Originally posted by Xzen It is not Arena Net or NCSofts fault the accounts got hacked. However they do need to do something to get back to people in a more timely manner.
Agreed. they did hire more people but the fact is they arent going to be perfect at it overnight. Blizzard used to be absolutely atrocious in fixing hacked account issues, but over the years they got it down to having you fully restored in minutes. It sucks that it takes so long, but it should get better. And if it doesnt, thats when its time to complain hardcore.
Yes a majority (maybe 90%+) of those hackers comes from China, they're big on hijacking gaming accounts and stealing items and deleting characters. My old hotmail account (I don't use it on anything anymore) still gets "account compromised" and "confirm your email" and "reset password" messages for games I've never played. I used that email on some websites years ago, so it obviously fell into Chinese hands and they're using it to see if I used it on games. Even if you have [email protected] on some website and the Chinese has it, they'll attempt to try and log into GW2 with that email (and password they think you used) and see if it exists, if it doesn't they'll move on but if it does, they'll try over and over until they succeed, so your old emails are still being used even if games you play doesn't have that email.
LinkedIn for example was recently hacked, my business email has never ever received an email from LinkedIn even though it was the LinkedIn login, but after the news of the hack I received some odd emails on that account and I haven't used LinkedIn in over a year- my business email obviously fell into hackers' hands when they broke into LinkedIn.
I'm sorry but I say this whole weak password stuff is absolute bullshit. I don't believe for a second that thousands of people are exposing their login details and password as is being suggested, How come other new games such as TSW didn't have the same problems?
Anyone who played Rift at launch has seen this whole scenario before: Thousands of accounts compromised, the developer blaming people for exposing their logins details and passwords..................and yet...... what did it turn out to be in the end? The answer is a flaw in tier own login procedures that enabled hackers to login with a genuine account and then use a backdoor to access any other account they wanted. No passwords or login details needed at all. It was only after one of their users pointed this out to them that they quietly closed the backdoor and miraculously, the whole hacking thing died a death.
It's about time Arenanet started employing experts to sort this mess out instead of blaming the users.
It was GW2guru that got hacked NOT TSWguru or RIftguru - that is why GW2 was the target. Some people can't actually read anything before they hit reply.
Well when you release a game ArenaNet should have security measures up to par. Also the users should know better by now how to protect their accounts. It isn't like people haven't been told a bazillion times on how to protect your info. In one ear and out the other...
For everyone protecting ANet you should really stop. We can't just rabidly defend them because we like them, they clearly fucked up. Yes Im one of the ones affected, and yes until I was I was all "idiots using the same passwords everywhere!"
I love GW2 and really want to play, but if they don't get their act together I can't in good faith continue to support them.
im a gw2 fan
you think i would have a made a thread about this if i was covering/defending for ANET?
anytime i see a new thread about someone being hacked,
i dont give them grief along the lines of sucks for you, your fault
instead, I post support links to try to help them out
-- i dont blame ANET or the player, just want to help people get back into the game
Wasn't directed at anyone in particular I actually think it's awesome you are bringing more attention to this, because the more bad publicity ANet gets, the more inclined they will be to fix it
We get it, you are angry you got hacked. But you have even admitted it was your fault. Yet you so desperately want to make Arenanet out to be the villain here, its beyond pathetic. You, unlike the OP, have no good intentions. You just want to trash a company because you yourself screwed up. You are like one of the people that would rent a movie, know when it was due, then be upset you had to pay 2 bucks when it was late and blame the corporation and call the BBB instead of taking responsibility for your actions.
Arenanet could have had more security measures to protect against user stupidity, but its still not their fault you got hacked and never will be. And certainly no reason to want to sully a company's reputation.
But hey, keep believing in that magic bullet that makes everything their fault and not yours.
When did I admit it was my fault? I am anal about passwords, have randomly generated them, use letters numbers and special characters, the whole nine yards. I said SOME PEOPLE are to blame, never said I was.
I hope it doesn't happen to you, but if it does you will be singing a very different tune. I don't want ANet to fail, and your personal attacks against my character are cute but I am the first to admit when I fuck up. What I am saying is MY USERNAME SHOULD NOT BE ABLE TO BE CHANGED WITHOUT ANY FORM OF CONFIRMATION WHATSOEVER.
