Guild Wars 2

In Ruins of Surmia 4 commanders have been hacked in 2 days, one even finally had the sword eternity and all his characters were deleted.
This is some disturbing news since only commanders have been targeted.
I’m a commander myself and I’d like to know what could be done to stop this.
I’ve already changed my password to a really long one and which i have not used before EVER.

Has this also happened in other servers ?

Will ANET do something about this ? Will they roll back their characters ?

Sounds like some players may have gone to a gold site to pay for their commanders tag?

1. change PWs often
2. don’t use same PWs for different sites/email/games
3. never go to gold selling sites

If you have a community site it might have been breached.

A lot of people will use the same email / password for a lot of different sites. So if someone gained access to a community site your commanders use they might have used the info to computerize the accounts.

I would suggest that if it is the case you have a community site all the commanders were a part of that you immediately have everyone registered change their passwords, and have a system administrator do a careful review of the site.

Sadly a lot of community sites are fairly relaxed with security, so if you use the same password / email for them as the game, which a lot of people get into the bad habit of doing, it can lead to breaches like this.

I’ve seen things like this happen in other games, through server / guild sites that go breached.

Might have been some of the many hackers that jumped from Vabbi to RoS. Just speculation mind you since we noticed a crap load of hackers and botters that went from Vabbi to RoS.

Either that or your friends buy gold from websites.

As a reply to the statement about the bottom being dead. I think we are probably having more fun at the bottom lol no queues. Every war requires perfect strategy to compensate for the lack of numbers. Real team work from the server and not large guild dependent. The list goes on.

FoW will never die, our legend has just begun

Karast.1927:

If you have a community site it might have been breached.

A lot of people will use the same email / password for a lot of different sites. So if someone gained access to a community site your commanders use they might have used the info to computerize the accounts.

I would suggest that if it is the case you have a community site all the commanders were a part of that you immediately have everyone registered change their passwords, and have a system administrator do a careful review of the site.

Sadly a lot of community sites are fairly relaxed with security, so if you use the same password / email for them as the game, which a lot of people get into the bad habit of doing, it can lead to breaches like this.

I’ve seen things like this happen in other games, through server / guild sites that go breached.

We do have a community site, but not all of the commanders registered there, so far I can only confirm 1 registered there.

There have now been 5 seperate cases of account hackings, this time no commanders…

This is getting out of hand.

Oh and as said before, we have plenty of a WvW community, maybe not nearly as many as the other servers but it’s quite fun. Although since vabbi lost a lot of people, it hasn’t been as much fun because we’re just steamrolling and we prefer being the underdogs so we’re trying to get into the next tier as soon as we can so we can get steamrolled by the higher pop servers :p

It’s not just the commanders tbh.

One of our guild (not a commander) had his account hacked this morning, one last week. I know of 4 other players within the past day on our server as well.

Man, that sucks. Hope it gets solved quickly.

Did they have the mobile authenticator enabled? Guessing not.

Although the original hacking in Rift turned out to be a flaw in the login process itself — the Rift hackers didn’t need your password at all. They could login with just your username and some trick that fooled the login server into letting them in with no password check. Hopefully that’s not what’s happening here!

P.S.
Don’t use the guild bank for anything useful. We had a member hacked a couple weeks ago and the hacker cleaned out the guild bank. Whereas Rift customer support restored the entire contents (multiple times, when everyone was getting hacked…), GW2 support said they had no facility for doing this.

YOUR GUILD BANK ITEMS HAVE NO PROTECTION AGAINST HACKERS, short of simply not letting anyone access the withdraw function.

All the hacked accounts I know of, the players recieved an email telling them their email had been changed – which as far as I’m aware must be done through support? The members in my guild checked the IP listings for their email address and there was no suspicious activity there.

Looking at their trading post history, their accounts were emptied onto the TP for gold and then the gold mailed out. They also removed all guild vault stuff, activated all guild buffs and changed the MOTD. Things which couldnt be sold or salvaged were on some players deleted, on others left alone.. which is intriguing cos in some cases they seem to be malicious and in others not so.

