Guild Wars 2

Gaile Gray.6028:

BSMO.4560:

Toothy.8640:

Poxy Violence.3782:

So here is what happened to me just about 3 hours ago. First, I have an email and password dedicated to GW2 and nothing else. I also have the mobile authenticator enabled. I am 100% sure there are no trojons, or keyloggers on my computer. I logged on this evening and was put into a Lions Arch overflow server. I was standing at the bank when I was asked to ping my Twilight in /say, which I did. About 1 minute later I was disconnected to the character select screen, I jumped back in the game and was disconnected almost instantly. Jumped back on, disconnected again but this time a message popped up saying something along the lines of the account being used from another location. I immediately went to the account management page and tried to access my account but of course my password had been changed. I was able to reset it to a totally never before used password and log back on. In a period of maybe 3 minutes the hacker had got all my gold, t6 mats, and a good bit of my other mats. Of course when I logged back on I imagine the hacker got kicked to the character select screen and so we battled for control back and forth for a few minutes. Here is the strange part tho, once I stopped getting kicked I went to log into account management only to discover my password was changed again! Within maybe 8 minutes of me setting it to a totally unique password the hacker had changed it! This time I was unable to reset it and created a support ticket. Support was able to help me get control of the account again but I’m not at all sure that it will stay that way considering how quickly and easily it was hacked in the first place.

Most of the people who have been hacked in this thread have had it done via support tickets. If they kept changing your password like that, it sounds like your computer has been infected with a keylogger. However, it doesn’t make sense if you’re positive you had the mobile authenticator enabled, unless they used said keylogger as a proxy somehow, which would fit in with one of the posts above who said he had mobile authentication enabled and lived alone and yet his account was hacked without any other IPs accessing it.

I don’t think his pc was infected but even with full protection he got hacked !!
Why ?? The response is simple : someone can have acces to arena net ‘s database, the hacker only need to pick up wealthy people then he’ll receiving information to log into the target’s account and stole everything.

As me, Proxy Violence was in Lion arch overflow ’s server and said something on channel then be hacked !!!

There ’s obviously a failure so be carefull !! Until Arena net give us an answer players should avoid Lion Arc and WvW as much as they can, especially wealthy ones.

Stop and think: If the database had been hacked, hundreds of thousands of accounts would have been stolen. That is not what happened. Flat out not what happened. The situation has nothing to do with Lion’s Arch, or World-versus-World, or anything of that sort. These are individual cases, and we will work to help the account owners back onto their accounts.

I hope you’re right that’s nothing to fear but how and why we’re hacked then ? We did everything to protect our account : pc safe, 2authentificators, new emails + hard pass and there s still hack attempt, so why is the problem ?
We can’t feel in confident anymore while playing GW2 …

I doubt its a database hack, but more needs to be done to prevent “Support Reset hackings”.

But there is still certainly something odd about the number of people claiming to be hacked right after replying to an unusual whim, and i would never put myself into the possible position of being wrong by saying there is absolutely no way that the chat system could be exploitable,

This game is full of memory exploits as it is, just look at all the hack tools that are still unpatched (compiling with ASLR may help there), So I simply cannot trust any claim that there is no possible network/packet exploits.

This has nothing to do with an “e-mail hack”. I also received a message that my e-mail address was changed and I haven’t been able to get in game since. Account restored through support, password has been changed and is also unique, 2 factor authentication, no possible way for someone else to have my serial number, etc. I’m also getting the message that another client is logged into my account after getting kicked trying to get beyond the character selection screen.

There is a bigger issue at hand here. Anyone remember a similar problem with Rift? Trion insisted that this was a local problem over and over and over until a player found the hack and assisted them in identifying and fixing the problem. This is starting to sound very familiar. Anyone know if “Manwitdaplan” is playing GW2 or how to contact him? I think ANet needs some help.

>BSMO and everyone else who blames Anet

For the love of Dwayna, stop all this madness. Internal data breaches would mean all my “rich” friends would no longer have their precursors, Legendary mats, or even be playing. I trust Gaile and the other Anet employees when they say it’s not internal. Otherwise, the forums would be flooded with people complaining (note – the forums are filled with only a tiny percentage of GW2 account holders).