If you haven't seen what happens when you get hacked, well here you go:
Someone -hopefully you!- has requested to change the email address associated with your Guild Wars account.
Someone (hopefully me!) changed my email and thats it. And a generic link to the support page if it wasn't me. Fantastic security measures there. And no, I did not recieve a confirmation email that was deleted by the same hacker accessing my email address because A) like I said ,I use different passwords and I have my email open all day and did not recieve any email from ANet other than this one.
Claim I dont have good intentions all you want, but I am sure there are 11,000 other people right now who would at least like some kind of response from ANet other than a post on their forums that says we will get to you within 72 hours.
Please visit my youtube channel for some H1Z1/DayZ casual roleplay videos!
What I am saying is MY USERNAME SHOULD NOT BE ABLE TO BE CHANGED WITHOUT ANY FORM OF CONFIRMATION WHATSOEVER.
Except thats not what you were saying before. You have been talking about arenanet being hacked.
My post still stands. Sympathy does not get extended to people that try to turn an informative post into a hate fest. And you are still trying to pass off blame. I agree with you wth the red part, but you should be discussing that not implying that arenanet has been hacked.
most of these people have same password for all of their email, social site, game site and every other kind of site accnt. it is very much easy to crack these kind of passwords. my WoW accnt never got hacked, yet i see lots of forum qq about hacked accnt in blizz forums. they make mistakes and then blame the company. whether it is WOW or eq2 or swtor or gw2, same scenario everywhere. we live in a sad world.
Its interesting that in today's society we don't expect people to be responsible for supporting themselves, getting their own health care, providing for the children they bring into this world, paying their lawfully incurred debts, remembering to bring an ID to the polls, or using their turn singals while driving.
But, you had better not use the same sign up information for a video game that use you on an internet website! Because that is just plain irresponsible and you should be accountable for your actions!
Not sure if you were being sarcastic so at the risk of looking stupid - I agree completely.
I should have known to make a brand new email just for Guild Wars 2, because everyone obviously does that for every game, right? The real "villains," here are clearly the hackers, and while I don't claim ANet just allowed this to happen, they should have had better systems in place to protect their customers (and therefore investments) and in the event that this does happen it shouldnt take 7 days to get your account back. That is just insane.
"Except thats not what you were saying before. You have been talking about arenanet being hacked.
My post still stands. Sympathy does not get extended to people that try to turn an informative post into a hate fest. And you are still trying to pass off blame. I agree with you wth the red part, but you should be discussing that not implying that arenanet has been hacked."
Yeah. I'm trying to pass off blame. On the internet. On a forum. Because that helps me somehow. And I really want your sympathy, too. I have my doubts that you are a Cyber Security Expert that knows for a fact that ANet wasn't compromised, so you are just as guilty as me for just writing it off as being a possibility.
I'll say it again: My primary issue, all rage aside, is that their customer service is horrendous and real security measures should have been in place to prevent this. I could care less how it happened.
Please visit my youtube channel for some H1Z1/DayZ casual roleplay videos!
Its interesting that in today's society we don't expect people to be responsible for supporting themselves, getting their own health care, providing for the children they bring into this world, paying their lawfully incurred debts, remembering to bring an ID to the polls, or using their turn singals while driving.
But, you had better not use the same sign up information for a video game that use you on an internet website! Because that is just plain irresponsible and you should be accountable for your actions!
Can see you have alot of issues notably political ones which should not be discussed here. IE the ID at the voting polls being anything other then the ID used for years from the voting registration office. That said, the responsibility is with the players to make sure they are doing what needs to be done to protect their accounts, however, until recently Anet didn't have a secure email system to protect account information from changing. I too had my account info changed however i received an email from them just after this system wide change and i was able to change my password loginto the game and boot whomever was using my account.
The problem is most people don't want to use the facts in cases inside or outside of the games.
The real "villains," here are clearly the hackers, and while I don't claim ANet just allowed this to happen, they should have had better systems in place to protect their customers (and therefore investments) and in the event that this does happen it shouldnt take 7 days to get your account back. That is just insane.
I know I'm repeating what everyone else says but it seems it needs to be repeated again and again.
