Guild Wars 2

PlaySpan has had a security breach and one of the games that are affected is “Guild Wars”. I was wondering if this includes Guild Wars 2 or just strictly Guild Wars 1?

I’d like to know too. From what Im reading LotRo, DDO, Eve, GW1 are all affected.

I’m reading this too and wondering who PlaySpan is and why they have my Guild Wars account information to begin with. Are they a division of Arenanet or NCSoft?

Edit: The virtual goods monetisation platform is used in more than 1,000 games to power virtual goods and currency transactions, including titles such as World of Tanks, Eve Online, APB Reloaded, Aion and Guild Wars.

I’ve done transactions in a few of those games and am curious why I never saw any mention of this company being included in the loop when giving out my personal information.

They are the company who provided the Guild Wars in game store. They were acquired by Visa last may and of course they let the ball drop. I am worried about potential CC info and passwords being compromised. I don’t think we should blame Anet for this one, but they really need to give us a response if they want us to believe in their Security is #1 philosophy.

Edge.4180:

I’m reading this too and wondering who PlaySpan is and why they have my Guild Wars account information to begin with. Are they a division of Arenanet or NCSoft?

Edit: The virtual goods monetisation platform is used in more than 1,000 games to power virtual goods and currency transactions, including titles such as World of Tanks, Eve Online, APB Reloaded, Aion and Guild Wars.

I’ve done transactions in a few of those games and am curious why I never saw any mention of this company being included in the loop when giving out my personal information.

i think they handle the “store/cash shop” aspects of these games

When you buy from the game with real money the transaction is handled by PlaySpan.

This is serious.

Well, this is… troubling. Visa’s been getting hammered by cyberattacks, same as all the major CC companies and banks. This is bad.

Does anybody have a link that says what’s going on? I’ve used my CC on LotRO, GW and GW2 and this is the first I’ve heard about any breach… so more information that what is thus far in this thread (which amounts to a “breach” possibly involving our CC details) is required.

there is coverage in several places..
http://www.develop-online.net/news/42216/Millions-of-PlaySpan-user-IDs-and-passwords-leaked-online
http://massively.joystiq.com/2012/10/10/security-breached-in-playspan-hack-multiple-games-affected/

Even if GW2 wasn’t breached, anyone with a linked GW1-GW2 account would be in danger. I’m going to change all my passwords just in case.

Somewhat related note: CCP clarified here that they were just a time code reseller (Eve time codes are roughly equivalent to GW2 gems ), and that the only way any Eve credentials could have been stolen is if you set up a playspan account using the same credentials as your game account.

http://community.eveonline.com/news/newsFromEve.asp?newsTitle=update-on-the-1

So it sounds possible that some of the details of this article may be incorrect and the impact may be somewhat overblown.

That said, as a former guild wars 1 player with a linked guild wars 2 account, I’ve already changed the email and password for my guild wars 2 account just to be safe, and I’d like to see some official word from arenanet on exactly what connection playspan has to guild wars 1, if any, and what risk this breach actually poses to guild wars 2 players, if their accounts are linked to old guild wars 1 accounts. (I imagine those without linked account are probably at relatively little risk)

Like Revenant said, best to assume it has. I cna’t see why GW2 would deal with a different vendor and if your accounts are linked, more the reason to change your info.

Treat it like it has is the best advice until Anet say otherwise.

I too would like a statement from ArenaNet on this. This is serious stuff – what sort of information does this company have on us if we have only played Guild Wars 2? How do I even know what information needs changing – do they have my GW2 account ID and PW? What about my payment information if I used Paypal for Store Purchases? Considering from a player’s point of view we’re only dealing with ArenaNet and not directly with PlaySpan, we have no idea what sort of information they have on us.

I’ve also gone back to my old EVE account and changed the PW there, as my account still had my CC information stored, so they could have renewed it automatically, bought a ton of PLEX, sold them in-game for ISK, sold the ISK for cash, etc. if the actual accounts were breached. Probably not necessary, but it’s better to always err on the side of caution.

Thank you for the info Regina!

Thank you Regina. I do use a strong password. In fact, it is strong enough to bypass all rainbow tables, however I would have changed it just in case if the database was compromised.

ReginaBuenaobra.6953:

ArenaNet does not use PlaySpan for its micro-transaction services in Guild Wars or Guild Wars 2.

We do not share account credentials with PlaySpan or any other company.

The various news organizations reporting this breach are claiming that PlaySpan and Guild Wars are linked in some fashion. What is leading the press to believe that?

