Guild Wars 2

Yet more hits on high ranking player accounts on Ruins of Surmia.

Anet, every day that passes make this seem less and less like our issues and more and more like a security threat in the game.

This issue needs to be escalated and a proper investigation needs to be done.

Many Thanks

I wonder how they are getting into people’s accounts. If we can answer the question of “how?” then we hope ArenaNet will patch it.

Furthermore – My guild friend that got hacked today had the mobile authenticator on their account.

Their email address is secure too – no one has accessed it.

Which would imply a security breach in the database.

At which point they replied that it is impossible since there would be many more hits and complaints in that case.

At which point i say: They target those that are worthy…Worthy as in wealthy. If they managed to gain a slight access to the DB, they can just see who has some gold worth and mark them and get their way.

God help me that i’m wrong and it was just a bad coincidence though…Yet still no reply from the Staff…Not to the threads, not to the ticket…

There have been 10+ reports of account hackings on RoS so far…

If people are getting hacked with the mobile authenticator enabled then something REALLY dodgy is happening. Even if they’re somehow able to convince support to change the email address to evil@hackers.com then they shouldn’t be able to do anything else without mobile authentication, so how could that have happened?

Maybe the trusted ip is being abused? If you know the ip of the player you could log in pretending to be from their normal network?

Seriously, I can’t believe the number of players hacked on our server in the last few days, it seems like everytime I go on the community forum or into LA someone else has been hacked.

Maybe the hackers have trojans with both keylogging and proxying functionality now?

If they can capture your normal pw and then start their own game piped through your PC, it will look like a trusted network to ANet. I hope they let us disable trusted networks when using an authenticator soon.

And btw, do all those hacked visit the same community forum?

No, not all of them are there, only a few.

Like 3 of the 10+ I am sure use the community forum.

Yeah I’m starting to wonder about that sort of possibility Cyrus.

And no they don’t – certainly my guild mate has never visited it and he was hacked.

It seems there’s no consistent pattern: most had secure/unique passwords, most had uncompromised email accounts, some had the mobile authenticator enabled, only some had visited our community site.

Still not able to figure out how it’s happening and why there’s such a huge spate of it just on our server (at least I’m not seeing posts from other servers complaining about this).

Yes, most of us did since we are from the same Server.

Hi everyone,

Please keep providing us with as much feedback regarding this issue as possible. We will make sure the issue is forwarded to the team.

Thanks

Thank you ‘Moderator’

It is nice to not have a response that bascially says ’ check your account security’ or ‘we cant be held responsible if your email account isnt secure’ when they are.

I will provide as much information as possible as and when i get it

I’m curious to know if anyone has had their account stolen who has mobile authentication on. If they are, this means either there’s an exploit in the system somehow, or they have had their phone stolen?

“I submitted a ticket, i have the mobile authenticator which doesn’t seem to make a difference.”

This is what Likens said regarding his account being hacked.

Also, we gave up a lot of info in the other thread aswell @Moderator. You could gather info from both of them

Some one in my guild had the mobile authenticator on their account.

They just got their account back – the hackers didnt take anything though. Very lucky in comparison to others

Hello, I’ve been hacked yesterday as Irontodge mentioned, only just now gained access to my account back. Apparently nothing was stolen or deleted, but I’m still not feeling very lucky as I feel very insecure.

I changed my e-mail, my password, put a mobile authenticator, just 2 days ago. Yet my account was still taken away? How is this even possible?

Something very fishy is happening here, targeting “wealthy” players in our server. This isn’t a coincidence, and it seems more and more of a security breach on ArenaNet’s side. Please do take notice of this and do something before other people get hurt.

Thanks

A common occurence is we are getting the email saying ‘We have recieved a request to change your email, hopefully from you!’

Alot of people are getting this in french …. so they are french hackers potentially?

