Guild Wars 2

I had a strong password. It was unique, it was dozens of characters long using caps and lowercase, numbers, special characters.

I never gave it out to anyone.

I never clicked on any fishy links, I always hover over links before clicking.

I use antivirus software, I use noscript in my webbrowser except for for trusted sites.

I lock my doors, nobody except me has physical access to my computer

I was logged into my email, which I leave logged in, because if someone were to compromise my email password remotely, it would log me out, which would cue me to start changing other passwords and contact emails, and calling the bank.

Yet despite all of this, my account was lost for 8 days. Characters were stripped, bank emptied, gold gone.

How you ask? Because the RMT hacker asked an Arenanet employee to give him a new password to my account! I never got the password reset email, somehow they did. I don’t believe I’ve been remotely backdoored, because all my other game accounts are intact and were never touched. My steam account was never touched. Had they had remote access to my machine, or email, they would have had the ability to do a lot more damage than just GW2. I was only made aware of the compromise 7 days after it happened, when I got a survey email for the ticket to see how I liked arenanet’s “service” for my account (I’ve been working a lot lately and haven’t had time to game at all).

Arenanet needs to take additional account security measures. Guild Wars 1 requires knowing a character on the account’s name to log in. My GW1 account as I’m checking now, is intact. Arenanet employees need to verify a requester’s identity before sending password reset links, and they absolutely need to check to make sure the email they’re replying to is valid and not a spoof.

Having a login and password is not enough, unfortunately some people including myself do not have smartphones (I have no need of internet access on my phone aside from authenticators, apparently) so smartphone app only authenticator is not an option for everyone (why not sell a Fob?). I wish it were possible to feel safe that my account will not be stolen again in the same manner, but with the current policies and current account security measures, I can’t help but worry when the next time an RMT hacker will get my password on request due to Arenanet employee incompetence.

If you dare try and blame this on me, and say I caused my account to be compromised somehow, I will drop the name of the CSR and post a screenshot of the email (with my own information hidden) and I will out your incompetent employee. Seriously when you get a support request that is “Could I get a new password here?” and no other information, no reply to the emailed ticket after the password reset link is sent out, does that not raise red flags for anyone?

As someone who has been compromised before in another game, I can say that if things happened as you say, it’s very likely that your email has indeed been compromised by some method. There are many attack vectors that can be used to strike a computer, anti-virus/firewall or not, including automatically executing trojans that latch themselves into advertisements on other websites.

There are plenty of reasons why your other accounts may not have been touched. The bank account is an obvious one; most banks would still require your PIN or something of the like in order for you to log in. As for the rest, perhaps the hacker didn’t know about them, or targeted GW2 specifically.

More importantly though, if you haven’t done so yet, you really need to ensure that your email (and computer, of course) is secure. That’s the only real way they could have intercepted the password change request and, perhaps more strikingly, the authentication emails you receive when you try to log in from an unrecognized location.

EDIT: As an addendum, you should strongly consider getting a smartphone; not just for GW2, but for other applications that allow for two-factor authentication. Remember that the whole point of two-factor authentication is to split authentication into two different categories: something you know, and something you own. It’s the closest you can get to being “safe” while connected to the Internet.

Antonio Cappello.1806:

As someone who has been compromised before in another game, I can say that if things happened as you say, it’s very likely that your email has indeed been compromised by some method. There are many attack vectors that can be used to strike a computer, anti-virus/firewall or not, including automatically executing trojans that latch themselves into advertisements on other websites.

There are plenty of reasons why your other accounts may not have been touched. The bank account is an obvious one; most banks would still require your PIN or something of the like in order for you to log in. As for the rest, perhaps the hacker didn’t know about them, or targeted GW2 specifically.

More importantly though, if you haven’t done so yet, you really need to ensure that your email (and computer, of course) is secure. That’s the only real way they could have intercepted the password change request and, perhaps more strikingly, the authentication emails you receive when you try to log in from an unrecognized location.

EDIT: As an addendum, you should strongly consider getting a smartphone; not just for GW2, but for other applications that allow for two-factor authentication. Remember that the whole point of two-factor authentication is to split authentication into two different categories: something you know, and something you own. It’s the closest you can get to being “safe” while connected to the Internet.

My email is has 2 factor authentication, I have to type in a code texted to my dumbphone in order to log into it.

For it to have been on my end I’d have to be backdoored with some NSA level remote access stuff, undetectable with any virus scans or hijack this, and going right through a firewall, and the trojan will have had to have executed through noscript, where I enable only a few trusted sites and enable script by script individually.

also the flagrant disregard to verify the identity of the help request is something that needs to be addressed. “Can I get a new password?” “Okay, here you go” is just abysmal.

“Social engineering” is the single most effective hacking tool there is. I am sad to see this from Anet, but not surprised. After 16 years in the IT industry, I have almost seen it all, and have seen this type of thing happen many times before.
You should post the ticket number so Gaile can look in to this. The support rep may need to be spoken to if what you have said is correct, and I have no reason to doubt it.

ShiningSquirrel.3751:

“Social engineering” is the single most effective hacking tool there is. I am sad to see this from Anet, but not surprised. After 16 years in the IT industry, I have almost seen it all, and have seen this type of thing happen many times before.
You should post the ticket number so Gaile can look in to this. The support rep may need to be spoken to if what you have said is correct, and I have no reason to doubt it.

I’ve called out the specific Arenanet employee in the email chain with Arenanet as I was trying to get my account back, so I’m pretty sure they’re well aware of the employee’s failure.

BTW, if Gaile reads this, the relevant ticket number is 345799. I’m awaiting a restoration of my characters to before the account was compromised, as multiple characters are stripped of gear including stuff that I paid RL money for, gold all gone, bank virtually emptied, even the completed gift of mastery and gift of bifrost were vendored.

Hi Devildoc,

I think that you are pretty wrong in this thread. If you truly want help I would suggest changing your tone to a more neutral story.

What are the facts?:

The fact is that someone has made a support ticket and that person was somehow capable of convinving support they where you.

You only found out after you recieved the survey email. The fact that your recieved that email verify’s that all communications have been done through your emailadress.

This would indicate that, despite what you are saying, your security has been breached.

So your accusations against the arenanet employee must be false and wrong becauser the seucrity leak is at your end.

Also, not acknowledging this issue means that even IF support is still willing t ogive you the account restoration, the hacker can regain control over the account again (cause you haven’t sealed your security breach). If that happens, you will NOT get a second account restoration. This is only given once in a lifetime.

I stronlgy suggest to rewrite your ticket (the one you made yourself) and your story here in a more neutral tone that reflects the facts I just have given.

So ask support for help instead of making false accusations. If it happens to be that Arenanet did make an error (wich I doubt given the facts presented here) they will make sure they set it right.

However making such complaints here in public might result in support being less happy and willing to help you. Simply cause you are accusing them of mistakes they did not make.

Hello everyone

Please contact the Support for issues like this. We here in the forum do not have the proper tools to help you in this case. I am pretty sure, the support-team will be glad to help you.