Guild Wars 2

I can’t believe I’m actually having to suggest that this service be implemented in this day and age of mmo’s and technology. But here it goes!

Please ArenaNet, add a service to restore items and gold for hacked accounts.

Apparently, there isn’t enough interest in this yet?!

I was told by a member of the support team via a ticket to post here to gauge community need for this service. So please show your support by posting here. Thanks!

Yep i’m definitely for this, got hacked and didn’t even bother with a ticket. I reset my password myself, logged the hacker out and saved the long useless back and forward with the support team knowing there was nothing they could do for my 120g + that i lost. Looking at the BLTC sold logs just made me die a little inside…

Reimbursement of lost items can be exploitative. It could also make players less responsible.

Allowing friends (of whom you communicate outside of the game) to go into your account and take all your stuff and “imitate” a hacker. So that they gain your items or gold and you will get reimbursed. Effectively duping the items.

Providing a reimbursement policy (where the appeal is accepted) gives the players reason to be less careful about account security because they believe that if they get hacked, everything is fine since they can get their items back. This shouldn’t be encouraged.

If however, ANet gets hacked and account information is leaked in which causes those hackers to have access to player accounts, then I guess they should re-imburse or reset.

Sure there is a chance for it to be exploited, but there’s also a good chance that your friend’s account would be banned for hacking….so unless your friend is a moron then it is not a great idea.

Additionally, how is it a guilds fault that one of their member’s accounts got hacked and the guild vault wiped out? The guild will not be reimbursed for any items lost, just as the person who was hacked will not be given their items back.

I honestly believe this is a huge deterrent to players, as it basically says “You’re on your own”. Why would I want to continue playing, only to know that if I am hacked again that I’d have to start all over a third or fourth time? Yes, players need to create strong passwords, and yes they need original passwords that aren’t the same accross all their game/email/etc. accounts. But it happens anyways, and lots of people still get hacked, so its standard in MMOs now days to provide that safty net to the gaming community.

Also, this is not the only situation where Anet does not provide ingame items when it should. There are quests that are broken that do not provide the rewards they promise. A known issue is the lvl 50ish quest that offers a choice of rings with a jewel already slotted into it. But when you exit the story instance, the jewel disappears. This leaves the ring as a poor reward for the level of the quest. Anet knows it is an issue that happens very often and yet they will not replace the missing jewel, even though they can easily see that the ring is missing its suffix(Green item, but unslotted and the last word “ring” is lower case which implies there was a suffix thats now missing).

All in all, I think it’s a very poor customer service choice on Anet’s part not to offer item restoration. Just because a game is free to play doesn’t mean that we, as players, should have no expectations for it.

I THINK A BETTER IDEA WOULD BE TOO……. have the ability to soulbind all your gear you never want to loose to your character making it unable to be dropped, sold, traded, or anything, maybe have a 7-14 day time period to have it un soulbound to your character, some how, and i mean real soulbound, not the soulbound we currently have that just prevents us from selling it on the trader.

To me it would make sense that Anet would have a way to restore an account that’s been hacked, under normal circumstances it’s not the fault of player X that they were hacked and therefore customer service/gm’s should have the tools to rectify a security breach.

Otherwise it’s kinda like a credit card company that doesn’t have a fraud department and has the policy that “your credit card information was stolen? too bad for you.”

In my guild’s situation, a guildie was hacked. Our guild bank was wiped out. ArenaNet can offer nothing to compensate us for what happened.
Coincidentally, the guildie who was hacked is not stupid. He took the necessary precautions to make sure he wouldn’t be hacked and still was.
It’s a slap in the face to him and our entire guild when we as customers can not be helped in this situation. I don’t care how you look at it.

BabelFish.7234:

To me it would make sense that Anet would have a way to restore an account that’s been hacked, under normal circumstances it’s not the fault of player X that they were hacked and therefore customer service/gm’s should have the tools to rectify a security breach.

Otherwise it’s kinda like a credit card company that doesn’t have a fraud department and has the policy that “your credit card information was stolen? too bad for you.”

Exactly.

I agree with talula. This happened in my old guilds in other games multiple times; the other companies had no problem with restoring both the lost items in the hacked player’s bank and the guild bank. It seems apparent that ANet just didn’t want to add this into their code and is literally unable to do it. IMO, that’s just lazy from a customer service standpoint. Sure, this is a “F2P” game and not sub-based, but if ANet really wants to compete with those companies, they would offer the same level of commitment to their customers.