As was mentioned before, some of the hacks were due to:
1) players with bad personal security like easy to guess/common passwords
2) players with keyloggers/trojans
3) players who registered information on other websites that were hacked
4) players who had friends/family troll them by logging onto their computers and deleting everything

People will say anything in these forums to pass blame onto others, mainly because they are too ashamed to admit it might be their fault. And by fault I mean stuff like using the same password for everything, or too simple passwords, etc (yes, going to naughty websites and having keyloggers installed count too).

Remember, this is the internets. We can say anything and everything without a shred of proof. So when people say they’ve been hacked, and it can’t possibly be their fault because they are perfect angels with godly PC security, take it with a grain of salt.

If Anet says there is no evidence of an internal breach, I’m more inclined to believe them.

Gaile Gray.6028:

Stop and think: If the database had been hacked, hundreds of thousands of accounts would have been stolen. That is not what happened. Flat out not what happened. The situation has nothing to do with Lion’s Arch, or World-versus-World, or anything of that sort. These are individual cases, and we will work to help the account owners back onto their accounts.

I’m sorry but I have to disagree with your logic. If burglars had magic skeleton keys that could open any house, would you suddenly see hundreds of thousands of houses broken into? Nope, that’d just draw attention to the fact there was a hole in the system. They’d target the houses with the most loot and pick those off one by one.

Just the same, RMTs would only hack enough accounts to collect the gold they’re selling. Hacking thousands of accounts would both reveal the system flaw and hit their own customer base, when people stop playing GW2.

I’m not saying ArenaNet’s database has been hacked, just that your argument doesn’t hold water.

I’m sorry but I have to disagree with your logic. If burglars had magic skeleton keys that could open any house, would you suddenly see hundreds of thousands of houses broken into? Nope, that’d just draw attention to the fact there was a hole in the system. They’d target the houses with the most loot and pick those off one by one.

This.
These people are likely making money from these hacks by selling the gold so they won’t do anything to bring attention to themselves.

A person im chatting with right now just confirmed he too was kicked from the game and lost access right after responding to a sus whim.

I’ve seen a few people talk about getting hacked now with them getting a reply that no one other than the normal IP address had accessed the account. First thing I was thought of was IP spoofing. It’s not an easy thing to do, but hackers have been known to use this technique to bypass authentication procedures. Getting a players IP would be easy, especially if their email account is compromised. I know GMail keeps a list of IPs that access an account. Just something I think the security team may want to check into.

I Heard also in my server that 2 commanders as been hacked and they were Online walking arround but it wasn’t them.

I’m not sure if it is lack of their acccount’s safety… I don’t see high ranked players to do so. It may be strange that commanders are getting hited by this in a community of soo many thousands of players.

But it may be normal, I remember in the launch that huge wave of lost accounts there were thousands and thousands and support went overloaded trying to verify and get accounts back to their owners, thing that keeps happening today.

But do what… At least wasn’t me hacked.

I can only speak for myself, but my account being hacked was not due to lack of security on my part. If that were the case I wouldn’t waste my time posting on the forums. I don’t think Anets database has been compromised but I do think there is a flaw or a loophole in the account reset option. This is only my gut feeling, I don’t feel like I was randomly hacked but targeted. Of course there is no proof of that and you can believe what you want. I just hope that Anet can figure out how its happening and keep it from happening to anyone else.

Dunyas.8043:

I’ve seen a few people talk about getting hacked now with them getting a reply that no one other than the normal IP address had accessed the account. First thing I was thought of was IP spoofing. It’s not an easy thing to do, but hackers have been known to use this technique to bypass authentication procedures. Getting a players IP would be easy, especially if their email account is compromised. I know GMail keeps a list of IPs that access an account. Just something I think the security team may want to check into.

IP spoofing is one way but taking control of another machine is the easiest. There are quite a few windows based “tools” out there that allow this. They infect you via website or attachment and then have their way with your machine. I will not name them or link to them; don’t feel like getting banned from the forums. But they are easy enough to use.

As always, keeping your windows updated, keeping your browser updated and running a decent anti-virus can help. Using strong unique passwords for all your services is essential too. Personally, I use my machine for gaming only. I have a virtual machine for browsing the web and downloading. I never get hacked. But you don’t need to be as paranoid as I.

