Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Fuzzy Avatars Solved! Please re-upload your avatar if it was fuzzy!

Wow they really screwed up. Many accounts lost due to hacking

WizGamerWizGamer Evansville, WVPosts: 403Member

 

http://www.guildwars2forum.com/threads/9418-Error-3002-email-not-found

http://www.gamefaqs.com/boards/938738-/63906420

 

Thousands of accounts (apparently it's a problem growing at a very quick pace) have been hacked in the last couple of days. Apparently these hackers were able to change the e-mails registered to each account so it appears as if you never had an account. I have barely played in the past week (maybe 20 minutes total) because of real life obligations. I attempted to login tonight to give myself a break and I am somehow no longer affiliated with Guild Wars 2 in any way, as the e-mail address I entered was not found. Logging into the website, no luck. Logging in with my username, doesn't exist.  At least I didn't sink much time into any character so it's okay if my data is lost, but I feel for others who have already spent days in this game.

 

I've played nearly every launch for the last decade and never have I seen this chaos or mishandling of player security. Really, their priority is banning instead of stabilizing their infrastructure during the first week?  It wasn't even a problem on the player end. Players are registering, BUYING the game, and finding they are not able able to login at all. 

I received an e-mail from ArenaNet:

 

Someone -hopefully you!- has requested to change the email address associated with your Guild Wars account.

Need help or have questions about your Guild Wars account? Visit our support site: http://support.guildwars2.com/.

Thanks!

-The ArenaNet Team

 

They didn't even bother checking with me before changing my password. How did that happen? 

This is really unfortunate for ArenaNet, but I really feel like they should have had better security systems in place. This is ridiculous.

 

TL; DR GO CHANGE YOUR E-MAIL and PASSWORD NOW 

«134

Comments

  • Tawn47Tawn47 LincolnPosts: 512Member

    As I understand it, it is 3rd party games sites that have been hacked..   and the people who lose their accounts are either using the same password for GW1 or GW2 as that 3rd party site.. or have a simple password.  Not sure Anet are to blame, though Im sure there is more they could do about this matter in the future.

    I think its fair to say this:

    - Dont respond to emails about your password if you didnt request a change

    - Ensure your GW2 & GW1 password is very strong and not used anywhere else on the web

  • DrannyDranny BarnsleyPosts: 276Member Uncommon
    Originally posted by WizGamer

     

    http://www.guildwars2forum.com/threads/9418-Error-3002-email-not-found

    http://www.gamefaqs.com/boards/938738-/63906420

     

    Thousands of accounts (apparently it's a problem growing at a very quick pace) have been hacked in the last couple of days. Apparently these hackers were able to change the e-mails registered to each account so it appears as if you never had an account. I have barely played in the past week (maybe 20 minutes total) because of real life obligations. I attempted to login tonight to give myself a break and I am somehow no longer affiliated with Guild Wars 2 in any way, as the e-mail address I entered was not found. Logging into the website, no luck. Logging in with my username, doesn't exist.  At least I didn't sink much time into any character so it's okay if my data is lost, but I feel for others who have already spent days in this game.

     

    I've played nearly every launch for the last decade and never have I seen this chaos or mishandling of player security. Really, their priority is banning instead of stabilizing their infrastructure during the first week?  It wasn't even a problem on the player end. Players are registering, BUYING the game, and finding they are not able able to login at all. 

    I received an e-mail from ArenaNet:

     

    Someone -hopefully you!- has requested to change the email address associated with your Guild Wars account.

    Need help or have questions about your Guild Wars account? Visit our support site: http://support.guildwars2.com/.

    Thanks!

    -The ArenaNet Team

     

    They didn't even bother checking with me before changing my password. How did that happen? 

    This is really unfortunate for ArenaNet, but I really feel like they should have had better security systems in place. This is ridiculous.

     

    TL; DR GO CHANGE YOUR E-MAIL and PASSWORD NOW 

    The email was no doubt a phising scam.

    And as for thousands the links you provided so a few posts not the thousands you claim.

     

    P.S. Do they not send out validation emails to the current email inorder for you to change to the new one .?

  • MothanosMothanos ArnhemPosts: 1,860Member Uncommon

    Hmm its the Arenanets faulth now you got hacked ?
    Stay away from site's who pose a risk.
    Make a good pasword.
    Dont click links in email.

