Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Fuzzy Avatars Solved! Please re-upload your avatar if it was fuzzy!

Thread For Discussion of Phishing Emails & Account Security Matters

AmanaAmana New York, NYPosts: 2,567Moderator Uncommon

Hey guys,

Since this forum is VERY active right now, many threads are getting lost and people aren't properly checking to see if their thread is a duplicate topic. As a result, since this is an important matter, we've had many phishing/hack/security threads

As we have in a handful of other forums, we'd like to provide this thread for the discussion of phishing/hacking/account security measures and updates on the matter. This way the discussion stays visible and we don't get 20 new threads each day on the matter.

To give feedback on moderation, contact community@mmorpg.com

«13

Comments

  • AmanaAmana New York, NYPosts: 2,567Moderator Uncommon

    Current ANet update from here:

     

     

    Account security - We're seeing an uptick in reports of account theft and attempted account theft. We believe hackers are using databases of email addresses and passwords stolen from other games and web sites, and pre-existing trojan horses, to search for matching Guild Wars 2 accounts which they attempt to compromise. To prevent this, we have temporarily disabled the "reset password" feature, and we're working to bring email authentication online. To protect yourself, please ensure that you use a unique password for Guild Wars 2 that you don't use for any other game, email account, forum or web account.

    Email authentication - Email authentication is a feature that notifies you if someone tries to log into your account from a location you've never logged in from before. Thus, even if someone guesses your game password, he can't log in unless he also guesses your email account password. You can make email authentication even more secure by using an email provider that supports two-factor authentication, such as Google or Yahoo, and taking advantage of that. We're currently preparing email authentication and intend to deploy it in a phased rollout, starting on Thursday, August 30.

    To give feedback on moderation, contact community@mmorpg.com

  • NephaeriusNephaerius Baltimore, MDPosts: 1,539Member Uncommon
    I had a password reset attempt not from me within 5 minutes of launch.  I've since had at least one a day.  No success on their part.

    Steam: Neph

  • lapommelapomme Dallas, GAPosts: 270Member

    Just a note guys, since a lot of people seem to think this.

    Just because you haven't entered your password in a long time doesn't mean hackers can't fetch your username and password.  Your account details are stored on your computer via browser cookies and hitting that little "Remember Password" button makes it so easy to steal your account details that a child could take it.

    The general rule is, if the website you are logging into has "https" in the address bar instead of "http", then it is generally safe to "Remember Password".  However, if it is not, then it is completely insecure.  You should only really save your password if you log into an "https" site.  All others, don't do it.  Also, if you want to be completely safe, then turn off ALL cookies in your browser and always type in your account details.

    The "https" signifies that everything you do on that site is encrypted, and only expert hackers would be able to decrypt the information and see what you're doing.

    Hackers will look at sites you logged into that do NOT have "https", and try that password on the secured sites you logged into.

    Note: Hackers CAN use viruses on your computer that detect your key hits and steal your information that way (these are called Keyloggers), but this is much less common as long as you continuously run updated virus checks.  Retrieving your account details through cookies is much easier.

    Hope this helps some of you.

  • YamotaYamota LondonPosts: 6,620Member
    Originally posted by Nephaerius
    I had a password reset attempt not from me within 5 minutes of launch.  I've since had at least one a day.  No success on their part.

    I've had one password reset attempt, nice to hear that it was not successful as I am at work and cant check it right now.

  • DeathengerDeathenger atco, NJPosts: 463Member Uncommon
    People are falling for phishing emails plain and simple. Somewhere, someone is using their game email in some gaming site or forum and that site has been compromised.

    It's like some people just discovered gaming on the internet or something!
  • botrytisbotrytis In Flux, MIPosts: 2,567Member

    The phishers are using the same system that the Nigerian scammers use.

     

    Keep separate passwords - make them complex - change them often.

    image

    "In 50 years, when I talk to my grandchildren about these days, I'll make sure to mention what an accomplished MMO player I was. They are going to be so proud ..."
    by Naqaj - 7/17/2013 MMORPG.com forum

  • BlathianBlathian San Luis Obispo, CAPosts: 23Member Common
    well everyone keeps talking about not using same passowrd ect. but to any of us that have been hacked/banned the real question is what now? the support from Arena Net is very sparse and limited. I just need to know what to do from here. I have yet to register my retail serial code, but considering my account is banned i cant. Im wondering if i can just make a totally new GW2 account and use this retail code as if i bought the game today and just start over, or is that cide tied to my "pre-purchase" code i received from amazon. The real issue here for me with arena net is the communication to those of use who have had our account comprimised. Fine i f@#ked up and used the same password as an old game and got hacked, shame on me, so now what?
  • ReaperUkReaperUk Cambridgeshire, UKPosts: 657Member Uncommon

    This whole account hacking thing is reminiscent of the Rift launch. Exactly the same thing was happening then with hundreds, maybe thousands of accounts compromised and the developers berating their customers for being lax with their passwords.