I am completely confused.
How are the bad guys able to get support to change email addresses without confirmation? This sounds more like untrained customer service reps rather than a trojan/keylogger?
How exactly are these accounts being compromised, if the information is (supposedly) known only to Anet and the victims? I can’t believe that every one of these hacked accounts had trojans…

Weird, just tried to auto-log into the GW2 client and it said “incorrect login, recover account” MY HEART LITERALLY stopped but I changed the password and all seems fine now, didn’t say any other IP has tried to log in.

I’ve been using auto-log/remember for ages but this time it didn’t like it for some reason out of the blue…

I am fortunate that I have not been compromised, but I did want to let y’all know that support is being extra careful with email address changes now. My non-public email address has recently started receiving spam that includes virus attachments, so I am changing it all the places I use it, including GW2. I was a little frustrated with all the hoops I had to jump through to make that happen until I read this thread. The game serial number alone was not enough proof.

My sympathy to the folks that had their accounts compromised…

Pandemoniac.4739:

I am fortunate that I have not been compromised, but I did want to let y’all know that support is being extra careful with email address changes now. My non-public email address has recently started receiving spam that includes virus attachments, so I am changing it all the places I use it, including GW2. I was a little frustrated with all the hoops I had to jump through to make that happen until I read this thread. The game serial number alone was not enough proof.

My sympathy to the folks that had their accounts compromised…

This is probably because they have nothing to do with the hacked accounts and are innocent!
Massages like:
Someone -hopefully you!- has requested to change the email address associated with your Guild Wars account.
is nothing. We are the ones to be blamed for buying the game and play it.
And of course support answers really fast if the company is to be blamed, but can’t support his players when they are needed. I hope that You did everything that You could and sleep well.

Xia.3485:

Dunyas.8043:

I’ve seen a few people talk about getting hacked now with them getting a reply that no one other than the normal IP address had accessed the account. First thing I was thought of was IP spoofing. It’s not an easy thing to do, but hackers have been known to use this technique to bypass authentication procedures. Getting a players IP would be easy, especially if their email account is compromised. I know GMail keeps a list of IPs that access an account. Just something I think the security team may want to check into.

IP spoofing is one way but taking control of another machine is the easiest. There are quite a few windows based “tools” out there that allow this. They infect you via website or attachment and then have their way with your machine. I will not name them or link to them; don’t feel like getting banned from the forums. But they are easy enough to use.

As always, keeping your windows updated, keeping your browser updated and running a decent anti-virus can help. Using strong unique passwords for all your services is essential too. Personally, I use my machine for gaming only. I have a virtual machine for browsing the web and downloading. I never get hacked. But you don’t need to be as paranoid as I.

You actually bring up a good point. But it’s not PC I’d be worried about. Using a compromised machine requires that it be on. I think something else people may be over looking is their router. If your system is compromised, it would take no time at all to set up a VPN on your router. Most people shut down a PC when they are done using it, they wouldn’t unplug their router. Making sure that your routers security is good would be important as well. Don’t use a default password for logging in and such.

Never been hacked in a MMO 20+ years, account was fine, left to Japan for a month, just came back and I could not log in. Tried reset password didn’t get anything, so I logged in to NCSoft master account and see on my GW zhuhiangXXXXX@123.com. No idea how my email was changed without my authorization or the serial code.

Big question is has anyone had any luck with support and getting a restore? I don’t seem to see the original posters anymore and that response from Karpuz was cryptic regarding Gaile’s email "

If anyone recieved the email from Gaile, it is legit and whatnot (i feared it wasn’t initially, before i even got to read her comment) but you must follow the exact instructions in it, or else it seems the offer falls.

So don’t try to get a backup, don’t try to save valuables in case something bad happens, don’t try anything…just leave it be…Or you’ll end up wishing you didn’t even get your hopes up in the first place."

Offer falls? Hoping they can do a restore as I havent been able to bring myself to even playing after this due to all the time lost, not to mention it possibly happening again.

Gahzirra.8639:

Never been hacked in a MMO 20+ years, account was fine, left to Japan for a month, just came back and I could not log in. Tried reset password didn’t get anything, so I logged in to NCSoft master account and see on my GW zhuhiangXXXXX@123.com. No idea how my email was changed without my authorization or the serial code.

