009 (UTC)

The text file with the songs can be edited. If it's a WM12 problem (it shouldn't be though) you can always burn the songs into a CD Audio, and rip them to mp3 to remove the DRM (that they stopped using anyway) and then change the file extensions in the text file. As far as the dll loading on 64-bit W7... I'm not that good with computers ^^; — Poki#3 (talk) 12:34, 14 December 2009 (UTC)

It might be that the dll is 32-bit, whatever that might mean. Have you tried running Guild Wars using XP compatability? Or on a 32-bit W7 install? ··· Danny Pew Pew 23:05, 14 December 2009 (UTC)

Administrator and/or compatibility mode does not change anything. I won't have access to a 32-bits version of W7 until mid-january (upgrading my mother's laptop while she is away) but you can bet that I'll give it a try as soon as the computer is setup ;). Jaxom 05:55, 15 December 2009 (UTC)

(Reset indent) I wish I knew more about this, Jaxom, as far as your getting the help you need. I am nearly certain that if you write NCsoft Support, they will ask you to write to DirectSong. Have you tried freshing your email or ticket with DS? It's really the only answer I can think to give you, since we don't have the capacity to assist with DS matters. -- Gaile 02:50, 15 December 2009 (UTC)

I can always give the generic "download the music and then use foobar to play it" suggestion. Which actually works better. The only thing you lose is that blinking light, and I really don't think it's worth the additional RUM consumption anyway. Besides, half the music it plays by default is at 128 kbps or some garbage, which in mp3 terms is about the same as saving an image that looks like this (if you can't tell what's wrong with that picture, you need your eyes checked). It's a wonder you can hear it at all. –Jette 05:42, 15 December 2009 (UTC)

/ignore Jette's pointless suggestion as usual

Thank you Gaile, this is mostly the answer I was expecting, but it is good to know I asked the correct support service first as I was not sure:

DirectSong support in GW on Windows 7 64

Date: 2009-11-03 04:27:41

[...]

Hi,

not sure if this is a Direct Song or a Guild Wars issue so please excuse me if I've posted on the wrong support page.

I've just reisntalled my PC with Windows 7 Ultimate 64-bits and I sucessfully re-activated all my DirectSong pak without trouble. BUT my DirectSong musics are not playing in game in Guild Wars anymore.

In fact there is no DirectSong icon anymore in the Game's sound menu (it's not that the icon is grayed out/unlighted, there is no icon whatsoever). I've verified that the required DirectSong registry key MusicPath is in HKEY_LOCAL_MACHINE\SOFTWARE\DirectSong and that it points to the valid directory where all the paks are with the ds_GuildWars.dll and th GuildWars.ds file but nothing changes. I suspect that the DLL might not be loading for some reason.

Thanks for your help.

System: Windows 7 Ultimate 64-bits French

DirectX: DirectX 11

Windows Media Player: WMP 12

I've updated this ticket at DirectSong as you suggested. If I ever get an answers from them or if I succeed into making that work, I'll update the DS article here and the ones I have created on the French wikipedia and GW wikia as well.

I would suggest that IF such parternship is to be used for GW2, the technical part (DLL, acesss to music files, etc) should be handled directly by the game instead of realying on a external provider. Jaxom 05:55, 15 December 2009 (UTC)

Just a heads up, DirectSong support isn't the fastest to reply :/ (It's been a few months after I requested a music activation reset before they complied) — Poki#3 (talk) 13:22, 15 December 2009 (UTC)

I don't know about Windows 7 RC, but I've gotten DS to work in one of the beta's (build 7048 x64 to be exact). I know I had the key pointed correctly (to DS on my Vista partition) and (I think) I ran it as admin. I can always install win7 and see if I can get it to work (the RC is build 7100, isnt it?). And about DS's support, I never got a reply from them, sent in around a year ago. At least I was able to fix it. -- Cat Slayer Calli 02:22, 16 December 2009 (UTC)

In-game "bug" email

Hi Gaile, I emailed you using the E-mail this user a while ago about a possible game exploit/bug that I found in-game (as said to on your talk page). I sent off the emails approximately 2 weeks ago, and never heard back from you. At first I assumed you may have been just too busy, but then I was wondering if you got it at all. I don't actually know what date I sent it (didn't tick the pretty little box to forward it to my own email address) but it was to do with the Bonus Mission Pack (kind of). I thought it may have been fixed in the recent updates, *non-suspicious whistle* but it still works.

I was going to email Joe as well, but the email user function is disabled for his account, and I didn't want to post it on the bug page as it could be exploited. I tagged the actual message itself as from "Mystical Celestia", but I assume it would have come up as from my email address which I prefer not to disclose here. So just wondering if you happen to get the email? Thanks! ~Celestia 03:26, 15 December 2009 (UTC)

Hello, Celestia. I am sorry, but I do not appear to have received that email. I would be most interested in getting it. Please feel free to forward, or resend, to SupportLiaison@Arena.Net. Thank you! -- Gaile 00:40, 16 December 2009 (UTC)

Okay thanks Gaile. I've typed (sadly it took forever on an iPod) it up and sent it just now. Hopefully this one goes through. Sorry for the wall-of-text! ~Celestia 01:29, 16 December 2009 (UTC)

Thanks, email received! -- Gaile 18:33, 16 December 2009 (UTC)

Just a heads up Gaile, this "cat is out of the bag". It wasn't me, but check the articles concerning. ~Celestia 00:04, 24 December 2009 (UTC)

Increased Account Security

First off, this is not a rant and I hope further comments will stay that way. The recent increase of account theft just shows that the account security could use an upgrade. This would prevent a lot of grief, and support staff could focus on more interesting things. Why not simply add a secondary password to all accounts, which will be asked when user logs in from a significantly different IP address compared to last successful login, like from another country. This would not affect the everyday players unless they travel a lot and use a lot of different ISPs. It would however cause an extra lock to crack for RMT hackers.

Just to clarify, minor IP changes in a dynamic IP address would not trigger it. A failed attempt at second password could then lock account for an hour and email the account owner there was a failed password attempt. This gives the owner a clue his first password might have been breached and can quickly change it. Oh yeah, people who share accounts would also be affected by this.. but since that's against EULA, nobody would complain about this, would they? *snicker*

Let's say the secondary password is a random generated PIN. 4 digits would then on average take 200+ days to break, until account owner changed the first password. First time, PIN is presented to user after login, and user also types this PIN to confirm before reaching character select screen. Changing password would automatically generate a new PIN, again showing it to user who have to confirm it by typing it in. --Lexxor 07:46, 5 December 2009 (UTC)

Fingerprint scanner? Login with your password then scan your fingerprint. If you get hacked, then it must be by someone who has had close contact with you and lifted your fingerprint.

Iris Scanner? wait those aren't cheap enough yet.

Authenticator? We talked about it here.

I think these examples are better then yours, they allow traveling and only one of these can still be used by people that are sharing accounts. Doeing something with IP addresses is well.... meh not that good in my oppinion. -- Qaletaqa Hania 17:24, 5 December 2009 (UTC)

And how would 6+ million accounts get fingerprint/iris scanners or authenticators? At least for IP addresses, it's cheap and easy and can be implemented without trying to get 6+ million accounts a device. I suggest you say why you don't like the idea, or your opinion really won't matter --Lexxor 20:32, 5 December 2009 (UTC)

I didn't say I didn't like it, I said I think those are better.

It seems your idea is still vulnerable against phishers and keyloggers, also it's not that hard to bypass IP restrictions. Also some people are already using easy passwords because they wanna make sure they will remember it and you wanna give those people another password to remember?

What about multiple options? I mean let people decide what they wanna have as protection, maybe they wanna choose for a combination, like password + fingerprintscan + authenticator, 2 passwords + authenticator or just 1 password like now. For Belgians, and other countries, they could put the eID cards to good use, we already have the cards and we can request a new one from our local city or town hall when it breaks or when we loose it.

Make those optional and give hackers some variation, most would give up because there would be to much to do and they'll probably think twice before hacking your account because if your account is protected with an eID they'll have to commit identity fraud, and in most countries, when caught, you will get a jail sentence.

What I suggest is not easy to implement and some options need a device but they are optional, some are expensive options, some less expensive. Anet and/or NCsoft will most likely get less complaints about security, they would probably also be the first game developer to have so many security options. They would need a ton of money tho.

The ones I think that are feasable:

• eID.
• Authenticator.
• Fingerprint scan.

The ones I think are not worth the trouble:

• 2nd password (reason: phishing).
• Iris Scan (reason: to expensive device).
• IP restrictions (reason: bypassing isn't that hard).

The ones I think that are feasable all need a device, the authenticator can also be software but that's not as safe. Anyway, i'm gonna leave it at that. -- Qaletaqa Hania 05:04, 6 December 2009 (UTC)

Anet already have IP restrictions in place, that's why they're able to ban hijacked accounts so quickly from chinese RMT. In fact I got to keep most things and all my characters due to this quick ban when my account was hijacked. For practical reasons, you have to use a security measure that can instantly affect 6+ million accounts. eID, Authenticators and Fingerprint Scans do not fall in that category. Perhaps for GW2 --Lexxor 07:21, 6 December 2009 (UTC)

I know, but if you want better security, easy solutions are not the way to go. Your solution is a placebo, it's better to invest in something that actually increases account security.

Also IP restrictions does not allow me to play wherever and whenever I want, and if they ban a certain range of IP addresses then some innocent people might get caught (this has happened to me once in another game). -- Qaletaqa Hania 08:21, 6 December 2009 (UTC)

^ IP bans may and can affect unrelated users who share the same IP assigned by ISPs which provide dynamic IPs. Pika Fan 08:28, 6 December 2009 (UTC)

Authenticators, like the ones WoW offers, would be the best security ANet could offer, in my opinion. They don't need to get each of the hundreds of thousands of players authenticators, either. In WoW, they are optional (at least to my knowledge); if you want the extra security, you pay $10 or so for an authenticating keytab, otherwise you go about your charrslaying as usual. I know I'd probably get one. --★KOKUOU★ 09:11, 6 December 2009 (UTC)

Hmm, doesn't explain how so many can hack into wow servers and use them. I don't think even Authenticators would be safe. I wouldn't mind seeing things like a code that some emails and secured sites use that automatic bots, etc. can't detect, but readable too. -- riyen ♥ 10:35, 6 December 2009 (UTC)

No system is foolproof, and the community in WoW is so big that it is also natural to have more occurrences of hacking attempts. Pika Fan 10:40, 6 December 2009 (UTC)

(Reset indent) As always, I appreciate the helpful input on this situation. You can count on your ideas being relayed to the team members who are, at this very time, focusing their efforts on improving account security. Thanks. -- Gaile 00:14, 15 December 2009 (UTC)

Banned For 335 Hours

I'm confused about why I was banned for such a long period of time in Guild Wars, actually I confused about being band for any amount of time. What are the reasons? It says that I scammed someone but I did no such thing. The last thing I remember doing is running someone last night through Eye of the North and him paying me 80k to complete it. I ran him through everything but the last mission because I died and could not complete the run and he was a sleep at his computer. I waited for some time but he never responded and so I left him a message saying that I would be on today pm me and I will finish the run. I pride myself in never scamming someone or cheating them this is a big surprise to me pleace connect me asp. I contacted support but they haven't responed to me about the case and its going on three days now. My in game name is Judah Rahab. --The preceding unsigned comment was added by User:GXC7243 (talk).

Have you filed a ticket with support yet? If/When you have, be sure to post the ticket number here. --RIDDLE 07:12, 16 December 2009 (UTC)

My Question Reference is #091215-000001 Date Created: 12/14/2009 06:03pm --GXC7243 19:32, 16 December 2009 (UTC)

You shouldn't put your account info here, even just the account name; I removed it from your post. The ticket number should be enough for them to find out who you are. --Kyoshi (Talk) 22:05, 16 December 2009 (UTC)

Suggestion to help improve account safety

Hi! I'm one of the many unlucky persons that red warning was kinda pointless for. Why? Because i had already changed all my passwords and they still got in. Not here to complain though. I know that's pointless and will only get me sarcam from all the peeps on this wiki. However in my experience maybe needing to confirm a password change of an account, be that for a game account or for the NCSoft master account through email might be a good idea? I know that won't save all the dumbies out there, but it sure would help slow those hackers down. Also a 24 hour trade ban after password change wouldn't be a bad idea either. All though I'm sure there would be some that would complain about that one :P I sure wouldn't cus most actively played accounts do respond in that 24 hour to support about it. Why I'm posting this here and not somewhere else? Well Gaile, lets face it, you know people! You got the connections *winks* to get this idea to the right people and convince them its a good idea. Because right now, with this wave of people losing accounts to these thieves, both Anet and NCSoft are not making a good impression. And frankly, a red text warning at login screen? Thats really not enough IMO to show the masses that you guys ARE doing something about it. (even though I do have faith in you guys, I'm an optimist ;) ) So that's why this is here and not on the suggestions page. So thanks for reading, and have a happy X-mas/Winterday DBZVelena | (Talk page) 17:23, 16 December 2009 (UTC)

I can't believe I'm about to say this...but in Anet's defense they are putting resources, time and people into resolving this issue. I understand that having something of yours stolen is a nasty violated feeling, but realistically, criminals are usually steps ahead of the police chasing them (unless Matlock is on the case, but you all are too young to know who that is). It will take time for Anet to resolve the issue. And trust me, they are in a panic to fix the issue.--*Yasmin Parvaneh* 17:27, 16 December 2009 (UTC)

Thanks, Yasmin, you're correct. We've got a lot of our top team members involved in addressing this issue. One of our staff members is vacationing in Hawaii and he's still involved in the matter, so obviously it's a major focus. (And I know who Matlock is, oh yes I do. I'd have referenced Hercules Poirot, but then, that's just me. ;) )

DBZ -- I am of two minds about a password confirmation process. I personally feel it would be good to put one in place, to ask for confirmation before making the change. However, there's a drawback: Lots of players no longer have access to the email address that forms their user name so they won't get the email and won't be able to opt in to the change, meaning they'll be prevented from changing their password. More importantly, we just wrapped up our weekly team meeting during which I asked to our support agents (who have the most front-line presence with account hacks) about the idea. They pointed out that in order to put in a password change request, you have to be on the account, meaning you already have access! Access comes from knowing the password, not from changing it. To put it another way: a hacker cannot be outside the account, change the password, and give themselves access. They have to do so after they've already input a password to get into the account to make the password change request -- does that make sense?

