Guild Wars 2

We are finding that nearly every time a game account is compromised, the e-mail account also is compromised. Many times, hackers are clever enough to mask their access to the e-mail account, rendering that illicit access invisible to the user. That is, the legitimate e-mail account holder is not even aware that the e-mail account is being accessed by a hacker.

But although we often are told “My e-mail is secure” we also frequently note that the account hacker has deleted authentication authorization requests related to the hacking location, or has deleted e-mailed receipts. The hacker hides his access by removing auth e-mails and steals the serial code and/or order number and deletes it so the legitimate owner no longer can find that vital info.

You can see this yourself when you read forum threads and the player says, “I cannot locate my receipt e-mail” or “I must have deleted my receipt.” Actually, in most cases that statement points to the e-mail account having been hacked, with the various “proofs of ownership” now being solely in the hands of the hacker (after being deleted so the owner can’t get to them). And, sadly, you see this when someone states “The only authentication e-mails are my own access points” but one or more additional authorization requests were sent but were deleted by the hacker.

Basically, even if someone believes his/her e-mail is secure, a hacker very often is in the account and is intercepting mails or authorizing access to the stolen account.

Specific questions to ask if your GW2 account has been compromised:

1. Do you have e-mail or mobile authentication? Great!
2. Are you using or have you every used your GW2 password anywhere else? That’s a recipe for disaster.
3. Are you using a unique e-mail account for GW2 only? That’s a very good idea.
4. Have you reset your e-mail password recently?
5. Do you have authentication on your e-mail account, where it verifies your access through a mobile device?

We will help you with your compromised account but I’ve been discussing these incidents for the last several hours, and if you were hacked after installing e-mail authentication, the consensus is that someone has access to your GW2 account credentials and your e-mail account.

Lord Kuru.3685:

Most large email providers (definitely Google and Yahoo) allow you to see unalterable access logs. A quick google search will tell you how to find these. These logs are for account security and can’t be modified by a hacker.

• If you see a suspicious IP address in these logs, then your email likely has been compromised.
• If you don’t see a suspicious IP address and your email provider is someone as big as Google or Yahoo… make your own conclusion.

That is very helpful information. Thank you for posting that.

nuggant.8239:

I have done this and confirmed that my email account has not been compromised as I mentioned abobce care to expain how they got the info

I have no idea how your account was hacked. But it’s safe to say they did not get the information from us. How can I say that with such confidence? There are more than 3 million GW2 accounts. If there was a security breach, we’d see tens of thousands of tickets. There has not been an increase in hacked account tickets whatsoever; I verified that today. There has been an increase in the time that our agents require to answer tickets about the matter, so some people are concluding (falsely) that there’s some sort of issue, where in the past, compromised players were helped within hours and the matter never made it to the forums.

Some point to the forums to prove there’s a security issue. But if you see a “flood” of posts, you’re seeing a dozen. If there was a security issue, you’d see thousands.

I’m sorry you were hacked. But it’s not fair to conclude that “it’s on ArenaNet” when clearly, it is not. I strongly encourage you to read the Security Thread in its entirety to learn about this subject.