Guild Wars 2

Greetings,

Today I noticed the following change, somehow this authorized network showed up in my authorized networks list. I HAVE NOT authorized that.

WA , US ( 66.162.136.20 )

66.162.136.0 – 66.162.136.255

I havent gotten login attempts yet.
I do have mobile authenticator enabled but im afraid that will not work since that unknown network somehow got authorized.

Is that for the IP range for your IP? I have something similar except it’s just my IP and the range it’s in.

it is not my ip range

My own IP range is listed under authorized networks and today I noticed the following IP range got added.

WA , US ( 66.162.136.20 )

66.162.136.0 – 66.162.136.255

thank you, will do asap

I have the exact same ip address show up as an authorised on my account as well; WA , US ( 66.162.136.20 ) 66.162.136.0 – 66.162.136.255

Along with two others, already contacted support hopefully they can unauthorise all those ips off my account before all my stuff is gone.

66.162.136.20 belongs to ArenaNet

I have the same thing in my account. It shouldn’t be there.

I also have the same thing (I’m french) sorry for my spelling

Gaile Gray.6028:

Update: This whole situation was a glitch in our system, and there was no account intrusion whatsoever. No one has accessed your account from that IP address.

That’s good to know. Will this entry get removed from our authorized network list then?

Gaile Gray.6028:

Parvati.5780:

Gaile Gray.6028:

Update: This whole situation was a glitch in our system, and there was no account intrusion whatsoever. No one has accessed your account from that IP address.

That’s good to know. Will this entry get removed from our authorized network list then?

Yes. We are removing that IP, clearing up the list, and you can be assured there is no way that anyone will access your account.

Hello!

Have you already done the cleaning/removal? Because i still see that same ip " 66.162.136.20" on the authorized networks -list of my account.. :p

Thanks!

And found this…

Authorized Networks

Location IP Range
WA , US ( 66.162.136.20 ) 66.162.136.0 – 66.162.136.255

A quick /whois told me it belongs to allaboutadventures (dot) com

Why is this site authorized, why can’t i ban it and why didn’t i get an email about it?

Thank you very much for shedding light on this situation so quickly, it has put my mind (and I’m sure the minds of many others) at ease.

What if the authorized network is not of that range but has still appeared out of the blue?

Sorry about a bit of an off-topic question, but is it possible that is a glitch as well?

Also, will there ever be an option to just delete an authorized network from our list on our own?

Arlana.5423:

Also, will there ever be an option to just delete an authorized network from our list on our own?

That would be a really helpful control to have. Redundant authorized networks could become a liability. Esp. if you are one of those people who were hacked and still have the hacker’s network authorized on your account.

You should just be able to go into the security tab and find a delete button against each authorized network.

Regarding the two posts above me, the issue I can see with being able to delete authorized networks would be…what stops a hacker from deleting the true account owner’s authorization? Also, the support team here is extremely helpful and diligent (I can say that from firsthand experience unfortunately), so if an unauthorized user did add themselves, I’m sure support would quickly work with the true owner to make the situation right. As far as cleaning up old IP addresses goes, that’s sounds purely aesthetic and it wouldn’t be justification to give both users hackers the ability manually delete authorization.

At least, that’s how I read the situation…don’t know what the official stance is.

Parvati.5780:

Arlana.5423:

Also, will there ever be an option to just delete an authorized network from our list on our own?

That would be a really helpful control to have. Redundant authorized networks could become a liability. Esp. if you are one of those people who were hacked and still have the hacker’s network authorized on your account.

You should just be able to go into the security tab and find a delete button against each authorized network.

Unfortunately it could also work the other way. The hackers could gain access to your account, then log in here and delete YOUR network from the authorised list. It’d be too risky to have that functionality available without some additional checks.

Zaxares.5419:

Unfortunately it could also work the other way. The hackers could gain access to your account, then log in here and delete YOUR network from the authorised list. It’d be too risky to have that functionality available without some additional checks.

How would that be a problem? If the hackers have your account email and the password, deleting the owner’s authorized network won’t change anything.

If I understand correctly authorizing networks lets you do only one thing: bypass email authentication. I actually wouldn’t mind if there was no option whatsoever to authorize any networks. I don’t mind opening my email and authorizing my log in attempt every single time I want to play – it makes me feel my account is more secure. Most people authorize networks out of convenience – so they don’t have to open the email, wait for the authentication mail, click a few times – without even realizing how much less secure their account is because of that.

Another problem is that ticking the box to remember a network doesn’t have any warning that you can’t delete it afterwards. I’m certain many people would think twice about doing that if they knew they won’t be able to remove it no matter what.