You may be interested to know that relatively few of the stolen accounts have their passwords changed; most accounts are simply accessed using a password that the hacker obtained externally (e.g., though acquiring a forum database or installing a keylogger). The account is then stripped and closed and the hacker moves on to the next victim without bothering with a password change at all. Of course, some passwords are changed by the hacker, it's true, particularly if they want to use the stolen account to advertise their RMT sales.

The idea of a 24-hour block after a password change seems like something that would greatly inconvenience legitimate players and would, in fact, discourage them from making password changes, which is one way they can protect their account! So setting a delay feels as if it would be counterproductive. I will mention it to the team, but I believe they will agree with my assessment, especially since, again, the password change mechanism is not a means to breach an account, so such a delay seems unnecessary. -- Gaile 18:10, 16 December 2009 (UTC)

What about the trade-block for 24 hours? That would be slightly annoying after a password change, but if it keeps accounts from getting hacked, it might be reasonable.

Of course, I'm still in favor of not using poor password/email combinations, but that's unlikely to happen. I'm fairly certain that the NCsoft website is entirely secure given that my admittedly insecure master account login information hasn't been compromised. ··· Danny Pew Pew 18:19, 16 December 2009 (UTC)

But if password changes are not the issue, why locked down trade? -- Gaile 18:25, 16 December 2009 (UTC)

My bad. How about we just take trading out of the game. :> ··· Danny Pew Pew 18:26, 16 December 2009 (UTC)

That's probably not an option. :) -- Gaile 18:32, 16 December 2009 (UTC)

Ok, yea the 24 hour trade ban is kinda radical, and maybe thats just my emotions talking, i mean I've been hacked twice, even after password change on my part! (how they got in the second time i really don't know!) And I understand that some don't have access to those old email accounts. I guess thats why you are the guys running the show, you're way smarter than i am! Still, would a rollback be worth the effort petitioning for it? Since I've heard of a LOT of people getting hacked over the last week or so. How many acc are affected by this wave of crime? DBZVelena | (Talk page) 18:25, 16 December 2009 (UTC)

The ability to do an individual character rollback is the stuff I dream about at night, along with candy canes and flying reindeer. :) Hey, I am only partly kidding! Having that capacity would be awesome, and believe me, along with all other concepts, that option is being examined. However, implementing such a thing would be complicated, at the least, and in fact may be impossible. So please read my comments as casual and not any sort of "official announcement of features to come." :) -- Gaile 18:32, 16 December 2009 (UTC)

I wasn't talking about a character rollback, i was talking about a whole gw rollback. preferably to begin november, but to begin december would be nice too :p And no, not just for me, but for everybody who got hacked. DBZVelena | (Talk page) 18:38, 16 December 2009 (UTC)

That is a very radical suggestion, and one that would be sure to meet with a significant level of disapproval from the community. Speaking unofficially, let me share some thoughts: If you did a rollback to November 1st, what about the person who attained his GWWMM on November 2nd? Do you roll back and take that away? What about the person who achieved Survivor in that time, or got a record number of PvP victories, or was given the best miniature, or won the ATS, or made a monumental trade, or found the rarest weapon in the game? And why November? Why December? What do you say to the person who was hacked one day (one week, one month) before the rollback? How do you answer, "Why did you rollback to help them but did not do it to help me?"

Whole-server, whole-game rollbacks are extremely rare and would only be instituted in the most grievous of cases. It's my perception that we are not even approaching such a level of gravity. -- Gaile 19:38, 16 December 2009 (UTC)

That was actually the question, i wanted to know how far reaching this whole issue is. before i started stirring up things with posting topics requesting a roll back. Yes you make very good points, but what about the one that was only 1 shard away from obtaining his fow armor? Or the one who carefully build up this huge collection of mini-pets or even those who had their character deleted? Every roll back has two sides, those that are happy and those who are not. And you have the extremely hard task of deciding where that line is between when its necessary and when its not. However I do hope that in gw2 character rollbacks will be possible. If only so that people won't lose characters to hackers. DBZVelena | (Talk page) 19:49, 16 December 2009 (UTC)

Given that they didn't rollback after the duping incident, and by incident I mean catastrophe, I don't think rolling back is even on the list of considerations unless the live servers literally caught fire and all current data were lost. ··· Danny Pew Pew 21:57, 16 December 2009 (UTC)

"They have to do so after they've already input a password to get into the account to make the password change request -- does that make sense?" I believe the problem lies elsewhere, in the fact that the gw password and the ncsoft password are two different things. When you know the ncsoft password, you can change the password for the ncsoft-account, so far everything is ok. But the problem lies in the fact that once you got into the ncsoft account, you can change the gw (or other)-password too. On the other hand you have the problem you already stated: changing your password when you have lost your gw email. Edit: I think the best ting to do now is to improve the difficulty for hackers to get your ncsoft pass, by allowing symbols, adding a changing picture bord thingy, maybe 2 passwords to log in,IP-checks (only checking region) etc. Or they could ask for keys before you can change your gw password (making it impossible for hackers to get the gw password). The cherry on the cake could be to put in the possiblity of a character lock (highly wanted as shown in the guru poll). And thanks for the effort put in so far ;). (sry for the many edits)--Ellisia 19:12, 16 December 2009 (UTC)

It is true that a lot of people do not have valid e-mail addresses for their GW usernames, but that is not the address the confirmation should be sent to. What people are asking for is that if someone try to change the GW password through the NCSoft Master Account, there should be an e-mail confirmation sent, to the NCSoft master account e-mail. Basically, someone gaining access to the master account can both read (in plain text) the GW username, as well as change the GW password without knowing the old one and without an e-mail confirmation to effect the change (not to mention that the site will actually tell you if you entered a valid user name, handy for brute forcing..). This is just not sound security practice, regardless of how many (or few) people actually lost their accounts that way. --Lensor (talk) 17:26, 17 December 2009 (UTC)

If you're explaining for my benefit, Lensor, don't worry, there's no need. The way I expressed it when making the sugestion was like this: "It would be good to have a request for confirmation of the password change before the change is made, rather than merely getting notification after it is altered." I am completely on board with that idea, and I know that this request is on the consideration list for helping to enhance account security. -- Gaile 00:49, 19 December 2009 (UTC)

Out of curiosity

What's the average response time on account hacking issues? And I'm assuming that players rarely get their stuff back, but does it ever happen? Karate Jesus 20:08, 16 December 2009 (UTC)

I have answered the first question many times and the second a number of times as well. Briefly: response time varies based on the complexity of the issue, the current volume of ticket, and even the timing, since we have more team members on board during business days than during, say, a holiday. Yes, we have been able to replace stolen items in a few rare cases. (There are people active on my page who can attest to this, and you'll probably find forum threads about it, as well.) Item retrieval and restoration requires a lot of research and a great deal of care to do it properly, but I have been able to accomplish those objectives and meet with some folks to return items to them. I have explained why it's so difficult in detail, but KJ, can I ask you to please search around and find that post if you'd like those details? (I'd rather not take the time to write it all out again. :) ) -- Gaile 05:53, 10 January 2010 (UTC)

Password Reset Concerns

Password reset hackings/unable to log in after resetting passwords

Funny thing about this annoucement, I did exactly what it said, I logged in said my old password was incorrect then I logged off only to find out my password was changed. :( Vincent E V A N 20:10, 16 December 2009 (UTC)

I think the people who so far have contacted Support are only the tip of the iceberg. There are plenty people still who have stopped playing between when they used that forum and now, and those are the accounts hackers can now use freely. And then there are the casual, once a week players, and such. Lets Hope this Wintersday celebration will be better. DBZVelena | (Talk page) 20:22, 16 December 2009 (UTC)

Hey, Vincent :D. I actually had the same thing. I was told that I was hacked (obviously through the website since there's no other way it could have happened in a 15 second interval). I'm sorry buddy, but it looks like they got us both. Karate Jesus 20:41, 16 December 2009 (UTC)

According to the GWGuru thread on hacks, this has happened to at least one other person. Is April Fool's Day early and we just didn't realize it? Was this a prank to make us all reset our passwords and then not be able to play? Karate Jesus 21:18, 16 December 2009 (UTC)

I refuse to change my password now, thanks for the heads up KJ and I do hope you get your account back. This is a lot of bullshit were all dealing with these days, particularity this entire year (2009) as a GW player. Even for me, or others who haven't been hacked...its a pain to keep looking over our shoulders every day to make sure we didn't lose our 4+ years of game work..for a GAME. It shouldn't have to be this stressful. And why the **** are so many... even..respectable people getting hacked now for no reason? It's Bullshit. - Chrisworld 22:32, 16 December 2009 (UTC)

I don't think I understand, so forgive me. It seems to me that someone tried to log into his account, and it had been previously hacked. It wasn't hacked as the result of an attempted password change -- the RMT hacker changed the password beforehand, minutes, hours, even -- for one player I interviewed -- a few months prior to his trying to log into the game. Obviously, that is not a good thing, but doesn't this make sense to you? KJ - Can you explain how you feel there's "proof" that the website is responsible? Were you fully logged in, having used your password and gotten to the character selection (not log-in) screen, and then when you tried to reset got the "invalid password" message? Did you do the reset through the NCMA or through the game? Thanks for the info - I am trying to help. -- Gaile 22:56, 16 December 2009 (UTC)

Last night Linsle pm'd me and Adrin and urged us to change our account passwords per the log in message because the hackers are a real issue she and everyone else at Anet were very worried about. I doubt she or anyone at Anet would intentionally put us in a situation like this...especially if the site was the reason. If it were I know for a fact she would have told us NOT to change if the NCSoft site or game related password change was unsafe. Adrin and I both changed our passwords yesterday evening and our accounts are fine as of 2:30pm today. I don't know what KJ did differently than Adrin and I...or if his account hack was a conincidence.--*Yasmin Parvaneh* 23:06, 16 December 2009 (UTC)

"Were you fully logged in, having used your password and gotten to the character selection (not log-in) screen, and then when you tried to reset got the "invalid password" message? Did you do the reset through the NCMA or through the game? Thanks for the info - I am trying to help."

Well, technically I didn't say it was "proof". I just said that that it was obvious. I was logged in and on a character and decided I should change my password. So, I logged out, clicked the password reset, and followed the link that GW gives to the NCMA. Then, I reset my password, went back to check GW, and was unable to log in. I quickly changed it 2 more times, but each time I was unable to log back in. Oh, and I log into GW at least once every 2 days and was online on Monday night as well, so it's not like I don't check it. Karate Jesus 23:15, 16 December 2009 (UTC)

Thanks for the info, KJ. Have you filed a ticket with Support? -- Gaile 23:19, 16 December 2009 (UTC)

Yes, and I'm sorry for bringing this to your attention early. I meant to just support Vincent (he's a user over at PvX where I'm an admin), and I got a little ahead of myself :/ Karate Jesus 23:20, 16 December 2009 (UTC)

Idea: please email me your user name (not your password, please) and I'll look and see if the account has a security lock on it. If you've filed a ticket, that's grand too, and it'll likely be necessary. (And I hate to ask, but is there any chance you're simply using the wrong password? :) ) I'm about to head into a meeting, but I can take a peek later. -- Gaile 23:22, 16 December 2009 (UTC)

I tried every variant of the 6 passwords I've used for GW for about an hour after contacting support (spelling errors as well). I'll email you :D Karate Jesus 23:25, 16 December 2009 (UTC)

And incident number, please? Thanks! -- Gaile 23:27, 16 December 2009 (UTC)

KJ -- your account is not showing any sort of block. I see three password resets, but it's not blocked as a hack, and the three password resets came at 16:08; 16:11, and 16:24 GMT. I would like to know if those were all you? -- Gaile 23:33, 16 December 2009 (UTC)

2 of them were. Karate Jesus 23:35, 16 December 2009 (UTC)

Am I just being stupid and included a symbol or something that doesn't work for passwords? Karate Jesus 23:37, 16 December 2009 (UTC)

That's a possibility, I guess. (Remote, but possible perhaps.) I just spoke with the team and they're going to take a look at this. Given that a forum member and you both reported a concern, we will test to make sure all is on the up-and-up. Keep in mind that any situation has exceptions, like typos or (Dwayna forbid!) a coincidence between a successful hack and a player attempting to reset his own account. But we'll check and make sure there are no issues, and your ticket, KJ, is in view right now. -- Gaile 00:01, 17 December 2009 (UTC)

Exact same thing happened to my officer’s account. In his case it highly looks like a security breach at NCsoft, he only has access to the internet at my house on his laptop and he only does three things on it,check emails, play GW and WoW. We found a password reset email from NCsoft and had a "wtf" moment (we have antispyware precautions ect) Frozenwind 00:06, 17 December 2009 (UTC)

Conspiracy theory here Gaile, but you have told us all about all the things you have looked into and nothing makes a ton of sense still as to where this breach is. Have you guys considered an internal security breach? I know nothing of your internal procedures but could an NCSoft employee with access to whatever database you have be responsible for the breach? It seems like with everything else you are doing an internal security review might make sense. Fred K 02:21, 17 December 2009 (UTC)

As much as I admire a good Conspiracy Theory, no, I do not think it's possible that an employee is hacking accounts. I believe that is not the case for a variety of reasons, including the fact that, as far as I recall, passwords are not exposed to view in the database and cannot be read, or copied, or cut-and-pasted, by anyone. I certainly am willing to verify that by checking with one of the key programmers, but I can't help but recall that every single victim with whom I've had contact via a phone call or email -- including you :) -- has used common user names and passwords in multiple places. I believe that is the source of the problem -- a external site has been successfully hacked and their database of credentials is being used by RMT hackers to access Guild Wars accounts. And when I see the tries, the failures, and the retries that the hackers are making -- and we are able to pull that data, as you know -- the theory of an external breach seems well supported.