Big question is has anyone had any luck with support and getting a restore? I don’t seem to see the original posters anymore and that response from Karpuz was cryptic regarding Gaile’s email "

If anyone recieved the email from Gaile, it is legit and whatnot (i feared it wasn’t initially, before i even got to read her comment) but you must follow the exact instructions in it, or else it seems the offer falls.

So don’t try to get a backup, don’t try to save valuables in case something bad happens, don’t try anything…just leave it be…Or you’ll end up wishing you didn’t even get your hopes up in the first place."

Offer falls? Hoping they can do a restore as I havent been able to bring myself to even playing after this due to all the time lost, not to mention it possibly happening again.

Bad news – they not only can’t do restores, they won’t even send some compensation through ingame mail to get you back on your feet.

Dont know If helps, but after reading this topic, I start putting my gold in the bank and have like 5 golds in the inventory to frequent WvW and Lions Arch.

Paarthurnax.8931:

Dont know If helps, but after reading this topic, I start putting my gold in the bank and have like 5 golds in the inventory to frequent WvW and Lions Arch.

Being someone who has been hacked, I can say that they WILL raid your bank for anything of value, they even sold my gift of the traveler to the merchant.

But here is a tip: what I noticed was that they cleaned out my level 80 character, but my 7 alts leveled between 1 and 11 weren’t touched at all, they were all in the same location where I left them and all the loot/gold in their inventory was still there (about 60 silver and loot worth 30 silver), if they went to the trouble of even selling my Gift of the traveler for 3 silver then why not clear out my low level alts? They must think there’s nothing of value there/waste of time.

My advice would be to make an alt and bury anything of value on them, hidden between junk loot from the starting zone.

While this may not be a sure fire way of preventing some gold/items from being nicked, it will at least decrease the chances of losing everything.

XunlaiSpy.9384:

I realize keeping old passwords in the DB is to prevent (any) players from using the same password.

I have a question:

Are old but uncompromised passwords still tied to the GW2 account?

For example:

Lets say I used to use an uncompromised “Password1234” as my old GW2 password which also happened to be the password for my email account. After reading Mike O’Brien’s article, I decided to change my GW2 password to keep it different from my email. Let’s say I didn’t change my email password …

Password1234 is now part of the unusable passwords since it’s still stored in the DB.

From:
https://www.guildwars2.com/en/news/mike-obrien-on-account-security/

“(The blacklist contains passwords only, not account names.)”

Does he mean GW2 account names or compromised website/email account names?

I want to know if Password1234 is still associated with my XunlaiSpy account. If it is, anyone who has access to the potentially compromised database now has access to my email address’ password. (Remember, I didn’t bother to change the email password …)

The fact is that the historical cross-reference from ANet itself led to a compromise. Which may be what Commander players are experiencing …

So … what used to be a clean uncompromised password is now compromised because ANet stored it to prevent other players from using it but hackers were able to use it themselves in another way …

1. they certainly don’t store passwords but one-way hashes, I doubt anybody would dare storing plaintext passwords after the Sony “hack”, so the original password is practically unrecoverable (depending on available computing power and hash method used)
2. there’s no reason to keep a blacklist of passwords assioiated with usernames, the blacklist will probably consist of a separate table with just hashes

Dunyas.8043:

You actually bring up a good point. But it’s not PC I’d be worried about. Using a compromised machine requires that it be on. I think something else people may be over looking is their router. If your system is compromised, it would take no time at all to set up a VPN on your router. Most people shut down a PC when they are done using it, they wouldn’t unplug their router. Making sure that your routers security is good would be important as well. Don’t use a default password for logging in and such.

Once they have access to your file system, they can grab your game settings (which includes your auto-login) and your email client files and your browser cookies. With those they have access to your login information and your emails. Possibly your serial code for GW2 too (too lazy to check). All they need is to wait for your machine to be on to use it like a proxy to swindle your account.

Anyone who uses auto-login, for the game or anywhere on the web, is begging to be hacked.

You don’t need to be an IT pro to do it either. Just install the game and copy over the other guys settings. Or install the same email client and copy over the other guys details. etc etc.

Seriously A-Net, disable the auto-login option. Make sure the password is never stored on the machine. Make sure the serial number isn’t stored on the machine either (don’t know if it is, but it better not be). There should also be an authenticator service in the form of an iOS and droid app as well as a stand alone device you can sell. IP address detection is a good step, but its far from being enough.

