It looks like you're new here. If you want to get involved, click one of these buttons!
Originally posted by MosesZD
I don't buy it. ANet isn't responsible for security on my end. I am. It's part of adult living.
And, no, they didn't change your password, despite your claims. What they REALLY said is:
Somebody (hopefully you!) asked to reset the password on your Guild Wars account.
To change your password, click the link below.
If you did not request to reset your password, you can ignore this email and no changes will be made to your account.
Need help or have questions about your Guild Wars account? Visit our support site: http://support.guildwars2.com/.
--The ArenaNet Team
Buy why let those additional little FACTS in green get in the way of a good BLAME THE DEVELOPER rant.
You're pasting the password reset email the email sent after changing the email looks exactly like what the OP posted.
How about your facts?
And yes, ArenaNet is responsible to have at least good enough security for our accounts.
It would have been much easier for us and it would have given more security to verify a change of account name/email adress by adding a verification to the old email just like the one they send to the new email adress. (Just to name one example.)
This email is sent to the former email adress:
Someone -hopefully you!- has requested to change the email address associated with your Guild Wars account.
Need help or have questions about your Guild Wars account? Visit our support site: http://support.guildwars2.com/.
-The ArenaNet Team
This email is sent to the new email adress:
Your e-mail address has been changed. Please remember to use this new address the next time you log in to your account.
To confirm this change, please click on the link below.
[LINK FOR EMAIL VERIFICATION]
Which is just wrong...
I'm so broke. I can't even pay attention."You have the right not to be killed"
Originally posted by Dranny I have multiple email accounts for different games none of which get these scams, The only email addy that gets the phising scams is the one i use for fan sites. go figure.
Yeah. I don't register at a site unless it's a legit gaming site run by a legit company. I've seen too many people register at fan sites, especially 'mod' and 'hack' sites, and get hacked to death later.
Originally posted by MosesZD Originally posted by WizGamer http://www.guildwars2forum.com/threads/9418-Error-3002-email-not-found http://www.gamefaqs.com/boards/938738-/63906420 Thousands of accounts (apparently it's a problem growing at a very quick pace) have been hacked in the last couple of days. Apparently these hackers were able to change the e-mails registered to each account so it appears as if you never had an account. I have barely played in the past week (maybe 20 minutes total) because of real life obligations. I attempted to login tonight to give myself a break and I am somehow no longer affiliated with Guild Wars 2 in any way, as the e-mail address I entered was not found. Logging into the website, no luck. Logging in with my username, doesn't exist. At least I didn't sink much time into any character so it's okay if my data is lost, but I feel for others who have already spent days in this game. I've played nearly every launch for the last decade and never have I seen this chaos or mishandling of player security. Really, their priority is banning instead of stabilizing their infrastructure during the first week? It wasn't even a problem on the player end. Players are registering, BUYING the game, and finding they are not able able to login at all. I received an e-mail from ArenaNet: Someone -hopefully you!- has requested to change the email address associated with your Guild Wars account. Need help or have questions about your Guild Wars account? Visit our support site: http://support.guildwars2.com/. Thanks! -The ArenaNet Team They didn't even bother checking with me before changing my password. How did that happen? This is really unfortunate for ArenaNet, but I really feel like they should have had better security systems in place. This is ridiculous. TL; DR GO CHANGE YOUR E-MAIL and PASSWORD NOW
The common vectors:
1. People stupidly use easy to break passwords or, even dumber yet, the same password every gaming site they go. Many of these were stolen from legitimate web sites when they've been hacked in the past.
2. People stupidly signed up using their email and password at a Phishing site that promised "free in-game giveaway." (Yes, they did!!! How dumb was that?)
3. Many people go to 'helper' sites (not knowing they're Honeypots) and down-load keyloggers with those macros and botting programs they use.
4, They stupidly answer phishing emails.
Those are the common vectors that allow phishing attacks and none of those are ANet's fault. And yet you get on your high-horse and act as if it is their fault.
And, for the record, since they've hacked some of the gaming sites I frequent, those Chinese hackers tried to get me, too as I use a centralized gaming email because I got tired of my professional email being filled with spam. But they failed because I never answer any kind of 'account security verification' emails (phishing), I have a brutally hard password unique to my email. Each game has a brutally hard unique password containing Caps, lower-case, signs and numbers.
The Risk of playing video games on computers is risky if you scare of hackers go play Consol games you get more protection ther from hackers except playstation console or learn how to protect yourself from harm like identity theft to start of with.
Originally posted by Orphes Originally posted by MosesZD
Sorry, he specifically claimed TWO THINGS:
Read more carefully. His claim was wrong. They didn't even change his password to steal his account. They knew it. The security breech was his own -- reused passwords.
I will admit, the second part should have explained better. I plead 6:00 AM and lack of coffee. A password reset email has the go-back-to-link. I was pointing that out.
Because its easier to blame someone else than to admit that they did something stupid....
the trouble is that too many people just do not pay attention, they treat the internet as if its a playground, and think web security is somebody elses responsibility.. the mind boggles sometimes it really does.
if you havent seen this (link is on the game launcher)
Kickstarter: Stuff I'm supporting
Seriously , never used an authenticator in any game , played EQ since launch and most every mmorpg since , and never , not once , have had an account "hacked'. Zero , nilch such issues.
