Seer Of The Divine | Sarina Starlight | Tireasa | Caedyra
Account hacking incident
Seer Of The Divine | Sarina Starlight | Tireasa | Caedyra
Breaking News at 8pm: A GW2 Account was hacked……….
Honestly how many times did that happen in the past and how many times the man in charge came to the forum and told us about it. I mean if the president of Arenanet has the time to come to the forum and talk to us about every hacked account in the future, fine, if the affected players get the same vip treatment !
A ) You shouldn’t be able to do this to multiple agents, if true, without getting a flag, and B ) why the hell doesn’t an account for someone in ANet, especially at Gaile’s level, have extra protection?
No CS agent should be able to give someone access to her kitten without an internal ID number or something along these lines. Not to mention, shouldn’t ANet have their own internal methods of account recovery should they forget their passwords (somehow)?
Oolune :: Engineer — Arrow Of Oolune :: Human Ranger -- Shadow Of Oolune :: Human Thief
Box The Turtle :: Human Warrior — Bolobuns Of Steel :: Human Guardian
Breaking News at 8pm: A GW2 Account was hacked……….
Honestly how many times did that happen in the past and how many times the man in charge came to the forum and told us about it. I mean if the president of Arenanet has the time to come to the forum and talk to us about every hacked account in the future, fine, if the affected players get the same vip treatment !
It was more of an explanation for those who witnessed the GM’s behavior first hand in game, the person who hacked the GM acted very unprofessional muting players and used verbal abuse while doing so. Mo isn’t giving any VIP treatment he is explaining the damage the hacker caused was not made by a GM.
Is Social Engineering a clever way to say “charmed”? I’m just not familiar with such a term.
Social Engineering is one of the oldest “hacking” procedures if you would like to call it that way, it requires no technical but instead social skills. It means that you get person A to give you something that is the the property of person B (be it information, data, whatever) by convincing person A that you are person B. In times of digital communication this has gotten easier because you don´t see each other face to face. One of the more spectacular cases of SE happened 2015 where a student got access to the private mail account of CIA director Brennan for 3 days.
Gaile, did you send in a ticket to yourself? Lol..I’m just teasing. Hope you get your stuff back
Mo isn’t giving any VIP treatment he is explaining the damage the hacker caused was not made by a GM.
Sorry but what “damage” has been caused to others than Gailes account ? He/She took over her account and gave out her stuff. Bad for Gaile, i guess nice for the people who got her stuff, end of story. It has been said that her account had no acces to cheat or manipulate the game itself. So i don´t get the fuzz.
established and well documented policies are great, but humans are a factor here.
That says it all and I’m sure you know that. Don’t let someone who hates their job damage your customers.
I’m pretty sure Gaile was the Team Lead for the CS Team, just as Michael is now.
According to Michael, she used to ‘handle tickets’, just as he does now.
My bad then. I stand corrected.
No, Rose, you were correct.
I was never CS Lead. I was Support Liaison, and the thread I created and maintained was in place to allow me to review CS decisions and see if we could come up with a better outcome for players. It also allowed me to ask CS of they could handle tickets that may have lingered too long in the system, or have fallen through the cracks. I didn’t make CS decisions; I aided players in getting the most positive outcome possible. So as you can see, I wasn’t making decisions — I was helping players.
And whether I was CS Lead or not, saying “You deserved it” is inappropriate and cruel.
Saying I failed at that job — which incidentally I have not held in two years — is unfair and inaccurate. If an agent erred in handling someone’s issue, or if there were security issues that were not handled to the satisfaction of a player or group of players, whyever would it be seen as “karma” for me, personally, to suffer loss?
And saying “We/I did this to get your (company’s) attention” is reprehensible. Hurting a person to send a message is inhumane and wrong.
Gaile, can’t your co-workers roll-back your account?
Did this hurt you in any other way than missing items?
Don’t mix the message the activist tried to send, with mean reactions from community. It’s two very separate things. I know activism can hurt but it has it’s purpose, do you disagree?
We have a great team of customer support agents who follow these policies, and the hacker tried a bunch of times and found one agent who didn’t.
We take your account security seriously and will continue to do everything we can to ensure that our support team consistently applies this security policy and prioritizes protecting you from account hackers.
MoThese two sentences bother me the most.
WHY wasn’t Gaile’s account flagged after the first two or three attempts? Do your CS reps not talk to eachother?
