Guild Wars 2

I just got bumped mid dungeon with the message that another client had connected using my account. I need to fix this asap.

-edit- I just changed my password but this makes me super nervous.

I just logged into my pvp Mesmer and found the skill selections and traits changed. Melisande Shahrisai one of my characters on Ithilwen.1529. I’m looking to see what’s missing.

-edit- I went through the verification process with SMS, it didn’t work, apparently.

I have changed my password. There is still huge lag. I experienced 2 minute delays on taking damage and skills failing to trigger. So someone may still be logged in on the old credentials.

You can contact the CS Team via the ‘Support’ link above/below and ‘Submit a Request’ (upper right corner) for assistance.

however, there can´t 2 people logged in at the same time in the same account.
also I would change my email password also

I logged in on my thief and got 2 minute delays on taking damage and skills failing to trigger. Then got bumped with a notice someone else had logged into my account.

My current main Mesmer, Melisande, has been used in pvp since the last time I logged in and has the traits and skill bar changed.

This might be a good time to change your PW.

Two players can not be logged into an account at the same time.

Be aware, if you have not logged into your ‘PvP Mesmer’ since before the trait change, you can have a different trait set-up, as each mode of gameplay (PvE, PvP, WvW) allows distinct trait set-ups.

You can contact the CS Team via the ‘Support’ link above/below and ‘Submit a Request’ to discuss the issue.

Good luck.

So this is 12 types of an inappropriate place to post this, but let me just head this off before your fear-mongering causes anyone to get anxious.

Anet uses 2-factor authentication with their accounts. If used properly, this makes it effectively impossible to hack a GW2 account without massive error on the part of the user.

Additionally, it’s highly unlikely that the Anet databases got ripped. What usually happens is that another website with less secure architecture gets compromised, and users, having used the same username and password, have their accounts compromised. This only is possible if you make the incredibly ill-advised decision to use the exact same username and password on another site that you used for your GW2 Account.

So in conclusion: If you get hacked, it’s your own fault. You’ve either failed to use 2-factor authentication properly, used the same login credentials on another site, or some combination of the two. I recommend you look to your own login schemes before attempting to blame Anet for your problems.

First, my password was unique to guild wars. Second, I have all the latest security on my comp and have set up with ANET’s SMS verification.

Lastly, I don’t appreciate your deprecation. Let me take this moment to say that your past laurels as a Mesmer don’t really cut any ice with me. You use them to call for nerfs and to pick on players who you decide are unskilled.

You’re dead wrong, Pyro.

Fay.2357:

So this is 12 types of an inappropriate place to post this, but let me just head this off before your fear-mongering causes anyone to get anxious.

Anet uses 2-factor authentication with their accounts. If used properly, this makes it effectively impossible to hack a GW2 account without massive error on the part of the user.

Additionally, it’s highly unlikely that the Anet databases got ripped. What usually happens is that another website with less secure architecture gets compromised, and users, having used the same username and password, have their accounts compromised. This only is possible if you make the incredibly ill-advised decision to use the exact same username and password on another site that you used for your GW2 Account.

So in conclusion: If you get hacked, it’s your own fault. You’ve either failed to use 2-factor authentication properly, used the same login credentials on another site, or some combination of the two. I recommend you look to your own login schemes before attempting to blame Anet for your problems.

LOL

So …. you think that SMS is secure because A-Net PR dept told you so ?

Just LOL

If you follow tech news, and I dont mean PR crap from Apple or MS or Google, or the stuff you find on CNN but actual tech news, you will understand that using these at certain times (for example right now) with certain hardware that your SMS and/or authenticator works on, when there are new unpatched vulnreabilities announced, puts you and your account at much higher risk of getting hacked then not using them.

Tongku.5326:

Fay.2357:

So this is 12 types of an inappropriate place to post this, but let me just head this off before your fear-mongering causes anyone to get anxious.

Anet uses 2-factor authentication with their accounts. If used properly, this makes it effectively impossible to hack a GW2 account without massive error on the part of the user.

Additionally, it’s highly unlikely that the Anet databases got ripped. What usually happens is that another website with less secure architecture gets compromised, and users, having used the same username and password, have their accounts compromised. This only is possible if you make the incredibly ill-advised decision to use the exact same username and password on another site that you used for your GW2 Account.

