Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Quick Links
Just a heads up. ( my acct. was hacked).
madnos
Member Posts: 84
First off ,this isn't a rant ,nor am I overly upset.
My acct. was hacked yesterday afternoon.
Played before work yesterday morning . Got home , logged into the game , and noticed an alt popped up as last toon played . I kind of dismissed it. I went to use teleport and it said I didnt have enough gold . Opened my inv . ,it was empty and I had no money. ( By this time, I know whats up, and I'm like you gotta be clucking kidding me).. Ran over to the bank,everything gone except acct. bound stuff .Check alts all wiped out.
My highest toon is lvl23 . I didnt have a lot of stuff ,mostly mats, and some gear I was holding onto . So I can back to where I was pretty quickly and I'm not worried about it.
I just dont understand how it could of happened . I dont give my pass. out to anyone . I dont go to shady sites. This site and GW2 guru are the only 2 gaming sites I go to (and only since gw2 released have I been going to the other one). So I picked up a keylogger some where (I assume) .
Anyways, this is just a heads up to everyone 
.
Just be careful ....
Comments
ANET has been informing people to have a separate email for GW2. This is due the fact that databases from various fan sites and games have been hacked recently.
http://wiki.guildwars2.com/wiki/Game_status_updates
http://www.merriam-webster.com/dictionary/innovation
Why would you need to give anyone a heads up? If players are following all of the security protocols they should be following, there shouldn't be any problem. You should not have used the same password for GW2 that you use for other sites you visit. Be it your email, another game or forum account. It's your fault. Don't try to convince us that you only visit 2 sites on the whole internet. It wasn't a key logger, it was failure to use a unique password that got you hacked.
For years I have had a bad habit of using the same password in different places. For no reason at all when I signed up for GW2 I used one I have never used before and so far I have not been hacked in GW2. I was just lucky this time I guess.
Well if you have not already done so, I'd recommend following Anet's advice and changing it to a unique password. I use a highly encrypted 16 digit password courtesy of KeePass. Google it.
I get messages all the time via email asking to confirm an attempted login from a different location.
i can't change my password yet unless they recently turned it back on, but unless I allow access they can't do anything anyway.
70 monk eq1
80 bruiser eq2
43 druid wow
Currently playing : rift
I changed my PW two days ago? Weird that other people can't.
However, they need to gain acces first when loggin in and then through your E-Mail.
If you have google mail, you can add some safety as I have.
When you need to login to your E-Mail from another IP adress, Google send you an SMS with an activation code.
Since then no one has gotten into my mail.
I'm going to post my story here because I think it is unfair for everyone to accuse the players themselves and not hold ArenaNet in any way accountable:
I was at work two days ago and whenever I am at work I keep my email open all day to talk to friends. I watched an email from ANet pop up that said I changed my email (ironically enough, it says "someone -hopefully you!- " in the email). The first thing I noticed is it didn't ask me to CONFIRM my email change, so I assumed it had to be a fishing attempt. I checked out the IP and everything seemed legit, so I realized I had been hacked.
Now, I wasn't using a unique email address, but I WAS using a unique password. Because of the nature of my job, I tend to create very secure passwords, so I find it unlikely that it was bruteforced.
Yes, I could have used a unique email adress, but lets be realistic here - who the hell makes a brand new email address for every game they play? Are you kidding me? That is a rather childish request from ANet and *in my opinion* shows they have no faith in their security.
Also - why was there no request for me to CONFIRM a change in my email address? If it was just an email address used with the account, whatever, but it is my USERNAME. That shouldn't just be able to be changed for seemingly no reason.
The security measures put in place by ArenaNet are, frankly, laughable and as much as I do like the game I have to say that it is going to hurt their reputation going forward (depending on how quickly my accont gets restored, I may stop playing and recommending to my friends that they do the same). It's not a subscription based game so in THEORY they don't have to provide anything, but it is an MMORPG, not an FPS, and I still paid $60 to be able to play this game. At the very, very least they could have given me the option to add additional security functions to my account, especially after they were made aware that a massive attempt at stealing accounts had begun.
Also for the record - since this has happened to me and I have been helping a small community of hacked players figure out what is going on, I've learned that some players who DID use a unique email address for GW2 were still hacked. ANets systems are clearly compromised and it looks like they don't want to admit it so early after launch, and it doesn't help when rabid fans refuse to believe it is happening until it happens to them.
Please visit my youtube channel for some H1Z1/DayZ casual roleplay videos!
https://www.youtube.com/channel/UCrQoK5VZlwBBzpsksmXtjMQ
I wouldn't be so apt to blame every player for their account being hacked. There are simply too many cases at this point.
Now the question is, why aren't any of these attemps being stopped by the IP tracker?
Games:
Currently playing:Nothing
Will play: Darkfall: Unholy Wars
Past games:
Guild Wars 2 - Xpiher Duminous
Xpiher's GW2
GW 1 - Xpiher Duminous
Darkfall - Xpiher Duminous (NA) retired
AoC - Xpiher (Tyranny) retired
Warhammer - Xpiher
Games:
Currently playing:Nothing
Will play: Darkfall: Unholy Wars
Past games:
Guild Wars 2 - Xpiher Duminous
Xpiher's GW2
GW 1 - Xpiher Duminous
Darkfall - Xpiher Duminous (NA) retired
AoC - Xpiher (Tyranny) retired
Warhammer - Xpiher
I have just changed my password, I as well thought changing was disabled.
But seriously, IMO, they need to implement security questions to login, just like SWTOR, that would help big time already.
Change the accountname/mail as well as the password. Once the hacker knows a GW2 players mail they will continue to try to get in. And never use the new mail for anything else, you should be safe then.
A character name like in GW1 would be fine enough, I cant understand why they didnt implement that.
Yeah me neither, simple and effective.
Btw, I was so concerned that I just created a new e-mail and changed everything account name and pwd, and will keep this new e-mail just for this game. But it's sad to be forced to that, imagine if you had to do this to any new game.
In 2012 it is "secure enough" for our purposes.
- a 6 character, lowercase, password has 308 million combinations.
- an optimistic attacker might (optimistically) be able to run 100 login attempts per second (in all likelihood the actual number is closer to 1/second - and even then I think a login system should filter the attack anyway).
It would take around 36 days of 24/7 querying to cover all the possible combinations of 6 letters, and afaik you can't do that anyway...
No-one is seriously going to do that for a single MMO account.
---
"Monkeys1Eat$Bannanas3Every$Day5" becomes useful if you've reused the password... an attacker will find your password hash from a separate website and look it up using rainbow tables. A secure password will cause them problems.
---
Mostly it seems that anet may have screwed up the original 'forgot password/change email' functionality. And they also probably need a 'secret question'.