20 thoughts on “Account Hacking In Guild Wars 2 – Adding Insult To Injury

  1. Inge says:

    It almost sounds like there has been a security breach of Arena.Net’s player database. How else would people a) get access to an account protected with a strong password in a remote area of the country and b) know what their victim’s e-mail address is… You cannot obtain an e-mail address otherwise.

    I don’t know about this, but I am sure to change my GW2 password.

  2. Steffen says:

    That is easy. A lot of people use the same password and log in for a lot of accounts and forums.

    So let’s say you use that name and password for some small fansite or even guild side that is not as secure as it should be. Then the “hacker” uses the names there in different games.

    I had something like that happen to me after a old guild site was hacked with out me knowing. Luckily it was a OLD log in so it failed.

  3. Bob says:

    There is no hacking involved if your account was hijacked. It means that someone has access to your email account and was able to guess your password and this is why ANET are unable to do anything at the moment about missing money or items from compromised accounts. This has been explained since day 1.

  4. Bob says:

    If someone gets access to the email account being used for GW2 that is all that is needed to begin taking owner ship of the GW2 account and even easier if it is the same password.

  5. Inge says:

    We are talking about an account protected with a STRONG password. How can someone ‘guess’ a strong password, unless it was handed to them by ANET?

    It’s very hard to believe someone can hijack an email account that’s being protected with a strong password and on top of that hijack an ANET account that’s being protected by another strong password.

    Something very fishy is going on here.

  6. NJ says:

    The strength of the password is irrelevant. If a hacker has gained access to an email account, then it is unlikely that they did so specifically for the purpose of stealing a GW2 account. Their strategy is (by reading old emails etc) to use it to compromise any other system that can net them money such as online banking, stores, and games such as GW2. Even if the password is strong (and different to the email password) then there is probably enough information there (the electronic receipt for buying the game, an email to a friend that mentions an in-game character name) for them to use the password-reset feature. From there they can also disable email authentication and/or google authenticator and the account is theirs. Companies don’t stress enough how important it is to protect your email account; if it does get compromised then losing your GW2 account may be the least of your worries!

  7. Rogue says:

    relevant :> http://xkcd.com/936

    that being said I have a unique password for GW2, and I keep getting unauthorised attempts, I know my e-mail is safe, my PC is virus free and I only use my GW2 password for GW2.

  8. Charles says:

    It wouldn’t be the first time something like this happened.

    In GW1 NCSoft got hacked one and a bunch of people lost their passwords that way.

    ANet’s answer? Try to keep your password safe harder next time.

  9. Ten98 says:

    Very simple way to get people’s guild wars password is to hack the data are of another popular website. Gw2guru, for example. If I perform a simple SQL injection attack on gw2guru I can extract the password used on that site.

    9 times out of 10 the password will either be the same or very close to the password used on the Guild Wars 2 account.

    It’s not enough to keep a strong password and good computer security, you must ensure that your gw2 password has never been used anywhere else on the Internet.

  10. Ten98 says:

    I forgot to mention a lot of guilds have their own forum, and actually the owner of the forum can see all the users passwords. Just be really careful out there guys.

  11. mvtegv says:

    That’s all fine and dandy if you completely disregard the fact that all these websites will be hashing their passwords and the actual password won’t be stored in plaintext.

  12. Cobalt says:

    You *HOPE* the websites are hashing your password.

    You *HOPE* they are hashing them with a strong hashing algorithm.

  13. Edmo says:

    My account was accessed probably by that guy! I recognize this email *numbers*@qq.com because he also changed my windows live email password that was the same email and password I was using in Guild Wars 2, Facebook, redddit and many Guild Wars 2 fan foruns.

    When I tried to retrieve my email, a message was sent to my alternate email so I could recover… later I saw that other emails were added as alternate email and they are all numbers @qq.com I deleted this information and then changed the password again.My password was already strong, I believe he may have accessed the database from some forum about Guild Wars 2. I do not think he stole it from ArenaNet database.

    What made ​​me sad was that already passed 15 or more days and have no response from Guild Wars 2 support team. My GW2 password was changed by the thief and I could change this password by contacting Guild Wars 1 support that answered me in 3 minutes. I was lucky to have linked a GW1 account that share the same information, so if I change my password both games will be affected.

    I keep playing GW2 because I was starting a new character, had tired of playing with my mesmer lv80 because I only play melee and had few options for change in my build and playstyle. If I had farming for a legendary I probably would stop until receiving a response from support and my items back.

  14. YourGuildmateIsATard says:

    Your guildmate is a tard. He can preach “strong password” all he wants. he probably uses the same password somewhere else GW2 related and they compromised that site and used it.

    Also, unless you scanned the system using a linux boot disk and scanned the drive that way, or a bootable thumb drive and scanned that way, active malware on the computer would likely be able to easily hide from a malware scanner. And even then, if you did do it with an external media, if he were clean, see above.

    I doubt anyone has “hacked” ArenaNet’s databases…if so, there would be hundreds of thousands of people complaining…and they aren’t…

  15. Roger Edwards says:

    “Your guildmate is a tard.” Hello Mr Pot, meet Mr Kettle.

  16. tommion says:

    Checkout forum-if you`re quick -many many hackings but posts are deleted quickly

  17. Seriously? says:

    Take off the tinfoil hat. Your guild mate used the same user/pass on another unsecure site or responded to a phishing email.

  18. Roger Edwards says:

    Yes seriously. Don’t forget to take you condescending tone with you on your way out :)

  19. Flatfoot says:

    Quite frankly I always had a strong suspicion that all is NOT well with ANet´s internal security.
    I stupidly registered the GW2 account with my “real” E-mail address(the e-mail is the login name? WTF!?!).
    One that I never use anywhere but with close friends and VERY trusted online retailers.

    For years this somewhat oddly named addy had not the slightest problem with spam. But since about the next day after GW2 I´m now routinely watching my spamfolder grow.

    Yeah, I´m not buying the safety promises. And yeah, I NEVER use the same password twice neither the same login name.
    So far my 20+ strong GW2 password hasn´t been breached, though I might have to fortify my important E-Mail too.

    AGAIN, what moron thinks it´s a good idea to turn your e-mail into the login name. This is practically the first part of your password and ANet is basically giving it away for free.
    E-mails are the quasi dollars of the worldwide “hacker”/spammer/dataminer buiz. Everybody has them and trades them for a pittance.

  20. Shaun says:

    This is true, took a few months off the game to find not only has my account been hacked, but my email used for it compromised as well, had to take neccessary steps to ensure my card details were reported as compromised and go through the painstaking steps of changing all my other details that may have been compromised because of Anets narrowsightedness.

    Rest assured this has absolutely rattled my faith in using card transactions or giving details to anyone so much so that I’ll buy Topup cards from the highstreet rather than take this risk ever again.

    Anet lost themselves a customer through narrow sighted security.

Leave a Reply