Guild Wars 2

Fresh back from my fourth, yes FOURTH account hacking (the third was intercepted by ANet and unsuccessful though – of course this was less than ten days before the fourth), I felt it beyond necessary to find out HOW online accounts are hacked (this isn’t specific to gaming, just in general) in order to best prevent it in future.

What follows comes from mistakes I have made myself, mistakes I have read of other people making, back-door access I’ve read about and the methods used for learning passwords.

Username email addresses
Up until two days ago, with the exception of Guild Wars, every single one of my online accounts tied to the same email address.

When a hacker has your username, they already have half of the data they need to access the account they’re interested in. Using the same email address for more than one account that you actually care about gives half the data needed for anyone to access those accounts. (My basic utility accounts use the same log-in, but I’m fairly sure hackers have no interest in my gas and television services. Likewise, I’m not about to change my log-in for pizza hut).

After so much trouble with account security, this has afforded me a wealth of possible usernames and now none of them have gone to waste. The five services I use most often/feel most concerns over security breaches now each has a separate username assosciated with it.

Potential mistakes with multiple emails
*Having the SAME string of characters at the start of the email. For security purposes, many services —- out portions of an email address, but if the recovery email starts and ends with the same letter as the account – well, that’s the FIRST address they’ll try.

*Using the same email address as recovery for all your other email addresses. No matter how secure you think this email address is, if it IS breached then you’ve just given away access to ALL of your other email (at least any addresses that are known). Pairing email recoveries together seems a sensible idea here – a recovers to b, b recovers to a, c recovers to d etc etc.

Securing your emails
*Two way verification is a good thing. Use it. I’m particularly impressed with microsoft’s app – this doesn’t require a code (which someone could luck into) but needs you to actually use your smartphone to approve access.
*Regularly UNtrust devices if you are able to (yahoo does not give this option – google and microsoft outlook both do)
*If a service insists on security questions, use these to your advantage. Don’t answer the questions honestly -instead create an additional two passwords.
*If a service allows you the opportunity to create a sign-in seal, use it (this is where yahoo has just about its only advantage). This prevents you accidentally signing in via a fake site giving away your log-in details.

Passwords
ANet has a leg-up here by blacklisting passwords. I’m not sure if EVERY password ever created for Guild Wars is unable to be reused, but they’re certainly off to a good start.
*There are common password patterns – the most common being to start with a capital letter and end with digits or special characters
*The most common digit used in passwords is 1
*The most common special character is !
*There are programs that work out the order of characters in a password (I don’t know how these work)
*Hackers will start by trying with the most common password components looking for a match
*A 30 character password consisting of all lowercase letters WILL take magnitudes of time longer to crack than a 6 character password containg a mix of character types.
*A 30 character password that mixes all character types will take longer to crack than the 30 character password only using lower case letters.
*If someone has sufficient information about you, they can change the password to your account without logging into it themself.

Back door entry
There are some hackers who go through simple channels with various online companies to glean the data they need to access a particular account, exploiting the human factor. Those four little digits at the end of your credit/debit card that all websites leave on display? Those four digits can be used as proof of account ownership in a lot of places. I know the support tickets we send in to Guild Wars 2 asks for those four digits. That, and a billing address (never obscured if you’re logged in) can further prove your identity.
Amazon and Netflix aren’t services that I’m about to give up, but they hold those precious four digits (well, Amazon DID until around an hour ago).
*If your username/password combination for these is weak (mine CERTAINLY was), then it’s very easy for someone to get hold of what should be secure details about you.
*I read of an Amazon account being accessed in two phone calls (one to add a credit card and one to reset a password) when a username was known. This was then used to gain access to other accounts.

Other steps I have taken
After the most recent attack on my account, I was all but certain there WAS a keylogger on my system somewhere – no matter what my active processes looked like or what a multitude of security scans told me (they all came up clean every time). I reinstalled Windows (if you’re wondering why I didn’t do this sooner, an accident with my laptop left me needing a new hard drive, so my recovery partition was gone and I needed to purchase the software).
As a matter of extra caution, once the installation had finished, I set up a new account to sign in.
All my accounts have unique passwords – the shortest of which are for outlook and paypal because these set character limits.
If there is an option to verify accounts using my phone (via app or text message), I verify accounts using my phone. Which now uses a keypad lock and my SIM card is also pin locked. My phone rarely leaves my home.
I am NOT storing any passwords in any digital format – neither online nor on device – I’m using the old fashioned pen and paper method.

