Password reset request made by someone in Korea

[hagun]

Got an email a while ago stating that a request to reset my master password was made. The email was from NCSoft and they showed which IP address the password request was made from. So I looked up the location of the IP address using ip2location website and I get this:

IP Address Country (Short) Country (Full) Flag Region City ISP Map
218.237.2.142 KR KOREA, REPUBLIC OF KYONGGI-DO SEOUL WONKWANG UNIVERSITY BIZ CENTER

Essentially, the request to have my password reset was made in Seoul, Korea from the Wonkwang University. Now how this person(s) got a hold of my user ID to take an attempt at my account is baffling. There has been no other place but the official Aion website that I've used my account information. This leads me to suspect that official site maybe have been somehow compromised. I am not trying to start something, but I would advise people from not entering their account info there.

Also pleasantly puzzling is that they were able to get my user ID but not my password. I've changed my passwords, but I really don't know if my account is already compromised. I can log on fine for now...

[arus2001]

Your account name wouldn't happen to be a common word or even Hagun, would it? I wouldn't put it past some to just randomly try such things by trolling boards for handles. I guess I'm also curious if the request process will error out if a specific name doesn't exist, because if it does it pretty much tells them they do have a valid handle to try and crack then.

Otherwise, would suggest checking your system for viruses/trojans. Gonna assume you haven't given your info out to anyone or possibly play from other peoples' places. Have you ever replied to any of the RMT whispers? Makes me wonder how much they've hacked the game themselves to read data, and direct interaction may point them toward various things.

[hagun]

My account name isn't hagun or remotely common so I dunno.

[drwaffles]

I'm sorry but the name "Wonkwang" is too fucking awesome for me not to point out then leave without saying anything constructive.

[Aquilo86]

I'm sorry but the name "Wonkwang" is too fucking awesome for me not to point out then leave without saying anything constructive.

beat me to it

[Gryffes]

Someone got a username/password database from somewhere and is causing havok across a lot of MMOs with account jacking, not just Aion.

fwiw I think the curse network may be the source but who knows.

[Veyron]

I think the curse network may be the source but who knows.

Seconded, I got a virus warning from AA with my good ol' AVG a while back, haven't gone back without noscript or adblock.

[Sta]

I'm sorry but the name "Wonkwang" is too fucking awesome for me not to point out then leave without saying anything constructive.

And there I was feeling like I was the only childish person reading that

[Corwen]

To request a password reset, assuming there is no exploit to bypass this, they need the username and email address used for your account. The password in the email is a 1 time use password, so if you were able to log in with that password, then they probably never got in to mess with your stuff. Somebody probably got a hold of your user/email address combination, which could be possible if you use the same username + email as your NC account on another site and perhaps they weren't able to get into your email account to retrieve the reset password.

There are rumors that the nc master account system can randomly log you in as somebody else's account at a low probability, similar to how the main aion site can show you logged in under somebody else's account, and you would have full access to their account including the ability to change passwords to their game accounts. I don't know for sure if this is really happening, but there may be some credibility to this claim. http://na.aiononline.com/forums/supp...articleID=3179

[Elites]

They need security tokens for this game asap

[Jodwahh]

I wish I could say I study at Wonkwang University.

[Shibo]

I wish I could say I study at Wonkwang University.

Wonder what you could major in at Wonkwang University...

Anyways, you get the same error message with a correct username + incorrect password as you do with an incorrect username + any password.

RMT are usually quick and dirty when it comes to account stealing so you're prolly in the clear now, but meh, if it were me id be watching my shit real close for the next week or so if I were in your position.

-insert all other obvious advise here-