I just don't get it , unless people truly use the same login/password for fansites and click on links in emails that people by now should know better.
Either way , it's quite possible to never lose an account or be hacked and never even touch an authenticator.
People need to educate themselves , not scream AN was hacked wheres my authenticator.
Ehm no, he claims 1 thing.
The most logical interpretation is that he is talking about the change off account name (email adress) and that ArenaNet have made that to easy.
He "begins" with:
"Logging into the website, no luck. Logging in with my username, doesn't exist."
And "ends" with:
"They didn't even bother checking with me before changing my password."
*Password is more likely a typo, there are no reasons to believe that any company should verify a change of password other than typing the old one at the time of change. Also as he is pasting the email change notification sent by ArenaNet, and that is the easy way ArenaNet made it to actually steal accounts by changing accountnames vithout verifications.
And he acknowledge the need for changing p/w and email to make it more safe.
There is no need to defend Arena Net, they have made stupid choice with how the account name change can be done.
Originally posted by JeroKane He probably clicked the link in the phising email, just like thousands of other people who still fall for it. A lot of (gaming) sites and MMO studios have been hacked lately, with entire databases of data being stolen! So if you haven't bothered changing your password lately.... then sorry, but then you made it extremely easy for these hackers.
Perhaps a stupid question.
But what is wrong with (just) clicking a link?
I thought as long as you don't type in your account info on a phishing website you are fine..
When Online Game Companies get hacked, the hackers and gold-botters keep the information that was obtained for years.
A new anticipated game comes out, they use programs that scans and probs down a list to see who they got from prior hacked games. If they find a matching email or an account using the *same* password then they got that person's account. It's always good to change e-mail and password frequently on these MMO websites as well as not using the same emails or passwords for different games too.
MMO sites aren't very secure to began with(and a lot of other sites aren't either, unfortunately with all the hacking incidents that have occured in the past) and as technology becomes more sophisicated you will have a criminal element that increases with it.
It's one of the main reasons I use Game-Cards for MMO's rather than CC methods of paying for a game or in-game products.
Originally posted by Phry
Can you motivate why ArenaNet are not to take blame when they made it this easy to change an account name?
Now it is a fact that all people are not honest, not on internet nor outside the door. Some will steal your password and others will steal your wallet.
You say we should not treat internet as if it is a playground... that's good. But the context of your post says that on the internet the victim are to be blamed.
Originally posted by thekid1 Originally posted by JeroKane He probably clicked the link in the phising email, just like thousands of other people who still fall for it. A lot of (gaming) sites and MMO studios have been hacked lately, with entire databases of data being stolen! So if you haven't bothered changing your password lately.... then sorry, but then you made it extremely easy for these hackers.
Some sites can plant a cookie on your computer that key logs your strokes. Just as bad as giving it to them.
Originally posted by Mothanos Hmm its the Arenanets faulth now you got hacked ? Stay away from site's who pose a risk. Make a good pasword. Dont click links in email. Account safe ! Dont blame a company for your own mistakes.
That's how my WoW account never got hacked. I never clicked anything nor filled in any passwords anywhere. I don't know that ANet is to blame for this anymore than Blizzard is to blame.
Look gw2 is awesome, but something beyond user error seems to be going on.
When a malicious or fishy link is clicked it's highly possible that that link is connected to a phishing website or attack website. What may look like a harmless URL could be a link re-directing a person to a website that may try to re-route their browser URL's by exploits, or possible viruses and malicious programs that open up because they were allowed "access" by clicking on them. Think of hyperlinks as a gate-way door.
I've known people that clicked on phishing links and they ended up getting redirected to a bad websites. Browsers got Hijacked. Ended up putting their information on the website they thought was legitimate and next thing known their accounts has been wiped clean.
It's abolutely ridiculous that after 20 years of commercial internet there are still new kids entering the segment that choose their birthdate or 1234qwer or 1qay2wsx as their passwords on every other occasion.
In 15 years of online gaming I've never ever been hacked. I use a password for random boards that could probably be hacked given enough tries and another one for accounts linked to bank account information (which is considerably longer and uses things like % or ü or #) and then theres MMO accounts.
The password for an MMO account is never ever stored digitally, anywhere. Period. It's in a bound book in a drawer under the desk I'm sitting at. And it's changed every 6 months or so and consists of min 12 characters, randomly generated.
The last one I had for LotRO was "0&et2$8s2!1(" (don't bother, it's already changed).
And for people who are too lazy to spend 20 seconds instead of 3 for entering their password. Well, you guys deserve to be hacked and robbed then.
And well, don't get me started about discarding any email with links in it unless it's from a hand-picked whitelist. EVERYTHING that is remotely important and relevant will be send by postal mail or phone call anyways. At least in Europe that is. There's a law here that forced me to tell the government where I live and what I do for a living, so if someone wants to talk business, I want ink and paper. Period.