Pitfalls with ANet’s system
Please note, I am NOT laying any blame here.
*Once an account name and (presumably a few) other details are known, it is easy to change the email address associated with it. I have been assured that nobody has contacted support using my product code, which means this isn’t needed.
*Once an account name HAS been changed, the mobile authenticator resets, so if your log-in HAS been compromised, the mobile authenticator won’t help you.

Personally, I would like to see either a more thoroughly filled out support ticket needed to change a username. Failing that, a 24 hour account suspension after a username change to allow time for counter-tickets to go through.

Non-salvageable/saleable gear
The vast majority of my armour and weapons were salvaged or sold. One of my characters is currently geared to an acceptable level to play with. My necro has a full set of WvW armour and a WvW axe. She’s borrowed The Incinerator from my thief. If you fear that you’re still vulnerable to hacking, invest in some WvW armour and weapons for one or two of your characters.

I hope this helps someone out there. I hope nobody can beat my record of number of times hacked (because, honestly, it sucks). If I’m missing anything, please let me know.

Good with keeping secure!

I was indeed missing something. Something potentially massive.

Your web browser is possibly storing passwords and almost certainly storing usernames. As I’ve already said, your username is 50% of the information needed to gain access to an online account. A quick internet search on your web browser for something along the lines of “Stop [browser name] from storing usernames” should provide easy steps to solve this issue.

All this is good info (tho perhaps a bit of overkill in some areas), but if you are concerned about your browser storing usernames and passwords, you have some other VERY serious security problems. If a hacker can get to your local browser data, your Anet account is the least of your worries…..

In my experience, both password and username changes via CS should require the user to PROVE they are the account owner. Currently, I think you can just send an email from your associated account and Support takes that as a verification. A hacked email account is the easiest way for a hacker to gain access to your account and ALL the hackers know this.

@ Nessarose.

I too am currently going through my fourth hacked account this year. I am at a serious loss of what to do now. The hacker just requested an email change and then hey-ho, my account was lost to them.

I wish we had the opportunity to make things like mini-pets, armours and weapons etc account bound and unsellable. GW1 did this with mini pets. The more stuff that can be unsellable the better as it would be a deterrant.

At the very least, Anet should put accounts that have been hacked once onto a watch list with a possible 24 lock down until verification is confirmed.

I am getting the point now of jacking the game in and finding something different as I dont know if i’ll have to go through all of this crap again next month.

SECURITY of accounts should be paramount, above all else. If you want customers to play this game and keep this game going into the future, then security needs to be jacked up asap.

This post has been really informative for me, I’ve just been hacked again for the third time these past 3 months and I was wondering what else I could do to protect myself. Between my anti virus program, unique passwords for all my e-mail and gaming accounts, an anti-keylogger program, and the phone authenticator I still was hacked for the third time.

From this post though I’ve learned a lot more on how to better protect my account and the process hackers use to go about their business, but unfortunately I am not sure if I’ll be able to see if these extra steps I’m taken would prove fruitful or not since my account has been declined an account restoration. I’m not to keen on starting off with 0 items across my 2 year old account with the idea that if I get hacked again, the only thing the support staff could do is reset my password for me.

So I’m curious on knowing if there’s a maximum amount of times an account could get a full restore or do the customer support just go by case by case basis.

Ytlayol.5864:

This post has been really informative for me, I’ve just been hacked again for the third time these past 3 months and I was wondering what else I could do to protect myself. Between my anti virus program, unique passwords for all my e-mail and gaming accounts, an anti-keylogger program, and the phone authenticator I still was hacked for the third time.

From this post though I’ve learned a lot more on how to better protect my account and the process hackers use to go about their business, but unfortunately I am not sure if I’ll be able to see if these extra steps I’m taken would prove fruitful or not since my account has been declined an account restoration. I’m not to keen on starting off with 0 items across my 2 year old account with the idea that if I get hacked again, the only thing the support staff could do is reset my password for me.

So I’m curious on knowing if there’s a maximum amount of times an account could get a full restore or do the customer support just go by case by case basis.

In regards to the account restoration from what I’ve seen on these forums seems to only be once in most cases, so if you had it done twice for you consider yourself lucky already, although I’m sure it’s not going to make you feel better. Sadly anet cannot keep restoring accounts of people that are getting hacked because it would affect the economy too much, especially if said person has a lot of valuables.