Anyone who uses auto-login, for the game or anywhere on the web, is begging to be hacked.

yeah……. i’d just like to kindly ask you to take that notion and stow it.

Lyenyo.2891:

But here is a tip: what I noticed was that they cleaned out my level 80 character, but my 7 alts leveled between 1 and 11 weren’t touched at all, they were all in the same location where I left them and all the loot/gold in their inventory was still there (about 60 silver and loot worth 30 silver), if they went to the trouble of even selling my Gift of the traveler for 3 silver then why not clear out my low level alts? They must think there’s nothing of value there/waste of time.

This is exactly what they did to me, my second 80 that was in Ruins of Orr was untouched but my 80 war that was in Lions Arch at the bank, bank gutted and auctioned off…(it sucks being able to see all the transactions and Anet cannot do a thing) and to add insult they deleted him after gutting but left every other char untouched. Sadly all my gold was on the War with just pocket change on alts.

Also had two emails from in box from unknown players with nothing on them, dated same day as the hack transactions…

Karpuz.5409:

If anyone recieved the email from Gaile, it is legit and whatnot (i feared it wasn’t initially, before i even got to read her comment) but you must follow the exact instructions in it, or else it seems the offer falls.

So don’t try to get a backup, don’t try to save valuables in case something bad happens, don’t try anything…just leave it be…Or you’ll end up wishing you didn’t even get your hopes up in the first place.

Still wondering what this statement meant “but you must follow the exact instructions in it, or else it seems the offer falls.”

Dunno may be misreading, but it sounds like something was done for them?

Gahzirra.8639:

Karpuz.5409:

If anyone recieved the email from Gaile, it is legit and whatnot (i feared it wasn’t initially, before i even got to read her comment) but you must follow the exact instructions in it, or else it seems the offer falls.

So don’t try to get a backup, don’t try to save valuables in case something bad happens, don’t try anything…just leave it be…Or you’ll end up wishing you didn’t even get your hopes up in the first place.

Still wondering what this statement meant “but you must follow the exact instructions in it, or else it seems the offer falls.”

Dunno may be misreading, but it sounds like something was done for them?

I would like to know this as well.

ArenaNet could make a extra security, like the cell phone authentication, but, everytime you log in your account you need put a security code that you receive by mail when you try to log in the game, but put just to people that want extra security, because everytime you log in the game you need check your email for the security code.

Some people in this topic said that they can proxy your ips, so we dont receive the authentication by mail/cellphone, so if they make a extra security code that i receive everytime we try to log in your own account, will be very secure.

Xia.3485:

Dunyas.8043:

You actually bring up a good point. But it’s not PC I’d be worried about. Using a compromised machine requires that it be on. I think something else people may be over looking is their router. If your system is compromised, it would take no time at all to set up a VPN on your router. Most people shut down a PC when they are done using it, they wouldn’t unplug their router. Making sure that your routers security is good would be important as well. Don’t use a default password for logging in and such.

Once they have access to your file system, they can grab your game settings (which includes your auto-login) and your email client files and your browser cookies. With those they have access to your login information and your emails. Possibly your serial code for GW2 too (too lazy to check). All they need is to wait for your machine to be on to use it like a proxy to swindle your account.

Anyone who uses auto-login, for the game or anywhere on the web, is begging to be hacked.

You don’t need to be an IT pro to do it either. Just install the game and copy over the other guys settings. Or install the same email client and copy over the other guys details. etc etc.

Seriously A-Net, disable the auto-login option. Make sure the password is never stored on the machine. Make sure the serial number isn’t stored on the machine either (don’t know if it is, but it better not be). There should also be an authenticator service in the form of an iOS and droid app as well as a stand alone device you can sell. IP address detection is a good step, but its far from being enough.

If they have access to your machine they can log your keystrokes anyway?
Please don’t write things as fact when you haven’t thought them through!

Why would they have access to your cdkey? Why would it be stored considering it is only used to create your account?

Toothy.8640:

If they have access to your machine they can log your keystrokes anyway? Please don’t write things as fact when you haven’t thought them through!

They don’t need to. If you enabled auto-login all your information is stored in your profile. It’s not plain-text but that’s not the best defense anyway.

Toothy.8640:

Why would they have access to your cdkey? Why would it be stored considering it is only used to create your account?

