[Allah]

I dont know if this has been brought up before but I just logged into my NCSoft master account, and when i pressed submit, the page refreshed and I was logged into ANOTHER account that wasn't mine............ I had full control over the account and could do as I please.. wtf is up with that?? lol.. I just logged out and logged into my account again but that was pretty freaking weird o.O

[Ville]

Zhenocnra said:

Edited

I understand, or at least hope, you are being sarcastic but seriously man. Why would someone wanna do that? I love loser people that when they go to a library and see someone accidentally forgot to sign out of their e-mail go and send I hate you messages to everyone in their contact list.

Are there no people that can just do the right thing anymore?

This post has been edited by Celystine: 20 December 2009 - 05:37 AM

[SirNiko]

This has been an issue for months.

This is a shame, too, because I find the ability to check legion status, view profiles, and check on mail from the browser to be tremendously helpful. I don't feel like I need to be logged into the game constantly to check on everything.

What browser are you using? I'm hitting it with Chrome. Perhaps it's not designed for other browsers?

-SirNiko

[Malackai]

I had the same a week back
i logged in on my account to check mail and broker status and after i logged there was a completely different character name that i dint own but after refreshing my page my own character appeared pretty creepy if you ask me ><

[Zhenocnra]

Malackai said:

I had the same a week back
i logged in on my account to check mail and broker status and after i logged there was a completely different character name that i dint own but after refreshing my page my own character appeared pretty creepy if you ask me ><

Pending MMORPG disaster.

[Malackai]

Zhenocnra said:

Pending MMORPG disaster.

XD

you think :plshelp:

[Trublood]

Same thing happened to me yesterday. Multiple times. It kept taking me to some Elyos Sorceror's page that was from the same server. I could access broker & post info and everything. I was like wtf??

[Senses Nonsense]

Zhenocnra said:

2.) It's not about people not doing the correct thing. It's about an MMORPG company having to deal with a problem like this on a continent-wide scale. It's about the curiosity of how NCSoft would react and countermeasure their problems they've created related to customer accounts.

Imagine if half if not more of World of Warcraft accounts in North America was lost/damaged beyond repair/stolen/blanket banned. I would assume every gaming site would be on their backs and they just might have a little press coverage.

So if I understand...

You want Aion to get bad press on a massive scale, and you're willing for thousands of people to have their accounts and playtime adversely affected just so that happens?

Really?

[Silvervain]

so this is how they are hacking accounts.

[Abraxus]

HA! Notice how no one wants to post under "so this is how they are hacking accounts".

Maybe you're on to something...

[Kyande]

I've had that happen to me a couple of times. I back right out of whatever account I'm in and try again. Usually just one relog does it, but I've gotten stuck in some weird loop once.

[Slang]

I have noticed this multiple times, NCSoft really needs to fix this. No corporation should ever have a security flaw on their site. Most companies would have had this fixed the NEXT DAY if they knew about it. Very very poor management going on over there.

[Zhenocnra]

Slang said:

I have noticed this multiple times, NCSoft really needs to fix this. No corporation should ever have a security flaw on their site. Most companies would have had this fixed the NEXT DAY if they knew about it. Very very poor management going on over there.

Exactly. :skip::skip::skip:

[Twilight Sky]

Yeah so, Ayase/Tiamat should look into this I guess.

[Arwydd]

They should. And yet they're utterly silent...

[Lemons]

Allah said:

I dont know if this has been brought up before but I just logged into my NCSoft master account, and when i pressed submit, the page refreshed and I was logged into ANOTHER account that wasn't mine............ I had full control over the account and could do as I please.. wtf is up with that?? lol.. I just logged out and logged into my account again but that was pretty freaking weird o.O

Hah, yeah I know what you mean. I recently logged in to add some CE items to my mess around alt and I was logged in under someone named like Juneberry or something, I forget. I could do anything I wanted, sorta weird but I just logged out and logged back in.

[Pluxus]

I'm assuming with NCSoft master account you mean the one where you can completely control the account, like change password and cancel the sub and so on?

I got logged into a wrong aion acc on the aion-site just a few days ago, but the worst damage you can do there is sneak peak others mail and broker status, it's still seriously bad... but seriously, it happens with the master accounts also?! What kind of clowns do they have running this show?
It's simply unacceptable, any half-serious company, hell, **** that, even halfassed small community, completely free forums wouldn't allow bugs like that on their site for more than a hour after detection. Unfortunately, this would explain how accs of mmo/internet veterans that know how to protect their accounts and computers got hacked in the recent threads, since you can just change password on the master account site, they don't ask you for your old password when changing.

So get the bug, change password, voila, account taken over... if this is true that is. For NCSofts sake I hope it's not.

[Vaelithian]

wow this is an incredibly volatile dilemma, having read threads and comments about recent accounts being hacked this would appear to be one of the more key sources of such an issue.

as an aside:

"Zenocnra said:

Edited.

no it is not. The distinction, useful for ethical considerations, would be between necessary and sufficient conditions. For this scenario it would be necessary for a person to leave the email open, but that alone would not suffice. The undue intent of another is necessary for misuse or untoward behaviour. The condition for learning the "most rewarding" way is (according to reasons given) ultimately dependent on understanding why something is a mistake, as such the hardest way is not strictly necessary either.

Quote

2.) It's not about people not doing the correct thing. It's about an MMORPG company having to deal with a problem like this on a continent-wide scale. It's about the curiosity of how NCSoft would react and countermeasure their problems they've created related to customer accounts.

for the issues and reasons given it is about NCSoft and individual responsibility. No need to dichotomise at the unnecessary expensive of others.

This post has been edited by Celystine: 20 December 2009 - 05:42 AM

[Noriega]

I thought they fixed that already.

[Serefina]

Had this happen to me as well. Logged in to Aion website, only to find that I was logged into someone's account. Also, they don't even encrypt the sign in. When you go to sign in, it's on an http site not an https. This is something that really needs fixed, and fast especially if this is also true of the NCSoft master account page.