I am trying to find out as much as possible for Anet

Yesterday I went afk to eat for a while leaving main char logged, then I came back and started playing again.
After almost 2 hours since I went afk I’ve been sent to char screen, I relogged and got kicked again after 10s.
After that I started being worried because random dc happen but not like that, so I relogged and also logged to my email to check if something had happened.
I found out your email (in English) saying “Someone, hopefully you!, etc.” and quickly tried to access to Control Panel here, but it said info were wrong…
While kitten hackers were kicking me every 10s I tried to reset password, but of course it didn’t work.
After about 10 tries the ******* permanently kicked me while I received the message that someone from another location had logged on.
Made a support account or whatever it was and sent 2 tickets, but wasn’t very lucky cause GM asked more info only when damage was done.
After 1 hour and 2 emails in French (I guess from Anet, but I haven’t them anymore), my account has been restored.
After that I went to ‘My Account’ → ‘Edit Profile’ and changed both email and password.
I received another email from Anet saying the mail was changed and in the new one a mail to confirm the change.
My chars are still there but everything has been stolen…

Other things: I don’t have a mobile authenticator cause I haven’t a smartphone, but I’m shocked about the fact that the confirmation mail is sent to the NEW one. Are we joking???
You haven’t to prove you’re the owner of that mail because you have only to know the password of the new (the hacker’s) mail.
And…you said email can be changed only through ticket…how is possible that after have had my account back I managed to change it normally from here?
And…if instead they sent you a ticket knowing my email and game password, you should know I wasn’t because you needed the serial code which I used only before BWE1 and it’s in my physical box.

So…being able to change email without ticket/confirmation is a fact ( I did that yesterday, although it’s not possible anymore), and I wanna guess they didn’t send a ticket.

How can this work?

Maetel.2130:

Yesterday I went afk to eat for a while leaving main char logged, then I came back and started playing again.
After almost 2 hours since I went afk I’ve been sent to char screen, I relogged and got kicked again after 10s.
After that I started being worried because random dc happen but not like that, so I relogged and also logged to my email to check if something had happened.
I found out your email (in English) saying “Someone, hopefully you!, etc.” and quickly tried to access to Control Panel here, but it said info were wrong…
While kitten hackers were kicking me every 10s I tried to reset password, but of course it didn’t work.
After about 10 tries the ******* permanently kicked me while I received the message that someone from another location had logged on.
Made a support account or whatever it was and sent 2 tickets, but wasn’t very lucky cause GM asked more info only when damage was done.
After 1 hour and 2 emails in French (I guess from Anet, but I haven’t them anymore), my account has been restored.
After that I went to ‘My Account’ -> ‘Edit Profile’ and changed both email and password.
I received another email from Anet saying the mail was changed and in the new one a mail to confirm the change.
My chars are still there but everything has been stolen…

Other things: I don’t have a mobile authenticator cause I haven’t a smartphone, but I’m shocked about the fact that the confirmation mail is sent to the NEW one. Are we joking???
You haven’t to prove you’re the owner of that mail because you have only to know the password of the new (the hacker’s) mail.
And…you said email can be changed only through ticket…how is possible that after have had my account back I managed to change it normally from here?
And…if instead they sent you a ticket knowing my email and game password, you should know I wasn’t because you needed the serial code which I used only before BWE1 and it’s in my physical box.

So…being able to change email without ticket/confirmation is a fact ( I did that yesterday, although it’s not possible anymore), and I wanna guess they didn’t send a ticket.

How can this work?

I don’t understand this myself. How can they gain access to another e-mail if I verified mine? Is the confirmation sent to the new e-mail? What is the logic in this?

I also had a few e-mails sent to me in french from the support – kind of odd since I’ve never accessed the french version of the support… Guessing it is from the hacker themselves..?

I personally didn’t have anything stolen, I’m hoping it is because I have the mobile authentication activated. But as I stated before, it simply feels unsafe, even if you take all the extra precautions.

Nymeria.5468:

I personally didn’t have anything stolen, I’m hoping it is because I have the mobile authentication activated.

That’s interesting – so they were able to change your email/password, thus preventing you from logging in, but not to log in themselves? Otherwise I can’t imagine why they wouldn’t have stolen from you.

That seems like a bug in the mobile authentication – if you have it enabled you shouldn’t be able to change the email associated or password without mobile authentication.

Though as pointed out above it seems they’re able to change the email without even a confirmation to the original email, which also seems like a loophole.

Hyung.6140:

Nymeria.5468:

I personally didn’t have anything stolen, I’m hoping it is because I have the mobile authentication activated.

That’s interesting – so they were able to change your email/password, thus preventing you from logging in, but not to log in themselves? Otherwise I can’t imagine why they wouldn’t have stolen from you.

That seems like a bug in the mobile authentication – if you have it enabled you shouldn’t be able to change the email associated or password without mobile authentication.

Though as pointed out above it seems they’re able to change the email without even a confirmation to the original email, which also seems like a loophole.

