Seer Of The Divine | Sarina Starlight | Tireasa | Caedyra
Account hacking incident
Seer Of The Divine | Sarina Starlight | Tireasa | Caedyra
I have heard many storied like this and it does affect my view on playing GW2 also. I have been considering buying more gems but this is one reason why I am having trouble making that decision. Why spend real money on a game when things like this can happen?
One thing I want to know is why Anet refused to replace items when stuff like this happened. I also heard a story of a player that was banned for trying to get his own account back.
Guild Wars had an account recovery/rollback option added in late 2011, which is a feature that carried over to GW2. They can restore your account back to one of its recent snapshotted states. It will likely result in some progress loss, as the rollback will revert to some time shortly before the account was lost. But it’s still much better to lose a few days/weeks, than to lose everything you have earned.
I wouldn’t want my entire account rolled-back because someone else stole my account. That’s a terrible idea unless they can roll it back to exactly the time the account was stolen (i.e. I don’t lose anything). If they have a snapshot of my account, they should replace anything I lost, not force me to lose EVEN MORE!
You’re not losing more, you’re recovering all but the most recent earnings.
If they have a snapshot of my account, they can look at it and give me back anything that is missing. Or they can rollback my account to some time before my account was hacked which causes me to lose anything between that time and when my account was hacked. The first option returns more. So yes, a rollback would cause me to lose more than just returning what was lost.
They would have no record of what you had gotten after the most recent snapshot. Typically, stolen accounts are fully cleaned out and often have the characters themselves deleted. Without the rollback, you would be left with nothing at all.
In an unusual case, where some recently acquired items were left intact by the hacker, you would be losing some things. That, however, is not what typically happens with compromised accounts. You would have to choose between keeping what the hacker left, or doing a rollback. The option you’re asking for isn’t possible because they (I believe intentionally) have no tools with the ability to give items to you. A rollback is the only option available to recover anything that was lost.
If everything including the character was deleted, that would be a different situation than the one this thread is discussing, which is what I’m basing my opinion on.
And yes, not having tools to give items to characters is intentional because most of the MMOs I’ve played (almost ALL the triple-A western MMOs) are able to return items that players accidentally lost.
If everything including the character was deleted, that would be a different situation than the one this thread is discussing, which is what I’m basing my opinion on.
And yes, not having tools to give items to characters is intentional because most of the MMOs I’ve played (almost ALL the triple-A western MMOs) are able to return items that players accidentally lost.
This situation is very atypical. Practically all account theft is done to siphon every last bit of value out of the account, and use it for botting/supporting other bot accounts. Spending time developing tools to deal with fringe cases just isn’t a good use of resources.
On top of that, rolling back to a previous state is likely much easier (and less likely to cause problems) than attempting to merge a current state with an older snapshot. In GW2, what would happen with an ascended weapon that was left on the account and had recently been stat-swapped? The older snapshot would have a different weapon listed, as the forge consumes it and gives you a new item, so you would then have an extra weapon you aren’t supposed to own. I don’t how item IDs are tracked, but even swapping runes/sigils on a piece of equipment might create copies in a such a merger if the items don’t have unique identifiers attached to them.
The account recovery option for both games was also very specific in its purpose being only for restoring stolen accounts. It’s a rather reasonable policy, as offering rollback (or the item replacement you’re wanting) opens up the flood gates on support tickets for player mistakes, “my bother did it”, “I was drunk”, or whatever other reasons players might file reports over. It would be nice to see options like that, but there are reasons for them not being available.
Seer Of The Divine | Sarina Starlight | Tireasa | Caedyra
If everything including the character was deleted, that would be a different situation than the one this thread is discussing, which is what I’m basing my opinion on.
And yes, not having tools to give items to characters is intentional because most of the MMOs I’ve played (almost ALL the triple-A western MMOs) are able to return items that players accidentally lost.
This situation is very atypical. Practically all account theft is done to siphon every last bit of value out of the account, and use it for botting/supporting other bot accounts. Spending time developing tools to deal with fringe cases just isn’t a good use of resources.