I've always said that I hope that if we do find that there's an internal weakness or an employee-rendered breach we will fix it and make the details known. We pride ourselves on trying for a high level of transparency, and I'm proud of that and believe we'll continue with that in the future. I've also said since the start of these incidents that I will not say "It's not us" out of some knee-jerk protective mechanism or what players called "PR" type efforts to cover up our responsibility. At this point, I can say, with truth, "It does not appear to be us" because I've seen, and been involved in, a lot of the hack investigation and I truly believe that the source is external. -- Gaile 04:18, 17 December 2009 (UTC)

Thanks, Gaile. I hope I'm just doing something stupid. I'd like to be able to do Wintersday stuff this year :/ Karate Jesus 03:51, 17 December 2009 (UTC)

KJ, the person with whom I spoke -- a senior member of our team -- wrote me to say that there was no evidence of any unauthorized access and that he had replied to you to ask for some more info and had provided you with a couple of suggestions. Would you let me know how this sorts out? And of course if you need my assistance, let me know that as well. Best of luck! -- Gaile 04:21, 17 December 2009 (UTC)

Haha, ok.....so, um....I feel pretty foolish. I just spent the last half hour trying to figure out if it could possibly be my fault and it was :/. The NCSoft reset password page only allows you to use up to 13 characters....and I typically use 16-18 character passwords. So...when I changed my password, I was typing 2-4 too many characters. I'm so sorry to make you go through all this, and I sincerely hope that everyone else with these issues just made mistakes too. Ugh...why am I not surprised? Karate Jesus 04:32, 17 December 2009 (UTC)

Oh, I do feel better. And please don't worry too much about the report. (Will you let Support know, please?) The fact is, I feel there's a small bug in a system that doesn't give you a warning about this. I will ask the QA team to make a bug report on this so that if a player uses a password that will not be allowed by the system (either GW or NCMA) the player is given a notification of that and does not go through what you've experienced. Thanks for the update. -- Gaile 04:35, 17 December 2009 (UTC)

Already contacted support to tell them. Thanks again ;/ Karate Jesus 04:38, 17 December 2009 (UTC)

^ L O L. --Frosty 11:31, 17 December 2009 (UTC)

(Reset indent) A little thing I'd like to add. For the first time (!) I discovered that it is possible to change the password in-game even if you have an NCMA. Login to the character selection screen and then hit the "edit account" button. There you can change your password directly in-game, never having to go to the website. I found this very useful and convenient, and up until now I was under the (wrong but common) impression that once you linked to NCMA you could only change the password there. Rose Of Kali 12:47, 17 December 2009 (UTC)

Oh, and to add to the above (Gaile might want to read this, too). When I first filled in my old/new/retype new passwords and hit "change" nothing happened visually. So I hit "change" again and it said invalid password, so apparently it worked the first time, just didn't look like it. Then I filled in my new password, that I had just "invisibly" changed to the first time, in all three fields (old and both new ones) and hit "change" once again, and only THEN I got a little popup window saying "your password was changed" with an "ok" button, and once I hit "ok" I was taken back to the character selection screen. So, it works, but seemed a bit glitchy for me. Rose Of Kali 12:54, 17 December 2009 (UTC)

Acceptable Security

My thoughts on acceptable security:

• Each account needs login identifier, e-mail, password, and unique ID
• It's quite safe to make e-mail the login identifier. If I had an account name, it would probably be Nom, which isn't any more unique than an e-mail. You don't need a "different login for each game"; that's what your password is for.
  • There is an element of risk if your login is also your public identifier, since simply seeing you gives others half of your login info.
  • Login = e-mail is bad for privacy in forums, etc, if it is publicly visible.
  • Since no-one other than the user and a-net sees the login in GW, this isn't an issue. For a "public account identifier" (seen by other players), GW binds to a character name.
• Every secure operation that bypasses the password must be verified via e-mail handshake.
• It must be possible to change your e-mail.
• It must be possible to identify an account despite change of e-mail (eg malicious change). Either the system needs to record all e-mails ever used for an account, or to expose a unique identifier that a user could quote in interactions with A-net.
  • If a unique ID is exposed, this ID should be used for login to help users remember it.
• The system should request users to verify their e-mail every 6 months or so. The system probably send a reminder to the e-mail account every 6 months or so also, and flag any account for which the e-mail fails as "must verify e-mail on next login". Users should be able to switch reminders off (ie the account is intended to be inactive), but they should reset back to "on" when the user next plays the game.

My understanding of the current problem is that GW itself mostly passes these criteria (all except e-mail verification), but one or more fail if the account is linked to a playNC master account. -- Nom 21:22, 17 December 2009 (UTC)

The Red Announcement

freaked me out until I started reading it. Something like yellow/gold or light blue would be better, still catches attention but doesn't look like Code Red: The Terrorists Are In The Base!!! Rose Of Kali 12:40, 15 December 2009 (UTC)

I disagree. Red is the best eye-grabber, it screams "Urgent!" It's okay if a few people get startled and spill their coffees, short-circuiting their keyboards, frying their brains in their cavities and destroying their homes, as long as everyone actually reads the announcement. elix Omni 13:20, 15 December 2009 (UTC)

Well, it's also hard to read on that background, it's too dark - dark font on dark background with black twiggy trees showing through the transparency = bad. ;) And then there's crying "Wolf!" What color are you going to use when someone hacks the central GW database and they have to lock all servers until further notice? Rose Of Kali 16:26, 15 December 2009 (UTC)

I personally think it is a good step, but still falls short in explaining there is a real tangible security breach somewhere that is actively being exploited. Instead of saying "Swaths of people are getting their account compromised and we don't know where the breach is," they are still only just saying "Be safe" (Albeit in scary red letters). The impetus of importance is lost on the wording; it still reads like a formally drafted business letter, not a warning. People will read this and say, "Oh, the warning is in red now," not "Oh, that sounds scary, I better go change my passwords and secure my account right away." Additionally, NCSoft needs to be more forthcoming about the fan site that has allegedly been breached. Some users may have accounts at such a site and not realize the real risk, I'd think naming the site would be helpful in letting people know they are at risk. Fred K 19:50, 15 December 2009 (UTC)

The problem is that we can add the security to the guildwars login, but the added security is still very lacking on the ncsoft site as it still does NOT allow other characters which would make for STRONGER SECURITY....and since you still dont need your gw password when changing the ncsoft one, I think that this is, well.....needs more work, but they are trying I guess Cosyfiep 21:23, 15 December 2009 (UTC)

(Reset indent) I think the new login message is great. I know of at least a couple of people who decided to update a variety of passwords after seeing the message. Some were of the "it ain't broke" mindset; many had previously taken other precautions (using strong passwords, avoiding unvetted software, etc) but did not act until they were seeing <pun>red</pun>. Since I doubt that any single message or medium is going to get everyone to change their behavior, I would count this as a successful step in the campaign. I look forward to seeing additional steps by ANet and NCSoft.  — Tennessee Ernie Ford (TEF) 00:12, 16 December 2009 (UTC)

We need neon lights style announcements, pretty, sparkly and attention-catching. Red is like blood, all watchers of horror movies might commit suicide thinking it's some ju-on style curse. Pika Fan 04:06, 16 December 2009 (UTC)

I reset mine today and the red was eye catching. Thanks for the warning. Siadina 04:55, 16 December 2009 (UTC)

Unfortunately for some of us, while there is still any question about the security of the NCsoft site, leaving our passwords alone is actually the best option since there is no ingame password changing option. I was really hoping this issue would be addressed faster. -- Wyn talk 06:16, 16 December 2009 (UTC)

What do you mean? You can change your password by clicking the "Edit Account" button on the character selection screen. --Silver Edge 06:51, 16 December 2009 (UTC)

....If you don't have an NCsoft master account, it's really none of your business. Pika Fan 07:43, 16 December 2009 (UTC)

Care to explain? I have an NCsoft master account with my GW account attached to it and I can change my password in-game. --Silver Edge 08:23, 16 December 2009 (UTC)

Did you actually try it out? Or just theorycrafted something out of nowhere? :/ Pika Fan 08:29, 16 December 2009 (UTC)

I changed my password in-game just a couple of days ago. But when I try to change my "mailing address" I get the screen you posted where it tells you to go to the NCsoft website to make the change.

• 

--Silver Edge 08:40, 16 December 2009 (UTC)

If you first log in, you get the change password screen like Silver Edge showed. -- Cyan 08:48, 16 December 2009 (UTC)

"Did you actually try it out? Or just theorycrafted something out of nowhere?"...Did you actually try it? As said, you must log-in to your account for the in-game password changer to appear. I just changed mine then, so if yours doesn't show up, better check that out. ~Celestia 09:04, 16 December 2009 (UTC)

I just tried it and it seems I can change my password in-game. My account is linked to my NCsoft account. Qaletaqa Hania 12:17, 16 December 2009 (UTC)

If you have a PlayNC master account (that was absorbed by NCsoft) you can not change your password in game. Give me some credit for not being a total moron. -- Wyn talk 15:12, 16 December 2009 (UTC)

My one is/was a PlayNC master account too, but I still have the option. The screen you posted is the screen that comes up when I choose "Reset Password" on the Log-In screen. The one Silver Edge posted is the one I get when I log in, and then go to Edit account > Change Password. ~Celestia 15:24, 16 December 2009 (UTC)

This is still an issue that needs to be addressed. -- Wyn talk 15:27, 16 December 2009 (UTC)

(Reset indent) The only issue that needs to be adressed when you change a password of your game account(s) or your NCsoft master account is that you do not have to confirm the changes. So when someone else gets access to your account(s) they still would be able to change the password without any problem.

(Reset indent) What I wanna see when I or someone else changes a password on one of my accounts is an e-mail from NCsoft and/or Anet asking me to confirm the changes, and as long as I didn't confirm the changes the accounts are locked. Wich should be doable to implement. Qaletaqa Hania 16:50, 16 December 2009 (UTC)

Ow I forgot something, if they would implement a system like a mentioned then the e-mail should have two links:

• First one to confirm that it is you asking for a password change.
• Second link, if you did not ask for a password change, that it would redirect you to where you can change your password because your old password is now known to someone else.

That would be a step in the right direction, alltho I don't think the recent influx of accounts beeing hacked is Anet and/or NCsoft's fault, I do think it is in need of improvements. Qaletaqa Hania 17:03, 16 December 2009 (UTC)

I just saw the revised big red announcement, it's perfect now in my mind. If I saw that before I got hacked I would have surely changed my password. Fred K 17:01, 17 December 2009 (UTC)

The red announce...is pretty creepy. Did Anet & NC meet some critical security problems? Should we change the passwords even if we dont use same gw pw as other games or web-sites? --TeaCat._. 17:38, 17 December 2009 (UTC)

A problem I am having that I wonder if anybody knows about (I am posting here as it has to do with the "Reset password" thing which I have attempted to do several times) So I forgot my password and tried to reset it, about two hours ago I sent a reset password request (a la the "Reset password" screen) and what not. I got a message saying my password had been reset and I would be sent an email. Again this was two hours ago (my earliest attempt, I have tried a few times) and yet I have no email. I am used to reset email passwords coming very quickly so I am a bit concerned. Is it normal not to get your e-mail with the new password for a while? I sent a message to support asking if they knew or had any way they could help but I am still a bit concerned as I am under the impression they take a while to respond. It is not so much the issue of not being able to play the game as it isn't too difficult to buy a new copy. It is just a bit frustrating as I have spent a fair deal of money on expansions and what not.

So does anybody know if it is normal that I have not had a reset email message sent to me after two hours or is it the case that you have to wait a while to get it? --The preceding unsigned comment was added by 76.71.161.204 (talk).

I'm having the same problem. Maybe using a hotmail-account as mail address has something to do with it. My master account also used to be a PlayNC account for as long as I remember. So according to the post above, does that mean I cannot change my password this way, and therefore haven't got a confirmation e-mail? 84.192.235.105 22:12, 27 December 2009 (UTC)

Confusion About Hacked Accounts

"has used common user names and passwords in multiple places. I believe that is the source of the problem -- a external site has been successfully hacked and their database of credentials is being used by RMT hackers to access Guild Wars accounts." -- Gaile

Please explain how other accounts that did not share information with any forum somehow managed to get hacked?, I'm certainly one that didn't. Not only that I use complex passwords, I do hope your not calling me a lier.

"I will mention it to the team, but I believe they will agree with my assessment, especially since, again, the password change mechanism is not a means to breach an account, so such a delay seems unnecessary." -- Gaile

What? either I'm confused or you are on this, which password change mechanism are you referring too?

NCSoft Master Account password?, if this is a weak password for example they can change the password to any accounts linked to the master account without verification of the old password, perhaps you should advise your team to add a box "old password", so if they get into the master account they can't just rip off every game in your account by changing the password, of course they have to know the NCsoft Master Account Account/Password in the first place, still it's a weak point and needs to be addressed, are you beginning to see the hole? lets try putting it another way;

Lets say your game password was "eVQEVq52v22", but your NCSoft Master account was, "1234" which one of the 2 is the weakest link in the chain, in this instants it's easier to break the NCSoft master account than it is the actual game password, but once you've broken that it doesn't matter what any linking accounts passwords where because now there all changeable without either conformation or knowing the old password "eVQEVq52v22", just change it to whatever you like.