So in conclusion: If you get hacked, it’s your own fault. You’ve either failed to use 2-factor authentication properly, used the same login credentials on another site, or some combination of the two. I recommend you look to your own login schemes before attempting to blame Anet for your problems.

LOL

So …. you think that SMS is secure because A-Net PR dept told you so ?

Just LOL

If you follow tech news, and I dont mean PR crap from Apple or MS or Google, or the stuff you find on CNN but actual tech news, you will understand that using these at certain times (for example right now) with certain hardware that your SMS and/or authenticator works on, when there are new unpatched vulnreabilities announced, puts you and your account at much higher risk of getting hacked then not using them.

2-factor authentication is very straightforward. If your account is accessed from a new location, it is locked for use until verified from a secondary source. As long as you control access to that secondary source, your account is secure. Now, if both your secondary source and primary source (main account) have been compromised, that stops working of course, but it makes it a lot harder to achieve. There’s vulnerabilities in any system, but 2-factor authentication, when used properly, is pretty much as close to foolproof as it gets.

The fact that my account was clearly hacked ( changed skill bar and traits + a different client logging in to my account while I was online ) shows that the two factor authentication failed.

I have SMS verification. It obviously didn’t keep another from logging into my account either.

Have you considered using a mobile authenticator or an email authenticator instead of sms verification?

You have posted this message all over the forums. Have you contacted the CS Team for assistance?

Tongku.5326:

If you follow tech news, and I dont mean PR crap from Apple or MS or Google, or the stuff you find on CNN but actual tech news, you will understand that using these at certain times (for example right now) with certain hardware that your SMS and/or authenticator works on, when there are new unpatched vulnreabilities announced, puts you and your account at much higher risk of getting hacked then not using them.

Ah, you’re the snakeoil-security person I hadn’t found yet. What alternative medicine security do you recommend then? Feng Shui compatible passwords?

Did you really not understand how additional independent layers of security work? As in, security cannot decrease assuming the layers are independent, because no existent layer is impacted? If you can read all my SMS (not that difficult if you’re on the same tower + got my IMEI), then you are no further to getting access to my account than if I didn’t have SMS auth in the first place. Both are pure password-auths in that case, so no security was lost.

Ithilwen.1529:

The fact that my account was clearly hacked ( changed skill bar and traits + a different client logging in to my account while I was online ) shows that the two factor authentication failed.

You really think it’s that difficult to circumvent 2-factor auth once I got malware on your PC? Heh.
Most likely case is that you got keylogged, modern keyloggers are used to needing to defeat 2-factor-auth, usually by doing a pseudo-MITM attack in that they present you with a fake GW2 launcher. They get your pw, get your sms code, then do log you in but meanwhile already decoupled the auth from your account. That’s how it worked for WoW at least, haven’t seen the attack in GW2 yet but it ought to be the same.

Point is: Your machine was compromised. Chances are, it still is. Or there was an actual MITM attack, but that’s very very rare.

You’re claiming they hacked your account to play PvP? -_-u

The reason for hacking accounts is to farm them for gold. You didn’t lose any/all your gear/gold?

Ross Biddle.2367:

You’re claiming they hacked your account to play PvP? -_-u

The reason for hacking accounts is to farm them for gold. You didn’t lose any/all your gear/gold?

This is actually the best part.

Fay.2357:

Ross Biddle.2367:

You’re claiming they hacked your account to play PvP? -_-u

The reason for hacking accounts is to farm them for gold. You didn’t lose any/all your gear/gold?

This is actually the best part.

They probably hacked his acc to ruin his win-loss ratio or to try awful builds in ranked without ruining their own ratio! Must be it.

And then when he swapped to PvE, his build changed and he was hacked again!

I think this is the wrong place to post this kind of stuff, if you think security has been compromised i would take this up with Arena net.
Also this sounds like a very personal hack, if you have been hacked i would start looking at the people you talk to online.

To the OP: You can check authorized networks for your account, on the forums. Check there, if you don’t see any IPs that are in your area, then they can’t be on your account.

Relax, talk to support if you’re still afraid, and they can look into it.