    The thing is though, eventually one of their own customers posted in their forums that he had discovered a vulnerability in their authentication process. All that was necessary was to log in via a genuine account and that then opened a back door to all the other servers and it was possible to switch at will. The hackers were able to take command of characters, steal all their valuable items delete characters, change passwords, anything they wanted.

    Miraculously, within no time at all of the customer posting this information, all the hacking stopped.  I don't recall Trion ever admitting it was actually a flaw in their system, rather than lax security on their customer's behalf that allowed it to happen but the suspicion has to be that it was..

    I really do think the GW2 people should be examining their own systems now too  instead of just automatically blaming their customers for the problems.

  • CurmyCurmy ChelseaPosts: 18Member
    Originally posted by reaperuk

    This whole account hacking thing is reminiscent of the Rift launch. Exactly the same thing was happening then with hundreds, maybe thousands of accounts compromised and the developers berating their customers for being lax with their passwords.

    My account was banned for alleged RMT activity but ANet have not once provided any evidence to show what my account was supposed to have done or even communicated with me to say 'Hey, we banned your account'.

    A ticket to Support has had two responses from ANet with both responses asking for the same information.

    And you can't contact them by phone. If anyone is guilty of compromising accounts its ANet who have basically stolen $60.00 from me.

  • Felheart5Felheart5 OsloPosts: 35Member

    Came home to a hacked account today. I'm pretty strict about my security and run a rotation of different passwords and usernames, but it seemes the one I have used for GW2 is floating out there (not the same as e-mail or forums etc., but a couple of other recent games). Meh...

    As much as I hated those security questions in TOR, all MMO's should take a lesson from it. A fairly large rotation of "unusual" questions for any account changes to ensure it's tricky to to break through even with the username and password in hand. Seems the hackers are having a field day with GW2.

    It's not that it bothers me that much, if only the support reputation had been better at the moment. As it looks now I may not get to play for a few days, but we'll see.

     

  • mf16mf16 JACKSONVILLE, NCPosts: 65Member

    Fanboys are so bad on this site, I got an email telling me that my guild wars account email had changed so i deleted it went to log into guildwars to change it and wow it ws changed just like that, the best part is I only played in BWE3 and did not buy guild wars 2 i was waiting now i'm going to wait long this is sad IMO. It's not always the users fault and everyone one on here makes it so Black and White and think theyknow everything. I don't care too much my email Is safe which is all i care about i have different passwords for everything and yada yada but who cares Fanboys are gana assume i did one thing wrong and run with it. A-Net needs to step up acct security TBH

    EDIT: BTW I love guild wars 2 I have not played an mmo in over a year and GW2 is the only game that excites me BTW but admit some faults where they'er do don't be blind 

  • Elt-The-CatElt-The-Cat Pasadena, TXPosts: 3Member
    So has anyone actually got their account back yet?  I'm still waiting for a reply past the automated one asking for more info.
  • forcester2001forcester2001 Cold Lake, ABPosts: 1Member

    Hi

     

    I signed up to this site because I got an email about 20 mins ago saying someone tried changing my email on my GW2 account. 

     

    Now I don't have a GW2 account or  Areanet account or any of these.  My computer is always checked for intrusions daily and I quickly ran all my tests again when I got the email.  The only game I play is wow, but that isnt even the same email address the above was sent to.

     

    I had a GW 1 account back when it first started, but that was an email address way back in the day and isn't even working anymore.  i never clicked any links in the email and I am not sure why I would get an email.

  • NadiaNadia Canonsburg, PAPosts: 11,866Member Uncommon

    the status update from yesterday   (link is on the game launcher)

    http://wiki.guildwars2.com/wiki/Game_status_updates

    Friday, August 31, 2012

    Account Security
    Protect your account! We've seen hackers systematically scan email addresses and passwords harvested from other games, web sites, and trojans to see if they match Guild Wars 2 accounts. We've taken steps to protect our players from this, but we need your help too. Make sure that you use a strong, unique password for Guild Wars 2 that you've never used anywhere else. For best security, use a unique email address too, and see our blog post
    https://www.guildwars2.com/en/news/tips-for-keeping-your-guild-wars-2-account-secure
     
    Email authentication
    We now have email authentication enabled for all players who have validated their email addresses. This feature sends an email whenever it detects a login attempt to your account from a location you haven't played from before, asking you to allow or deny the login.
    We've learned of an incompatibility between email authentication and older versions of Internet Explorer. We're working on a fix, which we expect to deploy tomorrow.
    If you're not receiving account verification emails or account authentication emails, please check your junk/spam folders, and add noreply@guildwars2.com to your safe senders list.
  • WizGamerWizGamer Evansville, WVPosts: 403Member

    Some people seem to have reading comprehension problems.

     

    1. It doesn't matter if you respond to the e-mail or not, which was by the way sent from their official address  noreply@guildwars2.com. I did not respond, checking the actual game first, and my e-mail and password were still hacked. My account was hacked while I was away from the game for several days.