So the NCSoft Master Account needs, an email address that can be changed and confirmed with a password but doesn't change anything on the guild wars user database side, it's just so NCSoft Master Accounts can send out password email confirmations to the right email address and not the wrong one, the password change box needs a box added to force the user into giving the old password before changing it to a new one.

I'm still in favour of RSA SecruID [4] which would effectively end this problem as it appears to have done for blizzard, I understand that this would be a costly venture, but it doesn't have to be and you need to be thinking about the future of your products and end it once and for all.

Lets get beyond blaming users & the companies I might add, and work towards making it safer as blaming people is only going to get your customers backs up even if they are in the wrong and even more so if they where in the right and did all they could, it's a pointless endeavour and only leads to cycling flame wars which is neither productive or constructive to any kind of progress. --Injector 13:05, 17 December 2009 (UTC)

This was already said a few topics up. Rose Of Kali 13:20, 17 December 2009 (UTC)

(Edit conflict) I agree with you that the old password should be required, but '1234' shouldn't be used by anyone as a password, anywhere. It's very possible to have a secure NCSoft MA password, and one that is not used anywhere else. One (very easy) thing they should consider is telling people to not only change their GW password, but to change their NCSoft MA password as well. -- FreedomBound 13:21, 17 December 2009 (UTC)

That's one of the things you and many other people want right? I just copied the code of that page and adjusted it to get the screenshot, so it's not real yet. -- Qaletaqa Hania 13:55, 17 December 2009 (UTC)

@FreedomBound, yes mate that is an absolute silly password I entirely agree it should not be used anyway not even on your bankcards, I was using it to show how the security chain from NCSoft to ArenaNets game servers can be compromised, as for me I had both passwords complex and different to each other on both sides of the fence but I'm not interested in how I had my account set up any more, what is important is that this mess is once and for all put to rest, we cannot and more importantly ArenaNet cannot have these types of messes while there trying to promote Guild Wars 2, it's an unacceptable working environment for both of us, perhaps as an added safety measure NCSoft could send out a code before you change the password, this code must be typed in before you can even get to change the password to any account, which would also require the old password also, another thing I thought of was mandatory password changes once ever so often maybe once a month or week after login you can't proceed anywhere unless you've changed your password, another interesting and perhaps to some entertaining idea might be to ask questions about the characters you've made that are PvE without showing your characters of course, like "who's the oldest?", "who has the most XP" etc, of course if you own the account you should know these things. --Injector 20:10, 17 December 2009 (UTC)

No offense, but I don't have any idea which of my characters has the most XP. Given that I've been playing for 4 years and have multiple characters, I hope this doesn't come as a surprise. ··· Danny Pew Pew

The fault in your logic is that you're assuming that it has to do with NCsoft master accounts, a fact which I'm not too sure about myself. I work in IT and I've seen some of the most ridiculously stupid passwords you could imagine, so it wouldn't come as a surprise to me if it turned out people happened to be using the same account info on their clients as they do on, for example, guru. (Guru has previously been compromised by XSS in advertisements, so it's quite possible that such a situation could be causing these most recent hacks.) ··· Danny Pew Pew 01:10, 18 December 2009 (UTC)

Guru has never had any cross-site scripting issues with our advertisements. No one's passwords have ever been compromised on Guru as we have additional security measures in place on top of the VBulletin software encrypting as well. Inde 05:46, 18 December 2009 (UTC)

So there using you as an escape goat ? Injector

(that's scapegoat dude) --The preceding unsigned comment was added by 67.149.214.203 (talk).

I did not share information how do you account for me? Injector 05:25, 18 December 2009 (UTC)

Something new just appeared on a forum as the a likely candidate for the reason we getting hacked, "there was a recent vulnerability exposed allowing MITM attacks over SSL. http://it.slashdot.org/article.pl?sid=09/11/05/144252" Saucermote Injector

@Injector: Intresting article. But if NCsoft didn't already know about it then well.... shame on them. -- Qaletaqa Hania 00:56, 20 December 2009 (UTC)

Master Account blocked [Ref #091214-000212]

Believe account hacked

Hi Gaile, I recently went to register a game and it said my account was blocked. I have not played any games recently so there is no possible way I did anything in game to break any rules. This leads me to believe that my account was compromised or that there was some mistake. I sent a ticket in over the weekend and received a response early Monday morning saying it would be escalated. I haven't heard anything back since so wanted to make sure my ticket was not lost in the shuffle. I really want to get my master account back before Christmas so I can register my game and play! Thanks in advance for any help you can offer! 69.137.143.166 14:11, 17 December 2009 (UTC)

Hello. I've checked the ticket and it was cleared today, so you should be good to go. Please feel free to let the team know if you need any additional help. -- Gaile 00:27, 19 December 2009 (UTC)

Yes, it is all taken care of! Everything worked out great, thanks again! 69.137.143.166 23:10, 21 December 2009 (UTC)

My pleasure. :) -- Gaile 03:20, 22 December 2009 (UTC)

Changing Passwords

Stupid Question time

For those of us who want to switch emails along with passwords for our GW accounts, where is that on the PlayNC site? I looked everywhere but I cannot seem to find it. Thanks. Katherinezoltin 19:59, 17 December 2009 (UTC)

You can't change your login email once you linked it to NCMA. I feel this should be corrected, but for now that's how it is. For the password, just open the GW client without logging in and go to change the password right below the login fields, it will direct you to the website to change it. Rose Of Kali 21:42, 17 December 2009 (UTC)

I changed mine a few years ago from my old email to my current one. Are you sure that you can't anymore? I'm at work and can't test this.--*Yasmin Parvaneh* 21:45, 17 December 2009 (UTC)

That's one of the FAQ. -- FreedomBound 22:00, 17 December 2009 (UTC)

Well, I did change it about 3 years ago. Interesting and good to know.--*Yasmin Parvaneh* 22:07, 17 December 2009 (UTC)

You may still be able to, under certain conditions, according to this. -- FreedomBound 22:13, 17 December 2009 (UTC)

I changed because we dropped that provider and that address no longer existed...at least, thats what I think it was for. Either way, it was really hassle free. Less of a hassle than the first time I changed the password.--*Yasmin Parvaneh* 22:22, 17 December 2009 (UTC)

(Reset indent) The correct answer was given above: Once an account is linked to an NCsoft Master Account (former PlayNC account) the user name cannot be changed. If an account is not linked to an NCMA, then yes, you can change the user name. But that wasn't the question, so the first answer applies.

This is something I believe we should address and believe me, I ask about regularly. I hope that we'll be able to make a change that allows all players to change their user name, once properly identified. I don't have a timeframe or an order of priority on this, but I'll keep following up on it, trust me on that. :) -- Gaile 00:31, 19 December 2009 (UTC)

Hacked Account

Please help me Gaile

→ moved from Feedback talk:Gaile Gray

Gaile i need your help i was gone for awhile and my account was hacked and i return to use it and it says it was permanent banned i get on my other spare account and talk to my guild and they say i was recently on when i wasnt the person who hacked my account apparently must know me some how cause they knew my name and the names of my members.ive contacted support and i still havent had a response about any updates on the progress of me getting it back.but they didnt change my password or email so i dont know what to do :/. can you help me please?--Callista Ren 01:45, 18 December 2009 (UTC)

Please include only your support ticket number, so that Gaile can look up your case. Rose Of Kali 14:46, 18 December 2009 (UTC)

Callista -- You posted this today, but I cannot tell when you opened a ticket with Support. I do not get involved in normal support issues; I know the team can and will handle those cases as quickly and as well as they can. What I ask is that players work with the Support Team on the matter and come to me for assistance if they need help outside the norm, or after they've exhausted the normal recourses. That means you should wait until you've heard from Support -- not the automated reply, but an agent's reply -- and then give 24 to 48 hours after that before contacting me to allow the team time to do their work.

You see, in most cases, I do not need to get involved in individual tickets because the matter will be addressed by the team. So please follow those timeframe guidelines, and then if you do need to get in touch, please provide me your 12-digit Incident (or Ticket) number. Thank you for understanding. -- Gaile 00:39, 19 December 2009 (UTC)

Account Breached

Help please?

Hello Gaile, i suspect my account was breached. I have contacted support and its four days without a response, i would like to know under which status my account stands now and how long i need to wait until support can resolve this. I have contacted you on the Guru as well so you can reply using the Guru. my case is [Incident: 091215-002020]. Regards, Pivo.Pivo 15:03, 18 December 2009 (UTC)

I added a title Pivo, you had forgotten that par :p DBZVelena | (Talk page) 15:06, 18 December 2009 (UTC)

Solved, Thank you Pivo 22:28, 18 December 2009 (UTC)

Glad to hear, and thanks for letting me know. -- Gaile 03:19, 22 December 2009 (UTC)

Trouble Connecting

Heya Gaile sorry to bother you but im having a really bad connection issue. On both my laptop and my desktop when i launch guild wars it is stuck on the Connecting to Arenanet screen and wont do anything. Ive shutdown and restarted. Checked my firewall and internet connection. Ive been playing gw on this rig for over 4 months and i have never had a problem. Can you direct me to the person i need to speak with to get this resolved. And is anyone else having this problem. I know your busy and thats cool so if anyone can help please please please helps! Siadina 00:27, 19 December 2009 (UTC)

You should contact support first. Drogo Boffin 00:30, 19 December 2009 (UTC)

i have ticket is submited. Ive also talked to my isp and a tech is calling me back. Thanks for the link Drogo. Im still wondering if anyone else is having this problem or if its just me. Siadina 01:03, 19 December 2009 (UTC)

Ok problem solved. My linkesys router went and shutdown all ports. Bought a new one. So thanks Drogo for your help. Siadina 12:26, 21 December 2009 (UTC)

Account Security Suggestion

(A.K.A. My sob story)

Hiya Gaile, Recently My account was hacked and my gold was all taken (not to worry I never really use gold anyway). The nasty hackers changed my password through guildwars and because I only play every few days, usally on weekends, I didn't notice right away. When I was not able to log in I went to my plaync master account and changed my passowrd for guildwars to recover my account. The next day my account got permanently banned for payment fraud (error 045). I dont know why you guys couldn't have banned me a few days earlier so that the joke could have been on the hackers. Anyway, maybe in a few days support will get around to fixing my account and letting me know what exactly I am banned for. In the meantime I would like to point out that if a person changes a password through the plaync acocunt it will email them and let them know their password was changed. However if you change the password through guildwars itself their is no notification. I tested this with my wifes account. I changed her password through guildwars instead of the her plaync account. I then searched through her email inbox and her spam filters to be sure, but there was no notice that I had changed her password. I think would have notice much sooner that someone was messing with my account had I recieved a notice that my password was changed. I know you guys are taking a look around at what could be done to secure things better so I want to make sure that little security hole was brought up. Anyway, Despite the fact that I somehow managed to get hacked and then banned I am still a big fan of you guys and I know that you and the whole team care about us and will do you best to find a way to stop these hackers. I hope you and yours have a Merry Christmas (or insert other holiday here). Reference # 091217-000266 -- Valeryan 18:03, 19 December 2009 (UTC)

I'm sure sorry to hear about this. And at first glance, it sure does sound like a mix-up, which I know we'll want to resolve as quickly as possible. I agree with you that we should send an email whenever changes are made to an account, be it user name, password, secret question, address, etc. I believe that email should come whether the changes are made in the NCsoft Master Account system or the Guild Wars account management system. I have made a request that we institute such a system and the Guild Wars producer has discussed it with various team members as well. I believe there's a great likelihood that such a change will be put in place, although quite honestly I don't see how it could happen until after the holidays at the earliest.

My concern is that by the time the email is received, the account may have been stripped. We're working on other security measures (see my post below for one such change) and we will keep the issue of security at the top of our priority list. In the meantime, thank you for your patience as you work with Support to resolve the issue with your account. And, thank you for your kind Christmas greetings -- that's very nice of you! -- Gaile 03:19, 22 December 2009 (UTC)

Thanks Gaile,I like the new security features. I got my account back today. As it turns out my plaync account was blocked by the AION guys as part of their investigation into hacked accounts. I played in the AION open beta and apparently the hacker types tried to do something nasty with my beta account. Anyway the AION guys apologized for the confusion and the frustration. I have several games attached to my plaync account that I never plan to use again. I think I am going to go in an make some scrambled passwords for them so that I don't have to worry about having games I don't play anymore popping up and getting me banned.:) Valeryan 01:20, 23 December 2009 (UTC)

It's really good to know this was sorted for you, and nice of you to update me! Welcome back to the game. :) -- Gaile 01:31, 23 December 2009 (UTC)

Well its almost sorted, for some reason every thing I have ever purchased from the online store has disappeared from my account. Hopefully That will get sorted out too. Thanks for always taking care of us crazy people. Valeryan 02:19, 23 December 2009 (UTC)

Please be sure you let the team know, and yes, they certainly can resolve that for you. :) -- Gaile 02:21, 23 December 2009 (UTC)

I have a quick question about mini-pets. Now, I know you guys can't restore items that where pilfered by the hackers. However can you track the whereabouts of dedicated pets. Out of all the things that a hacker could have taken from my account they managed to find the one thing that really meant something to me. My little Kuunavang is gone. It was dedicated in my hall to one of my characters. I thought I would bring this up just in case this might help you guys find some of these nasty people. Man I will miss my little dragon buddy. Valeryan 02:45, 23 December 2009 (UTC)

Some ideas that might make hacking less interesting and accounts safer:

• After a password has been reset, you cannot trade/drop/salvage/delete items or characters for 24 hours. This gives players time to send in a ticket to support if they receive an email telling them that their password has been reset, and they weren't the one who reset it. Then support will lock the account within these 24 hours, so the hacker can't do anything with yuor stuff.
• Please Anet give us the option to "lock" our characters, so they cannot be deleted. Players could "lock" characters for a certain amount of time with the simple click of a button. If this time is close to expiring, simply click again. This time could be a week or a month.