And to those who think this would only encourage people to not properly secure their account…Really? Why would someone want to go through having their account hacked, even if it was a relatively easy process to restore your account? It’s incredibly UNFUN to be the victim of a hacker. I think it’s safe to say most folks take the threat seriously enough to take reasonable precautions by not sharing the account info and creating decent passwords.

I personally don’t think the onus should be on the customer to keep their account secure. There should be sufficient security measures already in place in any MMO at this point. If we can’t keep our accounts secure without the use of a third-party mobile authenticator, should the player be made to suffer? Obviously, there’s always the possibility that we can get infected by keyloggers and other malware, no matter how diligent we are with virus scans and other precautions. You can’t expect ANet to have any control over that, but sometimes “kitten happens” – to put it bluntly – and paying customers should have some sort of recourse.

Sorry guys, but account security is OUR responsibility, one we must take seriously. A-Net has actually built a pretty good system I think, especially if you’re making them validate any new login attempts via sending a email confirmation (is that even optional?) Keep in mind what this means: if a hacker accesses your account, and an email went out asking for confirmation, then they’ve hacked your email as well. That’s very, very, bad.

Here are some basic password security tips that EVERYONE should religiously adhere to (at minimum):

1. Use a STRONG password – despite what most people think, the current thinking that a password like “p4$$w0rd” (relatively short, but mixes letters, numbers, and special characters) is actually VERY easy for a machine to crack. Plus it’s hard for human brains to remember. The current state-of-the-art in passwords is a LONG password, ideally as long as you can fit into the box, which is a easy-to-remember phrase like: “I Love Guild Wars 2 and Play Every Day” (which still uses letters (caps even), special characters (spaces) and numbers, plus is easy for a human being to remember.
2. DO NOT RE-USE PASSWORDS!! I can’t stress this enough! If your GW2 password is the same as your Facebook password, or (worse) the one you use to get into your school account or bank site, you’re practically begging a fraudster to steal your ID and quite possibly your real-world money. Bank law says that for consumer accounts you’re only label for the first $50 if your account gets cleared out, but it can (and will) take countless hours to change all your identification and web sites, so don’t let it happen in the first place.
3. DON’T BE SHADY – Most “hacks” are simply small pieces of malicious code (“malware”) that gets placed on a computer that monitors things like keystrokes and that takes screenshots – this is how passwords and multi-factor security (remember “security pictures”?) have been defeated for more than a decade. New malware actively lets the hacker get in-session with you ON YOUR MACHINE while you work, which defeats the mechanism that’s used to detect a “new login location” (since the fraudster is, essentially using your IP address to get online). Where does this malware typically come from? Mainly from “shady” places like ISO and BitTorrent sites, as well as pr0n. Bottom line is that if you absolutely MUST go to sites like this, pretty much EXPECT they’re actively infecting your machine every time you get online. What? You really didn’t think all that “free” stuff was REALLY FREE did you? Clue: they pay the bills hacking your stuff. Which leads me to:
4. DON’T TRUST ANTIVIRUS. Even a good setup like Norton or Macaffe is as porous as an old knit sweater when it comes to current malware like Zeus and Spyeye variants. At minimum, I’d recommend running ALL of the free AV suites (Avast!, AVG, Panda, Malwarebytes, and Windows own in-built detectors, at minimum. I personally run a full scan with a different package every day, since some find things others miss. If you have a paid subscription to Norton or another commercial app I’d run the free ones alongside it, even though they’ll tell you that you may get “false positives” as one AV app interferes with another. While this is indeed true, my experience is this is the exception rather than the rule. And it you DO get a hit, just REFORMAT THE ENTIRE MACHINE as opposed to trying to “clean” it – most malware is good at resisting removal, and sometimes (usually, in fact) even is set to make a sacrificial copy that AV software can “remove” to create a false sense of sccurity. The only way to get rid of it 100% is to “nuke the site from orbit”, by totally re-formatting the hard drive and re-installing. Be careful when reinstalling though to carefully check saved files on external hard drives, as malware can also sometimes make backups of itself in My Documents or other often-backed-up locations (meaning that you get re-infected just by copying back your files after a reload).

ImagoX, no one would argue that those aren’t good standards of practice to use when dealing with account security. However, when those fail? Then what? ANet’s stance is simply, “sucks to be you”. That is NOT acceptable.

@ImagoX, what if we follow all 4 of your suggestions and still get hacked as in the case of our guildie?