On top of that, rolling back to a previous state is likely much easier (and less likely to cause problems) than attempting to merge a current state with an older snapshot. In GW2, what would happen with an ascended weapon that was left on the account and had recently been stat-swapped? The older snapshot would have a different weapon listed, as the forge consumes it and gives you a new item, so you would then have an extra weapon you aren’t supposed to own. I don’t how item IDs are tracked, but even swapping runes/sigils on a piece of equipment might create copies in a such a merger if the items don’t have unique identifiers attached to them.
The account recovery option for both games was also very specific in its purpose being only for restoring stolen accounts. It’s a rather reasonable policy, as offering rollback (or the item replacement you’re wanting) opens up the flood gates on support tickets for player mistakes, “my bother did it”, “I was drunk”, or whatever other reasons players might file reports over. It would be nice to see options like that, but there are reasons for them not being available.
While I see your point regarding the rollback vs. another type of recovery of an entire account, I don’t agree that its better for anyone but Anet’s bottom line. If they had a snapshot of my account, and were able to replace individual items and characters, that would be better Customer Service. I agree that it would open them to many requests that might be entirely the player’s fault. But that’s what Customer Service is. What would happen if stores only allowed you to return merchandise if there was something actually wrong with it instead of you just changing your mind or whatever? In other major MMOs, I have had items replaced that I accidentally vendored, or purchased the incorrect item or on the incorrect character, etc. That’s great Customer Service where the company is more concerned with the customer’s experience than their bottom line.
And that’s what the CS Team does here. Restoring lost, deleted, wrong-purchase, etc. items.
Never fear, the Team now has a Character Restore tool, as well.
While I see your point regarding the rollback vs. another type of recovery of an entire account, I don’t agree that its better for anyone but Anet’s bottom line.
It would certainly be better for the players to have those options in dealing with account restorations. But it would probably lead to support responses being more delayed. Anet’s bottom line is definitely a factor in decisions like this. They’re a company and exist to make money, so they aren’t able to do every little thing that is better for their customers.
I think offering item replacement for accidental deletion/allowing someone access your account shouldn’t be a problem support deals with. I prefer resources going to the game itself and giving better support for technical/security/billing/etc problems, not wasting time/money babysitting careless people.
Seer Of The Divine | Sarina Starlight | Tireasa | Caedyra
And whether I was CS Lead or not, saying “You deserved it” is inappropriate and cruel.
When I met you at EGX Rezzed, you were absolutely lovely and signed my game with a little paw print. So, for anyone to say you deserved this is upsetting to me. You did not deserve it. No law abiding Tyrian citizen deserves to get their account broken into.
Make them pay! charr growl
It’s been nearly a week and arena net has done nothing! Those effected by the tragedy have yet to receive assistance or be given ONE WORD that would indicate they plan to help those who were maliciously targeted by the imposter GM. What’s even more astonishing it was gw’s own breach of security that led to this and then a slap in the face when they leave the players with no help. NICE ONE!
I had played GW1 for years and got hacked and lost everything of value. There was no account rollback option at that time. It ended my GW1 experience. I have not seen any evidence that Gaile got her stuff back or ever will. I was VERY upset with ANet for not having a rollback feature for GW1. You have no idea how much it hurts until it happens to you.
Have to admit, despite the unique personalities around these parts, I’m shocked anyone would say, “You deserved it,” or words to that effect.
Really? That’s some sour grapes there.
“lol u got h4xed what a noob”
Honestly, most people are much more vulnerable than they would believe; it just seems like it can never happen to you.
But I assure you; I’ve spent several years helping out sites that deal with malware removal and online privacy. Those kittens that try to hack or exploit people’s personal information are a devious bunch and find ways to counter known methods of prevention and detection to the part where it’s become an art. If one thinks they are secure because they run Malwarebytes, a firewall, and a password that has some extra symbols on them, they are sorely mistaken because those bad folk are aware of such prevention methods, since they probably use it themselves…
Do you have logins on other sites or forums? Do you use separate passwords for all of them? Emails? What about your payment information when you go buy stuff? Sometimes a breach of security in any of those vectors of attack could be potentially out of your control. It doesn’t matter if you’re secure as long as someone that handles your personal information isn’t. https://www.youtube.com/watch?v=caVEiitI2vg
Granted, this attack was based off of social engineering which also goes hand and hand with getting crap on people’s computers, but it really runs off the same concepts— It just takes one time when you let your guard down.
for there you have been and there you will long to return.