    Account safe !

    Dont blame a company for your own mistakes.

  • YaosYaos Franklin, TNPosts: 153Member
    Some of the people getting the email do not have GW2 accounts.
  • FrodoFraginsFrodoFragins Manchester, NHPosts: 2,926Member Uncommon
    Originally posted by Tawn47

    As I understand it, it is 3rd party games sites that have been hacked..   and the people who lose their accounts are either using the same password for GW1 or GW2 as that 3rd party site.. or have a simple password.  Not sure Anet are to blame, though Im sure there is more they could do about this matter in the future.

    I think its fair to say this:

    - Dont respond to emails about your password if you didnt request a change

    - Ensure your GW2 & GW1 password is very strong and not used anywhere else on the web

    EXACTLY!

  • GhavriggGhavrigg Halifax, NSPosts: 774Member Uncommon
    All I know is that from within a couple hours of registering my account, I was getting "password reset" emails daily, sometimes every few hours of the day. I never actually lost my account or was actually hacked, but someone or multiple people were trying anyway.
  • JeroKaneJeroKane OsloPosts: 5,353Member Uncommon

    He probably clicked the link in the phising email, just like thousands of other people who still fall for it.

    A lot of (gaming) sites and MMO studios have been hacked lately, with entire databases of data being stolen!

    So if you haven't bothered changing your password lately.... then sorry, but then you made it extremely easy for these hackers.

  • oldbluiesoldbluies columbus, OHPosts: 10Member

    It makes me laugh at how people respond to these. The problem is Anet sends out a verification for a PW change, but the email change nothing but a hope its you remark.  I know this has happened to many and most have not been able to play again. Hang in there I'm sure it will be fixred I've read it's a 3-5 day fix.

    I'm on day 3 so far......

  • GrahorGrahor aaaPosts: 828Member

    Come on, people, you are assuming a lot here.

     

    I haven't lost my account, so don't go off half-cocked on me.

     

    The problem with Guild Wars 2 accounts is born of NCSoft problems. I'll explain.

     

    When I've bought Guild Wars 2 (on ArenaNet), I have linked it to NCSoft account, because I had one, and they've asked me to link to NCSoft account if I had one.

     

    When I did it, my _EMAIL_, towards which GW2 account was registered, have become "Account@NCSoft". Obviously, it's not a real mail. So they can't sent any confirmation mails to it! 

     

    So, if a hacker has guessed (through third-party sites, brute-force algorithm, or phishing e-mail) your password, he can log on to your account. Now, in a normal security situation, that's where it all would end: any password changes, email changes, etc require confirmation through e-mail.

     

    But it's impossible in Guild Wars 2, because the emails-on-files are, like, Something@NCSoft, and those aren't real emails, Arenanet can't send any confirmations there.

     

    So if a hacker has logged in, he can just change the email, change the password, none of those will demand confirmation (I know this because I've did it myself, I've changed my email from @ncsot to a real one, and no confirmation was needed.) and he'll be a new owner of the account, and any confirmation emails, etc will go directly to hacker, not to the previous owner.

     

    So, yes, first level of security is the same as everywhere, and it has to be overcome by the same methods: phishing, third-party, brute-force. But once it's broken, there are no additional levels of security. Every single web application out there has the additional level of security: e-mail confirmation. But not ArenaNet.

     

    Make your own conclusions.

  • oldbluiesoldbluies columbus, OHPosts: 10Member

    Don't know about the OP.  That is not myt case.  No linkage. No NC Soft email.. just a regular email acct. I did'n't click any links or anything like that. Could I have used a previous PW from another site, sure. The problem for me was there was no confirmation, which I belive they have fixed.

  • ESSKAESSKA jacksonvill, FLPosts: 111Member
    Some people doing something stupid then turning around and blaming the company. In my experience it was always because the people that were hacked were doing something they shouldnt have been doing or clicking on obvious pishing emails. Had a few people in rift claim up and down that they didnt do anything to get hacked then later find out they had an account for an mmowebsite that created bots and other hacks which lead to them getting their account stolen and eventually banned. Same with Aion in the first big ban wave that hit a lot of "innocent" players.
  • GrahorGrahor aaaPosts: 828Member

    >>People doing something stupid then turning around and blaming the company.<<

     

    Every application in the net, even free php forums, have 2 levels of security for accounts. ArenaNet has 1 level of security (I've described earlier.) Still think there is nothing to blame the company for?