This goes for GW2 as well :) Thanks! Sjeng 06:35, 6 January 2010 (UTC)

New Security Measures

As you will have noted if you were playing within the last hour, we have instituted a new security measure for your account. And personally, I'm pretty darn happy about this! When you log into the game, you will be ask to supply the name of one of the characters on your account. "Why?" you may ask. Well, because nearly all of the accounts that have been stolen in recent months have been stolen by RMT (Real-Money Traders) who are getting access through external sources. And those RMTs will be very unlikely to know the names of characters on your account! Simple, eh? You give a name -- and remember to spell it exactly correctly, and to use proper capitalization -- and you will get access. If you have trouble or forget the names, support will be happy to assist you, of course.

Please head to the FAQ for more info. And if you have feedback, you're welcome to share it here. -- Gaile 03:01, 22 December 2009 (UTC)

It's a great addition. This and the behind the scenes stuff should be a "big" step in the right direction as far as security goes. — PmaN  03:08, 22 December 2009 (UTC)

Good stuff. Folks in my guild, alliance, and others have had only good things to say. (Folks are also hoping to see more, especially with the NCSoft.com logins and account management.) Thanks to everyone who helped make this happen.  — Tennessee Ernie Ford (TEF) 03:48, 22 December 2009 (UTC)

Thanks for this :) --Ellisia 12:56, 22 December 2009 (UTC)

I don't think the name of a character is a good idea. The GW forums and wikis are plenty of players nicks and profiles showing the name of main character and even all the account characters. In addition, a lot of people use the name of its main character as e-amil address account. NcSoft must think in a better key question. --Magolossum 00:16, 24 December 2009 (UTC)

This measure was primarily targeted against RMT's who steal login info from other sites and try to see if it works in GW, which apparently was the reason for the recent "wave" of account thefts. No RMT is going to send people scouring the web to find a character name that matches an entry in a database of thousands of stolen logins. And their bots wouldn't be capable of that, either. So yes, I'd say it's effective at what it's supposed to do. Rose Of Kali 17:51, 24 December 2009 (UTC)

And these character names can be easily found on those sites you mentioned. Bots just need to factor in another field - the character name in the profile field. Or they can manually read: China is so big that they can simply hire more people to do this. You would be very surprised how capable bots can be.Pika Fan 18:50, 24 December 2009 (UTC)

I think the chances of someone getting account credentials and a character name are very small, but I did make the recommendation months ago that people not expose their character names on fan forums or through other means. Again, I believe it's not a likely security concern, but the suggestion is out there. -- Gaile 18:55, 24 December 2009 (UTC)

Gaile, I do not know where you recommended not to put the names of the characters on the forums, but after almost five years, is not a bit late? So what is the recommendation of NCsoft? That users should delete any reference of their characters in all GW forums and wikis? If so, should not be warned at the start screen of the game in red letters such as changing passwords? I'm not saying that the key question is a bad idea, but I think that perhaps is better that it be in-game configurable, not limited to character names. Regards. --Magolossum 00:01, 27 December 2009 (UTC)

How annoying... no, stronger, but stronger words are probably not allowed here. I've been away for about two or three weeks, and you spring this on me. Nay, us. How many will just say "<censored> you, ArenaNet|NCsoft, I've had enough"? Hmmm, but ArenaNet probably doesn't care, since we don't pay a monthly (or any recurring) fee anyway. Oh, and how long til support does help me (if at all), and lets me play the game again? And a question: my account name, according to plaync.com, ends with "@plaync". Is that correct? According to the popup when I leave off the @ part, it isn't. I'm stumped. Because I think I recall one of my char names, and I've reset my password to be sure I have it right, but it still doesn't let me in. Bummer? Nope, but as mentioned, stronger words are surely not allowed. --Ohyegods 21:36, 1 January 2010 (UTC)

We did not "spring it" on you. We "spang it" on the hackers. :) If we'd given warning, the hackers would have made sure to harvest character names from all the accounts they had in their queue, ready to steal, and from all the stolen accounts they've been using to put up those annoying "Buy gold from my RMT company" ads in the game!

We've cut hacked accounts by more than 90% with this measure. I'm sorry that you're having issues in getting into your account, but please note my suggestion below (using a screenshot to self-identify), and be assured that support will assist you when they have an opportunity to do so. Since the Wintersday finale event is being repeated, there is less pressing urgency to get into the account immediately, and you will be helped. -- Gaile 00:45, 2 January 2010 (UTC)

Forgive my cynicism Gaile, but I'm not sure I can take the 90% statistic with a grain of salt. Without proper evidence to the contrary, I'm not sure I can take that statistic to heart. The community has been shattered of confidence with Anet as of late. Let me be the first to tell you that I fully appreciate the work that you do for the community, and how much I value your dedication and hard work. However, without proper public data, how do you expect us to judge the credibility of such statement? Are we supposed to just believe it and hope everything will get better?

Gaile, what I trying to suggest is that its frustrating for the community to hear from you that things are being 'worked on' to little avail/communication/results. I think most of all, it baffles me that the issue of an internal vulnerability did not come until the community presented evidence that proved otherwise. Gaile, I understand that you do say further down the page that there is 'proving' evidence that this is not the case. However, the community needs reassurance; clear and convincing evidence. Anet needs to stop making statements and present the community with facts, clear cut and dry. We have really been missing empirical evidence to suggest that a) hacks are being reduced and b) assuring the community with some of of definitive plan moving into the new year.

I apologise if I come across as forceful, as this is not my intent. Rather I'd like to see a team that can give us an action plan, rather than promises. May the beginning of this year be more fruitful and may your blood sweat toil and tears go far.

--rawr 05:39, 2 January 2010

Forgetful? I have a suggestion!

If you are having trouble remembering a character name on your account, I have a suggestion. Naturally, you're welcome to write to support for help. But you might consider trying some self-help first: Check your screenshots in your Guild Wars folder on your computer. If you're like most players, you've taken a screenshot or two (or two hundred ;) ) and if you can find any of your characters' names in an image, you're good to go to use that name for account log-in.

For those with multiple accounts, you may be a bit confused about "Which character was on which account?" I still suggest you try searching your screenshots to see if you find a name, or find a "memory nudge" for names currently on your accounts. If you do end up writing Support, please provide them with as much information as possible, including your user name and any character names as you can come up with, even if it's a partial name, a name that you feel is close to what is on your account, or a name of a character you've deleted. Do try to write from the email that is your user name, if possible, to provide information that helps establish your ownership of the account.

I hope this helps! The response to the added security measures has been very positive, and we're glad that everyone understands the usefulness of this new log-in process. -- Gaile 20:53, 22 December 2009 (UTC)

Another idea that could be considered (at least by those with multiple accounts) would be getting those small yellow pieces of paper that have a stickie bit at the top on the back. Then you can write "Account 1 - Example Name" on one, "Account 2 - Name Example", "Account 3 - Another Example", etc.

To any who didn't guess - write sideways on them so you don't have bits of paper obscuring the top of the screen.

For those about to ask if Guild Wars is worth sticking (easy to remove) bits of paper onto your moniter: Surely it must be, if it's worth having more than one account. A F K When Needed 21:31, 23 December 2009 (UTC)

An extended version of the tip I gave here earlier on the same day you made this suggestion :P.

Hmmm.... did the one inspire the other? or do great minds think alike :)? -- Qaletaqa Hania 21:43, 24 December 2009 (UTC)

I don't hang around Regina's Talk Page, tbh A F K When Needed 15:02, 25 December 2009 (UTC)

Sry for the confusion, it was aimed at Gaile not you. -- Qaletaqa Hania 23:14, 25 December 2009 (UTC)

European Players: Can you help?

It occurred to me that Martin is on holiday, so we don't have someone to post in German. And we don't have Community Team members (or a Support Liaison :) ) who speak French, Spanish, or languages other than English. I wonder if any players who are active in non-English fan forums would help us by translating my screenshot suggestion (above) on those forums. The basic suggestion is: "If you're having trouble remembering your character names for the log-in question, check your screenshot folder and see if you can find an image that shows one of your character names." We've noticed that the number of US tickets has dropped, so we believe this is a helpful idea and we'd like more players to have the suggestion to work with.

Thanks for any help you can give! -- Gaile 18:36, 24 December 2009 (UTC)

What constitutes "other languages?" I could help with Polish and Russian. But I wouldn't know where to put the translations. Rose Of Kali 19:05, 24 December 2009 (UTC)

The only language in which we've posted this suggestion, at present, is English. So any "other" language than English would be wonderful. I'm not sure about where to post for Polish or Russian -- let me think about that and ask Regina if she has a suggestion. -- Gaile 19:24, 24 December 2009 (UTC)

I guess Regina's Talk Page, failing anything else. A F K When Needed 20:15, 24 December 2009 (UTC)

I'm Flemish but I translated it into Dutch but i'm not member of a Dutch GW fansite, so i'm gonna put it here incase someone else is, it may not be perfect but I did my best. Flemish and Dutch can differ quite a bit so I tried to make it so both Flemish and Dutch people understand it (If you think this isn't true then i'll make a Flemish translation to show you):

Als je problemen hebt met het herinneren van een naam van een character (personage) op uw account dan heb ik een suggestie. Natuurlijk ben je altijd van harte welkom om support te contacteren. Hier zijn een paar zelfhulp regels: Controleer de screenshots in de Guild Wars folder op jouw computer, want zoals de meeste spelers heb je waarschijnlijk een paar screenshots genomen (of twee honderd ;) ). Als je een naam van een character (personage) terugvind dan kan je die gebruiken om in te loggen op jouw account.

Voor spelers met meerdere accounts kan het verwarrend zijn, "Welk character (personage) hoort bij welke account?". Als dit het geval is, stel ik nog altijd voor om een kijkje te nemen naar uw screenshots om te zien of je een naam kunt vinden, of een "geheugensteuntje" om toch één van de namen van jouw characters (personages) op jouw accounts terug te vinden. Als je dan toch beslist om support te contacteren, geef hen dan zoveel mogelijk informatie, waaronder uw gebruikersnaam en namen van characters (personages) dat je je kan herinneren, zelfs al is het een gedeeltelijke naam, een naam die dichtbij in de buurt komt, of een naam van een character die je hebt verwijderd. Probeer, indien mogelijk, een e-mail te schrijven vanaf het e-mail adres dat ook uw gebruikersnaam is, om te kunnen bewijzen dat jij de eigenaar bent van de account.

Ik hoop dat dit helpt! De reacties op de extra beveiligingsmaatregelen zijn zeer positief geweest, en we zijn blij dat iedereen het nut van de nieuwe log-in procedure begrijpt.

That's the translation, I hope it helped someone. -- Qaletaqa Hania 21:00, 24 December 2009 (UTC)

Ow I forgot to mention, character(s) is translated into personage(s) but I never heard a Dutch and/or Flemish person say "personage" when referring to a character in a game. -- Qaletaqa Hania 21:13, 24 December 2009 (UTC)

Iff yuoo ere-a hefeeng truooble-a remembereeng a cherecter neme-a oon yuoor eccuoont, I hefe-a a sooggesshun. Netoorelly, yuoo're-a velcume-a tu vreete-a tu sooppurt fur help. Boot yuoo meeght cunseeder tryeeng sume-a selff-help furst: Check yuoor screenshuts in yuoor Gooeeld Vers fulder oon yuoor cumpooter. Iff yuoo're-a leeke-a must pleyers, yuoo'fe-a tekee a screenshut oor tvu (oor tvu hoondred ;) ) und iff yuoo cun feend uny ooff yuoor cherecters' nemes in un imege-a, yuoo're-a guud tu gu tu use-a thet neme-a fur eccuoont lug-in.

There you go <3 --snograt 21:34, 24 December 2009 (UTC)

Here, Spanish:

Si estás teniendo problemas al recordar el nombre de un personaje en tu cuenta, tengo una sugerencia. Naturalmente, puedes escribirle a Soporte para que te ayuden. Pero puedes intentar un poco de auto-ayuda primero: Verifica tus capturas de pantalla en la carpeta de Guild Wars en tu ordenador (That's for Spain, for Latin America you can use "computadora"). Si eres como la mayoría de jugadores, has hecho una o dos (O doscientas ;)) capturas de pantalla, y si puedes encontrar cualquiera de los nombres de tus personajes en una imagen, eso te sirve para usarla al entrar en tu cuenta.

Para los que tienen multiples cuentas, puedes estar un poco confundido con eso de "¿Qué personaje estaba en cuál cuenta?" Aún asi sugiero que trates de buscar en tus capturas de pantalla para ver si encuentras un nombre, o encuentras un "recordatorio" para los nombres que estén actualmente en tus cuentas. Si al final le escribes a Soporte, por favor dale cuanta información sea posible, incluyendo tu nombre de usuario, y cualquier nombre de personaje que puedas dar, incluso si es un nombre parcial, un nombre que sientas que se acerca a lo que hay en tu cuenta, o un nombre de un personaje que hayas eliminado. Trata de escribir desde el correo electrónico que es tu nombre de usuario, si es posible, para proveer información que ayude a establecer si la cuenta es de tu propiedad.

¡Espero que esto ayude! La reacción a las medidas de seguridad agregadas ha sido muy positiva, y nos alegramos que todos entiendad la utilidad de este nuevo proceso de entrada a las cuentas.