Same happened to my GL also a commander, he was registered in RoS forum and we have our guild forum, dont know about what passwords he used for those forums i’ll ask if he had same passwords, also he never visited any gold selling sites.
Anyway since commanders getting targeted mostly i now change password every few hours to feel a little bit safer.
I’m not a hacker and dont know how those things work exactly but it makes sense if a hacker just “google” guild/server forums which is very easy to access if one knows basics of how to hack and gets account info, but another strange thing about how they access your email to confirm login to your ingame account unless you use same password for your email.. But i’m 99% sure my GL didnt use same password for game/forums and his email…
Also another guildie got an email with something related to email changing and so, he is no commander and he doesnt use RoS forum for sure, only our guilds forum so.. my guess would be that maybe our forum was breached but not sure.
IMO those commanders who were hacked should party up and try to think of what they were doing, what forums they used what sites they’ve visited so we may get more info on what to be more cautious.

Considering all this, I can only think that someone is trying to destroy our WvW community…

Meanwhile another person has been hacked…

Majik.8521:

Sounds like some players may have gone to a gold site to pay for their commanders tag?

I’ll be honest, this was the first thought I had when I read this thread.

one more thing. also be careful of which websites you visit when looking up info. when there are games with large player base like these there are bound to be some with the soul purpose of getting key loggers on your PC. as most know these are used to find repetitive key stokes.

on that note i would like to share a tip a friend of mine told me back in the WoW days.

never type in your PW. what i do is i will create folders/ pics/ word documents or can realy be done with anything(just randomly placed and hidden). then i will rename it to what i am going to make a PW for something. then just click properties. you will see the name at top, just use copy(ctrl-c) paste (ctrl-v) when you need to use this PW. this will prevent key loggers from getting your PWs if they manage to get a logger on your PC.

if you don’t like the idea of your PWs being on your PC even hidden in file,folder,pic names. you can do what i recently did and just put them all on a thumb drive. now when i need a PW plug in drive copy paste, then remove drive.

another thing this does is lets you use realy long crazy PWs and not worry about forgetting them as they are saved on the thumb drive. but still good idea to have a hard copy written down somewhere:) incase thumb drive goes bad.

A fair few people from Surmia have been hacked now, and it seems like a strangely bizarre coincidence – some of them used the surmia forums, some did not, and I think they all had their accounts stolen using a support ticket. This is a bit worrying and I hope they can get some straight answers from support as to how exactly their accounts were taken with the initial ticket.

I’m not an expert on keyloggers but I’d assume if they log keystrokes they can probably also log anything that’s been put in your clipboard. However if the hackers are using support, they would not need your password at all, they’d need various other bits of information, which they shouldn’t be getting without access to your email account. However, if any of the people have not had their email accounts breached (gmail keeps an IP log) then I cannot see any possible way support are changing email addresses based on what should be no more than a character code and a character name, and possibly an email address if some other forum got hacked. This can’t be enough for Arenanet to do it, so what is going on?

Considering that mobile authenticator doesn’t work for a lot of people, considering that after Anet gave me back my account I managed to change the email WITHOUT sending a ticket, I’m fairly sure they have serious problems.
And I repeat, they claim you need to send a ticket to change your mail but yesterday I changed it WITHOUT a ticket.
Today the option isn’t available anymore but it was yesterday. Thanks Anet

Another one of our Commanders is being hacked this SAME MOMENT!
His name is freyn, hacker is logged in, You can catch him if you hurry!

There is no longer DOUBT it is a personal security breach!
This is something on your side!

Do something about it!

Hi everyone,

We are gathering feedback on this issue of Commanders and High Ranked players being hacked in the following thread:

https://forum-en.gw2archive.eu/forum/support/account/Further-Hackings-on-Higher-Ranked-Players/first#post832525

Please feel free to report whateer feedback you have there. As stated inside we are going to forward this issue to the team.

Thanks. In the interest of keeping the forum clean, we are closing this thread