  • OrphesOrphes TrePosts: 3,048Member
    Originally posted by WizGamer

     

    I received an e-mail from ArenaNet:

     

    Someone -hopefully you!- has requested to change the email address associated with your Guild Wars account.

    Need help or have questions about your Guild Wars account? Visit our support site: http://support.guildwars2.com/.

    Thanks!

    -The ArenaNet Team

     

    They didn't even bother checking with me before changing my password. How did that happen? 

    This is really unfortunate for ArenaNet, but I really feel like they should have had better security systems in place. This is ridiculous.

     

    TL; DR GO CHANGE YOUR E-MAIL and PASSWORD NOW 

     

    I changed my email a few minutes ago.

    To my old email I got the same as you got and to the new email I got a link for verification of that email.

     

    This is a homerun for account thieves...

    I'm so broke. I can't even pay attention.
    "You have the right not to be killed"

  • ESSKAESSKA jacksonvill, FLPosts: 111Member
    Originally posted by Grahor

    >>People doing something stupid then turning around and blaming the company.<<

     

    Every application in the net, even free php forums, have 2 levels of security for accounts. ArenaNet has 1 level of security (I've described earlier.) Still think there is nothing to blame the company for?

    Yep. If you are going to click on obvious bad links or use the same u/n and password you use for your game as your forum pass like some do for some reason. then yeah you are to blame. Out of the million people playing this game only a few are having this problem and im just saying from previous experience with people who make these claims its always because they were either up to no good or wasnt being carefull about their UN/PASS and just randomly clicking on links in their emails.

  • If you haven't seen this before you haven't been paying attention.  Aion had tons of people hacked.

     

    Edit: Tehcnically its not a hack.  Most of this is spear-Phishing.

  • Half_Man_Half_ToonHalf_Man_Half_Toon NO, CAPosts: 156Member
    Originally posted by TCTC
    Originally posted by Grahor

    >>People doing something stupid then turning around and blaming the company.<<

     

    Every application in the net, even free php forums, have 2 levels of security for accounts. ArenaNet has 1 level of security (I've described earlier.) Still think there is nothing to blame the company for?

    Yep. If you are going to click on obvious bad links or use the same u/n and password you use for your game as your forum pass like some do for some reason. then yeah you are to blame. Out of the million people playing this game only a few are having this problem and im just saying from previous experience with people who make these claims its always because they were either up to no good or wasnt being carefull about their UN/PASS and just randomly clicking on links in their emails.

    another think to note dont ever give info away that will be like he said no same password on forums websites etc your friend your son etc that is for you and you only you bought the game you keep it Dont Share Info!.

  • ConnmacartConnmacart OsloPosts: 681Member Uncommon
    Originally posted by Grahor

    >>People doing something stupid then turning around and blaming the company.<<

     

    Every application in the net, even free php forums, have 2 levels of security for accounts. ArenaNet has 1 level of security (I've described earlier.) Still think there is nothing to blame the company for?

    As long as the company doesn't get compromised it will never be their fault a person gets hacked. Can they do more, sure, but it still doesn't make them responsible for a person's own carelessness. 

  • VaultarVaultar adelaidePosts: 339Member

    should have read what Anet has said in terms of keeping your account secure. 

    Due to many hackers, I just couldn't risk my account being at threat. So what did I do? I followed the exact instructions given by Anet to keep my account safe.

    1. I made a new gmail account just for guild wars 2.

    2. Made sure that the gmail account's pass is unique and is lengthy and does not correspond to GW2 account pass (which is both lengthy and unique).

    3. Always using email authentication feature that Anet implemented.

    4. Made sure my comp is free from any viruses and malware.

    Because of all these steps, I know my account is very safe :).

    Looking forward to EQL and EQN.

  • rojoArcueidrojoArcueid hell, NJPosts: 6,757Member Uncommon
    Originally posted by Yaos
    Some of the people getting the email do not have GW2 accounts.

    i got the emails on an email that has nothing to do with guild wars and is not associated with my GW2 email LOL.....

    i also got similar emails like mist of pandaria beta invite, diablo 3 account security, etc.... i dont even have accounts there with that same email hehehe....

    people gotta be careful and erase all those emails. if you did not request it just delete it. If you think it could be legit, contact the company from their own website instead of clicking the link on the email.