-- Large 21:55, 24 December 2009 (UTC)

French translation here :

Vous ne vous rappelez plus ? J'ai une suggestion !

Si vous éprouvez des difficultés pour vous souvenir du nom de l'un personnage de votre compte, j'ai une suggestion. Naturellement, vous pouvez écrire au Support pour obtenir de l'aide. Mais vous pouvez essayer un peu d'auto-assistance en premier: Vérifiez vos captures d'écran dans le dossier de Guild Wars sur votre ordinateur. Si vous êtes comme la plupart des joueurs, et que vous avez fait un ou deux (ou deux cents;)) captures d'écran, et si vous pouvez trouver l'un des noms de vos personnages dans celles-ci, il y a de bonnes chances que vous ayez l'habitude d'utiliser ceux-ci comme nom de compte.

Pour ceux qui ont des possèdent des comptes multiples, vous pouvez être un peu confus ou incertain concernant la question "Quel personnage se trouve sur ce compte?", je vous suggère quand même d'essayer de rechercher dans vos captures d'écran pour voir si vous trouvez un nom, ou un "détail" concernant les noms de personnages présents sur vos comptes. Si au final vous deviez contacter le Support, merci de communiquer autant d'informations que possible, incluant votre nom d'utilisateur et l'un des noms de personnage que vous pouviez donner ou utiliser, même si il s'agit d'une partie du nom, un nom approximatif de ce qui se trouve sur votre compte, ou un nom d'un personnage que vous avez supprimés. Essayez d'écrire à partir de l'email qui correspond à votre nom d'utilisateur, si possible, de fournir des informations pour nous aider à établir la propriété de votre compte.

En espérant que cela vous aide! Les réactions au sujet des mesures de sécurités additionnelles ont été très positives, et nous sommes ravis que tout le monde a compris l'utilité de ce nouveau procédé de connexion.

Davor Belegnaur 13:20, 25 December 2009 (UTC)

Russian

Если у вас возникла проблема с припоминанием имён ваших персонажей для нового вопроса аутентификации, проверьте свою папку со снимками экрана, нет ли там снимков с именем одного из ваших персонажей. Эта папка может находиться в:

C:\Program Files\Guild Wars\Screens (Windows XP) или

C:\Users\<пользователь>\Documents\Guild Wars\Screens (Windows Vista/Windows 7)

Rose Of Kali 22:58, 24 December 2009 (UTC)

Polish

Jeżeli u was wynikł problem z przypomnieniem imienia jednej z waszych postaci dla nowego pytania autoryzacji, sprawdźcie papkę ze zrzutami ekranu, czy nie będzie tam zrzutu z imieniem jednej z waszych postaci. Ta papka może znajdywać się w:

C:\Program Files\Guild Wars\Screens (Windows XP) lub

C:\Users\<konto użytkownika>\Documents\Guild Wars\Screens (Windows Vista/Windows 7)

Rose Of Kali 22:58, 24 December 2009 (UTC)

Uhhh, is this Polish? Well, it is, but it seems you used an online translator which killed the meaning of the sentence. This translation should be more accurate:

"Jeżeli masz problem z przypomnieniem sobie nazwy postaci do pytania podczas logowania, sprawdź w folderze ze zrzutami ekranu, czy nie ma tam obrazka w którym występuje nazwa twojej postaci."

Athariel 18:17, 26 December 2009 (UTC)

No... I am fluent in conversational Polish, but not "geek" Polish. Thanks for polishing up my Polish. Rose Of Kali 04:58, 27 December 2009 (UTC)

French

Not sure where is the current source text but that should be something like that :

Si vous avez un problème pour vous rappeler des noms de personnages pour le nouveau système d'authentification, vérifiez votre dossier de captures d'écran, dans le but de retrouver le nom d'un de vos personnages. Ce dossier se trouve par défaut dans:

C: \ Program Files \ Guild Wars \ Screens (Windows XP) ou

C: \ Users \ <utilisateur> \ Documents \ Guild Wars \ Screens (Windows Vista / Windows 7)

Davor Belegnaur 13:29, 25 December 2009 (UTC)

Banned for 335 Hours

→ moved from Feedback_talk:Emily_Diehl#Banned for 335 Hours

I was wondering if you could help me contact support or help me yourself. I was banned for 335 hours, I feel that this was a mistake because I was told that I cheated someone and did not pay for a run. The thing is I tried to pay for the run but the runner refused to take the money and also I did not even receive the end chest for the run. I did not cheat this person and pride myself in not cheating any player. I always pay for my runs and never scam. This banned came as a great shock to me and I would like the support team to review the logs and see that I did in fact try to pay for the run and it was refused. After he refused payment I left the party and headed to a post to start the dungeon with my guild because it was not completed by the runner. I tried connecting support through the normal channels but it takes about three days to receive a response and by the time any progress is made my ban time will be over. Please help me if there is anything you can do. My Question Reference #091215-000001 --The preceding unsigned comment was added by User:GXC7243 (talk).

Hello. I am sure that Support will respond to you very soon, if they have not already done so. 335 hours is about two weeks and it usually only takes a day or two to get a situation resolved. So please work with Support on this, for they need to review logs to ascertain what took place. Thank you. -- Gaile 03:12, 22 December 2009 (UTC)

I see that "in the spirit of Wintersday" you were released from your block a few hours after I wrote the above update. If you request assistance from me in the future, I would consider it a personal favour if you would update so that I can archive in a timely manner. Thanks for understanding. -- Gaile 04:01, 9 January 2010 (UTC)

Mistaken Ban for Botting

Please Help with Lifting Mistaken Ban (Ticket #091214-001504)

Hi Gaile. I'm hoping you can help me with the support ticket listed in the header. I was kicked out of the game while playing and received a message that my account was terminated for botting. This is obviously a mistake because I have never used a bot and I am the only person who uses my account (I've never given out my password). I submitted a support ticket about a week ago (on December 14) and have not heard anything from the support team besides the initial automated response. Hopefully you can help in resolving this issue post-haste so I can enjoy the rest of the Wintersday festivities with my guild and alliance, and if there is anything I can do on my end to speed up the process I would be happy to. Thank you.75.169.57.238 03:30, 22 December 2009 (UTC)"

Hello. I have checked on the ticket and I see no progress, as you point out. I'm very sorry for the delay. I've sent an email over to a team lead to ask that he assign the ticket to someone to assist in getting the matter researched for you. Thanks for your patience. -- Gaile 01:16, 23 December 2009 (UTC)

I am very sorry to be posting here again, but I seem to have no other way of contacting support about this issue. It has been nearly 2 weeks since the original ban and I submitted a support ticket and I have still heard nothing whatsoever from support. Now I realize that there are a large number of issues they have to deal with and that it being the holiday season only gives them less time to work on those issues. However seeing that issues which were submitted after mine have not only been addressed by support but have been resolved I cannot help but feel that either my particular problem has either fallen through the cracks or for whatever reason is not being addressed. Is there anything I can do to get this problem resolved, or at the very least perhaps have someone from the support team at least assure me that it is being or addressed or if it is not why and when it can be? Again I am sorry to be bothering you with this but I know of no other way in which to bring this problem to the attention of the support team beyond that of submitting a support ticket, which was done long ago.75.169.87.84 15:57, 26 December 2009 (UTC)

I note that you politely updated your ticket a few days ago, and that it still has not been addressed. I suspect this is not an easy issue and that the team is waiting for review from a senior staff member. I have written both team leads to ask for assistance -- I hope that you will hear soon. -- Gaile 00:50, 2 January 2010 (UTC)

Thank you for your time and help on this issue Gaile, I still have not heard anything from support but maybe this coming week will allow them to finally resolve this issue. As for it not being an easy issue, well please do not take offense nor think I am criticizing anyone, but as far as I know I have done nothing wrong and cannot see what would be difficult about this issue. I also do not see why if they are waiting for someone else to review the situation a response to that effect would not be made on the ticket. Sorry but I am getting a little frustrated, while realizing that it really is no ones fault it is taking so long. Again thank you for your help.75.169.83.117 14:01, 2 January 2010 (UTC)

Well support responded saying that my account was indeed used for a bot and that as such the ban will remain in place. I did ask on the support ticket if they have any way of checking ip logs as I have only played GW off one computer for several months and never used a bot, and so I wonder if it was hacked. However it does sound as though the decision to leave the ban in place is final and as such I would like to thank you for your help in seeing that this issue was brought to the support team's attention.75.169.59.74 00:01, 5 January 2010 (UTC)

Hacked Account – Reference #091215-002191

Is there any way you can help?

Hello Gaile,

my husband's account has been hacked on December 15th. He got an e-mail that his password was changed. We traced the IP – it was from Beijing, China. He tried to log on to his NCMA but the password was wrong. He managed to reset it and then changed it. Then he changed the pw for his game account via the NCMA. He could log into his account, finally. They took everything valuable. It was earned honestly over almost 4 years.

He was always extremely careful with his private data. He's working with PCs for nearly 30 years now and he never had a virus or a key logger or anything like that. He used his log-in information (e-mail address and pw) for Guild Wars ONLY. It was long, complex and he didn't tell it to anybody. He didn't visit any gold selling sites, he never registered at any game-related forums or anything. He didn't even use Texmod because he thought this is not safe. He didn't play any other games all the time. All the security stuff (Anti virus, Anti Malware, Firewall etc.) was always running and up to date. All checks never showed any infections.

He contacted the German support and they got back to him and blocked his account for security reasons. The reply seemed like a “copy and paste” answer. (15th of December) Then he wrote back and asked a few “uncomfortable” questions. (These questions are still unanswered today – you can find them in his support thread)

The next answer was on December, 16th. A Senior GM told him that they can't restore anything and that it was his own fault by being careless (?!) concerning his log-in information. He replied the same day and told them he wasn't careless and he nearly boiled over because they call him a liar indirectly. No answer → he updated his questions on December 17th, 18th, 21th and 22th. The next reply came on December 22th. Another Senior GM apologized for the long waiting time and told him they have more issues than usual to deal with atm. and they would get back to him as soon as possible. Today his account is still blocked and his questions are still unanswered.

I really do understand that support has to deal with more questions but this really annoying and he feels ignored and punished just because he asked some uncomfortable questions. Support has been provided with everything to prove that his account actually belongs to him in May 2009. We really don't know what to do anymore. It definitely wasn't his fault his account got hacked. He didn't even want to register here to contact you because he says it's not worth it anymore. He got his Wintersday present already from that RMT.

Is there any way you can help though it's concerning the German support? And another question: How will this new security feature help to protect his account? This RMT knows his character names... Thank you in advance and have a Merry Christmas. (Sorry for my English. Obviously, it's not my native language)--Sad Rabbit 20:25, 23 December 2009 (UTC)

I have checked this ticket again, and I am not able to provide any additional information other than that it is still active and the team must still be reviewing it. Please do be aware that we will be re-running the Wintersday Finale event, and I believe that your husband will be back on his account in time to take part in that event. I'm very sorry for the delay, and I will try to find out why it's taking so long to address this concern. I can assure you that asking "uncomfortable questions" is not the reason -- players do that sometimes and we are all used to it. There's another reason for the delay and I'll see if I can learn what it is, knowing that it may simply be a shortage of staff members over the holidays. All the best to both of you and we'll see you in the Wintersday event repeat! -- Gaile 00:54, 2 January 2010 (UTC)

I just checked this ticket again, after having ask the team lead if he could ask someone to take a look. I see a team member wrote you on 4 January, and you responded on 5 January. You should be back in the game very shortly. If not, please let me know and I will see if I can follow up again. -- Gaile 04:07, 9 January 2010 (UTC)

Thank you for looking into this matter, Gaile. I really appreciate it. Support responded to my husband yesterday and for the first time, it didn't seem like a copy and paste answer. He needs to send them all the information to verify his account (though he proved it already last year.) It's a month now since his account was hacked and then locked and it's not only about getting back into game again. But we'll see how things turn out. Thanks again.--Sad Rabbit 21:59, 14 January 2010 (UTC)

Hey Sad Rabbit. I see you heard from one of our agents a day or two ago. Can you tell me how things are, at this point? Is all ok now? Danke. -- Gaile 05:08, 21 January 2010 (UTC)

Hello Gaile. Thanks for your efforts again. Since I think that the file is closed now for NC Soft, my husband would like to send you some final words concerning this case via e-mail. Could you tell me your e-mail address, please?--Sad Rabbit 13:17, 24 January 2010 (UTC)

If you have e-mail enabled on your wiki account preferences, you can email Gaile using the Email this user link in the toolbox to your left. -- Wyn talk 13:27, 24 January 2010 (UTC)ar

Gaile, I need your help.

I sent an e-mail to the support team roughly about... eight hours ago. This is my first time using a support ticket in my four-or-so years of playing Guild Wars.

The details of my ticket: Concerning my accounts. [Incident:091223-000038]

Nine of my accounts have been frozen. All nine of them. I do have a hunch as to why this happened.

You see, when security was upped, right after the maintenance, I went about trying my other accounts. I cannot keep track of the characters in them, there have been mistakes in my attempt to open them all; I did get them all, eventually. So I played, and played. Logged in one of the nine, and played for twelve or so hours. It was only when I woke up (yes, I passed out playing), that I realized I've been disconnected. Upon trying to connect, it has been returning me this message:

We have detected that your account may have been accessed by an unauthorized individual. For your security, further access to the account has been blocked until this matter can be resolved. To restore access to this account, please contact Support and one of our representatives will assist you. (Code=045)

I realize that the ante in security is to, quintessentially, protect players from getting their accounts hacked. I'm certain that none of these accounts would be hacked, for the following reasons: One, e-mail used to register for them have been created for the sole purpose of account creation. Most of the e-mail addresses have died four years ago. Two, passwords have been exclusive my Guild Wars accounts, as well.

