On Monday a fellow Guild member received several emails indicating that there had been potential unauthorised access to their Guild Wars 2 account. When they logged in it soon became apparent that their account had been compromised and that all their in-game gold had been stolen. Naturally they posted in the official forums and notified ArenaNet by email. The forum post soon had several responses from players who had also suffered similar account hacking. However, it wasn’t long before the thread was deleted. A little later ArenaNet directly responded to the matter with a sympathetic but unhelpful email. Effectively if your account has been breached then you are on your own.
Obviously this incident has been a major point of discussion within our Guild. As a result some interesting facts have emerged. It would appear that the affected player was not using a weak password. Extensive malware scans have not shown any keyloggers or other such rogue software on their PC. Due to their remote rural home location it is unlikely that anyone has compromised their wireless network (unless it was a sheep). There is also the curious fact that although their bags and bank were cleared of any items of value, others were left in their place. There were numerous vials of blood for example. The question was also raised as to why the thief had not deleted all the alts associated with the account? On Tuesday the following email was received. It certainly sheds some light onto the situation.
So it would appear that gold theft has now become gold ransoming. A lot of people within our Guild were truly shocked by this. What I found disturbing is that if the thieves bother to do this, it must mean that some people actually do attempt to get their gold back and provide other players account details. This sorry situation is a timely reminder to constantly review your online security, be it for Guild Wars 2 or any other application. Google Authenticator does offers another tier of security. It can be a minor inconvenience having to use the app but it is incidents such as this that remind you exactly what is at stake. Gold farming, the unauthorised selling of in-game currency and hacking are not problems that are going to go away over night and in the meantime players simply cannot afford to be complacent.
Facebook
Twitter
RSS Feed
Email
YouTube
It almost sounds like there has been a security breach of Arena.Net’s player database. How else would people a) get access to an account protected with a strong password in a remote area of the country and b) know what their victim’s e-mail address is… You cannot obtain an e-mail address otherwise.
I don’t know about this, but I am sure to change my GW2 password.
That is easy. A lot of people use the same password and log in for a lot of accounts and forums.
So let’s say you use that name and password for some small fansite or even guild side that is not as secure as it should be. Then the “hacker” uses the names there in different games.
I had something like that happen to me after a old guild site was hacked with out me knowing. Luckily it was a OLD log in so it failed.
There is no hacking involved if your account was hijacked. It means that someone has access to your email account and was able to guess your password and this is why ANET are unable to do anything at the moment about missing money or items from compromised accounts. This has been explained since day 1.
If someone gets access to the email account being used for GW2 that is all that is needed to begin taking owner ship of the GW2 account and even easier if it is the same password.
We are talking about an account protected with a STRONG password. How can someone ‘guess’ a strong password, unless it was handed to them by ANET?
It’s very hard to believe someone can hijack an email account that’s being protected with a strong password and on top of that hijack an ANET account that’s being protected by another strong password.
Something very fishy is going on here.
The strength of the password is irrelevant. If a hacker has gained access to an email account, then it is unlikely that they did so specifically for the purpose of stealing a GW2 account. Their strategy is (by reading old emails etc) to use it to compromise any other system that can net them money such as online banking, stores, and games such as GW2. Even if the password is strong (and different to the email password) then there is probably enough information there (the electronic receipt for buying the game, an email to a friend that mentions an in-game character name) for them to use the password-reset feature. From there they can also disable email authentication and/or google authenticator and the account is theirs. Companies don’t stress enough how important it is to protect your email account; if it does get compromised then losing your GW2 account may be the least of your worries!
relevant :> http://xkcd.com/936
that being said I have a unique password for GW2, and I keep getting unauthorised attempts, I know my e-mail is safe, my PC is virus free and I only use my GW2 password for GW2.
It wouldn’t be the first time something like this happened.
In GW1 NCSoft got hacked one and a bunch of people lost their passwords that way.
ANet’s answer? Try to keep your password safe harder next time.