    :)

     

    image
  • DrannyDranny BarnsleyPosts: 276Member Uncommon
    I have multiple email accounts for different games none of which get these scams, The only email addy that gets the phising scams is the one i use for fan sites. go figure.
  • DrannyDranny BarnsleyPosts: 276Member Uncommon
    Originally posted by Orphes
    Originally posted by WizGamer

     

    I received an e-mail from ArenaNet:

     

    Someone -hopefully you!- has requested to change the email address associated with your Guild Wars account.

    Need help or have questions about your Guild Wars account? Visit our support site: http://support.guildwars2.com/.

    Thanks!

    -The ArenaNet Team

     

    They didn't even bother checking with me before changing my password. How did that happen? 

    This is really unfortunate for ArenaNet, but I really feel like they should have had better security systems in place. This is ridiculous.

     

    TL; DR GO CHANGE YOUR E-MAIL and PASSWORD NOW 

     

    I changed my email a few minutes ago.

    To my old email I got the same as you got and to the new email I got a link for verification of that email.

     

    This is a homerun for account thieves...

    Yes i do agree, they need to change this to be sent to the old one or even a two step validation where you have to click the link in the old email and then one gets sent to the new email.

  • Crazy_StickCrazy_Stick Privacy Preferred, NCPosts: 1,059Member
    They simply were not prepared for this. If what's being related above regarding change of email is true then this is atrocious security planning on their part without excuse. I mean even Cryptic is doing significantly better now thanks to a new PC identification system with various codes from your account you have to enter. Not even Trion was this ill prepared at launch and they were fast to take action. I don't care if its only a handful of stolen purchases right now. There is a big hole waiting to be fished and now that it's known... Well, I hope Anet is fast and those people get their moeny back or game account fixed
  • MosesZDMosesZD Kirkwood, MOPosts: 1,383Member
    Originally posted by WizGamer

     

    http://www.guildwars2forum.com/threads/9418-Error-3002-email-not-found

    http://www.gamefaqs.com/boards/938738-/63906420

     

    Thousands of accounts (apparently it's a problem growing at a very quick pace) have been hacked in the last couple of days. Apparently these hackers were able to change the e-mails registered to each account so it appears as if you never had an account. I have barely played in the past week (maybe 20 minutes total) because of real life obligations. I attempted to login tonight to give myself a break and I am somehow no longer affiliated with Guild Wars 2 in any way, as the e-mail address I entered was not found. Logging into the website, no luck. Logging in with my username, doesn't exist.  At least I didn't sink much time into any character so it's okay if my data is lost, but I feel for others who have already spent days in this game.

     

    I've played nearly every launch for the last decade and never have I seen this chaos or mishandling of player security. Really, their priority is banning instead of stabilizing their infrastructure during the first week?  It wasn't even a problem on the player end. Players are registering, BUYING the game, and finding they are not able able to login at all. 

    I received an e-mail from ArenaNet:

     

    Someone -hopefully you!- has requested to change the email address associated with your Guild Wars account.

    Need help or have questions about your Guild Wars account? Visit our support site: http://support.guildwars2.com/.

    Thanks!

    -The ArenaNet Team

     

    They didn't even bother checking with me before changing my password. How did that happen? 

    This is really unfortunate for ArenaNet, but I really feel like they should have had better security systems in place. This is ridiculous.

     

    TL; DR GO CHANGE YOUR E-MAIL and PASSWORD NOW 

     

    The common vectors:

     

    1.   People stupidly use easy to break passwords or, even dumber yet, the same password every gaming site they go.    Many of these were stolen from legitimate web sites when they've been hacked in the past.

    2.   People stupidly signed up using their email and password at a Phishing site that promised "free in-game giveaway."   (Yes, they did!!!   How dumb was that?)

    3.  Many people go to 'helper' sites (not knowing they're Honeypots) and down-load keyloggers with those macros and botting programs they use.

    4,   They stupidly answer phishing emails.

     

    Those are the common vectors that allow phishing attacks and none of those are ANet's fault.   And yet you get on your high-horse and act as if it is their fault.   

     

    I don't buy it.   ANet isn't responsible for security on my end.  I am.     It's part of adult living.  