And if you look at other threads, many people are reporting authorized networks out of the blue without any signs of being hacked. Having an option to delete them from the list before someone uses them to access the account would be better than having to deal with a hacked account issue, no? Prevention is the key.

Mannawyadden.1340:

Regarding the two posts above me, the issue I can see with being able to delete authorized networks would be…what stops a hacker from deleting the true account owner’s authorization? Also, the support team here is extremely helpful and diligent (I can say that from firsthand experience unfortunately), so if an unauthorized user did add themselves, I’m sure support would quickly work with the true owner to make the situation right.

Sorry about the double post, but I didn’t see your post at first.
Two things:

1. The first thing a hacker does is they change password. So having your network authorized wouldn’t help you since you wouldn’t be able to log in anyway.

I’m not sure you checked your security tab, since it seems you are confusing “current logins” with “authorized networks”. Authorized network isn’t your current log in. It’s just a networked remembered so as to bypass email authentication. Unless I’m wrong, in which case I ask someone to correct me.

2. If you read my thread you can see how helpful support is sometimes.

I’m glad you didn’t have any problems when contacting support in your case. I, however, get the impression that my email wasn’t even read.

Arlana.5423:

Authorized network isn’t your current log in. It’s just a networked remembered so as to bypass email authentication. Unless I’m wrong, in which case I ask someone to correct me.

Currently authorized network allows to bypass both e-mail and auth app authentication which is a serious security problem with those networks appearing from “nowhere”. Just take your time and read Authenticator bug [merged] thread.

Well, then it really shouldn’t be an option that exists in the first place.

Zaxares.5419:

Parvati.5780:

Arlana.5423:

Also, will there ever be an option to just delete an authorized network from our list on our own?

That would be a really helpful control to have. Redundant authorized networks could become a liability. Esp. if you are one of those people who were hacked and still have the hacker’s network authorized on your account.

You should just be able to go into the security tab and find a delete button against each authorized network.

Unfortunately it could also work the other way. The hackers could gain access to your account, then log in here and delete YOUR network from the authorized list. It’d be too risky to have that functionality available without some additional checks.

The other way to go about it is that only support could only be able to remove a authorized network entry/multiple entries at once. Either way, in the current state, both the end user AND support being UNABLE to revoke a hacker’s authorization to play on the [end user’s] account is not right.

In that situation, the email authentication system no longer offers protection (since it would not trigger) and undermines the smartphone authenticator app.

Gaile Gray.6028:

No, I’m writing only about the one range. Anything outside the range is not a glitch, but does indicate you need to look into a possible security breach attempt. (Sorry I couldn’t put your mind more at ease!)

Thank you for the answer.

The network I have is local, it belongs to my ISP – which may mean I misclicked the remembering option by accident. I play daily and have had no problems, so I suspect it wasn’t an intrusion. I would think a hacker would get everything from my account as soon as they got access and the network is just sitting there.

The strange thing is I have always been careful about not ticking the box. I have talked to the people in my guild and one of them has exactly the same problem (a local network authorized) and also is very cautious about security.

Anyway, nothing really I can do but change my password, which I already did and scan my computer, which I already did as well.

I will be keeping my fingers crossed for the option to remove that network to be available soon.

EDIT: One thing that came to my mind now. When I changed my password using account management, it didn’t send me any email notice that the password was changed. Isn’t it supposed to do that? Or do we only get emails if we change the account email address?

Arlana.5423:

EDIT: One thing that came to my mind now. When I changed my password using account management, it didn’t send me any email notice that the password was changed. Isn’t it supposed to do that? Or do we only get emails if we change the account email address?

I did the same thing earlier and I always thought it would send an email for the password change notice but it didn’t.

Something odd is happening with the Authorized Network list. I just had an IP for an ISP provider in a country on the opposite side of the world turn up on mine. Now I lived in that country and used that provider over 7 months ago (the IP was released to the carrier 7 months ago and has presumably since been reassigned).

So that “authorized IP” predates the release version of the game, and my current account (I was in the beta, but obviously I no longer play on the old beta account) so I can’t imagine why it would suddenly show up as active this week! I’ve submitted a Support Ticket (121212-000942) as it’s an unacceptable risk to my account to have that IP listed as authorized.

Edit: Support has removed the IP in question for me. Thanks for a quick response, ArenaNet!

Why is there no option to remove authorized IP addresses? Listen, if you have control of your account, having a hacker delete your IP from authorization isn’t going to make a difference. They will still change your password and block you. When you get your account back, you can still authorize yourself again once you got control.

can re get a option to unauthorise previous ip address ranges after an ip change? so it fits in current range if possable ?