First, I would like to preface this with the following things.
1. I verified my email address the first day of headstart – email authentication should be turned on for me.
2. I am currently secure, have changed my password several times in the midst of a hacking attack – and now strangely have an interesting password setup (more details below).
Dear ANet, and players – it has unfortunately come to my attention that the current security system of password changing as well as email authentication are not working properly.
Tonight my account was hacked. Fortunately, it was going on quite literally as I was just starting to play. I was able to log the hacker out numerous times, before they could steal anything of value from me. I lost a bit of silver from a low level Engi – but all in all it was an effective defense on my part. While I was constantly booting this person out of my account, I was able to change my password several times from the infected computer while my wifes computer booted up. I was able to successfully change my password for the 8th time on my wifes computer in what was 10 minutes worth of hack-defending. For those of you curious – this person was able to get my new passwords, in real time – and log in with them repeatedly until I was able to remedy it on a safe computer.
Now, here are the things that are disturbing about all this. The first being that after checking my ‘account security’ page – the only IP address that wasn’t mine, came from California – which is not the state I live in. I neither received an email authentication message stating someone logged into my account from another state – but using the “disconnect session” button did nothing as well. No other IP address but my own showed up AT ALL during the rest of the attacks.
Secondly, in the flurry of changing passwords, it has been determined that game passwords do not sync up with the website password changes very reliably. As it stands now my game login password is the newest one I’ve created, while logging into the website still requires that of my old password. ANet, you might want to look into that as well.
I am very thankful to have a reliable friend to send my valuables to in game, in the off chance that kitten hits the fan – at least I know it’s safe with him. He also watched over my account while I was doing damage control, notifying me of everytime someone logged into me, and what character they were doing it on. Lastly, he reported my account in case I was unable to save it successfully. I have to laugh at the dim-witted hacker, who probably found himself unable to do anything with my account in the short seconds he had with each session, as all my characters were out in the middle of nowhere – and only one had anything of real value on them.
If any of you are wondering, yes – I am currently re-formatting my computer from scratch. I’m not risking getting another hacking, and will be changing password for everything I have just in case their keylogger/malware/spyware was able to get ahold of them (which it probably did).
TL;DR: Successfully defended my account in real-time from a slow-witted hacker. Email authentication has failed me, and the password change system for game login accounts is not working properly.
Thank you for reading, I hope ANet can at least acknowledge this.