I never said it was. I sure did say it better not be though. Some people store that stuff in text files in their game directories (I know I used to). That’s also a bad practice in this case.

Squall Leonhart.2075:

Anyone who uses auto-login, for the game or anywhere on the web, is begging to be hacked.

yeah……. i’d just like to kindly ask you to take that notion and stow it.

Yes because storing your username and password in a file on your pc is a smart move. Do you have your safe’s combination on a post-it next to the keypad too?

I know its easier for everyone to blame anet for their security issues. But there some simple safe practices everyone should follow. Namely:
*Not using the same email and password everywhere.
*Not storing your password on your pc (this includes browser cookies and auto-logins).
*Avoiding public forums and internet explorer on your main PC (there is another jpg vulnerability out there, google it). I personally use a VM for browsing / downloading.
*Don’t put your toon names in your SIG on forums (don’t use the same pw on that forum too)

Considering GW2 can also remember your credit card details for gem purchases (profile or server, I don’t know).. being security aware is rather important!

Now.. where are the final versions of them authenticators?

Nice! That’s very good news.

I’ve read on these forums a few times in the past of people getting thier accounts hacked and stolen, more so than i’ve seen in other games. I read them and dismissed them thinking, “well it’ll never happen to me, they must’ve done something wrong or visited some shady sites” and kept going about my day. Although a guy with alot of gold in my guild and the commanders in the EU servers being hacked scared me into making stronger passwords.
In GuildWars2 Ive been a commander on crystal desert for about 2 weeks now, and have had my legendary about 3 weeks. Today, sitting in wvw, i am booted because “someone has accessed my account” is the message. I immediately try to log back on but the password is changed. I find out how to reset my password and get back in to find my characters are still there n dressed but my 900 gold in my bank is gone. I worked the trading post alot and made alot of investments every event and got that gold from both normal playing and an hour or so a night playing the trading post/investments since release.
Needless to say I am very upset, put in a ticket and immediately change my password for guildwars2, I know my email was most likely compromised so i change the password for that as well, but I cant find any confirmation email sent from arenanet that my password was changed, so he must have deleted it and deleted it from the trash folder as well. For some crazy reason arenanet will not allow me to change my email address immediately so I put in a ticket explaining what happened….
30 minutes goes by after i logged in with the new password, sitting in LA alt+tabbed now changing my email password and boom, logged out due to someone accessing my account for a 2nd time. This time I cannot log back in as he must have changed my password again, and also, I try to reset the password again with my serial code number and this doesnt work either. It gives me an error and says to contact support, which is what I thought I was doing…..
So hacked twice, this time who knows what he did and im locked out of my account… I just want to say to the people like me who didn’t believe it when I saw it elsewhere…
I never went to any shady sites, I never gave my email out or put any information like that in public view.
All I can think is that I was targeted, and I am here to say its becoming more and more common. I did not have an authenticator for a cell phone because I dont have a celllphone. I don’t know what else to do but put in a ticket, which im sure will take a week or two to hear a reply from. I hear they cant replace or restore anything like all the other MMO’s ive played can. Its upsetting and I cant help but feel that the game isn’t secure enough. Protect yourself guys, its alot more common than you may think.
Afternotes:
I use Norton Anti Virus, which says I am secure. I also use a seperate password for gw2.
today support emailed me and I regained access to my account. After the normal message telling me about how to regain my account now that theyve reset passwords etc, this is all I got in regards to everything this hacker has stolen:
“In regards to missing gold, characters and items, currently we are technically unable to provide restorations or any direct assistance with reclaiming what was lost.”
We hope this information is useful to you. If you have any further questions or concerns, let us know. See you in Tyria!
… needless to say, I replied with thank you for your help, but I doubt I will be playing MMO’s at all anymore after 1000+ hours of work lost with no support to get it back.
I replied again telling asking him if they even checked to see where the gold went in the mail because this is obviously where the hacker put it or the ring of bots/hack accounts are… and I get this answer… and this for sure, is why I will never play this game again, nice customer service here.
“Thanks a lot for taking the time to contact us. We really appreciate your thoughts and ideas. The best way for your feedback or suggestions to reach someone in development is for you to post your ideas within our Official Forums.
While members of the Development Team are not always able to respond, having suggestions available in a public area helps them gauge the amount of interest for various ideas, and also allows other players to discuss and offer feedback of their own."
wonderful… doesnt even answer my question and tells me to go talk about it on the forums. I loved this game, but theres no support.
Important note: reported to yahoo.com and the reverted my account and brought back any deleted messages, turns out there were never any from anet. Which means they totally bypassed the email system of guild wars 2.
I made this post and Gale Gray closed it after it was getting alot of attention… wow are you serious? Company image management?

