Guild Wars 2

I recently got an official e-mail from TwitchTV, saying that many users’ login information has been compromised.

For those of you who use Twitch to stream Guild Wars 2, please be advised that many e-mail addresses and passwords have been leaked.

This should not be a problem for you if you use a unique credentials on twitch…. but many people use passwords in multiple places.

If your twitch password was also your e-mail password or your game client password, I would suggest changing them immediately.

When a similar leak occurred on a GW1 Fansite (GWGuru) hundreds of player lost access to their accounts due to using similar credentials on both GW and their e-mail addresses.

Remember… if someone has access to your e-mail that can be just as good as access to your account.

Be warned!!

That headline is VERY misleading, I assumed this was related to the ingame scam messages that have been floating around and was tempted to ignore it. You might wanna change the headline and mention it’s about Twitch.

And thanks for the info.

yeah, I had one of ‘those’ emails … while it didn’t ask me to follow any link to change passwords or such, I still filed it under … spam!

I don’t have a Twit account.

The official Twitch blog says the same thing (I thought it might be a scam, too, so I checked), so I would assume it’s legit.

Got the same one from Twitch.

I also got an email from twitch.

Guess it’s a good thing my gw2 email and my twitch email aren’t the same email. Nor are the passwords.

never try to change password when you get an email that says you need to.even if it looks legit.i got it too and delete it.

ckotoc.5421:

never try to change password when you get an email that says you need to.even if it looks legit.i got it too and delete it.

Well, never change your password through the links provided in the email. If you’re worried, go directly to the website in question and change your PWs from there.

arooboo.5143:

ckotoc.5421:

never try to change password when you get an email that says you need to.even if it looks legit.i got it too and delete it.

Well, never change your password through the links provided in the email. If you’re worried, go directly to the website in question and change your PWs from there.

And to be fair, the email did not provide any links. It simply said that they expired current passwords and that users would be prompted to change their passwords the next time they logged in.

LanfearShadowflame.3189:

I also got an email from twitch.

Guess it’s a good thing my gw2 email and my twitch email aren’t the same email. Nor are the passwords.

Yeah it’s also a good thing they encrypted the passwords so it wouldn’t matter if they were the same…

Andred.1087:

LanfearShadowflame.3189:

I also got an email from twitch.

Guess it’s a good thing my gw2 email and my twitch email aren’t the same email. Nor are the passwords.

Yeah it’s also a good thing they encrypted the passwords so it wouldn’t matter if they were the same…

Yes, but it never hurts to keep things separate in case the worst happens….

I also received this email, and I do not own a twitch account, so I’m not sure what’s going on there.

Also please edit the topic title to be more specific, I thought GW2 had been compromised or something.

I was prompted to change my password when I logged into Twitch yesterday, so this warning is legit. Good thing my GW2 e-mail is literally used for nothing else.

I usually log in with my Facebook account, I don’t have a Twitch account. Does that mean I need to change my facebook password?

Andred.1087:

LanfearShadowflame.3189:

I also got an email from twitch.

Guess it’s a good thing my gw2 email and my twitch email aren’t the same email. Nor are the passwords.

Yeah it’s also a good thing they encrypted the passwords so it wouldn’t matter if they were the same…

Twitch did not state the level of encryption, so those passwords may be less secure than you’d hope.

ckotoc.5421:

never try to change password when you get an email that says you need to.even if it looks legit.i got it too and delete it.

There were no links provided in the mail, and it is an official announcement made by twitch which can also be read on their official blog

In this day and age, who would use the same password and login information across multiple platforms??? All you need to do is create multiple G-mail accounts, and use them as unique e-mail logins.

Smooth Penguin.5294:

In this day and age, who would use the same password and login information across multiple platforms??? All you need to do is create multiple G-mail accounts, and use them as unique e-mail logins.

In this day and age every person is forced to remember upwards of 10+ passwords.

If you can actually remember which of your passwords correspond to which platform without the help of your browser, grats.

Many people, however, use the same (if not similar) credentials in different places in order to actually remember them. A master password if you will.

Of course, it is not wise to use the same or similar passwords in multiple locations but when you have 50 passwords you need to remember some of them may end up getting reused for simplicity’s sake.

…and you would be surprised how easily a thief getting “shared credentials” for two or more accounts, which you might think of harmless (like a twitch account that shares credentials with say DeviantArt)…. but it could easily snowball into the thief getting answers to security questions, more accounts, and before you know it, everything.

Regardless of what level of security you personally practice with your own personal password keeping, this message is intended solely for those who reuse their credentials, and if game accounts being stolen in this manner was not something I have seen in the past, this post would not exist.

Wonder how many Twitch users have the same PW for their GW2 log in…..?

I’m guessing some hackers are finding out right about now.

Someone should notify GW2 Support (and lots of other games’ support) that tons of compromised accounts are on the way.

Sounds like Twitch is doing the right thing (emails and forcing PW change) but the question remains how long have the hackers had the data?

Brother Grimm.5176:

Wonder how many Twitch users have the same PW for their GW2 log in…..?

I’m guessing some hackers are finding out right about now.

Someone should notify GW2 Support (and lots of other games’ support) that tons of compromised accounts are on the way.

Sounds like Twitch is doing the right thing (emails and forcing PW change) but the question remains how long have the hackers had the data?

It actually surprises me that this even has to be done in todays day in age.

I’m more shocked that from a security standpoint alone game companies do not enforce a password policy that mandates people to change their passwords every 3-4 months. What they change it too is up to them but recycling passwords wouldn’t be allowed if used within the same 8 month span.

TexZero.7910:

Brother Grimm.5176:

Wonder how many Twitch users have the same PW for their GW2 log in…..?

I’m guessing some hackers are finding out right about now.

Someone should notify GW2 Support (and lots of other games’ support) that tons of compromised accounts are on the way.

Sounds like Twitch is doing the right thing (emails and forcing PW change) but the question remains how long have the hackers had the data?

It actually surprises me that this even has to be done in todays day in age.

I’m more shocked that from a security standpoint alone game companies do not enforce a password policy that mandates people to change their passwords every 3-4 months. What they change it too is up to them but recycling passwords wouldn’t be allowed if used within the same 8 month span.

I’ve seen systems like that in action. All 99% of the users do is use the same password and tack on a different number each time to get around the anti-recycling rules.
Systems that rely on people’s intelligence only work for, well, smart people, and if people were smart/would think before acting, they’d use different passwords and email addresses in the first place and we wouldn’t be having this discussion. Bonus points for Twitch being a service where you can log in with your Facebook account – just like thousands of other sites, which are now also possibly compromised for you if you use Facebook to log in and didn’t change your password there immediately. I dread the day people actually start paying for stuff with their Facebook account and something like this happens. Might as well put my credit card pin as my Facebook password then ._.

As for the password managers, trouble is, now all one has to do is get one password to get them all. Anything that’s digital can be read by someone with sufficient skill, and I know people who keep their master password in a .txt file on their desktop. You know, “for convenience” -.-
Fortunately, something written down on a piece of paper and hidden in your sock drawer will remain hidden no matter how hard a hacker tries. So, complicated passwords for everything, and if you forget, just go rummage through your undies until you find what you need^^

Ahhh! So THAT’S why my League of Legends account got hacked… Was wringing my brain about where they got it… I used the same pass on those…
Not same for GW2, plus i have 2 step verification for GW2.

Mmmm can’t remember if I used my easy password on twitch or not… (probably though I tend to use my easy password on things I don’t mind losing) well I have two stage authentication on both GW2 and my email so I kinda feel safe either way…