Yes, I thought about that exactly. And yes, I can’t think of any other explanation of why my account was left untouched. I’d really like to think it is because of the authentication, meaning I can stay safe for the meantime.

I too am a commander on RoS…

… and while playing, about 30 seconds ago, I received an email telling me I have changed my email address. Still logged into the game, and cannot find anywhere to change it myself?

I’ve checked my email IP’s and there is no login to my email address from an unusual source, my email/game pwords are different and this pword hasnt been used any where else.

Mostly, wtf do you even go to change the email?

Since many of them are commanders. I question: Do they use a mumble or anything like that account? Something that requires passwords that perhaps they use the same password for mumble as they do in game?

Seems like a logical point of attack if you want to get people who have proven that they already had 100g of expendable cash before…

Never used anything like that and GW2 password was unique. Now we’re watching Nea getting kicked out by hackers right now.

Anet, what are you exactly doing????

I have just spent 15minutes being logged in/out every 10seconds back to character screen. Each time reconnecting my character to the game to attempt to stop them.

However according to my guild I was logged in in Lions Arch on an alt, whilst I was staring at my screen on my main character in Timberline Falls.

My client has now crashed (Sigh) meaning I can no longer use this method either. I have attempted an account recovery (as it says it sends it to an email you provide not the one that is tied to the account) but I have not received this email yet…

According to my guild voice comms my characters are now all moving to lions arch and standing at the bank. I’ve sent a ticket as it is happening this very second and the IP’s could be very quickly checked but who knows.

The most basic thing to establish is this – are they hackers using a support ticket to change the email?

If they are, and they are providing arenanet with the cdkey WITHOUT the victim’s email being compromised, then something is massively wrong.
If they are stealing an account which is protected by mobile authentication without the victim having their phone stolen, something is also massively wrong.
Please arenanet, look into this asap and tell us. Just tell us so that people are not feeling massively insecure and worried.

If they are changing the email without making a support ticket, and the account is verified, something is also massively wrong.
It should be simple to get an answer from customer support as to WHY they changed email and what information was given to them.

If it is a case of the CD key, I have a physical copy.

Toothy.8640:

The most basic thing to establish is this – are they hackers using a support ticket to change the email?

If they are, and they are providing arenanet with the cdkey WITHOUT the victim’s email being compromised, then something is massively wrong.
If they are stealing an account which is protected by mobile authentication without the victim having their phone stolen, something is also massively wrong.
Please arenanet, look into this asap and tell us. Just tell us so that people are not feeling massively insecure and worried.

If they are changing the email without making a support ticket, and the account is verified, something is also massively wrong.
It should be simple to get an answer from customer support as to WHY they changed email and what information was given to them.

I’d like to mention that however I did get my e-mail changed and couldn’t access it, my ingame account hasn’t been touched – perhaps because I did have the mobile authentication.

That’s why I’d like to suggest to anyone reading this right now, put on a phone authenticator if you can.. Whether or not that’s the reason my account was left untouched – can’t be too sure…

The hacker is getting more confident. Here’s a picture of him threatening to hack Penny Larceny next while he was looting Freyn (Neandramathal)’s account at the bank.

http://i243.photobucket.com/albums/ff203/magdalenasins/gw036.jpg

and then later…

http://i243.photobucket.com/albums/ff203/magdalenasins/gw037.jpg

I attempted to put mobile authentication on from the first day it was available, but I do not have a phone that supports it. I use mobile authentication on my email however (as it is a text message).

If they got your account email changed but couldn’t log in to unlink your authenticator, that seems like they did use a support ticket, because it still requires your authenticator to approve the new IP address used to log in.

If they are using support tickets, Arenanet, imo, have a responsibility to tell players what information is being provided by these people to get the account email changed – if it includes the cdkey, then something is seriously wrong, because some of them are saying their email has not been compromised, by IP checking.

Just to confirm that image – the player ‘Freyn’ has been hacked – we are witnessing the live – ANET Pick up on it please! catch this guy.

Hyung.6140:

The hacker is getting more confident. Here’s a picture of him threatening to hack Penny Larceny next while he was looting Freyn (Neandramathal)’s account at the bank.

http://i243.photobucket.com/albums/ff203/magdalenasins/gw036.jpg

This is exactly what happened to me. I was hacked immediately after messaging the guy while Irontodge was being hacked. Seems this bloke has a personal vendetta against our server.