Don't use the same password for 2 different sites. Every single one of those 11,000 people not only used the same email but they used the same password for a 3rd party fan site(and I bet they had the same password for the email account as well meaning the hacker had access to their email to initiate the account change and delete the email from Anet, so that the victim never even saw the email). Why would anyone do this? I suppose because they just want to have to remember 1 password for everything. Sure that makes life easy, but one place on the web gets hacked and they have access to every site you use that password and email at.
Here's a tip. There are many really useful password progams that are completely free to use. Get one and generate a unique password for every website you visit. Just google 'password programs', read up on several reviews from reputable security sites and pick one. Get one that supports an app for whatever type of browser you use and install it. Doing that limits the hackers to just the site they actually hacked.
I'll say it again: My primary issue, all rage aside, is that their customer service is horrendous and real security measures should have been in place to prevent this. I could care less how it happened.
would it really have prevented it in your case though? They had your username and password. They could have logged in and cleaned you out just the same, your account still would have been hacked, it just wouldnt have been stolen.
well speaking has a person who's gw2 account has been hacked i will say this.i accept that it was my fault probably that i got hacked..what i dont accept is the length of time its taking Anet to sort it out.some people have been waiting for days to get theres back.me i've been waiting 48 hrs.this is unacceptable.no other company i know takes this legth of time to sort accounts out..also nc soft have an authenticator on Aion..that stems back a few yrs i think..why was'nt this implemented at the start.has i've said before not everyone is computer savvy.i for one have learnt a harsh lesson and wont make the same mistake again.
Ask yourself this question if Anet had the authenticator in place,would we be looking at these numbers..i guess not..but if i had'nt been stupid in the frst place this would'nt have happened either.i have to take responsibility,but Anet are just as much to blame..they must have known this was bound to happen given how popular this game is.
One more thing i will say is that it should'nt matter what pw or account name i have..i should be allowed to play a game i paid genuine money for without some low life stealing off me.
Originally posted by fahadjafar most of these people have same password for all of their email, social site, game site and every other kind of site accnt. it is very much easy to crack these kind of passwords. my WoW accnt never got hacked, yet i see lots of forum qq about hacked accnt in blizz forums. they make mistakes and then blame the company. whether it is WOW or eq2 or swtor or gw2, same scenario everywhere. we live in a sad world.
I've been hacked twice.
With Firefox+NoScript+Adblock+All Thirdparty content blocked+Firewall+Exe monitoring+unique emails & passwords generated for everything to maximum length.
Nobody online has even ever had my real name, let alone my primary email addresses that go through four layers of fowarding each.
.some people have been waiting for days to get theres back.me i've been waiting 48 hrs.this is unacceptable.no other company i know takes this legth of time to sort accounts out
this is totally false, especially at a game's launch. Not saying ANet couldnt be doing better by any stretch, but this is hardly unprecedented.
I use a diffrent email for both internet site's and mmo's, i have been hacked once in 15 years of playing. Dont blame a studio when players themselves dont watch their own security...
But the security could be better for GW2 accounts, thats a fact
The reason this has faults pointing to Anet is they have to know the state of the industry for 2012. The game needs a second level of authentication, the WoW method my least favorite. Steam or a in game PIN my favs. The game was going to be a monster, meaning the hackers were waiting with baited breath. They should have known this and been prepared to assume the player isn't using the best security habits. They didn't and now it's a pain in the ass for them.
I use a diffrent email for both internet site's and mmo's, i have been hacked once in 15 years of playing. Dont blame a studio when players themselves dont watch their own security...
But the security could be better for GW2 accounts, thats a fact
Players shouldn't be idiots but developers shouldn't be idiots as well with basic security. It's a two-way street after all, just imagine a bank with bad online account security and only blaming the customers
/No hacked account so not trying to rationalize anything
I'm not a member of any fansite and my account was hacked today, I've barely had the game and already my £65 has gone walkabout! I wonder what state it will be in if/when I get to play my char again?
GW2 is a good game but this is some pretty **** poor managment.
"Of all tyrannies, a tyranny sincerely exercised for the good of its victims may be the most oppressive. It would be better to live under robber barons than under omnipotent moral busybodies. The robber baron's cruelty may sometimes sleep, his cupidity may at some point be satiated; but those who torment us for our own good will torment us without end for they do so with the approval of their own conscience"
Sadly, my account password was hacked, however I have my acccount set to only login from my IP address. I suggest everyone does this because this is the first time any of my accounts passwords have been hacked and by that i mean 7 years of playing online and this is the first time. I do not tell anyone my password, i do not keep it on my computer, i change it reguarly and it still happened. So please take my advice and make it so you activate your accounts email and have it set so only your IP address can login without email authetication. It saved my account.