I also understand that I can't switch accounts as often as I'd like. So much for my banks and pet collection.

I really need your help on this one, Gaile. I was hoping I'd get some game time in, during this Christmas break of mine. I would really appreciate the help. Thank you for hearing me out.

Happy holidays! --The preceding unsigned comment was added by User:Xx anghardel xx (talk).

This has been resolved as of today. Thank you. Prompt, efficient, very professional. Xx anghardel xx 01:21, 25 December 2009 (UTC)

Thank you SO much for following up and letting me know. I'm afraid that few people remember to do that, and it's a tremendous time saver when folks let me know to not engage in research that is no longer needed. I'm glad you're back, angharde! -- Gaile 23:30, 29 December 2009 (UTC)

IP Ban

Hello, I opened a ticket on Dec 14th but I believe the matter is still unresolved (and the ticket is still open), and haven't heard anything from support since the 18th. I understand that there is a lot of stress on the support atm due to the implementation of the new security question (players forgetting their character names) - but nearly a week should be enough to give an answer imho. Reference # 091214-001156 - merry christmas! --SuneC 16:59, 25 December 2009 (UTC)

Oh no, that matter is fully resolved. Your account will not be reinstated. -- Gaile 20:55, 31 December 2009 (UTC)

aaagh please help gaile

i am trying to get help from support but i send off a ticket, get an initial reply and then no more! please can you help me get my accountback i have tried everything, worst thing is im a festival hat collector so i really need my account for wintersday, i can provide any information needed, i just really need help.

Provide the ticket number that you sent to support so that Gaile can look it up. Rose Of Kali 23:30, 30 December 2009 (UTC)

Reference # 091218-002819 sorry for some reason i expected her to know exactly who i was =)Mini Lich 11:47, 31 December 2009 (UTC)Mini Lich

Oh yea, Mini, I totally knew that was you. ;) I looked at the ticket just now and you've given a splendid amount of information! I just sent an email to ask the team lead to see if someone can assist you. I know they've got a good-sized queue, but hopefully someone can get to this and help you out real soon! Sorry for the delay. -- Gaile 20:08, 31 December 2009 (UTC)

I think all is well now. Please let me know. -- Gaile 20:43, 31 December 2009 (UTC)

omgawd gaile i knew we where so close you knew exactly who i was =), thanks alot for helping with my account =))), i r sooo happy if i ever meet you in real life you can have my nan, she is nice and makes good pancakesMini Lich 04:32, 1 January 2010 (UTC)Mini Lich

ohhh nooes i just realised the email adress they r trying to send my password too is wrong! =( i opened a ticket a while back to say use .co.uk rather than .com! =( noo ima gonna miss wintersday Q Q Mini Lich 04:47, 1 January 2010 (UTC)Mini Lich

I have asked the team to look at the ticket again. -- Gaile 07:10, 1 January 2010 (UTC)

Gaile, I'm glad you helped Mini with its problem, but remember that I have my accounts stolen, has passed a lot of days since I sent the information requested by the support team, and nobody has contacted me with news about that. I would be very grateful if you take care also of my problem. Thanks. --Magolossum 02:10, 1 January 2010 (UTC)

I would appreciate if you update in your own thread, and not in the thread of another person who needs assistance. Each case is separate, and each is given as much time and effort as possible to resolve it. I will respond in the existing thread about your requests. Thanks for understanding. -- Gaile 07:10, 1 January 2010 (UTC)

(Reset indent) Mini was contacted a couple of hours after I posted and is back in the game. Archiving now. -- Gaile 06:37, 10 January 2010 (UTC)

Online Purchases

I tried to purchase things of the ncsoft store with paypal and after 2 purchases i couldn't buy anymore. now the note said they can't lift that limitation wich i understand for obvious reasons but what is the timeframe exactly? Rhonin Soren 10:27, 29 December 2009 (UTC)

problem solved i just waited till the evening i tought it would have been much longer Rhonin Soren 18:35, 29 December 2009 (UTC)

The delay is to reduce fraudulent use of stolen credit cards, but it does occasionally bite a honest customer in the ankle, too. :( I'm glad that it was sorted out and you were ok in just a few hours, Rhonin. (And thanks for updating to that effect!) -- Gaile 19:41, 31 December 2009 (UTC)

np I wanted to buy 2 char slotts (one for ranger and one for war now i have all 10 :p) but i needed to wait luckily a few hours was enough. thx for the answer anyway Rhonin Soren 10:45, 1 January 2010 (UTC)

Account Blocked for Security

Hello Gaile,

My account has been blocked about a 2-3 weeks ago. Support is only responding me when I create new question, they didn't check my old answer. Support asked me about the new e-mail address, so I sent them a new one. Now they aren't responding me..I'm very confused. The problem is a Code=045, my account has been blocked because someone individual accessed my account. I had a computer freezes, and I was forced to reset the computer, maybe this is it (But i repaired it, now it's good) I think no one can access it, it's just a big mistake.I bought Guild Wars at 1st November, and i got blocked after.. maybe.. 3 days? a week? Its unbelievable that anyone can hack/ just access my account. Can you help me, please? I'm waiting too long..The reference #: 091215-002035

(Like I said, i made a mess in this question and some improves, so you can avoid the oldest messages.)

Thanks very much --Resoraksh 09:57, 30 December 2009 (UTC)

I have asked a team member to take a look. I cannot make any guarantee about the resolution, but I can see you provided the information that the team requested, and I'm hopeful you'll hear from them very soon. -- Gaile 20:52, 31 December 2009 (UTC)

Yes, now they responded to me.It's all ok, but the problem is - the account is still blocked.Should I wait again? Thanks very much for the answer. --Resoraksh 11:44, 1 January 2010 (UTC)

Ok, my account has been unblocked. Thanks very very very much for this :) --Resoraksh 16:36, 1 January 2010 (UTC)

I am very happy to hear that all is well with your account! Thank you for letting me know. :) -- Gaile 00:56, 2 January 2010 (UTC)

(Reset indent) Well, my account has been blocked again :/ I wrote from this same e-mail, I think i didn't do anything wrong now.. Reference #: 091215-002035 Can you help me again? I don't want wait a month again.. Accidentally I wrote the wrong informations before the new question what was wrong move, so please better ignore it, I just didn't saw it. I think I'm the mess-making master :/ --Resoraksh 14:25, 8 January 2010 (UTC)

I should allow the team to respond to you. It's only been a few hours since you wrote, so let's give them an opportunity to review the situation and give you assistance. -- Gaile 04:14, 9 January 2010 (UTC)

Now is unblocked, but I hope forever. Thanks very much more time. --Resoraksh 09:16, 10 January 2010 (UTC)

You are more than welcome, and thank you for your patience and courtesy. :) -- Gaile 21:02, 11 January 2010 (UTC)

Does NCsoft have a Security Issue?

If Gaile's account gets hacked, will NCSoft believe that it is a security fault on their end?

I feel that if someone who has influence with NCSoft gets their account hacked, that something huge will have to be done. If Gaile's account gets stolen, will massive affirmative action be taken? -- Shadowlurk --The preceding unsigned comment was added by 70.188.149.9 (talk).

Given that accounts are being hacked by a security flaw with NCSoft's website allowing you to gain control of somebody's account by simply logging into your own enough times, "when Gaile's account gets hacked" is a more appropriate question than "if". After all, it already happened to Linsey (and not long after that, a new account security feature was implemented)... At any rate, either way it's a silly question - of course something will be done. The value of staff accounts is far higher than the value of a normal player's account. Even their holiday hats are incredibly important. -Faer 00:07, 1 January 2010 (UTC)

You think we'll find out when it happens? Btw, how did you know Linseys got hacked? Rose Of Kali 00:49, 1 January 2010 (UTC)

She updated her facebook status telling everyone it did. :p -Faer 01:12, 1 January 2010 (UTC)

(Reset indent) Maybe you missed this? Security measures have been taken. Security will be further enhanced in the new year; more information will be provided when it is available. And Faer, posting a flat statement that there's a security flaw on the NCsoft website simply because you believe a random forum post is not only irresponsible, it's wrong. That forum "poll" is far less useful than the polling we've been doing with Guild Wars hacking victims, at greater depth, and with far more detailed information. And even in the poll, you will notice there is no point of commonality.

I've said it before, I will say it again: In a sampling of hacked account, half did not have an NCsoft Master Account at all. So how does NCsoft's website even enter into the discussion? Because people don't have the facts, won't believe the facts, or prefer to make up their own "faux facts." There are simply too many cases of people having no association with NCsoft whatsoever to consider the NCsoft site responsible for the account hacks. Please don't continue to spread a rumour that is provably false. -- Gaile 03:23, 1 January 2010 (UTC)

Gaile, the link Faer posted is pretty vague, but I think I found the tidbit of information he was referring to. This post here refers to a post by an Aion developer (or CRM or something) who seems to admit that there is a flaw in the NCSoft site that allows you to log into someone else's account. elix Omni 03:33, 1 January 2010 (UTC)

Yes, that's their forum account, isn't it? -- Gaile 03:36, 1 January 2010 (UTC)

Here's the quote from CM Tamat: "This is a known issue with the official website/forums and one that is purely cosmetic. We're working hard to correct this issue and should have a solution early next year. Fortunately those databases aren't linked so it would be impossible to make any changes to the master or game account. Your information is safe and sound!" That says to me the problem does not involve game accounts. If I'm mistaken, please let me know and I'll do further research. -- Gaile 03:37, 1 January 2010 (UTC)

I honestly couldn't say if you're mistaken or not, but the post that Tamat responds to says "I dont know if this has been brought up before but I just logged into my NCSoft master account, and when i pressed submit, the page refreshed and I was logged into ANOTHER account that wasn't mine..." So perhaps research would be good if only for the sake of clarity? :) elix Omni 03:39, 1 January 2010 (UTC)

The reason I believe that my account information is vulnerable on the NCSoft end of the line is because I personally got hacked. After 4 years of playing with the same password, my account sent a strange email to support from my master account which I personally did not send. I got scared so I changed my GW account password to something completely different. Within 6 hours of me changing my password, a hacker from China gains access to my account and I do not have control of it for 3 days. This is why I believe that there is some sort of leak in NCSoft security measures. -- Shadowlurk --The preceding unsigned comment was added by 70.188.149.9 (talk).

I am sorry for what happened to you. But we've been working on hack research for many months, and so far, nothing points to the NCsoft website or a NCsoft Master Account as being directly related to account hacking. -- Gaile 03:54, 1 January 2010 (UTC)

Please do that further research, Gaile. As has been posted by many people in many threads (such as the one I linked that you did not bother to fully read, apparently), and confirmed by many people simply trying it, the issue is not merely cosmetic. Logging into your PlayNC master account can give you full access to an account that doesn't belong to you and that you did not intend to log into. It's a very severe problem, and it'd be nice if NCSoft stopped trying to shove it under the carpet. The community is no longer blind to the issue. -Faer 10:50, 1 January 2010 (UTC)

On top of that, in direct response to your mentioning of facts - we're still waiting on the proof that a fansite was responsible for any of the account hackings that have been going on. If you wish to speak of facts, it would be nice of you to provide some. -Faer 10:55, 1 January 2010 (UTC)

http://img525.imageshack.us/img525/9025/ncsoft.gif I dunno about you, but if I can login to MY account and magically be on someone else's and click around I don't think it's cosmetic at all. People have pointed out before that you don't need the old password in order to change information for game accounts. While you may have added the in game name for guild wars, this is still a serious flaw in NCsoft website. My -PERSONAL- information is on that website. Just because half of the hackings didn't have a master account doesn't not mean that there isn't a problem, or that there couldn't be one. Please stop blaming the concerned users, and please take your own advice when it comes to spreading faux facts. xxteacakez talk 11:02, 1 January 2010 (UTC)

In the interest of being helpful, allow me to clarify something for the benefit of Gaile and others.

Originally, via this thread, the player community of Aion were raising an issue regarding the NCSoft Master Account Login Page, where it was discovered that the page has the tendancy to log people into other people's NCSoft Master Accounts at random. When this happens, players are able to assume full control of another persons NCSoft Master Account, and any game accounts they happen to hold. This is not a cosmetic issue, it is a genuine issue that appears to be causing many people to loose control of their NCSoft Master account and game accounts alike.

Initially, when Tamat (Aion Community Manager) saw the complaint thread, in his haste Tamat replied assuming that the complaint referred to another known problem involving the Aion Online website and forums (a different website). The known problem Tamat is referring to is a separate issue. I cannot stress this enough. Players use their Aion Game Account information to login to the Aion Online website in order to check their broker status or their mailbox. This website has a caching issue, which sometimes causes the wrong Aion Game Account name to appear in the greeting at the top of the page. This in fact IS a cosmetic issue, so if tamat had been replying to the correct problem...his reply would have been correct.