Color me skeptical about just how seriously you take account security.
People are people and are lazy. Not making notes, not marking check boxes in their internal systems, having longer breaks, whatever. I see this everywhere.
Though if such things happen even through internal policies, there’s something wrong with the company culture (not Anet, the one they outsource).
Employees at such positions often try to figure out how to make their work day easier, how to increase their performance numbers etc. And even if they dont “try”, this kind of comes naturally. And it’s up to that particular employee to stay professional over time.
Imagine scenario nobody minded or noticed this for a long time. You push the limits, you do things the lazy way more and more often… and soon part of the whole team can become toxic in such way, where coaches teach the newcomers wrong ways so they can go for coffee and chat sooner.
I might be wrong at this, also don’t take it word by word, though this is how it often looks like to me.
Not only personal experiences.
Thankfully it was only the original Guild Wars amirite ANet wink wink nudge nudge
/continue ignoring what made grind wars 2 possible
I’m pretty sure Gaile was the Team Lead for the CS Team, just as Michael is now.
According to Michael, she used to ‘handle tickets’, just as he does now.
My bad then. I stand corrected.
No, Rose, you were correct.
I was never CS Lead. I was Support Liaison, and the thread I created and maintained was in place to allow me to review CS decisions and see if we could come up with a better outcome for players. It also allowed me to ask CS of they could handle tickets that may have lingered too long in the system, or have fallen through the cracks. I didn’t make CS decisions; I aided players in getting the most positive outcome possible. So as you can see, I wasn’t making decisions — I was helping players.
And whether I was CS Lead or not, saying “You deserved it” is inappropriate and cruel.
Saying I failed at that job — which incidentally I have not held in two years — is unfair and inaccurate. If an agent erred in handling someone’s issue, or if there were security issues that were not handled to the satisfaction of a player or group of players, whyever would it be seen as “karma” for me, personally, to suffer loss?
And saying “We/I did this to get your (company’s) attention” is reprehensible. Hurting a person to send a message is inhumane and wrong.
I really don’t get people who go through so much trouble to cause such malice. I hope you got your stuff recovered ;(
I’d be really sad if I got on my GW1 account and my gorgeous skimpy mummy and his glorious shiny armor was gone.
Can you not add sms protection to gw1 so this doesn’t happen again?
Sms protection is like the opposite of safety. It puts the ball in the court of your phone service provider. linus tech tips got h@ackeD through that method recently.
The Tiny Yuno Sniper of Ebay [EBAY]
Oh, wow. Poor Gaile! *sending warm internet fuzzies to Gaile*
Thanks for letting us know this happened. It goes such a long way to be honest about this sort of incident. I have a lot of faith in the protections set up for our accounts (I know first hand how hard it is to get around the 2-step authentication process if you forget any part of it!), and know you’ll continue to improve and strengthen account security for our benefit.
Thanks again, and hopefully you fix it so Gaile gets all her stuff back where she wants it.
It was the most unexpected thing in this game so far…
Gaile-the right hand of Anet got hacked…
We are not save if Gaile is not…
But keep on thinking that Game companies don’t need similar level of security that you find at banks in today era of Technology.
I didn’t say that. I said it was a good suggestion.
Founding member of [NERF] Fort Engineer and driver for [TLC] The Legion of Charrs
RIP [SIC] Strident Iconoclast
I used to do CS for a large banking company in my area. We would occasionally have somebody call in & attempt to fraudulently gain control of a customers account. After the first attempt, notations would be made on the account to give the next CS rep a heads up. After the second attempt, the account would be marked as “Transfer to Fraud Dept Immediately” if the hacker called again and the account would be locked down. The customer would also be notified.
Long story short – At what point was Gaile notified and what, if any, actions were taken by your CS team to secure the account before it was compromised?
If this is how your CS team handles situations like this, then we have a problem.
Probably a few thousand problems.
Game companies are not banks. There isn’t the same amount of risk involved. But the world is changing as is the nature of online gaming and your suggestion is a good one for them to consider.
I’m well aware that they aren’t the same thing nor same amount of risk. But thanks for being condescending.
My point was, as others have said, the security measures in place aren’t working if all it takes is one CS rep not following the rules to compromise an account.
How was I condescending? That wasn’t my intent at all! My writing style is for public consumption. You are not the only one reading posts here. I would expect you to be aware of the point, but not everyone reading this is.
