Guild Wars 2

Someone from Hefei tried to log into my account, I dont know how they got my password or email… but they did and the log in was denied, I was sent an email with the information telling me so.

Now when I go to account management and try to change my password, everything I try says: Unavailable password. You or someone else has used it before, or it’s on a known list of passwords stolen from other games or websites. Please use a new, unique password for your Guild Wars 2 account. We recommend a new one made with four random, unrelated words, as shown in this comic strip.

No matter what I type.. that comes up… So I’m not sure If the email was fake, It was In my Inbox (not spam) and addressed by ArenaNet(Noreply@Guildwars2.com)

Is this a problem or should I try changing later?

When you try changing your password, are you in the guildwars2.com web site? And not guildwars2.abc.xyz?

If you are using common passwords (many people do), you are going to get that message. I suggest coming up with a few different passwords you want to use, combining them, and adding a few numbers or symbols. I suspect you are using passwords on the blocked list.

Also, if your email password is the same or similar to your GW2 password, you should change your email password, preferably to something longer and more random.

Most likely your login credentials are the same as the credentials you use on a different site, but just in case I suggest running an antivirus scan on your PC.

yes I’m in the guild wars 2 official site, searched on google, Email password is somethign sompletely different so no worries there, and thanks Ill think of another longer password

I had this happen today too. Thing is, I bought this game a few months ago, logged in once and never played it again because I didn’t like it. Seeing as I have never logged into the game since and never used those login credentials elsewhere, I have to assume there is a security leak somewhere.

I highly doubt there is a security leak, if there was there would be hundreds of thousands of people with this issue.

So either you have a keylogger on your computer or you used the same credentials on another site that has been hacked. Either way, I’m 99.999999999999999% sure it’s your end.

Veeber.3192:

I highly doubt there is a security leak, if there was there would be hundreds of thousands of people with this issue.

So either you have a keylogger on your computer or you used the same credentials on another site that has been hacked. Either way, I’m 99.999999999999999% sure it’s your end.

Lets put this to rest once and for all. Almost guaranteed it was not a keylogger. Keyloggers are VERY few and far between. The keyloggers that have been found where used to collect banking data and where designed for that purpose. To date, there has been NO recorded instances of a keylogger being distributed to steal GW2 passwords by any anti-virus vendor. Keyloggers are always the first response from people who know nothing about computer security and only repeat what they have heard on the internet, which is usually wrong. Using the same logon and password on another site is a possibility, but that does NOT explain the many players who created dedicated GW2 email accounts, used strong passwords, never used the combination anywhere else, and still had their account accessed. The thieves are using another method, and it does NOT involve the use of keyloggers or passwords reused from other sites.

ShiningSquirrel.3751:

Veeber.3192:

I highly doubt there is a security leak, if there was there would be hundreds of thousands of people with this issue.

So either you have a keylogger on your computer or you used the same credentials on another site that has been hacked. Either way, I’m 99.999999999999999% sure it’s your end.

Lets put this to rest once and for all. Almost guaranteed it was not a keylogger. Keyloggers are VERY few and far between. The keyloggers that have been found where used to collect banking data and where designed for that purpose. To date, there has been NO recorded instances of a keylogger being distributed to steal GW2 passwords by any anti-virus vendor. Keyloggers are always the first response from people who know nothing about computer security and only repeat what they have heard on the internet, which is usually wrong. Using the same logon and password on another site is a possibility, but that does NOT explain the many players who created dedicated GW2 email accounts, used strong passwords, never used the combination anywhere else, and still had their account accessed. The thieves are using another method, and it does NOT involve the use of keyloggers or passwords reused from other sites.

Exactly. I know for a fact that it’s not a keylogger because:

1. I ran an anti-virus and found nothing, and no other online account has been compromised.
2. Despite using this e-mail/password combination on other websites, including websites with access to my credit info, no other account has been compromised (though I have now changed all those passwords, and none of those passwords match the one on my other accounts)

This leads me to think there is a massive security leak.

ya the same thing has happened to me twice already some Chinese A hole has been trying to access my account as well. Too bad for him my yahoo password is 50+characters long, every time I saw that message I kept deleting it just in case they figured it out.

Seriously though this needs to be fixed ASAP, even though I don’t play GW2 anymore, I don’t want to lose my level 60 rogue, If this gets repetitively more aggressive I will delete my account, or character whichever one I can do.