Unfortunately then it comes down to the Terms and Conditions of each company to see what happens in the event of a loss, and under the Terms of Use for GW2 then, basically A-Net is not required to reimburse you for any loss, whether that loss is in gold, in lost “play time”, etc. You agreed that you’re playing of yor own free will and while A-Net will ATTEMPT to make the environment as secure as possible, all of us as players also have a requirement to secure our own accounts.

Keep in mind that bank accounts and credit cards (which store and/or move actual, real money) are protected for consumers (not small businesses) under US Banking Law, but those same laws absolutely don’t apply to “virtual” or proprietary currencies (like GW gold or rare items), no matter how “valuable” they are to us, as players. Bottom line is that there ARE bad people out there and they ARE trying to steal your stuff and they DO have really, really good tools to do so available, so you need to make it as hard as humanly possible for them to do so – hence my suggestions. If you do those… well… nothing is GUARANTEED, but my experience is that basic awareness of the fundamentals of online security (particularly in regards to passwords and antivirus), combined with healthy skepticism re: what links you click on and what sites you visit can be a tremendous help.

Be safe!

ImagoX.4718:

Unfortunately then it comes down to the Terms and Conditions of each company to see what happens in the event of a loss, and under the Terms of Use for GW2 then, basically A-Net is not required to reimburse you for any loss, whether that loss is in gold, in lost “play time”, etc. You agreed that you’re playing of yor own free will and while A-Net will ATTEMPT to make the environment as secure as possible, all of us as players also have a requirement to secure our own accounts.

Keep in mind that bank accounts and credit cards (which store and/or move actual, real money) are protected for consumers (not small businesses) under US Banking Law, but those same laws absolutely don’t apply to “virtual” or proprietary currencies (like GW gold or rare items), no matter how “valuable” they are to us, as players. Bottom line is that there ARE bad people out there and they ARE trying to steal your stuff and they DO have really, really good tools to do so available, so you need to make it as hard as humanly possible for them to do so – hence my suggestions. If you do those… well… nothing is GUARANTEED, but my experience is that basic awareness of the fundamentals of online security (particularly in regards to passwords and antivirus), combined with healthy skepticism re: what links you click on and what sites you visit can be a tremendous help.

Be safe!

Just because something is stated in a company’s ToS doesn’t make it a good policy. That is the issue here, not whether or not ArenaNet is capable of or willing to restore accounts. The question is, why shouldn’t they? The answer: because they really don’t care.

voxmmo.3859:

Just because something is stated in a company’s ToS doesn’t make it a good policy. That is the issue here, not whether or not ArenaNet is capable of or willing to restore accounts. The question is, why shouldn’t they? The answer: because they really don’t care.

Let’s be fair – that’s ABSOLUTELY not true. if it were, they wouldn’t have bothered to build the email confirm feature, or publish multiple wiki, blog, and other posts dedicated to security. Online security folks take this issue VERY seriously, and think about ways to secure systems constantly, day and night.

But…

Let’s also be fair that the lion’s share of account breaches are caused simply because the user was too lazy, ill-informed, or uncaring to even bother securing their stuff. Without giving up an unacceptable amount of privacy and cost, A-Net MUST rely on everyone caring about about their accounts to basically secure them, hence my suggestions.

If you disagree ask yourself some basic questions?

1. Have you changed your game password this week? This month? Ever? (if not, I’d argue you don’t care at all about your account, or are unable to read a basic English sentence, given how many articles are wrutten every day about the insecurity of passwords)
2. Is that password the same as ANY other? (if so, expect that site to be compromised as well, since even a brain-dead gerbil can read your browser history log).
3. Is it the same as your Facebook PW? Your school account PW? Oh Jesus, where do I even start with this one?)
4. Have you EVER visited a pr0n, BitTorrent, “pirate”, or any other "free stuff type site? (Go to next…)
5. If so, do you run multiple different antivirus/malware products each and every day? (If not, your system is probably already dirtier than a public restroom floor in Times Square)

ImagoX.4718:

voxmmo.3859:

Just because something is stated in a company’s ToS doesn’t make it a good policy. That is the issue here, not whether or not ArenaNet is capable of or willing to restore accounts. The question is, why shouldn’t they? The answer: because they really don’t care.

Let’s be fair – that’s ABSOLUTELY not true. if it were, they wouldn’t have bothered to build the email confirm feature, or publish multiple wiki, blog, and other posts dedicated to security. Online security folks take this issue VERY seriously, and think about ways to secure systems constantly, day and night.