Founding member of [NERF] Fort Engineer and driver for [TLC] The Legion of Charrs
RIP [SIC] Strident Iconoclast
And saying “We/I did this to get your (company’s) attention” is reprehensible. Hurting a person to send a message is inhumane and wrong.
I am sorry this happened to you. You are probably the most loved employee in Guild Wars and that made you the perfect icon to hack to make a statement. You could compare this to a whistleblower in a big company. He is against the work ethics, but his management does not want to listen, so he’s going outside to journalists to show what is really happening to force the company to act on what they are doing wrong.
As you can already see by those few posts in this thread, hacking accounts has been way too easy in Guild Wars and getting your banned accounts back aswell. This has resulted into many problems we have now a days in Guild Wars.
First of all because of the influx of all these old accounts it made syncing a lot easier at every level. They are syncing HA, GvG, RA, JQ and they even used to sync AB during the AB week. I wouldn’t even dare to say what else they could sync.
Second this has lead to many many bots being played in PvP and PvE, because there is no threat of being banned and losing your account. Those players don’t even care to hide their bots, because they know there is no risk, ruining this for the players who want to play this game fair.
And then you ask yourself, why are they doing this? They are doing this because they are making big money by syncing and selling bots. They profit on the loyal fanbase this game has left by RMT.
Sadly, now the playerbase has been very cynical about how the game has been ran the last few years and this is not getting any better if there aren’t any actions being taken. First of all obviously account security has to be improved, for your own account aswell, Gaile. Then a huge banwave on all those alt accounts would be ideal. Banning obvious botters and muting goldsellers would be above expectation. Shutting down the most famous botselling and goldselling site would be something no one could dream about… Atleast not the cynical, but loyal playerbase left.
I was actually there in game when the hacker was using Gaile’s account. Aside from the trolling and trading of her items, the hacker actually had good intentions for the game. The trims that were removed were trims that were bought and sold going against the ToS. He was deleting those trims because they were not genuinely made and were sold. Aside from getting rid of the fraudulent trims he was trying to ban/mute all of the bots spamming cities. If you didn’t know, GW1 has a massive issue with bots where they spam all cities and ruin player experience. The hacker couldn’t figure out how to ban people at first so he tried muting them all but simply leaving the map removes a mute so he gave up with that. Later he told us that he found the command to ban the bots but there was something wrong with the syntax so that didn’t work either. (And I was really sad about that because I wanted to see some Dhuum action! )
Yes, the hacker did a bad thing and should have never taken over Gaile’s account but he did things that the GW1 player base have been asking for years. Many people in map chat were saying that “the hacker has done more good for the game than anet has done in 4 years”.
Just finished catching up on this thread…
Very sorry to hear that Gaile lost stuff on her account and my wish is that it could be restored. As someone else pointed out, the hacker already “proved a point” by gaining access. Shooting the messenger was unnecessary.
Founding member of [NERF] Fort Engineer and driver for [TLC] The Legion of Charrs
RIP [SIC] Strident Iconoclast
I was actually there in game when the hacker was using Gaile’s account. Aside from the trolling and trading of her items, the hacker actually had good intentions for the game. The trims that were removed were trims that were bought and sold going against the ToS. He was deleting those trims because they were not genuinely made and were sold. Aside from getting rid of the fraudulent trims he was trying to ban/mute all of the bots spamming cities. If you didn’t know, GW1 has a massive issue with bots where they spam all cities and ruin player experience. The hacker couldn’t figure out how to ban people at first so he tried muting them all but simply leaving the map removes a mute so he gave up with that. Later he told us that he found the command to ban the bots but there was something wrong with the syntax so that didn’t work either. (And I was really sad about that because I wanted to see some Dhuum action!
Yes, the hacker did a bad thing and should have never taken over Gaile’s account but he did things that the GW1 player base have been asking for years. Many people in map chat were saying that “the hacker has done more good for the game than anet has done in 4 years”.
OK but then he gave away Gaile’s stuff. Such a great guy. /sarcasm
Founding member of [NERF] Fort Engineer and driver for [TLC] The Legion of Charrs
RIP [SIC] Strident Iconoclast
The public disclosure of this incident is very impressive. Within computer security research, its often acknowledged that social engineering is one of the least reported and most hushed area, where most companies would rather admit loosing a whole database of users personal data rather than admitting to be a victim of a scam artist. A common perception is that hackers has some magic pixie dust that allow them to steal nuclear codes with just the use of a phone (a recorded historical belief) so being hacked is something that just happens, while falling for a scam artist is commonly associated with feelings of being ashamed. Major points to a company that less than a year ago got major negative press for a lack of communication.
