Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Quick Links
Thread For Discussion of Phishing Emails & Account Security Matters
Amana
Moderator UncommonPosts: 3,912
in Guild Wars 2
Hey guys,
Since this forum is VERY active right now, many threads are getting lost and people aren't properly checking to see if their thread is a duplicate topic. As a result, since this is an important matter, we've had many phishing/hack/security threads
As we have in a handful of other forums, we'd like to provide this thread for the discussion of phishing/hacking/account security measures and updates on the matter. This way the discussion stays visible and we don't get 20 new threads each day on the matter.
To give feedback on moderation, contact [email protected]
Comments
Current ANet update from here:
Account security - We're seeing an uptick in reports of account theft and attempted account theft. We believe hackers are using databases of email addresses and passwords stolen from other games and web sites, and pre-existing trojan horses, to search for matching Guild Wars 2 accounts which they attempt to compromise. To prevent this, we have temporarily disabled the "reset password" feature, and we're working to bring email authentication online. To protect yourself, please ensure that you use a unique password for Guild Wars 2 that you don't use for any other game, email account, forum or web account.
Email authentication - Email authentication is a feature that notifies you if someone tries to log into your account from a location you've never logged in from before. Thus, even if someone guesses your game password, he can't log in unless he also guesses your email account password. You can make email authentication even more secure by using an email provider that supports two-factor authentication, such as Google or Yahoo, and taking advantage of that. We're currently preparing email authentication and intend to deploy it in a phased rollout, starting on Thursday, August 30.
To give feedback on moderation, contact [email protected]
Steam: Neph
Just a note guys, since a lot of people seem to think this.
Just because you haven't entered your password in a long time doesn't mean hackers can't fetch your username and password. Your account details are stored on your computer via browser cookies and hitting that little "Remember Password" button makes it so easy to steal your account details that a child could take it.
The general rule is, if the website you are logging into has "https" in the address bar instead of "http", then it is generally safe to "Remember Password". However, if it is not, then it is completely insecure. You should only really save your password if you log into an "https" site. All others, don't do it. Also, if you want to be completely safe, then turn off ALL cookies in your browser and always type in your account details.
The "https" signifies that everything you do on that site is encrypted, and only expert hackers would be able to decrypt the information and see what you're doing.
Hackers will look at sites you logged into that do NOT have "https", and try that password on the secured sites you logged into.
Note: Hackers CAN use viruses on your computer that detect your key hits and steal your information that way (these are called Keyloggers), but this is much less common as long as you continuously run updated virus checks. Retrieving your account details through cookies is much easier.
Hope this helps some of you.
I've had one password reset attempt, nice to hear that it was not successful as I am at work and cant check it right now.
My gaming blog
It's like some people just discovered gaming on the internet or something!
The phishers are using the same system that the Nigerian scammers use.
Keep separate passwords - make them complex - change them often.
This whole account hacking thing is reminiscent of the Rift launch. Exactly the same thing was happening then with hundreds, maybe thousands of accounts compromised and the developers berating their customers for being lax with their passwords.
The thing is though, eventually one of their own customers posted in their forums that he had discovered a vulnerability in their authentication process. All that was necessary was to log in via a genuine account and that then opened a back door to all the other servers and it was possible to switch at will. The hackers were able to take command of characters, steal all their valuable items delete characters, change passwords, anything they wanted.
Miraculously, within no time at all of the customer posting this information, all the hacking stopped. I don't recall Trion ever admitting it was actually a flaw in their system, rather than lax security on their customer's behalf that allowed it to happen but the suspicion has to be that it was..
I really do think the GW2 people should be examining their own systems now too instead of just automatically blaming their customers for the problems.
My account was banned for alleged RMT activity but ANet have not once provided any evidence to show what my account was supposed to have done or even communicated with me to say 'Hey, we banned your account'.
A ticket to Support has had two responses from ANet with both responses asking for the same information.
And you can't contact them by phone. If anyone is guilty of compromising accounts its ANet who have basically stolen $60.00 from me.
Came home to a hacked account today. I'm pretty strict about my security and run a rotation of different passwords and usernames, but it seemes the one I have used for GW2 is floating out there (not the same as e-mail or forums etc., but a couple of other recent games). Meh...
As much as I hated those security questions in TOR, all MMO's should take a lesson from it. A fairly large rotation of "unusual" questions for any account changes to ensure it's tricky to to break through even with the username and password in hand. Seems the hackers are having a field day with GW2.
