ArenaNet has been discussing the issues pointed out by players in this and other forum threads on the issue with NCsoft. Again, we take these concerns very seriously, and we're currently taking measures to address them on several levels, and we will continue to do so.
There is a change in one of the NCsoft Master Account processes that is being enacted, and we believe this change will help quite a lot in enforcing account security, and we're very grateful to the folks involved who've worked today to get those measures in place, on a holiday, and many of them away from home. They've taken our escalation of this issue very seriously, are listening, and are doing what they can do to proactively help, and to take your concerns on board and make improvements in very short order.
The security team continues to research and additional changes might be put in place. If you try to change your password on the NCsoft web site now, you will notice one of these changes: you will be required to input the old password to change it to a new one.
I would like to reiterate one point again, because people continue to ignore this fact: The account hacks are not likely related to the NCsoft Master Account security concerns. Roughly half of the hacked acounts do NOT have an NCsoft Master Account, and very few account thefts involved a password change at all. The hacker(s) knew the account credentials, and they did not access the hacked accounts through NCsoft Master Accounts. The hackers had a list of passwords, which they used to steal accounts.
Again, our NCsoft Security team is continuing to investigate this issue, and there might be additional changes forthcoming.