To Gaile, I’m sorry to hear that they destroyed so much in gw1. I remember the community events where so many people gave items to you in appreciation, and it feels bad to hear that those items are now gone. The frog events were one of the best method of communication that anet every did, and I recall them as being received unanimously positive. Even the trolls took a day off.
This wasn’t social engineering, the guy (from the screenshots on imgur linked from reddit) basically said “hi change my email from <legit sounding email> to <totally implausible sounding email>” and they just said “ok if you give us some more details” and he proceeded to give them an address that didn’t even match the one on the account.
Also admits on reddit to doing this to various other people, it took getting hold of a GM account to get anything done.
As an exercise in highlighting security I hope it achieves something, removing stuff from the account was bad tho, that ruined any positives that could have come from this for me and I hope the stuff is returned.
pve, raid, pvp, fractal, dungeon, world clearing, legendary questing.. Zapped!
I’m sorry to hear about this. Did you ID the low life that did this?
I’d suggest a back end process that requires the approval of a senior CS agent before doing anything that might compromise an account. The accounts owned by ANet employees should have some kind of red flag system that requires approval of a supervisor that knows the person before changes are made.
And saying “We/I did this to get your (company’s) attention” is reprehensible. Hurting a person to send a message is inhumane and wrong.
I am sorry this happened to you. You are probably the most loved employee in Guild Wars and that made you the perfect icon to hack to make a statement. You could compare this to a whistleblower in a big company. He is against the work ethics, but his management does not want to listen, so he’s going outside to journalists to show what is really happening to force the company to act on what they are doing wrong.
As you can already see by those few posts in this thread, hacking accounts has been way too easy in Guild Wars and getting your banned accounts back aswell. This has resulted into many problems we have now a days in Guild Wars.
First of all because of the influx of all these old accounts it made syncing a lot easier at every level. They are syncing HA, GvG, RA, JQ and they even used to sync AB during the AB week. I wouldn’t even dare to say what else they could sync.
Second this has lead to many many bots being played in PvP and PvE, because there is no threat of being banned and losing your account. Those players don’t even care to hide their bots, because they know there is no risk, ruining this for the players who want to play this game fair.
And then you ask yourself, why are they doing this? They are doing this because they are making big money by syncing and selling bots. They profit on the loyal fanbase this game has left by RMT.
Sadly, now the playerbase has been very cynical about how the game has been ran the last few years and this is not getting any better if there aren’t any actions being taken. First of all obviously account security has to be improved, for your own account aswell, Gaile. Then a huge banwave on all those alt accounts would be ideal. Banning obvious botters and muting goldsellers would be above expectation. Shutting down the most famous botselling and goldselling site would be something no one could dream about… Atleast not the cynical, but loyal playerbase left.
Except he forfeited any nobility of his actions when he started giving away items. Then he simply became an kitten.
Oolune :: Engineer — Arrow Of Oolune :: Human Ranger -- Shadow Of Oolune :: Human Thief
Box The Turtle :: Human Warrior — Bolobuns Of Steel :: Human Guardian
I’m sorry to hear that happened to you, Gaile. I hope you get the opportunity one day to kick ’em somewhere sensitive.
This reminds me of the Big Bang Theory scene in which Todd Zarnecki gets “kicked somewhere sensitive”.
I reckon Gaile’s way too nice of a person for that… but… you never know!
Gaile, you must know by now that you’re Tyria’s version of a “National Treasure”. It’s very sad that with greatness comes a high chance to be targeted.
(edited by Sarie.1630)
Looking at the bigger picture, I am glad this happen, and I am glad this happen to a really important person like Gaile, because I think sometimes this kind of things is needed. Yes, it’s really wrong to abuse a power like that, but this thing also happens for a reason. Looking at the reddit thread, and all the screenshots, the person did try to warn the people in the game about the security breach and also try to warn anet about this thing months ago on reddit, but anet said it’s impossible to hack something and ignore this person who actually trying to help and warn them to prevent this kind of security breach. My main account is linked to gw1 and I barely play that game, now, this is something so terifying for us customer, especially who buy gems and have all their real info in the game to buy gemstore items etc. I feel sorry for Gaile, yes I really do, but I also thank the hacker to try to prove a point(After countless of time being ignored) Hopefully they fix this terrible mess asap. I wish I can un-link my gw account but I guess it’s impossible.. or can it be done? between ap points and some armors vs my personal info being stolen .. I think I will choose to loose ap and some useless ingame items.