But…

Let’s also be fair that the lion’s share of account breaches are caused simply because the user was too lazy, ill-informed, or uncaring to even bother securing their stuff. Without giving up an unacceptable amount of privacy and cost, A-Net MUST rely on everyone caring about about their accounts to basically secure them, hence my suggestions.

If you disagree ask yourself some basic questions?

1. Have you changed your game password this week? This month? Ever? (if not, I’d argue you don’t care at all about your account, or are unable to read a basic English sentence, given how many articles are wrutten every day about the insecurity of passwords)
2. Is that password the same as ANY other? (if so, expect that site to be compromised as well, since even a brain-dead gerbil can read your browser history log).
3. Is it the same as your Facebook PW? Your school account PW? Oh Jesus, where do I even start with this one?)
4. Have you EVER visited a pr0n, BitTorrent, “pirate”, or any other "free stuff type site? (Go to next…)
5. If so, do you run multiple different antivirus/malware products each and every day? (If not, your system is probably already dirtier than a public restroom floor in Times Square)

Just to be fair, it’s not that hard to implement a rollback or restore feature. I honestly can not think of another mmo that doesn’t have one.
Sorry but like you said, people can still get hacked, no matter how many precautions they take.
It doesn’t mean they’re idiots, lazy, or whatever else you want to insinuate.

There is no excuse for poor customer service, no matter how much you enjoy a video game. Sorry.

If a game maker really expects that all of their customer base is going to be that knowledgeable and diligent about keeping their systems clean they wouldn’t be in business very long. You need to be a little more realistic. Your average Joe gamer just isn’t going to go through all that just to log on for a couple of hours a night. Sure, maybe they SHOULD, but in the real world people have other concerns, sorry. Therefore, unless a developer is just making games for IT pros and security consultants to enjoy, they should really have a rollback feature implemented at launch. Blizzard has it. They have millions of subs – 95% of which I would imagine don’t follow your above steps just so they can log on for a couple of hours. And yes, lots of them get hacked. It’s part of playing an online game. ArenaNet has chosen to turn a blind eye to that.

The thing is, accounts are going to get hacked. It is in the best interest of the game to keep as many people playing and buying stuff as possible. If you get hacked and lose everything or even if you just have the fear that you could possibly get hacked and lose everything, you are less motivated to invest time or money in any game.

Once you lose players, its hard to get them back. Right now you might not need them, but someday you will. I think Anet already is working on such a feature as it has been mentioned many times in the account support area.

Its really not that easy to differ a hacked account from a player using his/her account to try exploit from it.
For example:
1: a player can try gamble and later if unsuccessful blame it on being hacked
2: a player can give away/pay for something and then change his/her mind and blame it on being hacked.
3:a player can sell the gold for real money and blame it on being hacked that he /she lost the gold (how can a-net ever differ this from a hacked account?)

To make it look more realistic items can also be deleted.
If A-net start giving back gold how many do you not think will start think out ways to profit out of it??? there will probably be as many different ways as there are players playing gw2. I mean they can always give back the account because the player don’t profit out of it. But if we take my example nr 2 a-net can always “give back” the account because the player don’t profit from it but they don’t have to believe the account was hacked.

Kira.2903:

Its really not that easy to differ a hacked account from a player using his/her account to try exploit from it.
For example:
1: a player can try gamble and later if unsuccessful blame it on being hacked
2: a player can give away/pay for something and then change his/her mind and blame it on being hacked.
3:a player can sell the gold for real money and blame it on being hacked that he /she lost the gold (how can a-net ever differ this from a hacked account?)

To make it look more realistic items can also be deleted.
If A-net start giving back gold how many do you not think will start think out ways to profit out of it??? there will probably be as many different ways as there are players playing gw2. I mean they can always give back the account because the player don’t profit out of it. But if we take my example nr 2 a-net can always “give back” the account because the player don’t profit from it but they don’t have to believe the account was hacked.

While possible, you make some big assumptions. Both Blizzard and Trion offered item replacement when my guilds got hit there. These game companies were able to offer a solution without the entire population turning into virtual criminals or the economies collapsing.

How do you know that all of them where really being hacked and that they where not really abusing it? I am just saying that they cant be sure and that in the end 99% of all cases players are getting hacked is because of there own lack of security and/or caution.
If players pick unique passwords (pws used for gw2 only) with both uppercase letters, numbers and that differ from words from dictionaries, that together with good security programs and as few visits to weird players then almost all hacking cases would not have ever happen. So I really don’t think a-net even need to consider implementing a function to give back stuff when its nearly impossibly to hack a account if the recommended steps are taken.