     

    2. The security of your password also does not matter. I only use this same password with my university, which is a whole separate e-mail and whole separate username. The only thing I can think of is that the problem is on their end with regard to the GW1 accounts perhaps because I am using the same password I used for GW1.

     

    3. It is no user's fault so stop blaming them. People have literally been buying the game, only to find out minutes later that their accounts do not exist. The problem is on ArenaNet's end.

     

    4. Solution: Change your password from your GW1 account if possible. Don't respond to e-mails (but I don't think anyone with common sense would anyway).

  • NadiaNadia Canonsburg, PAPosts: 11,866Member Uncommon
    Originally posted by WizGamer
    1. It doesn't matter if you respond to the e-mail or not, which was by the way sent from their official address at guildwars2.com. I did not respond, checking the actual game first, and my e-mail and password were still hacked. My account was hacked while I was away from the game for several days.

    this was true but ANET changed this since Wednesday

    http://www.reddit.com/r/Guildwars2/comments/z1poz/guild_wars_2_status_wednesday_august_29/

    Account security - We're seeing an uptick in reports of account theft and attempted account theft. We believe hackers are using databases of email addresses and passwords stolen from other games and web sites, and pre-existing trojan horses, to search for matching Guild Wars 2 accounts which they attempt to compromise. To prevent this, we have temporarily disabled the "reset password" feature, and we're working to bring email authentication online. To protect yourself, please ensure that you use a unique password for Guild Wars 2 that you don't use for any other game, email account, forum or web account.

     

     

  • WizGamerWizGamer Evansville, WVPosts: 403Member
    Yeah I guess it's just unfortunate they didn't send an e-mail out about this for people who weren't checking their site daily. I honestly played maybe like 20 minutes last Saturday. Ah well maybe it's for the best. I'll get my account back eventually.
  • ictownictown iowa city, IAPosts: 123Member

    So far, i haven't had any problems and haven't received one phishing email yet.

    Some blame should go to A-Net for not having authenticaters at lauch, but most of the blame should go to users.

    I think its common sense not to use same email address for every single site, but most don't because they're lazy to use different unique passwords and username. 

    Why its common sense - for example. I got like 7 gmail accounts. I use one for craigslist [I get a lot of junk email], one personal email address. 4 other gmail accounts used for gaming sites. They all have unique username and password. I used my personal gmail account for guild wars 2 and even that has a different password than my gmail account.  

    TLDR : Use unique passwords and usernames/email accounts

     

  • Elt-The-CatElt-The-Cat Pasadena, TXPosts: 3Member
    I think its pretty hilrarious that they didn't have an authentication system to begin with.  They must think they're special to use standards from 11 years ago.
  • NadiaNadia Canonsburg, PAPosts: 11,866Member Uncommon

    im a gw2 fan but i agree that the support for being hacked is lacking on ANETs part

     

    example,

    this person describing in detail the support hes been given since he was hacked on Thursday

    http://de.reddit.com/r/Guildwars2/comments/z4oxy/a_comprehensive_list_of_issues_with_my_experience/

     

    some players have been waiting for 3+ days with no anet support on acct retrieval

  • AlbredAlbred Oxford, PAPosts: 47Member
  • ElronirElronir Montreal, QCPosts: 31Member
    I sent my first support ticket tuesday and I finally got my account back a few minutes ago. Weeeeee, I can play tonight!
  • itgrowlsitgrowls newport news, VAPosts: 2,951Member
    Here's a question: I've tried to figure out how to activate that email protection. Anet's instructions are vague (trie their account login page and the game launcher) nowhere have i seen t he option they speak of to turn on email authentications. Does anyone have any idea what they are talking about and how to turn this feature on?
  • cryoracryora Los Angeles, CAPosts: 367Member
    Is it realistic to expect people to have unique passwords for every website and game?  I can imagine extreme cases where a person will have to keep reuse the "forget password" feature to retrieve or reset their password because they can't remember it; so it ends up becoming an authentication through e-mail and/or security questions (which can also be easily forgotten  especially since they are case sensitive).  Sure, they all can be written down or digitally recorded, but how are you going to prevent those from being lost, or compromised?
  • NadiaNadia Canonsburg, PAPosts: 11,866Member Uncommon
    Originally posted by itgrowls
    Here's a question: I've tried to figure out how to activate that email protection. Anet's instructions are vague (trie their account login page and the game launcher) nowhere have i seen t he option they speak of to turn on email authentications. Does anyone have any idea what they are talking about and how to turn this feature on?

    its been turned on by default

    http://www.reddit.com/r/Guildwars2/comments/z3qqm/guild_wars_2_status_thursday_august_30/

    We now have email authentication turned on for all players with verified email addresses. With this feature, even if someone guesses your password, when he tries to login from a location that you've never logged in from before, you'll have an opportunity to approve or disapprove of the login through an email check.

«13
Sign In or Register to comment.