     

    And, for the record, since they've hacked some of the gaming sites I frequent, those Chinese hackers tried to get me, too as I use a centralized gaming email because I got tired of my professional email being filled with spam.   But they failed because I never answer any kind of 'account security verification' emails (phishing), I have a brutally hard password unique to my email.  Each game has a brutally hard unique password containing Caps, lower-case, signs and numbers.

     

    And, no, they didn't change your password, despite your claims.   What they REALLY said is:

     

    Somebody (hopefully you!) asked to reset the password on your Guild Wars account.

    To change your password, click the link below. 

    (Clickable Link)

    If you did not request to reset your password, you can ignore this email and no changes will be made to your account.

    Need help or have questions about your Guild Wars account? Visit our support site: http://support.guildwars2.com/.

    Thanks!

    --The ArenaNet Team

     

    Buy why let those additional little FACTS in green get in the way of a good BLAME THE DEVELOPER rant.

     

     

     

  • MosesZDMosesZD Kirkwood, MOPosts: 1,383Member
    Originally posted by Crazy_Stick
    They simply were not prepared for this. If what's being related above regarding change of email is true then this is atrocious security planning on their part without excuse. I mean even Cryptic is doing significantly better now thanks to a new PC identification system with various codes from your account you have to enter. Not even Trion was this ill prepared at launch and they were fast to take action. I don't care if its only a handful of stolen purchases right now. There is a big hole waiting to be fished and now that it's known... Well, I hope Anet is fast and those people get their moeny back or game account fixed

     

    No.  He's not telling the whole truth.   He doctored his email that he presented as proof.  I posted mine I received when the Chinese tried to hack my account.  So, I'm sure there is more to the story.  And I doubt he'll ever come cleann with the dumb things he's done.

     

    It's like those people ranting at Reddit about being 'banned' for 'nothing' and then ANet posts their homophobic, racist, profanity-laced tirades that caused the banning and they delete their Reddit Accounts in embarrassment and go some place else to lie about how mean ANeit.

  • MosesZDMosesZD Kirkwood, MOPosts: 1,383Member
    Originally posted by Dranny
    Originally posted by WizGamer

     

    http://www.guildwars2forum.com/threads/9418-Error-3002-email-not-found

    http://www.gamefaqs.com/boards/938738-/63906420

     

    Thousands of accounts (apparently it's a problem growing at a very quick pace) have been hacked in the last couple of days. Apparently these hackers were able to change the e-mails registered to each account so it appears as if you never had an account. I have barely played in the past week (maybe 20 minutes total) because of real life obligations. I attempted to login tonight to give myself a break and I am somehow no longer affiliated with Guild Wars 2 in any way, as the e-mail address I entered was not found. Logging into the website, no luck. Logging in with my username, doesn't exist.  At least I didn't sink much time into any character so it's okay if my data is lost, but I feel for others who have already spent days in this game.

     

    I've played nearly every launch for the last decade and never have I seen this chaos or mishandling of player security. Really, their priority is banning instead of stabilizing their infrastructure during the first week?  It wasn't even a problem on the player end. Players are registering, BUYING the game, and finding they are not able able to login at all. 

    I received an e-mail from ArenaNet:

     

    Someone -hopefully you!- has requested to change the email address associated with your Guild Wars account.

    Need help or have questions about your Guild Wars account? Visit our support site: http://support.guildwars2.com/.

    Thanks!

    -The ArenaNet Team

     

    They didn't even bother checking with me before changing my password. How did that happen? 

    This is really unfortunate for ArenaNet, but I really feel like they should have had better security systems in place. This is ridiculous.

     

    TL; DR GO CHANGE YOUR E-MAIL and PASSWORD NOW 

    The email was no doubt a phising scam.

    And as for thousands the links you provided so a few posts not the thousands you claim.

     

    P.S. Do they not send out validation emails to the current email inorder for you to change to the new one .?

     

     

    Yes.  They do.   You have to log in.   Reset your password.   Go to you email and click on the validation link.   Then finish the process.

     

    Somebody (hopefully you!) asked to reset the password on your Guild Wars account.

    To change your password, click the link below.

    LINK REMOVED

    If you did not request to reset your password, you can ignore this email and no changes will be made to your account.

    Need help or have questions about your Guild Wars account? Visit our support site: http://support.guildwars2.com/.

    Thanks!

    --The ArenaNet Team

«134
This discussion has been closed.