What the player community needs is a reply to the original complaint because it will indeed affect Guild Wars and Aion players alike.--Bunny - Angel talk 19:43, 1 January 2010 (UTC)

This link has all the information in one post. Cress Arvein 20:51, 1 January 2010 (UTC)

Thank you for sharing the synopsis, Angel, and for the link, Cress Arvein. I have been working on the MHE (Missing Hat Experience) for Wintersday 2010, and so I was not able to devote my attention to the question as fully as I might have done on a normal day (and certainly on a normal work day). I am discussing this issue with Regina so that we can learn more about the concerns and, of course, address them as quickly as possible. -- Gaile 21:11, 1 January 2010 (UTC)

Addendum to my comment above: I do not wish to give the impression that I consider missing holiday hats to be a higher priority than security issues. Anyone who knows me, or thinks about my position, would clearly understand that, for me, hats < security! However, having seen an official response that seemed to dispel the concern -- a response that, in the context made sense to me -- I believed the security concern to have been adequately addressed. I have been researching this at greater depth today, and have sent emails to more than 30 people on a half-dozen teams to alert them to the concern. We'll update when we have more information. -- Gaile 21:49, 1 January 2010 (UTC)

lol Don't worry Gaile, we would never assume you were prioritising hats over security. We know you well enough by now to know you're a very conscientious person. The fact that you're working at all on New Years day is commendable *hugs* --Bunny - Angel talk 22:13, 1 January 2010 (UTC)

Thanks, Bunny. I could use that hug about now. My jaw is clenched so hard with worries about the security issue my TMJ is killing me. I'm pounding "refresh" on Outlook so often (to look for responses to my emails) that the computer is starting to flash "O rly?" when I do. :) -- Gaile 22:15, 1 January 2010 (UTC)

Oh dear :( I have to say, I really do wish I could help more with this. I'm sorry to say that I know the jaw clenching feeling all too well. The only thing I can offer is a picture I took outside my hotel room...7,000 feet up on top of Mt Pilatus in Switzerland. It always calms me down :) --Bunny - Angel talk 22:33, 1 January 2010 (UTC)

People have also used this image on me as therapy when I needed some. Apparently it worked. :P I really hate feeling helpless, hopefully you can figure this out soon. Now imagine a little Asura sitting on your desk and chasing away mean hack Trolls with his terrifying grin and a Red Asuraline Staff. :) Rose Of Kali 22:59, 1 January 2010 (UTC)

Update: January 1, 2010 (7:15 PM Pacific)

ArenaNet and NCsoft staff members have been discussing the possible security issues pointed out by players in various forum threads. We absolutely do take these concerns seriously, and measures are being and will continue to be taken to address the concerns on several levels. A change in one of the NCMA processes is being made even as I write, and I think you will all agree that this change will help tremendously in enforcing a high level of account security. I just want to say I'm very grateful to the people who have been involved. They are working on a holiday, some of them away from home, and they've just been splendid in getting into this, to listening, to looking at what they can do to help -- to taking the whole matter on board and making definite improvements in very short order.

Research continues and additional changes may be put in place. But if you try to change your password in on the NCsoft site, you will notice a change, I'm sure, that will enhance account security now and in the future. -- Gaile 03:15, 2 January 2010 (UTC)

Thank you for the update, and for all the effort that has been put in on this issue on a holiday weekend. Identity security is such a major concern these days, as evidenced by the vehement reaction on various forums today. It's a perception issue as much as anything else. There has been a perception (right or wrong) that NCSoft doesn't take security concerns seriously. I hope these security holes will be plugged once and for all quickly. I remain dismayed that it has taken such a massive outpouring of worry and concern to get the NCSoft security team to make such a basic fix as to require your old password before allowing the NCSMA password to be changed. Anyways, thanks again and Happy New Year.AnClar 03:39, 2 January 2010 (UTC)

I just read a concern that the change that now requires the someone input the old password before changing to a new password applies only to the Guild Wars account and does not pertain to the NCsoft Master Account. Our primary concern was securing your Guild Wars account from unauthorized access, and the change this evening did accomplish that. As to the NCMA: According to the NCsoft Security Team, changing the NCMA requires that someone answer a series of security questions. This means there is a barrier to random password changes, just in a different form than requiring the old password. -- Gaile 03:51, 2 January 2010 (UTC)

Okies...thanks. BTW...between the hat issue and this mess, are you going to get some time to relax in the next few days? You deserve it!AnClar 03:54, 2 January 2010 (UTC)

I was joking with a couple of friends that "I need a holiday from my holiday." :) I cut short some of my activities and haven't gotten things done (home, family) that I intended, but hey, you guys are worth it. :D -- Gaile 06:30, 2 January 2010 (UTC)

I know this may be a little out of your remit Gaile, but whist the old password has been added to GuildWars, it has not been changed for other games. One must assume that this hurried change to the GuildWars password system indicates that there may be an issue, so surely that issue applies to all other games that can be linked to the NCMA too. I don't know how the company is split with regards to making change to the website, but I feel there would be more force in the opinion that all other games need to implement this if it came from you internally. Would it be possible for you to alert the relevant people regarding other games accounts linked to the NCMA please so we can see this change on all games and not just GW? Many thanks. 81.157.221.228 03:55, 2 January 2010 (UTC)

Thanks Gaile, for taking a genuine interest in this case. ---- Arduin 06:18, 2 January 2010 (UTC)

@ 81 -- The NCsoft Team is still working on security concerns, but I will pass along your thoughts. -- Gaile 06:28, 2 January 2010 (UTC)

@ Arduin -- Thanks for the smile. :) -- Gaile 06:28, 2 January 2010 (UTC)

Does this change (requiring old password to change GW's password) also include measures to prevent brute force attacks? Or is that not needed for this type of situation? BladeDVD 09:08, 2 January 2010 (UTC)

Thank you for all the effort you and others put into this, it's much appreciated ;) edit: and I hope you still find the time to celebrate with your family, happy Newyear :) --Ellisia 10:39, 2 January 2010 (UTC)

Gaile, you and the support team are a credit to Arenanet. I really mean that. To work quickly to put additional security steps in the process, even while you are fleshing out the issue, is the right step to take and I am sure that Guild Wars players are grateful to no end for your efforts last night. I am just sorry to hear that this issue has interrupted plans you had to spend time with your family. *bigger hugs*

To clarify something though (I seem to do this a lot lately), the suspected issue with the NCSoft Master Account does in fact appear to give people full control of the account that they are inadvertently logged into.

I noticed you had said "According to the NCsoft Security Team, changing the NCMA requires that someone answer a series of security questions." I am sorry to say that, at this time, this is not the case. The security questions only apply to people going through the "forgotten password" process. Once someone is "in" a Master Account (via the suspected exploit) they are able to reset the password for that account without answering any such questions. This is a screenshot of what it looks like. As you can see, the person can also set new security questions at that point. Furthermore, testing has shown that when an NCSoft Master Account password is changed, no notification email is sent whatsoever. It is these two factors, working together with the exploit, that many believe to be of greatest concern.--Bunny - Angel talk 11:49, 2 January 2010 (UTC)

Bunny (Angel?) -- thank you for your updates. I have shared them with a large number of NCsoft team members, as I believe they contain valuable information. Thanks again. -- Gaile 05:34, 3 January 2010 (UTC)

Bunny is totally fine thanks Gaile :) Please do give me a shout if there is anything you need and I'm happy to support. I've tried to manage the panic in the Aion community as best as I can while Tamat/Ayase are on holiday (see yesterday's update). I'll put out a request today for people experiencing the "NCMA hopping" issue get in touch directly though (I know of these off the top of my head 1, 2, 3).

I think the latest change to the NCMA page effectively covers all the precautions that can be taken, so Guild Wars folks should breath easier while the digging continues. Although there hasn't yet been such a change for Aion password resets, the extra step in the NCMA process will allow people to regain control if someone does skip off with their game account (previously, not being able to do this has been the biggest obstacle). In other news...it snowed last night and I woke up to see a magical fairy land outside my window. All in all it's shaping up to be a wonderful day :)--Bunny - Angel talk 12:08, 3 January 2010 (UTC)

Update: January 2, 2010

Additional security measures were instituted today in connection with NCsoft Master Accounts, following yesterday's update that provided higher security for Guild Wars game accounts. Please note that the prompt response of the team to player concerns about security should be seen as a proactive, positive response to the possibility of an issue, rather than "proof" that such an issue existed. Rest assured that research is continuing and additional measures can and will be taken if they are needed.

We've seen two reports: There's a known issue with an Aion forum. There's a claimed issue that allows people to "jump" between NCMAs, either intentionally or accidentally. Has anyone has personal experience with the second? I recently read on a forum thread (yes, I read them from time to time :) ) that only one person made the second claim. With no evidence to support it, and with that person reportedly absent in recent days, it would be helpful to have something more than relayed, repeated, or rumor-based info. Anyone with actual experience with this, please drop me a line at SupportLiaison@Arena.Net. Thanks!

Clif Notes for today's update:

• New security measures are in place which we believe will address some of the concerns that have been expressed in recent days.
• Research continues.

Thanks for reading. -- Gaile 03:31, 3 January 2010 (UTC)

I did wonder if there was a problem with some AION related fan site or forum, since the number of hackings did start to go nuts right after the release of AION in the states, and security of forums and fan sites are loose at best (Like they say the network is as strongest as it's weakest link.). I guess I don't have to wonder anymore ^_^;. Also thanks for the update, it's always appreciated! --Lania Elderfire 16:34, 4 January 2010 (UTC)

Update: January 3, 2010

Players have expressed concerns that would-be account thieves might be able to acquire Guild Wars character names from support tickets tied to their NCsoft Master Account (NCMA). But it's important to note that NCsoft customers can have up to three separate accounts: a game account, a NCsoft Master Account, and a support account. The support account is not tied to the NCMA. So even if a player's support ticket does contain a character name, that name will remain hidden because support tickets are not viewable through the NCMA.

Testing continues related to the report of switching between NCMAs. After more than 230,000 attempts, a team member has been unable to effect even one switch between NCMAs. The teams will continue to do more research, of course, and more details will be provided in the near future. Please be assured that this concern remains a top priority with ArenaNet and NCsoft. -- Gaile 00:02, 4 January 2010 (UTC)

"After more than 230,000 attempts" - Most boring job ever? Thanks for the updates, Gaile. -- FreedomBound 00:05, 4 January 2010 (UTC)

Wow, 230,000 attempts? just wow... But wouldn't it just be easier if someone just looks at the source code to see if there are any problems in the programming it self? ...though I bet someone is doing that already anyway :-). Thanks for the update! ---Lania Elderfire 16:29, 4 January 2010 (UTC)

Oh, you can be sure the code is being scoured, as well. But when issues get reported, there's great value in direct replication and testing, so that's what the team member did (and is probably still doing). In addition to the logging that was put in place, we're just not seeing a single instance of switching between NCMAs through any means.

I'm still hoping to hear from someone who stated that he or she experienced this issue. They can get in touch with me, Regina, Martin, or support. I'm still hopeful that the two or three people who claimed they have personally experienced a switch between NCMAs will contact one of us. Right now, testing can't find it, logging doesn't see it, and no one has stepped forward to provide details. -- Gaile 18:31, 4 January 2010 (UTC)

Just trying to be helpful, and to answer Lania, no, I wouldn't be easier to look into the source code :) And I have nothing to do with Anet, but I know a little about computer programming and bugs in real life. I can even tell you that I found incidents at my job with the code perfectly written and behaving wrong because of something else. They need to replicate the exact circumstances of the problem to identify it. That's why it is so important to show them how it happened in the first time. --Zarza 10:13, 5 January 2010 (UTC)

You might start by going through the GWGuru topic on it. (http://www.guildwarsguru.com/forum/account-hackings-source-t10419779.html) There's a half-dozen people or so confirming it, including a ventari mod. I'm sure they'd respond to a PM asking for details. However, I'm not sure what more they could tell you than "I... uh... logged in and ended up in someone else's account." 06:43, 6 January 2010 (UTC)

Yes, there are a few of people claiming personal experience with this, but as far as I know, none of them have stepped forward to discuss the matter with us, the people who are the path to testing and resolution. (I believe Regina may have gotten some rather vague info, but as far as I know, none of us have enough details to be worthwhile.)

I have made it very clear that we welcome the reports of people who have experienced this glitch. PMs have been sent. Posts have been made. And info is still not forthcoming. If you or someone you know experienced this situation -- actually personally experienced this situation -- please write me at SupportLiaison@Arena.Net. Thanks. -- Gaile 06:57, 6 January 2010 (UTC)

"After more than 230,000 attempts, a team member has been unable to effect even one switch between NCMAs" Gaile, how many people were doing the tests? I think that these "switch" attempts should be made in environment similar to live site ie. with few thousands different users logging on the site in this same time. I suspect there's bug in database connection handling (connection pooling) or session handling, and it shows up when two or more people are logging into NCMA at the same moment... Thorel 193.178.214.62 11:00, 6 January 2010 (UTC)

That makes me feel like I should make a few hundred login attempts to see if I can reproduce it. What sort of data are you looking for? Re: the below. I suspect some sort of memory handling bug -- either something overflowing into the address containing the account index, or an attempt to reference it after it's deallocated. I chatted with a long-time PeopleSoft developer about it yesterday, he suspected either a memory handling bug or just plain bad SQL fetching the account data. In any event, I wholeheartedly agree with the below poster that you're going to need to test under something as close to live conditions as you can get. Heck, test under live conditions; it's not like you'll break anything. 22:07, 6 January 2010 (UTC)

You might find this news article interesting: http://www.breitbart.com/article.php?id=D9D8EGD00&show_article=1 Same account-switching problem with facebook logins. Turns out it was AT&T mis-routing data. Whether or not that may be causing the problem with the NCMA, I couldn't say. 03:22, 16 January 2010 (UTC)

Update: January 20, 2010

There's some detailed information about security from NCsoft's Game Surveillance Unit on this link. I'd like to quote one part that relates particularly to reports around New Years related to NCsoft Master Account security: Despite the fact that this report occurred over the holidays, when the majority of NCsoft employees were home with their families, our security team responded immediately with a point-by-point testing and analysis of the erroneous concerns that were raised. As a result of the point-by-point testing and analysis, our security team concluded no critical vulnerabilities had been demonstrated or identified, but our security team continues to research, to monitor closely, and to implement security improvements to address any potential weaknesses raised.

So there's no dismissing of the concerns, and no discounting the efforts made to investigate each reported issue. Several different teams continue to look into the whole issue of security. Look for more info, and some substantive changes, in the future. -- Gaile 01:59, 21 January 2010 (UTC)