In regards to being re-rolled affecting the economy, that is total BS. The economy has already been affected by the hacker selling everything in the first place. My stock of mats was there for me, not the economy. I also had a lot of mini-pets, a collecting habit I had from the original GW, with no intention of selling them – they should give people the option of account binding items of personal value.

If your RL bank/credit card account had been hacked, the bank would refund you your money – they dont complain of affecting the economy. I regard Anet as protectors of my GW account, just like a RL bank is of your RL money.

But you were compromised, not A-Net. If someone steals your wallet, can you go to the bank and they say: no problem, here you get your money back?

Thanks for the information, its very helpful to me too.
I was hacked for a second time and today i was refused a second restoration on my account.

I feel like whats the point in playing if all my items will be lost so easily and never returned?

I thought i was safe with the mobile authentication, tough , it is practically useless isnt it?

I dont know if i will even log in to my account again…

@ cptrips

Yes, I was compromised but it was Anet who compromised me in the first place. It was they who authorised the hacker to change my e-mail address, so it was they who are at fault.

Like others here have said, if I do not get a re-roll back to where my account was before the latest hack, then I will certainly consider ‘jacking in’ GW2, because I do not see the point in carrying on anymore. Who is to say, that I wont be ‘hacked again’ next month or the month after until infinity. If this is to be the future of GW2, then this game will surely die as it wont have any customers left except hackers and bots.

I agree with you @Dana Hawkeye.
The exact thing happened to me as have happened to you.

And i dont feel the point in playing anymore if this could just happen again and again, and i feel like ive recieved no support or help in the matter.

At the moment, I am waiting a reply to my last e-mail to the GM’s on a possible re-roll. I am not logging-in to the game until I hear what the reply is. If it is a negative response, then that will be it for me, I will let the hackers have my account and good luck to them.

I cannot believe that players like myself and other who have played 7 years on the original game and 2 years on the current one are being treated in this way. Anet needs to get a grip on its security before any new changes are made to the game, this should be their number one priority. I have to go through hoops to log-in on my banking, an online game should be no different.

Gaile, I appreciate the response, but comments like below do not support your information and there are still those reporting loosing their accounts due to hacked emails (I do not know the details, so maybe the hacker DID prove they were the account owner to Support’s satisfaction…that is certainly possible).

Also, if these are recent changes, might i suggest this change is ANNOUNCED in some official capacity? First, players need to KNOW that submitting a request for these changes via an email will just waste both the player’s and Support’s time (rather than just starting the process at the Support website. MOST importantly, I think if account hackers are made aware that just hacking an email account will NOT get them control of an account, it would discourage the email account hack to start with. I know that it may be desirable to NOT announce a security policy change like that, but I think an announcement should be considered (if this change has actually taken place as you seem to believe….see below).

Dana Hawkeye.9724:

@ Nessarose.

I too am currently going through my fourth hacked account this year. I am at a serious loss of what to do now. The hacker just requested an email change and then hey-ho, my account was lost to them.

Dana Hawkeye.9724:

@ cptrips

Yes, I was compromised but it was Anet who compromised me in the first place. It was they who authorised the hacker to change my e-mail address, so it was they who are at fault.

When did this email request change occur (roughly) and did they make the request from your hacked email account, or via some other method? If it was thru the ticket system, they would have had to have a significant amount of information on your account to convince Support they were you. Note that you MUST enter quite a bit of information like this to even get a Support ticket issued (so you can request an email / password change.

If the hacker got into your email account (before changing the email on the GW2 account) then your claim that this is Anet’s Fault is bogus…..simply NOT factual.

Did they hack your email to accomplish this and if not, how did they manage to get the email address changed? Have you ASKED Support about this and have they answered you?

I’m interested in this issue because Gaile seems to think these potential security holes have been closed (granted, holes CAUSED by player security failures).

bradldz.3728:

Ytlayol.5864:

This post has been really informative for me, I’ve just been hacked again for the third time these past 3 months and I was wondering what else I could do to protect myself. Between my anti virus program, unique passwords for all my e-mail and gaming accounts, an anti-keylogger program, and the phone authenticator I still was hacked for the third time.

From this post though I’ve learned a lot more on how to better protect my account and the process hackers use to go about their business, but unfortunately I am not sure if I’ll be able to see if these extra steps I’m taken would prove fruitful or not since my account has been declined an account restoration. I’m not to keen on starting off with 0 items across my 2 year old account with the idea that if I get hacked again, the only thing the support staff could do is reset my password for me.