(edited by ArchonWing.9480)
Gaile has always been helpful to me in both GW1 and GW2. It’s absolutely horrid that something like this could happen to her. I hope this is a wakeup call for the rest of the business and inspires real change to their system. The CS agent should be dropped like a box of rocks.
Do you have logins on other sites or forums? Do you use separate passwords for all of them? Emails? What about your payment information when you go buy stuff? Sometimes a breach of security in any of those vectors of attack could be potentially out of your control. It doesn’t matter if you’re secure as long as someone that handles your personal information isn’t. https://www.youtube.com/watch?v=caVEiitI2vg
It really is a necessity now to make sure that every single online account you have has its own unique password. If your login info is shared, a single website/forum/etc data breach could lead to you losing dozens of accounts to hackers. And the recent string of attacks on youtubers highlighted in that video shows just how easy it is to defeat SMS-based 2FA if you get enough of someone’s personal info.
The best way to keep safe is having unique complex passwords (keep track by writing them down or using a password manager app/service) and using authenticator(device or app) or push notification based 2FA. These 2FA methods are less convenient and won’t automatically move to a new phone, but they do require physical access to your phone. Someone tricking your carrier into transferring your SIM activation to them or spoofing your phone on the network will not give them access to these device-specific 2FA methods.
And one thing in h3h3’s video is a bit inaccurate. Getting a carrier to give you someone’s SIM card (it’s really activating a new card for them, and disabling yours) would only give you access to sending/receiving calls and SMS, as well as the ability to use your data plan. To access info like contacts/history they would also need to have login info for the service (like Google for Android phones) that stores your that data. Of course, having access to your SMS codes makes that easier, but they still need something to start with. In the incidents with these youtubers, the attacks were targeted and hackers already knew some personal details(real names/usernames/etc) from before getting their SIM cards.
Seer Of The Divine | Sarina Starlight | Tireasa | Caedyra
(edited by mrstealth.6701)
Guild wars 1 players are still seeking assistance from the gw staff; however, none has been directed. Gaile suggested we create tickets so they could “investigate” or instigate a method to help but we’re getting no responses / no help. Hm, we get you aren’t “support” Gaile but the person who got ahold of your account was capable of doing destruction and you have the ability to undo those changes? I’m confused on why we’ve had to wait so long and been given no information as for whether or not we will ever see assistance due to your own staffs ineptitude. Because right now we’re feeling pretty burned to say the least.
As I’ve said previously, nothing is 100% secure. Any shouldas, wouldas, what-ifs, and if-thens you can conceive aren’t going to change that.
Yes, hopefully whatever checks/flags/whatnot that were bypassed will help security be tightened going forward. We’re all hoping that. But, even then, it will never be 100%. Kitten happens, and it’s better to deal with the reality in front of you than dwell on the fantasy you want it to be… and consider placing your anger where it deservedly goes: to the hacker.
~EW
Since the hacker isn’t currently doing a kitten job of guarding my personal info… how about no. Yeah they’re a jerk, giving away the items was unreasonable and cruel. They were just having a celebratory power trip.
But at the end of the day, they did that on their own time, for free. Unlike Anet employees, who get paid to their jobs well. And they made a valuable point, far more valuable than the sum total of Gaile’s admin account’s inventory. On the other hand, Anet has quite a bit of people’s personal info on file, including emails and card numbers, which shouldn’t be shared with someone like the hacker.
As this incident illustrates, their security is pretty poor, even for their staff’s accounts. So remind me, in real life, who poses a greater threat to me and my ability to live my life the way I want to: this random hacker, or Anet’s poor security? Because ultimately that determines who I’m gonna be mad at, and right now this hacker really doesn’t seem like much of a threat to me.
I like Gaile, I’m still a huge GW1 fan. But I’m not letting that cloud my judgment, this is a systemic failure and you’re trying to direct people’s attention at a symptom, not the cause