Edge,
As seen in the story below, Runescape was also implicated and has since demanded their name be removed from the list of games affected. In light of that, it doesn’t seem unbelievable that they included other games erroneously.

http://massively.joystiq.com/2012/10/10/security-breached-in-playspan-hack-multiple-games-affected/

Debsylvania.7396:

Edge,
As seen in the story below, Runescape was also implicated and has since demanded their name be removed from the list of games affected. In light of that, it doesn’t seem unbelievable that they included other games erroneously.

http://massively.joystiq.com/2012/10/10/security-breached-in-playspan-hack-multiple-games-affected/

Lol looks like they just updated that and removed Guild Wars as well. Really quality reporting they’re doing there at Massively. /sarcasm

Doesn’t matter, one retracts and another site makes another erroneous report. Now instead of a link between PlaySpan and Guild Wars, it’s Guild Wars 2.

http://www.theverge.com/gaming/2012/10/10/3483962/guild-wars-2-world-of-tanks-and-eve-online-playerkitten-by-playspan

That above link should say “players-” and “hit”. Yay, filters!

Anet Devs. I would like to use this thread to remind you that it would be really nice to have two-factor authentication option for our accounts.

Letting us set up a different password specific for use with these forums versus our game log in and account management tools would be nice as well.

no one is 100% safe from hackers, this includes you Anet.

I do appreciate the measures you have already taken to help increase our security. Thanks!

In case a “we’re-planning-to-introduce-an-authenticator-app-for-mobile-devices” response is coming, I’d like to head it off with a “what about selling a physical authenticator” question first.

Before we dismiss Massively, The Verge, and other gaming portals for reporting this, do a simple Google search for “playspan guildwars.” You come up with the following link:

store.playspan.com/guild-wars

The text below the SERP result reads:

“Enjoy Guild Wars,Purchase Guild Wars from PlaySpan; boost your gaming experience by procuring items from the item mall.”

Also this:

store.playspan.com/guild-wars-trilogy-0

“Enter PlaySpan to buy your favorite Guild Wars – Trilogy.You can also browse through our huge selection of titles that you would like to possess at fantastic …”

Those pages has been taken down, for obvious reasons. But I’d like some confirmation. If Anet doesn’t use Playspan for their microtransactions, why does it suggest on the Playspan site that you do? Not only were your titles offered through Playspan, purchasing items from the item mall is also one of the services listed.

Which is it? I just want to make sure my cc isn’t compromised.

Slazzy if you look at the cached version of those webpages it says nothing about a item mall. It only says exactly what Regina stated – that you can buy the game itself from the website. The only “item mall” mentioned is the PlaySpan Marketplace.

Those Google Summaries you see in the search page are not word for word what it says on the site they link to and sometimes don’t even have those words on the site at all. They’re supposed to give you an idea of what’s behind the link and that’s it, not a guarantee of what the web page entails and often are misleading or incorrect.

@Leiloni not true. Let’s read it again: “boost your gaming experience by procuring items from the item mall.”

Am I boosting my gaming experience by buying the game itself?

The item store isn’t cached. We can’t access it. So that doesn’t help.

And the Google summaries being misleading? So the meta tag description attribute is misleading is what you’re implying. They are misleading us in the meta tag about the services they offer on their site? They are lying about offering game items, that’s what you’re saying.

We are hearing two conflicting reports. Confirmation and some hard facts would be nice. I’m not offering hard facts, I’m only reporting what I’m seeing, and its a bit different than what Anet told us. So again, was Playspan used to manage microtransactions? If not, why does Playspan’s site suggest otherwise?

slazzy.7309:

So again, was Playspan used to manage microtransactions? If not, why does Playspan’s site suggest otherwise?

First question – NO, as ANet already said
Second question – PlaySpan’s site does not suggest that. As I said, go view the page in cached mode. The text on that page doesn’t say anything about a Guild Wars item mall. Nothing at all. In fact that page doesn’t even have those words on it. (It probably shows up in the results because they do item malls for other games, so the fact that it appears on their Google description for the GW page just means that PlaySpan’s website was not designed with search engines in mind which is quite clear from the look of the Google search summary.)

No matter if the accounts have possibly been breached, this might be a good time to change your password anyway, if you haven’t done so already. I changed all my passwords (both GW1 and GW2 accounts), because it’s always a good idea to change it once in a while. This just gave the excuse to do it today instead of postponing it.

Can we have an option to change our account name to NOT be an email address? Even if there is no link between Playspan and GW/GW2, the hackers apparently have a list of email addresses for a bunch of gamers. It is not a wild leap for the hackers to assume that some of those email addresses might be valid GW2 account names.