So I’m curious on knowing if there’s a maximum amount of times an account could get a full restore or do the customer support just go by case by case basis.

In regards to the account restoration from what I’ve seen on these forums seems to only be once in most cases, so if you had it done twice for you consider yourself lucky already, although I’m sure it’s not going to make you feel better. Sadly anet cannot keep restoring accounts of people that are getting hacked because it would affect the economy too much, especially if said person has a lot of valuables.

Its disheartening, what is the point to play in MMORPG if at any moments notice everything you’ve done is to be erased and you have to start from scratch again? What happens if next time I’m hacked they decide to delete all my characters? Am I supposed to buy a new account and start off from scratch? Is that what I need to do to have the company provide account recovery?

I’m actually curious to know what their stance is on these questions. If its by case by case basis, then if I talked to a different customer support, would they still decline me a account restoration? If I continue playing the game on the same account for the next 2 years and gotten hacked, would they still deny me an account restoration?

Its understandable regarding their stance on the subject, but in the consumer’s case it makes no sense to continue playing while all these questions are in the back of our minds.

I also am among the lost accounts and share the pain. The OP of this thread though is trying to be quite positive about what can be done and it would be a shame if his thread was pulled because people see it as a place to vent on their cases and frustration in general.

Back on topic, I really like the idea that was aired of a 72 hours account suspension when changing the email address. Having just given up 20 days, I would be more than happy with 3 days of opportunity to say NO – I did not ask for that change. I think this, more than anything else, would be so helpful in stemming the tide of account theft.

The fact that so many people here are not finding keyloggers with multiple scans is rocking my faith that my 3 programs all show me always as clear. In my case I know phishing was involved, but I don’t know that it was all phishing. I am going to look at options of a different computer or fresh windows install this weekend. Looking at the devastation of a trashed account is pretty depressing and if I have to do that twice I think that would be the end for me.

The other thing is when you get your account back you must go in and update your account security. Login here on the site in here and go to My Account and then Account Security. You will need to remove any authorised regions that look suspect. I just got my account back and went in and removed authorisation for the suspicious “.cn” IP zone.

Note that NOTHING Anet Support can do, say or link can uncompromise a hacked email account. If you continue to use an email account that a hacker has gained access to, your GW2 account should be the least of your worries. If that email address has EVER been used at a website you made CC purchase from, you are likley close to a finacial compromise that will make a GW2 account seem trivial…..ABANDON any email account that has been hacked. Even changing the password is only a temporary fix as it will certainly be under attack again.

1. Use an email account ONLY for GW2.
2. Use a proxy address from that account for your GW2 account name.
3. Use Mobile authentication for access to that email account.

While game economy reasons are the end game for WHY they don’t allow multiple roll-backs, keep in mind it is less about the actual duplication of your items ONE time as it is about the potential for hackers AND players to abuse a system that allows for multiple roll-backs duplicating items MANY times. Such a system WOULD get abused and besides the potential damage to the in-game economy, the Support cost increases would be something that could potentially effect continued economic feasibility of the game remaining on line.

I get you are POed and frustrated by loosing all your stuff, but it’s obvious to me (and I’m not being mean or callous about this), you did NOT properly take precautions to secure you accounts / systems / email before you asked for your FIRST roll-back. Anet could certainly do more to stress this point and make additional suggestions to compromised account customers, but ultimately, that part of the equation is YOUR responsibility, not theirs.

Has to be limited account rollback when you really think about it. Just imagine the hackers pooling mucho resources on an account and taking it over again and again and trashing it and asking Anet to kindly fill the piggy bank back up for them. The game would be pointless for everybody in very quick time.

@Brother Grimm

I will try and answer your questions as mush as possible. I believe that the first time I got hacked was through my normal e-mail account via some software I downloaded, incidentally via digital deluxe, Luxembourg – I unfortunately had ‘saved’ my CC details, so not only was I hacked, I ‘lost’ £425 via digital deluxe, hacker buying GW2 gems/accounts – This money I managed to get back from Barclays Bank ………. eventually.

I downloaded a reputable anti-keylogger and also scanned my PC. I then created an account that I use ONLY for GW2 and a pretty secure password.

Each time since then, the hacker has I believe ‘fooled’ Anet by using my old e-mail address to get a new one and thus a new password. Each time, my account has been stripped – easy to tell straight away as I always get the Gold Hoarder achievement title (I never have more than 20g in gold in the wallet).