Poor realistically there isn't much Arena net could have done against a brute force password cracker. Now if it was a database leak then its all their fault. However, at least they gave us the extra added security of email authen.
Damn gold spammers and in my case china(because this is where the hacker was).
Best of luck to everyone! Authenticate your email and change those passwords regularly!
just LOVED this "a majority (maybe 90%+) of those hackers comes from China". I'm sure he read this off the internet and OMG you know its true. Anyway I keeped getting emails from them saying someone keep asking to reset my password. But its not that hard to see where the request is coming from. These companys get hacked all the time and we just don't read about it. The joe publc would go crazy if they new the truth.
People always think its the users fault on any hack. Like not to long ago my credit card got hacked. I new for sure it had to be my falut going to some supid site. But the bank calls and some big name biz got hacked and they got numbers. They said it happens all the time. We just NEVER read or hear about it.
So if they get your password its not because they put some viruse on your computer and waited and watched or hacked you lol. ANYTHING coming in can be traced. This is not like the movies where they bounce it off different countrys so you cant trace them. Its just they come from somewhere outside the US and its just not worth the price to go after them.
Just change your passwords every now and then. Stay away from stupid sites. No I dont mean porn.. but those are really bad.
So far the day GW2 made sure I was the only one from IP address.. I have never got a "asking to change password". They will either hack your email or get a awesome guess... but hey I dont know anything.. I am no one.. ..yeah I am just guessing at all this
..I agree anytime they make you use your EMAIL for a login.. But this is GW2.. all they can get my stuff I can never keep so .. who cares life is short.
Comments
Agreed. they did hire more people but the fact is they arent going to be perfect at it overnight. Blizzard used to be absolutely atrocious in fixing hacked account issues, but over the years they got it down to having you fully restored in minutes. It sucks that it takes so long, but it should get better. And if it doesnt, thats when its time to complain hardcore.
Yes a majority (maybe 90%+) of those hackers comes from China, they're big on hijacking gaming accounts and stealing items and deleting characters. My old hotmail account (I don't use it on anything anymore) still gets "account compromised" and "confirm your email" and "reset password" messages for games I've never played. I used that email on some websites years ago, so it obviously fell into Chinese hands and they're using it to see if I used it on games. Even if you have [email protected] on some website and the Chinese has it, they'll attempt to try and log into GW2 with that email (and password they think you used) and see if it exists, if it doesn't they'll move on but if it does, they'll try over and over until they succeed, so your old emails are still being used even if games you play doesn't have that email.
LinkedIn for example was recently hacked, my business email has never ever received an email from LinkedIn even though it was the LinkedIn login, but after the news of the hack I received some odd emails on that account and I haven't used LinkedIn in over a year- my business email obviously fell into hackers' hands when they broke into LinkedIn.
It was GW2guru that got hacked NOT TSWguru or RIftguru - that is why GW2 was the target. Some people can't actually read anything before they hit reply.
When did I admit it was my fault? I am anal about passwords, have randomly generated them, use letters numbers and special characters, the whole nine yards. I said SOME PEOPLE are to blame, never said I was.
I hope it doesn't happen to you, but if it does you will be singing a very different tune. I don't want ANet to fail, and your personal attacks against my character are cute but I am the first to admit when I fuck up. What I am saying is MY USERNAME SHOULD NOT BE ABLE TO BE CHANGED WITHOUT ANY FORM OF CONFIRMATION WHATSOEVER.
If you haven't seen what happens when you get hacked, well here you go:
Someone -hopefully you!- has requested to change the email address associated with your Guild Wars account.
Need help or have questions about your Guild Wars account? Visit our support site: http://support.guildwars2.com/ .
Thanks!
-The ArenaNet Team
Someone (hopefully me!) changed my email and thats it. And a generic link to the support page if it wasn't me. Fantastic security measures there. And no, I did not recieve a confirmation email that was deleted by the same hacker accessing my email address because A) like I said ,I use different passwords and I have my email open all day and did not recieve any email from ANet other than this one.