Looking at the bigger picture, I am glad this happen, and I am glad this happen to a really important person like Gaile, because I think sometimes this kind of things is needed. Yes, it’s really wrong to abuse a power like that, but this thing also happens for a reason. Looking at the reddit thread, and all the screenshots, the person did try to warn the people in the game about the security breach and also try to warn anet about this thing months ago on reddit, but anet said it’s impossible to hack something and ignore this person who actually trying to help and warn them to prevent this kind of security breach. My main account is linked to gw1 and I barely play that game, now, this is something so terifying for us customer, especially who buy gems and have all their real info in the game to buy gemstore items etc. I feel sorry for Gaile, yes I really do, but I also thank the hacker to try to prove a point(After countless of time being ignored) Hopefully they fix this terrible mess asap. I wish I can un-link my gw account but I guess it’s impossible.. or can it be done? between ap points and some armors vs my personal info being stolen .. I think I will choose to loose ap and some useless ingame items.
People have two choices when it comes to hacking. They can hack, and they can not hack.
Kitten-holes hack.
That’s it.
You don’t need to hack. Noone needs to hack to “prove” anything. Everyone could just act legally and not freaking hack. They certainly don’t need to do what they did to Tyria’s National Treasure.
Take it a step further. Would you break into your best friend’s house, sell off all their stuff, use their PC to send out racist remarks all over twitter and facebook? No? Not even to “prove” that they have a “security breach” for the “good of the country”? But… you implied it’s good that things like this happen from time to time.
Mo isn’t giving any VIP treatment he is explaining the damage the hacker caused was not made by a GM.
Sorry but what “damage” has been caused to others than Gailes account ? He/She took over her account and gave out her stuff. Bad for Gaile, i guess nice for the people who got her stuff, end of story. It has been said that her account had no acces to cheat or manipulate the game itself. So i don´t get the fuzz.
The hacker removed gold trims on guild capes for players who were not the original PvPers that earned the cape’s trim in the first place. Some of these players bought these guilds off the PvPers and I know for sure those deals were not cheap.
Looking at the bigger picture, I am glad this happen, and I am glad this happen to a really important person like Gaile, because I think sometimes this kind of things is needed. Yes, it’s really wrong to abuse a power like that, but this thing also happens for a reason. Looking at the reddit thread, and all the screenshots, the person did try to warn the people in the game about the security breach and also try to warn anet about this thing months ago on reddit, but anet said it’s impossible to hack something and ignore this person who actually trying to help and warn them to prevent this kind of security breach. My main account is linked to gw1 and I barely play that game, now, this is something so terifying for us customer, especially who buy gems and have all their real info in the game to buy gemstore items etc. I feel sorry for Gaile, yes I really do, but I also thank the hacker to try to prove a point(After countless of time being ignored) Hopefully they fix this terrible mess asap. I wish I can un-link my gw account but I guess it’s impossible.. or can it be done? between ap points and some armors vs my personal info being stolen .. I think I will choose to loose ap and some useless ingame items.
People have two choices when it comes to hacking. They can hack, and they can not hack.
Kitten-holes hack.
That’s it.
You don’t need to hack. Noone needs to hack to “prove” anything. Everyone could just act legally and not freaking hack. They certainly don’t need to do what they did to Tyria’s National Treasure.
Take it a step further. Would you break into your best friend’s house, sell off all their stuff, use their PC to send out racist remarks all over twitter and facebook? No? Not even to “prove” that they have a “security breach” for the “good of the country”? But… you implied it’s good that things like this happen from time to time.
The person did tried to do it different ways and tried to warn anet about it but it yields 0 results. Like I said, I am looking all this from the bigger picture, not from just one single incident. Sure it sucks really bad for Gaile, but here we are today with maybe and hopefully a better account security for everybody, thanks to Gaile incident. This thing wont happen if it’s just some random accounts being hacked.
Hope you alright Gaile. You are the best, and I heard yesterday what happened and felt for you. I remember the conga lines you made in Lion’s Arch. Good memories. Take care.
The frog! Tell me the frog is safe!
The frog! Tell me the frog is safe!