Also I don’t believe there would be a big percentage of the players that would try abusing a give-back-system but the few that would will get a unfair advantage, just look on what happened to the economy when the bots got banned.

voxmmo.3859:

If a game maker really expects that all of their customer base is going to be that knowledgeable and diligent about keeping their systems clean they wouldn’t be in business very long. You need to be a little more realistic. Your average Joe gamer just isn’t going to go through all that just to log on for a couple of hours a night. Sure, maybe they SHOULD, but in the real world people have other concerns, sorry. Therefore, unless a developer is just making games for IT pros and security consultants to enjoy, they should really have a rollback feature implemented at launch. Blizzard has it. They have millions of subs – 95% of which I would imagine don’t follow your above steps just so they can log on for a couple of hours. And yes, lots of them get hacked. It’s part of playing an online game. ArenaNet has chosen to turn a blind eye to that.

I hear you on this, I really do… But you also gotta keep in mind that security is always… ALWAYS… a trade-off between 3 elements: Protection (how hard it is to defeat or penetrate the controls’ technology), Convenience (how much you off-load effort to the user), and Privacy (how intrusive the controls are into the users lives). the best security is a living, breathing human being who is well-paid enough to be incorruptible and who personally recognizes every authorized user and who watches their every move. VERY Protective (incredibly hard to defeat), maximally convenient (the user has to do nothing), but incredibly intrusive, since a person tracks your every movement. Plus prohibitively expensive. Increased technology definitely carries a HUGE cost in dollars and cents (likely more than we’d pay as players for the convenice, a very large sub fee would be required at minimum), plus it may or may not be acceptable Privacy-wise (since your every movement would have to be tracked and analyzed by algorithms to see if your behavior was “normal” or not).

No… at some point, we all must accept the fact that we, as users, must bear the lion’s share of the responsibility for securing our own stuff. A-Net has created some good tools with the multi-factor login approval system, but it’s only the front layer – we must also educate ourselves and, more importantly INCONVENIENCE ourselves as much as we are willing to accept in order to “spread the workload” in a democratic and efficient fashion. If you’re a player who doesn’t want to be bothered, well, OK, but don’t be surprised when your account is cleaned out. If however you really don’t want to lose everything, then you’ll have to educate yourself on how to secure your machine and connection.

I’m sorry but arguments of “well people can’t be expected to just know this stuff” kinda fall flat when the ENTIRETY OF HUMAN KNOWLEDGE basically is a free Google search away via the most powerful piece of technology ever created by the mind of man – it’s simply a question of people not caring to open a new browser tab and looking. Anyone with enough firing brain cells to get GW2 loaded and to play a character past level 5 has MORE than enough reasoning capabilities to Google something like “how do I secure my PC against hackers?” and reading a few web sites, then following some basic How-tos.

If anyone wants to know more, feel free to message me – I’m always happy to help.

Again, this is less an argument of over whether or not players should be responsible for their own security. I was a bit hasty in saying the onus shouldn’t be on players. But as a company expecting their customers to pay (and continue paying through the BLTC) for their product, A-Net should be more interested in the satisfaction of their customers.

Consider this analogy: A public pool posts “Swim At Your Own Risk” signs. Effectively, their “terms of service” states: “You’re on your own, so if you drown, ‘sucks to be you’.” Pretty much A-Net’s stance on hacking, right? The difference is, the pool chooses to employ lifeguards. Now you can argue that A-Net’s lifeguards are their email verification and authenticators. On the other hand, a lifeguard is also there to resuscitate you if you happen to get careless and start drowning. Does the pool’s ToS state they have to save you? Nope. Are they legally obligated? Probably not. Is it just the right thing to do? Yep.

after a month of the game being out or so ive been hacked, ive sent a question twice: about if its possible for me to get my stuff back.
ive never heard anything back and later heard from a player that they wouldnt refund all the items that i lost, i was annoyed but accepted this and moved on.

i think there should be a way to get your lost stuff back tho, i hope that they will read this post and give a good responce to it.
and ofcourse i hope they will actually change something.

If your account gets hacked by a gold farmer normally the 1st thing they will do is sell everything that isn’t nailed down, including what you have equipped. Most games I have played they will recover your account for you and roll it back to before it happened.