Claim I dont have good intentions all you want, but I am sure there are 11,000 other people right now who would at least like some kind of response from ANet other than a post on their forums that says we will get to you within 72 hours.
Please visit my youtube channel for some H1Z1/DayZ casual roleplay videos!
https://www.youtube.com/channel/UCrQoK5VZlwBBzpsksmXtjMQ
Except thats not what you were saying before. You have been talking about arenanet being hacked.
My post still stands. Sympathy does not get extended to people that try to turn an informative post into a hate fest. And you are still trying to pass off blame. I agree with you wth the red part, but you should be discussing that not implying that arenanet has been hacked.
Not sure if you were being sarcastic so at the risk of looking stupid - I agree completely.
I should have known to make a brand new email just for Guild Wars 2, because everyone obviously does that for every game, right? The real "villains," here are clearly the hackers, and while I don't claim ANet just allowed this to happen, they should have had better systems in place to protect their customers (and therefore investments) and in the event that this does happen it shouldnt take 7 days to get your account back. That is just insane.
"Except thats not what you were saying before. You have been talking about arenanet being hacked.
My post still stands. Sympathy does not get extended to people that try to turn an informative post into a hate fest. And you are still trying to pass off blame. I agree with you wth the red part, but you should be discussing that not implying that arenanet has been hacked."
Yeah. I'm trying to pass off blame. On the internet. On a forum. Because that helps me somehow. And I really want your sympathy, too. I have my doubts that you are a Cyber Security Expert that knows for a fact that ANet wasn't compromised, so you are just as guilty as me for just writing it off as being a possibility.
I'll say it again: My primary issue, all rage aside, is that their customer service is horrendous and real security measures should have been in place to prevent this. I could care less how it happened.
Please visit my youtube channel for some H1Z1/DayZ casual roleplay videos!
https://www.youtube.com/channel/UCrQoK5VZlwBBzpsksmXtjMQ
Can see you have alot of issues notably political ones which should not be discussed here. IE the ID at the voting polls being anything other then the ID used for years from the voting registration office. That said, the responsibility is with the players to make sure they are doing what needs to be done to protect their accounts, however, until recently Anet didn't have a secure email system to protect account information from changing. I too had my account info changed however i received an email from them just after this system wide change and i was able to change my password loginto the game and boot whomever was using my account.
The problem is most people don't want to use the facts in cases inside or outside of the games.
thats regrettable and poor service - i agree
EQ2 fan sites
I know I'm repeating what everyone else says but it seems it needs to be repeated again and again.
Don't use the same password for 2 different sites. Every single one of those 11,000 people not only used the same email but they used the same password for a 3rd party fan site(and I bet they had the same password for the email account as well meaning the hacker had access to their email to initiate the account change and delete the email from Anet, so that the victim never even saw the email). Why would anyone do this? I suppose because they just want to have to remember 1 password for everything. Sure that makes life easy, but one place on the web gets hacked and they have access to every site you use that password and email at.
Here's a tip. There are many really useful password progams that are completely free to use. Get one and generate a unique password for every website you visit. Just google 'password programs', read up on several reviews from reputable security sites and pick one. Get one that supports an app for whatever type of browser you use and install it. Doing that limits the hackers to just the site they actually hacked.
would it really have prevented it in your case though? They had your username and password. They could have logged in and cleaned you out just the same, your account still would have been hacked, it just wouldnt have been stolen.
Playing the Devil's advocate here but have you got proof to back up that little " fact " ?
well speaking has a person who's gw2 account has been hacked i will say this.i accept that it was my fault probably that i got hacked..what i dont accept is the length of time its taking Anet to sort it out.some people have been waiting for days to get theres back.me i've been waiting 48 hrs.this is unacceptable.no other company i know takes this legth of time to sort accounts out..also nc soft have an authenticator on Aion..that stems back a few yrs i think..why was'nt this implemented at the start.has i've said before not everyone is computer savvy.i for one have learnt a harsh lesson and wont make the same mistake again.
Ask yourself this question if Anet had the authenticator in place,would we be looking at these numbers..i guess not..but if i had'nt been stupid in the frst place this would'nt have happened either.i have to take responsibility,but Anet are just as much to blame..they must have known this was bound to happen given how popular this game is.