These hacks have occurred every month since May 2014 (4 in total), the latest being last Saturday whilst I was at a family wedding, so did not notice until Sunday.

When you are hacked for the first time, they also steal your game registration code and delete the Anet e-mail – If you have bought the game online. So it is very hard to prove that it is your account as you no longer have the codes. As some have already said, the 2nd security measure is also ‘hackable’, the mobile authenticator – though tbh, I have not used this on my account.

I asked the GM’s about ‘how I was hacked’ this last time and suggested that it was them that was at fault (e-mail address change request)- They said that they could not tell me how it was done.

In all of my earlier dealings (hacks), I have been dealt with promptly and to my satisfaction, with x3 roll-backs etc. Even a ‘well known’ senior Anet figure dealt with some of the issues with me.

Now, Brother Grimm, I think I know you as we used to be in the same guild (if your name is the same as in GW1 – ask Shan) and I know you are a nice person, but frankly, about this issue, you have no idea about how these things happen and on the scale and frequency that this is happening – just look at all of the posts and not just recent ones.

This is a very serious issue not only for current players but any future ones. At the rate this is going on, there wont be any ‘original’ players left as there is no way I am going to start again and ‘make up’ two years of hard work with the insecurity of future possible multiple account hackings – its like trying to make a house out of nothing but sand.

So, if I dont get satisfaction, then I wish you all well and maybe I’ll see you in another game.

Dana Hawkeye.9724:

@Brother Grimm

I will try and answer your questions as mush as possible. I believe that the first time I got hacked was through my normal e-mail account via some software I downloaded, incidentally via digital deluxe, Luxembourg – I unfortunately had ‘saved’ my CC details, so not only was I hacked, I ‘lost’ £425 via digital deluxe, hacker buying GW2 gems/accounts – This money I managed to get back from Barclays Bank ………. eventually.

I downloaded a reputable anti-keylogger and also scanned my PC. I then created an account that I use ONLY for GW2 and a pretty secure password.

Each time since then, the hacker has I believe ‘fooled’ Anet by using my old e-mail address to get a new one and thus a new password. Each time, my account has been stripped – easy to tell straight away as I always get the Gold Hoarder achievement title (I never have more than 20g in gold in the wallet).

These hacks have occurred every month since May 2014 (4 in total), the latest being last Saturday whilst I was at a family wedding, so did not notice until Sunday.

When you are hacked for the first time, they also steal your game registration code and delete the Anet e-mail – If you have bought the game online. So it is very hard to prove that it is your account as you no longer have the codes. As some have already said, the 2nd security measure is also ‘hackable’, the mobile authenticator – though tbh, I have not used this on my account.

I asked the GM’s about ‘how I was hacked’ this last time and suggested that it was them that was at fault (e-mail address change request)- They said that they could not tell me how it was done.

In all of my earlier dealings (hacks), I have been dealt with promptly and to my satisfaction, with x3 roll-backs etc. Even a ‘well known’ senior Anet figure dealt with some of the issues with me.

Now, Brother Grimm, I think I know you as we used to be in the same guild (if your name is the same as in GW1 – ask Shan) and I know you are a nice person, but frankly, about this issue, you have no idea about how these things happen and on the scale and frequency that this is happening – just look at all of the posts and not just recent ones.

This is a very serious issue not only for current players but any future ones. At the rate this is going on, there wont be any ‘original’ players left as there is no way I am going to start again and ‘make up’ two years of hard work with the insecurity of future possible multiple account hackings – its like trying to make a house out of nothing but sand.

So, if I dont get satisfaction, then I wish you all well and maybe I’ll see you in another game.

Ok, so in your situation technically this hacker of yours has more information about your own account than you do i guess? presumably before deleting your email with the cd key he could have written it down together with your character names etc , that is quite a lot of info he can provide to try and convince them hes the account owner. How exactly is anet supposed to deal with this?
Also i think we all understand people that get hacked dont feel secure, but anet has to draw the line somewhere. they simply cannot give you infinite rollbacks, as some people already mentioned the system would get abused, and that damages economy.
However i think there could be some things done from anets side to try and reduce the number of such incidents, the 72 hour thing sounds like it could be a start.

To all the people there really wanting to protect their account:
Never ever use your guild wars log in email and password combo for anything else, any gw2 related sites and forums or any other websites are always vulnerable to have this information stolen and then of course hackers will use it to try and get into your account. also dont use your email password to be your guildwars password, these are always the first things they will try.