Its much simpler than the other replies have mentioned. Someone tried to log into your account through some means (usually phishing). You went to the official website (good choice) rather than a link, and tried to make a password.

Here is where you ran into the problem you mentioned. The reason is that hackers/rmt/phishing websites have found thousands of passwords from old accounts in GW and other mmo’s that people use on more than one account. So if they can link an email with an old password they get to log in. To avoid this and protect your account Arenanet instituted a Password block feature that makes it so those passwords can never be used again. Also they added the removal of silly passwords like: Password, password1, etc etc. It can at times be troublesome but is for your protection. Simply use a non generic, difficult password that you have never used on any other account and you should be fine. if you have need for further assistance email support and they can help you.

Ok this happened to me and I am PANICKING I DONT WANT NNO ONE HACKING ME! someone please tell me something reassuring cause im FREAKING out!

edit: I changed credentials BUT STILL SO NERVOUS!

Few months ago some chinese from hefei tried to log in to my account too. Bud i had no problem to change my password to something realy long in my mother lanquage. I doubt this amateur even knows how to write in it :-D

Legend Sully.1568:

Ok this happened to me and I am PANICKING I DONT WANT NNO ONE HACKING ME! someone please tell me something reassuring cause im FREAKING out!

edit: I changed credentials BUT STILL SO NERVOUS!

Do you have IP authentication or the mobile authentication turned on? If not, do so and quit freaking out.

Passwords can be force guessed quite easily these days and if your email address / user has been used on other websites, that’s 50% of a hackers job done. Keep in mind that a modern website’s DB is going to encrypt passwords (and more recently CC #s on file) with a private key would take THOUNSANDS of years to hack. However, your user name, email address and lots of other info is more likely stored in string fields that are easily gathered and sold to hackers. Also, that password you used on that QUAKE 2 message board in the early 90s WAS likely stored in plain text beside that same gamer handle you have been using for 20 years.

If your password is 8 characters, it takes a modern PC system less than 24 hours to guess it (that includes upper, lower, numbers and symbols). A 10 character password takes between 5 and 6 years. A 12 character one can take hundreds of years.

Don’t use 8 character or less passwords….EVAR!

Check it out if you don’t believe me: https://howsecureismypassword.net/

Also, another bit that can help :
https://xkcd.com/936/

This happened to my just today. I haven’t been playing for months and I received this email:

A log-in attempt from the following location is currently awaiting your authorization.

Address: 183.167.157.70
City: Hefei
Region: 01
Country: CN

This location is approximated based on information provided by your Internet Service Provider. If in doubt, deny the request and try again.

Once upon a time I didn’t use strong passwords and I re-used them. Thankfully I saw the light one day and now use KeePass to maintain and store a database of randomly-generated random-string passwords. For sites where I often have to type the password in by hand on my phone or otherwise (when installing a new Android custom ROM you have to input information by hand, so using a totally random password becomes very tedious) I basically do what XKCD suggests – using a short sentence, although I tend to interject some 1337 anyway.

I am thankful for this because a bit after I switched over all the “important” accounts that I use on a regular basis a random small forum I had gone to a long time ago had been hacked and the information taken. I did not know this, and even if I had still been active on that forum there would not have been any signs that it had happened – the people hacking into it didn’t give a crap about our forum accounts – they wanted to see if those passwords could lead to actual profit elsewhere.

Anyway, I found out because one day I went to Twitter – an account I forgot to change over (I only signed up for it a long time ago to get NWS hurricane alerts and updates texted to my phone) and found it had been accessed by someone not me and used to spam my 0 followers with diet pill ads. Only because of that I ended up finding out what happened.

Re-using passwords is a real problem with many examples of how it can screw up anything from your day to potentially your life. I urge anyone still using those kind of passwords to check out something like KeePass or a similar solution (I use it because I can use it on Android too).

Here’s an example of a randomly generated password : r6JBDzOt4S8Z20lcvmvKJN2UxYWqGXnQMNsn13ssE4goW (not an actual password I use, generated it right now for this example)

Ain’t nobody gonna guess that without somehow brute-forcing it. If all your passwords are that long and random strings they can’t use those passwords to get into any accounts. And, honestly, if they DID get their hands on one (like compromising a small forum) they’d probably not even bother to try because you’ve removed yourself from the pool of “possible easy targets”.

I know old thread is old, but since people are still having this problem…