Losing money is one thing but imagine if you had a legendary weapon and Anet’s stance is ‘too bad’, that would be me done with this game in that situation.

If your account got hacked, that probably means your email and all your personal information, and your computer is infected or something… There’s not that many ways to get “hacked” though. It’s not magic and in a LOOT of cases it is just really dumb friend or trusted person screwing you over.

Having a safety net would be nice, but that opens it to possible abuse if not done without checks.
Here’s why:
1. Pretend you got hacked, using a proxy server to fake your IP and make it appear that you got someone from another location in the world to get into your account.
2. Login, sell the crap, mail it somewhere.
3. Contact ANET saying you got hacked. They got no real way to see that you used a proxy to fake your self hack.
4. ANET restores your items, AND you get the money and stuff you supposedly lost from the hack.
5. Profit and abuse, rinse and repeat.

^That is the MAJOR reason why most online games cannot do anything about it. GW2 already has a pretty strong system to prevent you from losing your account. It makes you authenticate your IP through your email, and to even get your account login, the hacker would need to figure out your game email, and your password. In addition, they have to get through your email security. And if you’re losing your account, that means you need to learn about basic internet safety or learn to live with someone stealing your identity every day.

The only way I can see a safe way to do this would be to have a reversal system, but that’s a ton of extra overhead. You’d have to reverse every single little thing the character does, and the others he interacts with. How’d people like it if they just bought an item to have it get reversed? Lol.

It’s complicated, and the easiest and best solution would be to smarten up players, force password changes on accounts that have weak passwords, and be really clear on the account creation process to keep your game passwords separate from your email passwords.

This is the 21st century. As gamers, security is something we should be aware of and constantly updating. If you get hacked once, learn from it, take people’s advice on securing your things and you won’t have many issues in the future.

My main problems with ANY sort of refund situation are:

1. Literally 2 minutes after they do one, people will actively be trying to figure out how to scam the system. This will actually lead to DECREASED satisfaction from validly-scammed players, because they will be expecting a refund and will start QQing when the staff gets overwhelmed with trying to figure out the scammers from the victims. Which will lead to:

2. Scammers will become the majority of people claiming a “refund” or “roll back”, since hey, why not? They already figured out SOME kind of setup that made them look like a victim without actually losing anything (besides maybe a bit of time), so why not play the lottery?

3. Simultaneously, valid players will take even LESS care of their accounts because, again, why not? If they get hacked, the feeling will be “oh, well, hey, I’ll just petition for a roll-back, so I’m probably not out anything”.

4. This will result in only two outcomes: valid refunds will take forever, since valid issues will be buried beneath hordes of “lottary ticket” BS fraud claims and will, likely, result in the program being canceled ANYWAY, further deepening the satisfaction “death spiral”.

So… yeah… just pick a stronger password already and stop trying to go blind on shady farm animal pr0n sites, already (or if you must, use a crappy dedicated laptop for that type of browsing). It works for ME. =P

ImagoX is making some very good points.

As humans, it would seem right to us that a password like Chr1$tmAs would be secure: it looks complex. However, for a machine, it’s just a string of signs: the actual difference between a number and a letter is minimal.

We get told to avoid passwords that are words or personal details. The words part is simple: Most of us would just pick some random 5-8 letter word and be done with it. The personal details part is to avoid people guessing your password just by knowing your birthday or when you got married.

What we never get told is that the longer the password, the better. There is one simple way to avoid the “Don’t make your password a word” thing: Making it multiple words. By having a few words that are seemingly unrelated stringed to a password that is long, you make it pretty much impossible to brute force.

XKCD does a good job of pointing this out in a funny, easy-to-understand manner:

• http://xkcd.com/936/
• http://xkcd.com/792/

Also, if your GW2 account, or any game-related account is getting hacked and your stuff is gone, it’s a whole different ballgame. Most likely? You shared your password with a friend for convenience reasons and they might have shared it on, until it reached someone who decided they would rather take your stuff than work for you. Of course, if you’re one of those people who buy gold or items from a third party site, then yes, you’re very likely to get attacked. After all, a good portion of those sites function from botting and hacking.

Hello,

Account roll-back is planned as stated several times on this forum. Our teams are working on it, to deliver a proper and effective restoration feature, in case of compromised accounts.

However, we can’t keep you updated in every threads or answer each question about it personally.

You will be informed in the News and Announcements sub-forum when this feature will be implemented.

Thank you for your understanding