It's not that it bothers me that much, if only the support reputation had been better at the moment. As it looks now I may not get to play for a few days, but we'll see.
Fanboys are so bad on this site, I got an email telling me that my guild wars account email had changed so i deleted it went to log into guildwars to change it and wow it ws changed just like that, the best part is I only played in BWE3 and did not buy guild wars 2 i was waiting now i'm going to wait long this is sad IMO. It's not always the users fault and everyone one on here makes it so Black and White and think theyknow everything. I don't care too much my email Is safe which is all i care about i have different passwords for everything and yada yada but who cares Fanboys are gana assume i did one thing wrong and run with it. A-Net needs to step up acct security TBH
EDIT: BTW I love guild wars 2 I have not played an mmo in over a year and GW2 is the only game that excites me BTW but admit some faults where they'er do don't be blind
Hi
I signed up to this site because I got an email about 20 mins ago saying someone tried changing my email on my GW2 account.
Now I don't have a GW2 account or Areanet account or any of these. My computer is always checked for intrusions daily and I quickly ran all my tests again when I got the email. The only game I play is wow, but that isnt even the same email address the above was sent to.
I had a GW 1 account back when it first started, but that was an email address way back in the day and isn't even working anymore. i never clicked any links in the email and I am not sure why I would get an email.
the status update from yesterday (link is on the game launcher)
http://wiki.guildwars2.com/wiki/Game_status_updates
Friday, August 31, 2012
EQ2 fan sites
Some people seem to have reading comprehension problems.
1. It doesn't matter if you respond to the e-mail or not, which was by the way sent from their official address [email protected]. I did not respond, checking the actual game first, and my e-mail and password were still hacked. My account was hacked while I was away from the game for several days.
2. The security of your password also does not matter. I only use this same password with my university, which is a whole separate e-mail and whole separate username. The only thing I can think of is that the problem is on their end with regard to the GW1 accounts perhaps because I am using the same password I used for GW1.
3. It is no user's fault so stop blaming them. People have literally been buying the game, only to find out minutes later that their accounts do not exist. The problem is on ArenaNet's end.
4. Solution: Change your password from your GW1 account if possible. Don't respond to e-mails (but I don't think anyone with common sense would anyway).
this was true but ANET changed this since Wednesday
http://www.reddit.com/r/Guildwars2/comments/z1poz/guild_wars_2_status_wednesday_august_29/
Account security - We're seeing an uptick in reports of account theft and attempted account theft. We believe hackers are using databases of email addresses and passwords stolen from other games and web sites, and pre-existing trojan horses, to search for matching Guild Wars 2 accounts which they attempt to compromise. To prevent this, we have temporarily disabled the "reset password" feature, and we're working to bring email authentication online. To protect yourself, please ensure that you use a unique password for Guild Wars 2 that you don't use for any other game, email account, forum or web account.
EQ2 fan sites
So far, i haven't had any problems and haven't received one phishing email yet.
Some blame should go to A-Net for not having authenticaters at lauch, but most of the blame should go to users.
I think its common sense not to use same email address for every single site, but most don't because they're lazy to use different unique passwords and username.
Why its common sense - for example. I got like 7 gmail accounts. I use one for craigslist [I get a lot of junk email], one personal email address. 4 other gmail accounts used for gaming sites. They all have unique username and password. I used my personal gmail account for guild wars 2 and even that has a different password than my gmail account.
TLDR : Use unique passwords and usernames/email accounts
im a gw2 fan but i agree that the support for being hacked is lacking on ANETs part
example,
this person describing in detail the support hes been given since he was hacked on Thursday
http://de.reddit.com/r/Guildwars2/comments/z4oxy/a_comprehensive_list_of_issues_with_my_experience/
some players have been waiting for 3+ days with no anet support on acct retrieval
EQ2 fan sites
This video sums it all up.
http://www.youtube.com/watch?v=7eyon0gtM5w&feature=em-uploademail
its been turned on by default
http://www.reddit.com/r/Guildwars2/comments/z3qqm/guild_wars_2_status_thursday_august_30/
We now have email authentication turned on for all players with verified email addresses. With this feature, even if someone guesses your password, when he tries to login from a location that you've never logged in from before, you'll have an opportunity to approve or disapprove of the login through an email check.
EQ2 fan sites