One more thing i will say is that it should'nt matter what pw or account name i have..i should be allowed to play a game i paid genuine money for without some low life stealing off me.
I've been hacked twice.
With Firefox+NoScript+Adblock+All Thirdparty content blocked+Firewall+Exe monitoring+unique emails & passwords generated for everything to maximum length.
Nobody online has even ever had my real name, let alone my primary email addresses that go through four layers of fowarding each.
So...yeah...
this is totally false, especially at a game's launch. Not saying ANet couldnt be doing better by any stretch, but this is hardly unprecedented.
I use a diffrent email for both internet site's and mmo's, i have been hacked once in 15 years of playing.
Dont blame a studio when players themselves dont watch their own security...
But the security could be better for GW2 accounts, thats a fact
Players shouldn't be idiots but developers shouldn't be idiots as well with basic security. It's a two-way street after all, just imagine a bank with bad online account security and only blaming the customers
/No hacked account so not trying to rationalize anything
My passwords are different, and I get home tonight and my account is hacked. Can no longer access my account.
Thanks arena net.
I'm not a member of any fansite and my account was hacked today, I've barely had the game and already my £65 has gone walkabout! I wonder what state it will be in if/when I get to play my char again?
GW2 is a good game but this is some pretty **** poor managment.
"Of all tyrannies, a tyranny sincerely exercised for the good of its victims may be the most oppressive. It would be better to live under robber barons than under omnipotent moral busybodies. The robber baron's cruelty may sometimes sleep, his cupidity may at some point be satiated; but those who torment us for our own good will torment us without end for they do so with the approval of their own conscience"
CS Lewis
Sadly, my account password was hacked, however I have my acccount set to only login from my IP address. I suggest everyone does this because this is the first time any of my accounts passwords have been hacked and by that i mean 7 years of playing online and this is the first time. I do not tell anyone my password, i do not keep it on my computer, i change it reguarly and it still happened. So please take my advice and make it so you activate your accounts email and have it set so only your IP address can login without email authetication. It saved my account.
Poor realistically there isn't much Arena net could have done against a brute force password cracker. Now if it was a database leak then its all their fault. However, at least they gave us the extra added security of email authen.
Damn gold spammers and in my case china(because this is where the hacker was).
Best of luck to everyone! Authenticate your email and change those passwords regularly!
just LOVED this "a majority (maybe 90%+) of those hackers comes from China". I'm sure he read this off the internet and OMG you know its true. Anyway I keeped getting emails from them saying someone keep asking to reset my password. But its not that hard to see where the request is coming from. These companys get hacked all the time and we just don't read about it. The joe publc would go crazy if they new the truth.
People always think its the users fault on any hack. Like not to long ago my credit card got hacked. I new for sure it had to be my falut going to some supid site. But the bank calls and some big name biz got hacked and they got numbers. They said it happens all the time. We just NEVER read or hear about it.
So if they get your password its not because they put some viruse on your computer and waited and watched or hacked you lol. ANYTHING coming in can be traced. This is not like the movies where they bounce it off different countrys so you cant trace them. Its just they come from somewhere outside the US and its just not worth the price to go after them.
Just change your passwords every now and then. Stay away from stupid sites. No I dont mean porn.. but those are really bad.
So far the day GW2 made sure I was the only one from IP address.. I have never got a "asking to change password". They will either hack your email or get a awesome guess... but hey I dont know anything.. I am no one.. ..yeah I am just guessing at all this
..I agree anytime they make you use your EMAIL for a login.. But this is GW2.. all they can get my stuff I can never keep so .. who cares life is short.
I have used the internet for nearly 20 years and have never had an account hacked. Last night my GW2 account was hacked and I got the following email:
Someone -hopefully you!- has requested to change the email address associated with your Guild Wars account.
Need help or have questions about your Guild Wars account? Visit our support site: http://support.guildwars2.com/ .
Thanks!
-The ArenaNet Team
I used a unique password for GW2. I am not a member of GW2Guru nor any other GW2 fan site.
Can anyone explain how I was hacked without a flaw in the ANet system? And why there was no confirmation step in the email address change?
My email account is secure - I have checked the recent activity on the account and it is only my access.
Edit: just realised that I have had this account for 7 years and this is my first post. Epic lurker