Anet will always do that, as they will with this post when they see it..

There are threads about this already which they want you to use.. not repeatedly spam new threads when you get an old one locked.

Gaile Gray.6028:

I talked to the Security Team, and they expect a final version with in the next several weeks. More testing, feature reviews, etc.

Is there any intend on releasing official physical authenticators rather than ‘certain brands may or may not work’? Also any updates on the rollback system for compromised accounts?

Hey I’m only pointing out what Anet will do when they see this. If they locked your previous thread, they’ll lock this one to… I don’t make the rules.

There’s at least ONE active post about Commanders getting hacked (when I looked it was the link above this post)… so no it’s not getting minimized. That you didn’t get (what you thought was) the right response from Support is a little sad… Anet doesn’t quite have the tools in place to do what you want them to do (which is account restoration I assume), but they will do shortly

Other than that what can they do? They gave you your account back.. now instead of you posting on here about how Support aren’t supporting you.. go put an authenticator on your account.

It’s scary to see High end players as commanders hacked, it looks nobody it’s safe in this game from getting hacked.

The really really sad part is that Anet CAN’T replace the account as it was before getting hacked, that in cases like this it’s a good motive to hate their atitudes.

It’s like a Player is hacked, ANet won’t trace or investigate for find out what happened, where are Logs, it’s frustating.

But we can’t do nothing about it, sadly, it looks ANet also can’t.

this happened me yesterday – 240ish bag of golds gone 90ish mystic coins and 50 ectos – didn’t realize my coins wree misisng until today when i finished my daily. dunno what else was missing – but seems they didn’t touch my gear at all.

I’m kind of happy to be so poor now, got nothing tradeable worth stealing. :P

Out of curiosity… did you use a Yahoo email?
From what I’ve read at least two of the hacked people used Yahoo.
There could be a breach on their end.

yes im on yahoo – i think im going to change it now

Makes me sad to read this rubbers, i was hacked back on the 22nd (probably why you haven’t seen me around) and i too took every percaution i could… we dont know how it happens, but commanders/legendary holders/golden title are being targeted, and with no way of getting any of it back rather than…hey go do it again! and it could happen again… right now we’re just waiting for account restorations(which probably wont be retroactive… but they dont have any info(and “very very close” or “near future” has been weeks) so it is a crappy situation…

Perfectxshot!!! NO! You too? WOW how common is this?? man im sorry to hear that too dude this is incredible, how could this be happening and nothing on a.nets end they arent even acknowledging it.

Anet has stated that its not a problem on their end, but there isnt much correlation to any of us as to HOW we got hacked (shady sites, forum hack, crappy password, etc…) none of that… but ya, they got me a while ago, and i got the same robotic responses, and now its just wait and hope they figure something out, and if they dont at least take the time to help those that didnt get help retroactivly…and i have nothing but support for all those that got hacked, as for right now, we’re just SOL 8(

Anyone considered the possibility that one of the many fansites (GW2 Temple, dragon timer sites, the many blogs, etc) frequented by GW2 users is fronted by hackers/goldsellers? Its not exactly hard to get your IP there, and not much further to put in some malicious code. Particularly too where you might be persuaded to post some information or do some clicks (like updating dragon timer.)

Okay so recently I heard that the trading post is just a website that will log you into the GUI. How secure is this trading post login page, since it uses your username/password to login? Would it be possible to figure out a way to track peoples sales/information through the trading post if you can get into it?

Wow deleting a thread because it got too popular…

So, what you’re saying is… someone got access to your email account? If so, the issue most likely is not on anets end.

yagerau.6438:

Particularly too where you might be persuaded to post some information or do some clicks (like updating dragon timer.)

Hmm, wonder how many of the hacked accounts went here…I had never visited any other GW2 sites then I was told about dragontimer, I went to it and one time I had updated the timer. May be just coincidence that I was hacked shortly after this.