I’m sure frog is okay. Gaile showed me frog once, as I’d never met him before and kept asking where he was. Turns out a warrior was sitting on him, and that’s why I couldn’t find the frog. XD
The person did tried to do it different ways and tried to warn anet about it but it yields 0 results. Like I said, I am looking all this from the bigger picture, not from just one single incident. Sure it sucks really bad for Gaile, but here we are today with maybe and hopefully a better account security for everybody, thanks to Gaile incident. This thing wont happen if it’s just some random accounts being hacked.
You’re missing the point.
If noone hacks there is no need to “prove” anything.
The person did tried to do it different ways and tried to warn anet about it but it yields 0 results. Like I said, I am looking all this from the bigger picture, not from just one single incident. Sure it sucks really bad for Gaile, but here we are today with maybe and hopefully a better account security for everybody, thanks to Gaile incident. This thing wont happen if it’s just some random accounts being hacked.
You’re missing the point.
If noone hacks there is no need to “prove” anything.
Oh wow .. lmao .. well ser/madam .. I will just ask you to .. please .. if you are looking for a job or looking for a new job, make sure to never apply a job as a CS or anything that involves handling people personal info. your primitive statements in this digital era gave me goosebumps.
Oh wow .. lmao .. well ser/madam .. I will just ask you to .. please .. if you are looking for a job or looking for a new job, make sure to never apply a job as a CS or anything that involves handling people personal info. your primitive statements in this digital era gave me goosebumps.
Nothing I’ve said implies that I would act unlawfully or disrespectfully with anyone’s personal details in my chosen profession.
But my “primitive statement” is correct regardless.
There is absolutely nothing to stop people from acting like decent human beings. The fact that people don’t, and that people like you condone what has been done, is the “reason why we can’t have nice things”.
When it happened to my GW1 account I was told it was my fault for not being secure enough. Yeah. Like others I lost a significant amount of items, miniatures (pre GW:EN) etc and didn’t get anything restored.
It is horrible when it happens.
Wait so, this wasn’t the real Gaile? Sucks, I guess she missed out on meeting a fantastic person such as myself, maybe if she gets lucky enough for our paths to cross again.
The person did tried to do it different ways and tried to warn anet about it but it yields 0 results. Like I said, I am looking all this from the bigger picture, not from just one single incident. Sure it sucks really bad for Gaile, but here we are today with maybe and hopefully a better account security for everybody, thanks to Gaile incident. This thing wont happen if it’s just some random accounts being hacked.
You’re missing the point.
If noone hacks there is no need to “prove” anything.
The world would definitely be better off if no one hacked accounts, stole things, or did anything to harm others. Unfortunately, that ideal is very far from the reality we live in. The fact is that people who break into things only to prove that it can be done are a vital part of keeping our information/money/accounts/belongings secure.
In this case, the person/people that did this to Gaile went too far in taking items off of her account, but proving this inexcusable lack of proper security checks is important for every GW player. The full public disclosure of methods used should also have been saved as a last resort measure. There appears to have been previous attempts to get Anet to acknowledge these problems, so perhaps those responsible thought they had reached that point already. However, I think the amount of attention drawn to this ingame and on reddit would have been more than enough to get a response.
It sucks that his happened to Gaile. She just happens to be one of the most high-profile targets at Anet. And it’s even worse that they decided to be jerks and actually took things from her, instead of just proving their point. But in the end we are all likely to be safer because of it, assuming Anet actually takes this as the wake up call it should be seen as.
The security policies in place now clearly need a great deal of enforcement to ensure CS agents follow them. And there is really no excuse for her account to have not been red flagged by the previous unsuccessful attempts. This was done way too easily.
Seer Of The Divine | Sarina Starlight | Tireasa | Caedyra
But in the end we are all likely to be safer because of it, assuming Anet actually takes this as the wake up call it should be seen as.
I’m glad you believe that. Because I don’t.
They’ve been warned over & over about how easy it is to gain control of accounts with minimal information.
And nothing (that we can see, anyway) has changed.
I’m so sorry that happened to you Gaile, I know I would be devastated if that happened to me.
I hope you get your stuff, especially the frogs back.
(edited by Zalani.9827)
These are all established and documented policies. We have a great team of customer support agents who follow these policies, and the hacker tried a bunch of times and found one agent who didn’t.
Surely if incorrect details are given there should be a flag on the account so customer support is aware that someone has been trying to steal it.
