Today we found this news post about Aion Online concerning the security of accounts. One of the biggest problems in the gaming industry is the illegal account-hacking, money trading and theft of personal information. Please continue reading below, because it touches upon these very sore subjects, and Scott Jennings (GM Luminary)'s advice.
Greetings, all. I’m Scott Jennings, otherwise known as GM Luminary, working with NCsoft’s Game Surveillance Unit (GSU). I’ve been asked to take some time to speak for a bit on the fallout from the war that we’ve been fighting in our games against real money trading (RMT) companies and others trying to violate your account security, and how you can help in the fight.
Make no mistake—it is a war. One that you, our players, see the effects of whenever you play our games or visit forums related to our games. Many of you have noticed the decrease in bots, farmers, and gold spammers as a result of our efforts.
In the game industry, we have also seen an increase in attacks by third parties in an attempt to steal your account information by any means necessary, including phishing, obtaining passwords from third party sites/systems, and using account information provided by those engaged in power-leveling services and other prohibited activities. Recently, the number of these attacks has risen dramatically.
As a result, our game support queues have drastically increased, with thousands of support tickets from players who have lost access to their game accounts and are suffering extended wait times for help. Our game servers, account databases, and support sites are under constant attack and being probed for any vulnerability. It’s a war that by no means is over.
Our enemies are playing for high stakes—the estimated $2 billion Aion Kina that RMT companies earn off the back of game developers and players like you. And we are playing for high stakes as well—the right that we believe we have as a company, and you as players, to play games that are free from the corruption of in-game currency sales and all that results from that.
It’s a war that we’re committed to winning, but one that we’ll need your help with to achieve a real victory. I’ll describe first our responsibility to you to provide a safe and secure gaming environment, and then what you can do in return to protect yourself.
Our job: Provide a secure environment for your Aion Kina
With the increase in account compromises that we've been seeing in this past month, I think it’s worth taking a moment to review how seriously we here at NCsoft take your account security.
The news from Google regarding a serious, high-level attack by hackers on the most secure technology companies in the world is sobering. We continue to refine our systems to counter the various attacks that these RMT companies employ. We have a team of security professionals with years of experience in massively multiplayer games and online security in Seoul, Seattle, Austin, and Brighton that is striving to make our servers as secure as they can be. Any vulnerability that is discovered is addressed and fixed.
For example, a thread on a third-party Guild Wars forum this New Year’s attracted a good deal of attention. It detailed a list of security vulnerabilities that supposedly had been discovered on our account website, ending with the alarmist note that “the only responsible thing NCsoft can do is to shut off their website, as soon as possible.”
Despite the fact that this report occurred over the holidays, when the majority of NCsoft employees were home with their families, our security team responded immediately with a point-by-point testing and analysis of the erroneous concerns that were raised. As a result of the point-by-point testing and analysis, our security team concluded no critical vulnerabilities had been demonstrated or identified, but our security team continues to research, to monitor closely, and to implement security improvements to address any potential weaknesses raised.
We’ll continue to audit our systems, and you will see some dramatic changes in the next few months. NCsoft views account security as a very important matter.
Your task: Help protect yourself
So how you can protect yourself from the sort of constant attacks that we’ve been seeing?
Many of you reading this letter are experienced online game players. You’ve heard the “don’t do this” and “don’t click that” and “don’t run that thing” warnings over and again, you’re not dumb, you’d never get your account stolen simply because you know better.
You’re wrong. I know this because I know many people who thought they knew better—people who work in the gaming industry, and have done so for years, and still tried to log in one day and found their password changed and someone else logged into their account cleaning out their inventory.
(If you’re not an experienced online gamer and want the basics in account security, there’s no shame in that. We have a complete guide online.)
The following brief guide in self-protection is going to be a bit different than what you may be used to. It’s going to assume that you know the basic rules of how to protect your account, and it will detail how we’ve seen accounts stolen anyway. Think of it as an advanced class in account security. And don’t think that these guidelines apply to other people who don’t pay attention. If you do any of these, your account is at risk of being stolen.
Don’t share your password with anyone. Don’t let your friends log in to your game account. There are two simple reasons for this. The first, and one you may not want to particularly acknowledge, is that your guildmate or childhood friend or relative may do things on your account that can get you banned, such as using bots. Another is that once you share your account, your security is as vulnerable as theirs—and any mistake that they may make that allows for an account intrusion will compromise your account as well.
Don’t use bots. Ever. If you use “third party applications that control your game play”—which is the literal definition of “bots”—you will lose your account, and nothing you say will get it back. We can detect bots. We have multiple ways of detecting bots. We have banned thousands of accounts and will continue to ban such accounts due to bot usage. Bot usage is one of the key ways that RMT companies use to fund their operations, and removing bots from the game is one of our best attacks against them. The GSU “banhammers” against bot usage will not stop, and if you use a bot, you will be caught. You may not be caught immediately, but it will happen.