Originally posted by Eir_S Originally posted by Mothanos Hmm its the Arenanets faulth now you got hacked ? Stay away from site's who pose a risk. Make a good pasword. Dont click links in email. Account safe ! Dont blame a company for your own mistakes.
Unfortunately I'm going to have to side w/ Blizzard on this one. While they get hacked a lot also, Blizzard most definitely has more security on WoW than Anet has atm w/ GW2.
For starters, WoW has more checks on your account (+authenticators) to make it harder for people to steal your account, even if they phish your email (which happens fairly frequently nowadays). Secondly, WoW has a much quicker response team. When people's account gets hacked in WoW, they usually are talking to a person within a few hours. If their items were stolen, it took Blizzard another week or so on top of that. In GW2, you just get banned (can't play at all), and in some cases people didn't hear a word from Anet for close to a week.
When you do get in contact w/ Anet it's usually pretty smooth. However, their response isn't consistant enough to be considered good. Furthermore, their security is far from flawless, so saying Anet is 'blameless' for blanketly banning 1000s of accounts, many of them innocent, without having a proper response ready for people who got caught in the crossfire, is pretty irresponsible imho. It's not as though they didn't expect this game to be hugely popular, and rampant hacking is not exactly a new problem to MMOs. They should've had a plan just incase this happened (though I know it's kind of tough to expect such a huge attack even before the actual launch.
Even still, a lot of pre-purchases lost most of their headstart gametime while doing absolutely nothing to deserve such a response.
Never click a link if you get a suspicious email it could put a trojan, keylogger or worm on you PC. Always go to the site in question manually through google or type in the address in the header. With emails always check the sending address as well to see if its genuine. Also get web security software that actually scans your emails if you have them downloaded to your PC.
This doom and gloom thread was brought to you by Chin Up the new ultra high caffeine soft drink for gamers who just need that boost of happiness after a long forum session.
1st email: The e-mail address for your Guild Wars account has been changed
2nd email: Confirm new e-mail address for your Guild Wars account
You do not click the link. You go to the site manually. Email does not exist.
ANet sends two emails to an email that does not exist, eh?
For some, they've commented that the email address is not even tied to GW/GW2. In which case, why exactly did ANet send those emails out? For some, they've commented that they may have registered for the GW2 beta - but never got in or never used it. In which case, why does the email exist for the emails but not for an account? For some, they're just wondering WTF happened - since they received two emails, where the second is asking for confirmation...something they do not confirm...yet they're no longer able to get into their account.
There's all sorts fun to be had in discussing this. The curious discussions are involved in blaming the users.
Say somebody does grab their username/password combo from another site. They're able to login. They might be able to login to the game account and cause all sorts of havoc, but even there - not really. In this day and age, the game should recognize that a person is logging in from another location and request an auth code for that location. C'mon, it's 2012...
But you say they've changed the email, so that doesn't matter. How did they change the email? They have the user/pass. Really? To change the email, it should require verification from the current email. Heck, the same goes for the password.
In order to compromise the account, the person should have to compromise both the account and the email.
Then you could really get into blaming the user - because they're likely to fall into crowd that's installed a trojan by downloading something they should not have or made the silly mistake of using the same password for their email as some other account.
Outside of that sort of thing though, it's 2012 - there's a certain level of responsibility that falls on the developers at this point, since they should have learned from the mistakes made by their fellow developers over the past 15+ years.
I miss the MMORPG genre. Will a developer ever make one again?
Explorer: 87%, Killer: 67%, Achiever: 27%, Socializer: 20%
Originally posted by Calerxes Originally posted by thekid1 Originally posted by JeroKane He probably clicked the link in the phising email, just like thousands of other people who still fall for it. A lot of (gaming) sites and MMO studios have been hacked lately, with entire databases of data being stolen! So if you haven't bothered changing your password lately.... then sorry, but then you made it extremely easy for these hackers.
Plus disable any kind of plugins and set them to "ask" so that if the site wants to activate anything else than "information" the browser asks you if that's ok.
Use uncommon browsers like Opera.
Originally posted by dbgager What makes me laugh is when dumb azzs like this blame the company for there own lack of security. AreanaNet can only go so far to protect your account., Most of the responsibility lies with you.
And when ANet goes as far as they can...then you can make that statement.
Originally posted by bcbully Look gw2 is awesome, but something beyond user error seems to be going on.
Yep, a lot of players assuming that hackers didn't trade or maintain dbases.
Welcome to the information age, already in progress.
Self-pity imprisons us in the walls of our own self-absorption. The whole world shrinks down to the size of our problem, and the more we dwell on it, the smaller we are and the larger the problem seems to grow.
Originally posted by Meridion Originally posted by Calerxes Originally posted by thekid1 Originally posted by JeroKane He probably clicked the link in the phising email, just like thousands of other people who still fall for it. A lot of (gaming) sites and MMO studios have been hacked lately, with entire databases of data being stolen! So if you haven't bothered changing your password lately.... then sorry, but then you made it extremely easy for these hackers.
WOW how did you guess that, Opera is a great browser. I heartily recommend it.