Dana Hawkeye.9724:

@Brother Grimm

I will try and answer your questions as mush as possible. I believe that the first time I got hacked was through my normal e-mail account via some software I downloaded, incidentally via digital deluxe, Luxembourg – I unfortunately had ‘saved’ my CC details, so not only was I hacked, I ‘lost’ £425 via digital deluxe, hacker buying GW2 gems/accounts – This money I managed to get back from Barclays Bank ………. eventually.

I downloaded a reputable anti-keylogger and also scanned my PC. I then created an account that I use ONLY for GW2 and a pretty secure password.

Each time since then, the hacker has I believe ‘fooled’ Anet by using my old e-mail address to get a new one and thus a new password. Each time, my account has been stripped – easy to tell straight away as I always get the Gold Hoarder achievement title (I never have more than 20g in gold in the wallet).

These hacks have occurred every month since May 2014 (4 in total), the latest being last Saturday whilst I was at a family wedding, so did not notice until Sunday.

When you are hacked for the first time, they also steal your game registration code and delete the Anet e-mail – If you have bought the game online. So it is very hard to prove that it is your account as you no longer have the codes. As some have already said, the 2nd security measure is also ‘hackable’, the mobile authenticator – though tbh, I have not used this on my account.

I asked the GM’s about ‘how I was hacked’ this last time and suggested that it was them that was at fault (e-mail address change request)- They said that they could not tell me how it was done.

In all of my earlier dealings (hacks), I have been dealt with promptly and to my satisfaction, with x3 roll-backs etc. Even a ‘well known’ senior Anet figure dealt with some of the issues with me.
.

This story is similar to mine. I believe when I was first hacked that I was at fault, my e-mail account was hacked and the hacker changed it from there. I’ve went and took the necessary steps of having a unique passwords for all my e-mail and gaming accounts while also attaching an authenticator. I found the e-mail the hacker used to send to anet within my sent folder. Then a little over a week later I was hacked yet again, and that time I’ve made a new e-mail for just GW2 and added a anti-keylogger on to my system. I didn’t find an e-mail like the first time I was hacked. For both compromises the support was okay and provided an account rollback. Then this last time I was hacked I didn’t notice any account breach in my e-mail accounts. like the second one, and only thing there was, was an e-mail from anet saying my e-mail account was changed.

After reading through this thread and the experiences others had, I’ve come to the conclusion that the hackers saved my GW2 key and any other necessary information they would’ve need to change my e-mail account from a different e-mail. Now I am still waiting on a customer support response to my last e-mail in order to ask them more about this.

And after reading this response in how you got 3 rollbacks before they declined you, and I’ve received 2 rollbacks before they declined me, it makes me wonder what if someone else had dealt with our tickets. Would we be declined again or will they approve the account restoration? Is it based off luck or the mood the support staff is in?

I could go on about this but I am going to stay patient and calm and see where this goes with the ticket I have opened. Hopefully I can talk to a representative who can hear me out and give me answers to the questions that I have.

I would like to add a few things that people should consider about computer security in general:

Don’t access email and/or accounts with public computers. This should be common sense, but still worth repeating to people who don’t realize it; public computers should never be considered secure, you have no idea who has been doing what on them before you got on. What little security and/or filters public computers have are usually inadequate, out of date, or easily circumvented.

Don’t access email and/or accounts through public wifi. While the wifi itself may be secure, a popular method of stealing information is for hackers to set up a public wifi near establishments that provide free wifi; if you connect to their network, they’ll be able to log everything you do online and you won’t even realize it’s happening.

A smartphone is a terrible security device. Seriously, raise your hand if you’ve installed malware protection on your smartphone. Most, if not all, phones do not come with that. How about turning off automatic wifi connections, Bluetooth, and NFC? By default smartphones are like overly curious cats when it comes to random connections and hackers love to exploit that to gain access to data in the phone.

Ytlayol.5864:

After reading through this thread and the experiences others had, I’ve come to the conclusion that the hackers saved my GW2 key and any other necessary information they would’ve need to change my e-mail account from a different e-mail. Now I am still waiting on a customer support response to my last e-mail in order to ask them more about this.

You know, I wonder if it’s possible to request an entirely new GW2 key and to have all of your characters’ names scrambled; if they can’t give you a new key then you may very well be up a creek without a paddle.