Hi everyone,

Thanks for the feedback. Jumping here to tell you that, for those who have been hacked, the first thing they must do is open a ticket.

Thanks again for the feedback and keep them coming.

This has caused one of the guilds to transfer off RoS, As if we don’t have a shortage on people already…

I think the problem is that he was able to hack into your email account such as those generic popular @gmail.com @hotmail.com and etc. Maybe he also use VPN / Proxy nearby your location area and by pass it.

Unless Anet server has been breached.

I don’t use any of those generic email services. So they have no clue what server I am using anyways.

Doubtful DJRiful, as Neandramathal said he had 2-factor authentication and a unique password on his gmail. I don’t see hackers getting past google’s security with the text messages to logon, and if they could they’d be going for bank details not GW2 accounts.

Yup, I get a text message every time anyone attempts to use my email account, and it logs all IP’s.

This is purely aimed at high profile players from ROS server. And is not coming from there security issues. It has to be coming from games side. How else can they the hacker think "right irontodge is next " and then suddenly know all his information? email address etc. He cant ! what he does know is hes on ROS has Commander and is very active. so he know has his game id and somehow from this he gets to log in and strip him bare.

Yeah my old bro was hacked too, he’s a commander close to 2k hours and has his legendary.
He’s in Devonas reach and our server is Crystal Desert, he won’t respond, and when i could finally get a hold of someone near him they said he was asleep and theyd go wake him up to tell him. put a screen shot in there.

My concern’s atm are:

Why does the “your email has been changed” email not have a confirmation link etc?
Why was the hacker able to login to one of my characters and access my bank while I was also logged in on a different character?

Freyn, back in septemeber when the issue was taken first, with the email confirmation, they said they had the same system in GW1 and people complained that it’s too complicated, and if they have an issue with they’re old e-mail address, they can’t reach it to aprove it.

But, this way it just says: please, feel free to hack, no one will stop you.

The authorization goes to the second email address that you request to be used…

Which is rather a bad idea. Would be great if that would be changed

Shame I can’t get mobile auth due to my phone type, but some of the players hacked are using mobile authenticator anyway. Once they change your email they can login and disable it I believe?

So the root of the problem is how are they changing the email to begin with.

Well the email can only be changed via ticket from support, right?

So that means they already have the info from your account before they actually change anything, then they go to support and make a ticket asking for an email change. To ask for the change implies to know one’s info, like the serial code, the order number and whatnot, for all i know even the last 4 digits of the CC used to purchase.

So, the hacker has our initial account info and the “deeper” info needed to request an email change.

Now, if they only have info regarding your Guild Wars account, and not your email (say that’s still safe), re-implementing the authorization email on the initial address you were using would preety much prevent this.

Neandramathal.9536:

Shame I can’t get mobile auth due to my phone type, but some of the players hacked are using mobile authenticator anyway. Once they change your email they can login and disable it I believe?

So the root of the problem is how are they changing the email to begin with.

Actually they can’t disable the link to the mobile authenticator unless they have access to the phone itself.

Neandramathal.9536:

My concern’s atm are:

Why does the “your email has been changed” email not have a confirmation link etc?
Why was the hacker able to login to one of my characters and access my bank while I was also logged in on a different character?

Neandramathal.9536:

Shame I can’t get mobile auth due to my phone type, but some of the players hacked are using mobile authenticator anyway. Once they change your email they can login and disable it I believe?

So the root of the problem is how are they changing the email to begin with.

Because confirmation link was sent to new e-mail address. Whoever thought it was a good idea should be fired on spot.

zbrkesbr, as i was saying, they said they implemented that based on the requests of the old Guild Wars players…

It’s ridiculous, but meh

Nymeria.5468:

Neandramathal.9536:

Shame I can’t get mobile auth due to my phone type, but some of the players hacked are using mobile authenticator anyway. Once they change your email they can login and disable it I believe?

So the root of the problem is how are they changing the email to begin with.

Actually they can’t disable the link to the mobile authenticator unless they have access to the phone itself.

One of our guild members just changed his email via support just incase of him being the next target, and found that he now has to re-apply his mobile authenticator.

If they are getting in by email changes, then it will disable the mobile auth.

All of you high profile players don’t use any off-site forums or other places to communicate/plan etc, right?

I dont really use forums. this is the only one i use