Very simple way to get people’s guild wars password is to hack the data are of another popular website. Gw2guru, for example. If I perform a simple SQL injection attack on gw2guru I can extract the password used on that site.
9 times out of 10 the password will either be the same or very close to the password used on the Guild Wars 2 account.
It’s not enough to keep a strong password and good computer security, you must ensure that your gw2 password has never been used anywhere else on the Internet.
I forgot to mention a lot of guilds have their own forum, and actually the owner of the forum can see all the users passwords. Just be really careful out there guys.
That’s all fine and dandy if you completely disregard the fact that all these websites will be hashing their passwords and the actual password won’t be stored in plaintext.
You *HOPE* the websites are hashing your password.
You *HOPE* they are hashing them with a strong hashing algorithm.
My account was accessed probably by that guy! I recognize this email *numbers*@qq.com because he also changed my windows live email password that was the same email and password I was using in Guild Wars 2, Facebook, redddit and many Guild Wars 2 fan foruns.
When I tried to retrieve my email, a message was sent to my alternate email so I could recover… later I saw that other emails were added as alternate email and they are all numbers @qq.com I deleted this information and then changed the password again.My password was already strong, I believe he may have accessed the database from some forum about Guild Wars 2. I do not think he stole it from ArenaNet database.
What made me sad was that already passed 15 or more days and have no response from Guild Wars 2 support team. My GW2 password was changed by the thief and I could change this password by contacting Guild Wars 1 support that answered me in 3 minutes. I was lucky to have linked a GW1 account that share the same information, so if I change my password both games will be affected.
I keep playing GW2 because I was starting a new character, had tired of playing with my mesmer lv80 because I only play melee and had few options for change in my build and playstyle. If I had farming for a legendary I probably would stop until receiving a response from support and my items back.
Your guildmate is a tard. He can preach “strong password” all he wants. he probably uses the same password somewhere else GW2 related and they compromised that site and used it.
Also, unless you scanned the system using a linux boot disk and scanned the drive that way, or a bootable thumb drive and scanned that way, active malware on the computer would likely be able to easily hide from a malware scanner. And even then, if you did do it with an external media, if he were clean, see above.
I doubt anyone has “hacked” ArenaNet’s databases…if so, there would be hundreds of thousands of people complaining…and they aren’t…
“Your guildmate is a tard.” Hello Mr Pot, meet Mr Kettle.
Checkout forum-if you`re quick -many many hackings but posts are deleted quickly
Take off the tinfoil hat. Your guild mate used the same user/pass on another unsecure site or responded to a phishing email.
Yes seriously. Don’t forget to take you condescending tone with you on your way out
Quite frankly I always had a strong suspicion that all is NOT well with ANet´s internal security.
I stupidly registered the GW2 account with my “real” E-mail address(the e-mail is the login name? WTF!?!).
One that I never use anywhere but with close friends and VERY trusted online retailers.
For years this somewhat oddly named addy had not the slightest problem with spam. But since about the next day after GW2 I´m now routinely watching my spamfolder grow.
Yeah, I´m not buying the safety promises. And yeah, I NEVER use the same password twice neither the same login name.
So far my 20+ strong GW2 password hasn´t been breached, though I might have to fortify my important E-Mail too.
AGAIN, what moron thinks it´s a good idea to turn your e-mail into the login name. This is practically the first part of your password and ANet is basically giving it away for free.
E-mails are the quasi dollars of the worldwide “hacker”/spammer/dataminer buiz. Everybody has them and trades them for a pittance.
This is true, took a few months off the game to find not only has my account been hacked, but my email used for it compromised as well, had to take neccessary steps to ensure my card details were reported as compromised and go through the painstaking steps of changing all my other details that may have been compromised because of Anets narrowsightedness.
Rest assured this has absolutely rattled my faith in using card transactions or giving details to anyone so much so that I’ll buy Topup cards from the highstreet rather than take this risk ever again.
Anet lost themselves a customer through narrow sighted security.