Guild Wars 2

I just checked my email to find my inbox spammed with messages from ArenaNet asking me to authorize login attempts.. I haven’t read every single message but it looks like every one was from a different city and IP address, all in China.

Uhm.. WTF!? This is.. frightening. I’ve barely owned the game for a day and already I’ve got chinese hackers after my stuff? I was amazed to find that I can actually login to my account, I fully expected to have a temporary ban. Besides changing my password what else can can I do to protect myself?

After i read this i checked my spam box and had 3 emails from china -_- …

I keep getting them from Japan. Never happened until I bought gems inside the game. Be careful. Arena Net doesn’t understand the concept of user security.

I haven’t bought any gems yet, I’d planned on getting a character to 80 and seeing what endgame was like first.

While I’m here, the emails are all from noreply@guildwars2.com and the links in them appear to go to legit guildwars2 addresses. I haven’t actually clicked on the authorization links cuz I don’t want some chinese kid to have access to my account -_-

If you get an authorization email and it’s not your IP address it means somebody has your login name and password but they are unable to get in unless you specifically allow them to login. Change your password to a strong and unique password and you should be OK. You may also want to change your email password if it is not unique. I use a password manager so I only need to remember one password and I can use a password generator to generate strong and unique passwords.

While on the subject of passwords.

Creating good memorable passwords is not intuitive. I know it’s a comic, but it’s a good way to do it.

draeath.8536:

While on the subject of passwords.

Creating good memorable passwords is not intuitive. I know it’s a comic, but it’s a good way to do it.

I would think this to be more relevant

If you are getting these emails, ask yourself this: “Have I used this email address with other game accounts?” If so, that is where the hackers likely got a hold of some of your information, and are trying to use it to get into Guild Wars 2. Blizzard was recently hacked, the hackers gained huge lists of email addresses and passwords. If you used the same email address and password for your GW2 account, you will likely be hacked. They are running through these lists they get from hacking other sites trying to log into your account. Always use a different password for each account to stay safe! Change it frequently.

Okay.. a little ashamed here, as I am a regular xkcd reader, but yeah, the password I was using up until a half hour ago was one that I used to use for WoW.. but it was three WoW passwords distant from the one I was using when I stopped playing in september of last year, when I got into the Old Republic Beta.

Okay.. a little ashamed here, as I am a regular xkcd reader, but yeah, the password I was using up until a half hour ago was one that I used to use for WoW.. but it was three WoW passwords distant from the one I was using when I stopped playing in september of last year, when I got into the Old Republic Beta.Come to think of it, my wow account was hacked when I was still using the original password. -_- These guys must have long memories.

Sounds like gold sellers got your account password. I’d change it to new, unique e-mail and password.

Just got a bunch of login attempts from China too. Is password change working BTW? maybe I better change my, not the can login without my permission anyway, but just to be sure…

My account got hacked 2 days ago as we. I log in, my toon is on a Euro server and all my coin gone. Luckily there was option for free xfer back.

My email was the same as in all games, but my password is unique for all games.

I didn’t notice any of the recent log-ins because I had already logged in several times with new password and was only showing my location.

Honestly don’t think there is anyway the hack came from my end, I’m assuming some kind of issue with GW2 database.

PossumJ.1937:

My account got hacked 2 days ago as we. I log in, my toon is on a Euro server and all my coin gone. Luckily there was option for free xfer back.

My email was the same as in all games, but my password is unique for all games.

I didn’t notice any of the recent log-ins because I had already logged in several times with new password and was only showing my location.

Honestly don’t think there is anyway the hack came from my end, I’m assuming some kind of issue with GW2 database.

Do you have a paid-for antivirus running on your computer? Free and basic AV will not fully protect you against trojans and keyloggers that can steal your information. And yes you can get trojans and keyloggers from just browsing the web. They come in through hacked advertisements on legitimate websites. Also, if you log in as an administrator on your PC, you are basically giving malware the ability to install itself. Create a separate restricted user account for your day to day use to fully protect yourself.

I have to disagree with needing paid anti-virus. if your vigilant, Microsoft Security Essentials in addition with the free version of Malwarebytes has kept my systems well protected. Malwarebytes is so amazing it’s almost magical, it’ll find and remove things in 10 minutes that used to take me hours to remove manually. The trick is to do regular manual scans. Everyone thinks that just having anti-virus software running keeps you protected. It doesn’t!

It would seem that most accounts here are being hacked from repeated passwords instead of malware intercepting data from computers, so for such cases an antivirus would be no guarantee of not being hacked. Unfortunately this seems to be a new pattern with recently-launched popular games. I guess that we should all learn from this and use diverse passwords in the future.

Got one more login attempt from China. AFTER i changed the password last time, so.. no repeated password case. And low chance of malware (I trust Kaspersky). Arena, is your user database OK?

I wasn’t in game for hmm one year and today i have got login attempt from China. BTW for me is so stupid when your email is your login name.
It is just making that a way simpler to hack some acc.

It may be blatant but is there any way to block all log-in attempts from a set of countries? I’d personally limit access to make account to a very narrow range of no more than 5 nations. Most people could make do with a single one.

No means to do this? So ArenaNet doesn’t want to earn money by selling gems?

I bought the game and 5 days after that, the first login attempt from china. That does seem to be a GW 2 issue. I had the same idea as marnick, so I browsed the forum a bit. Since almost all of attacks seem to come from China or Russia, I would personally too think, that it would be nice to be able to personaly restrict login rights to only a couple of (home)countries.

Not only, that the risks would sink, if you restrict access to only your home country, you might be able to take legal actions against the hackers.

I know for sure, that neither I nor many other players, who already received such emails will pay money in the gem shop, because it doesn’t appear to be safe at all.

How is it Anet’s fault that someone on the internet has your email address and possibly some old passwords you’ve used for years?

Isn’t the IP authentication blocking the hacker’s attempts to access your account. I would say their end of the security is working (or the tools are there for you to secure your account….if you chose to use them).

I know for sure, that neither I nor many other players, who already received such emails will pay money in the gem shop, because it doesn’t appear to be safe at all.

Please speak for yourself.

I do find it funny how you guys are blaming buying gems on getting hacked. I would think that you would want to check your credit card statement, or paypal account as that is the information you entered to buy the gems, not your account id and password.

On a side note: I’ve bought a lot of gems, and was only attempted to be hacked 1 day, and that was when Blizzard was hacked and I will admit, I was using the same information for both games. Thankfully, Anet had the email authenticator and they couldn’t get in, and I changed everything since then. Continued to buy gems and continued to have no further hack attempts.

marnick.4305:

It may be blatant but is there any way to block all log-in attempts from a set of countries? I’d personally limit access to make account to a very narrow range of no more than 5 nations. Most people could make do with a single one.

Hackers often can easily use proxies to make them look like they are logging in from any country. Requiring them to use a proxy can make it more difficult for users to identify an illicit attempt.