And staff accounts.. they should always raise suspicion..
If there’s a problem with two-factor authentication, it’s when the company gets complacent with its security practices and just tells anybody who gets hacked it was their problem for not using the extra authentication. It’s easy to forget about implementing proper protocols to stop social engineering.
(edited by Eulolia.2467)
Why haven’t you guys aid those affected by your negligence in gw1? The aftermath is still there.
One of the main problems with a socially engineered account take over is that it’s well known that many players do not use their real name or real contact info when they create an account.
I would guess that the reasons range from privacy concerns to people being under age to carelessness, (“it’s only a game!”, etc) to concerns that the system could be hacked and their private data (social security number in the US, address, etc) could be released.
Account Recovery has to remain relatively lax because there are so many people who legitimately own their account, but don’t have very complete or accurate information.
It’s frustrating because I’m willing to include accurate personal information – my real name, telephone number, etc but because there seems to be an assumption that that could all be fake, or somehow all my information could suddenly change – it does not seem like we can establish a permanent ID in the system and then have recovery attempts be based on knowing or proving that info (as opposed to just saying you forgot all your real ID info).
Maybe I’m a bit off in my perception, but I wish there was a way to established a verified ID that includes some static personal information and sets the bar much higher for account recovery.
One of the main problems with a socially engineered account take over is that it’s well known that many players do not use their real name or real contact info when they create an account.
I would guess that the reasons range from privacy concerns to people being under age to carelessness, (“it’s only a game!”, etc) to concerns that the system could be hacked and their private data (social security number in the US, address, etc) could be released.
Account Recovery has to remain relatively lax because there are so many people who legitimately own their account, but don’t have very complete or accurate information.
It’s frustrating because I’m willing to include accurate personal information – my real name, telephone number, etc but because there seems to be an assumption that that could all be fake, or somehow all my information could suddenly change – it does not seem like we can establish a permanent ID in the system and then have recovery attempts be based on knowing or proving that info (as opposed to just saying you forgot all your real ID info).
Maybe I’m a bit off in my perception, but I wish there was a way to established a verified ID that includes some static personal information and sets the bar much higher for account recovery.
I don’t know how lax you expect it to be but when I lost my account info I gave them a picture of my state id or license to prove residency, who I am. To me it’s not unreasonable to prove who you are with your id…
Being lax in their procedures is what caused this (and a lot of other) mess(es).
“Oh, I see here that Gaile has tried about a dozen times tonight to get into her account…. nothing fishy about that.”
(edited by oshilator.4681)
Account Recovery has to remain relatively lax because there are so many people who legitimately own their account, but don’t have very complete or accurate information.
It’s frustrating because I’m willing to include accurate personal information – my real name, telephone number, etc but because there seems to be an assumption that that could all be fake, or somehow all my information could suddenly change – it does not seem like we can establish a permanent ID in the system and then have recovery attempts be based on knowing or proving that info (as opposed to just saying you forgot all your real ID info).
I seem to remember, back in the day, I got locked out of my GW1 account for likely forgetting the password. I contacted support. They wanted scanned copies of my game card showing the activation code.
Now everything is a digital download these things don’t exist, and that’s a shame. Sure – you get an email with the game code in it, but presumably cracking an email account is as easy to a hacker as it is to break into your game. Perhaps the way around it is to actually send out physical cards to people who buy the game. A hacker would have to be really committed to fly from the US to deepest Poland just to steal someone’s physical game proof. Equally, however, it’s an easy thing to lose – and I’m sure it would not be worth the hassle for ArenaNet to find a way around lost cards.
Sure – you get an email with the game code in it, but presumably cracking an email account is as easy to a hacker as it is to break into your game.
I make a separate unlinked email account for each online game I play; one that is solely devoted to that game. It’s not perfect, just like anything else, but it means if one email account is breached, the others are safe from that same attack… including my general/personal email.
Don’t care how justified this person felt they were, they were simply wrong in doing it this way. They could have just as easily did this and then returned everything to prove their point, at the end of the day it was wrong and anyone supporting it should be banned from GW2.
Have had 5 friends that had to deal with bad customer service for this game, not exactly shocking or surprising to hear about this. Guess there’s a post cause it happened to an employee, wonder how many other similar cases have happened because a customer rep slipped up before this, how many of those cases fell through the cracks.
North Keep: One of the village residents will now flee if their home is destroyed.
“Game over man, Game Over!” – RIP Bill