Guild Wars 2

I was playing Edge of the mists just 10 minutes ago. (this is AFTER the server changes) Suddenly my game crashed to desktop and asked me for an error report. THEN I tried to log back in and it said my password was WRONG! I knew for a fact that it was the right password but I quickly went to the website here and changed my password to something different. I was able to log in after that.

Was someone trying to hack my account? I have a strange password as well as the google authenticator attached to my account. NOBODY should be able to get into my account without my receiving a notification about it and granting permission.

Now I get onto the forums and I read all of these threads about hacked accounts and security leaks. I would like an official response on what this was. Also for information on what else I could do to further protect my account. I assumed that the current security restrictions would be more than enough. (the authenticator + password)

I’m also reading about account rollbacks and it only being possible once. Do I have to worry about this now? I’ve spent well over $700 on this game since day one and I’ll be kitten ed if some hacker gets through my already adequate security and ruins everything i’ve worked and paid for.

I await your response
-Nightingaile

It sounds like you were hacked or at least there was an attempt made. Lucky for you it sounds like you changed your password in time before any damage was done.

For your own safety though, check your e-mail that is attached to your account. See if there is a log in attempt. Check your deleted messages folder to see if there is a log in attempt in there. If nothing, also see if you have an option to recover deleted messages and see if there is an attempted log in as well. Hopefully all this proves to be clean. If not, you need to change that password immediately.

Anet’s official response is they are backlogged to due all these hacked and rollback requests coming in. If your lost your items and gold, expect it to take at minimum a week to get things back. They are claiming the the breach isn’t on their side but the user’s fault as 99% of the time the e-mail was compromised.

While it’s probably true the person’s email was compromised, what they fail to realize is that in some (if not many) cases, the hackers are getting people’s e-mails off of Anet’s site. These e-mails could have been obtained during their last security breach (back in 2012). There are also many people whom have taken all the suggested security measures by Anet and still got hacked.

The next issue is the one account rollback. If you did not roll your account back before, you are guaranteed to be safe (as long as everything checks out on your account). There are instances (I know of at least 1, where multiple roll backs have been granted) but don’t rely on it.

The bigger issue I see is with people like yourself who’ve spent loads of money on the game. It doesn’t make sense business wise to alienate players like you from the game whom have spent lots of money. Driving people away from the game who spend money is not entirely smart. It also doesn’t give confidence to people whom are willing to spend money to actually do so if there is a chance they lose their stuff. I myself lost gems, so why would I ever buy them again?

DeadlySynz.3471:

It sounds like you were hacked or at least there was an attempt made. Lucky for you it sounds like you changed your password in time before any damage was done.

For your own safety though, check your e-mail that is attached to your account. See if there is a log in attempt. Check your deleted messages folder to see if there is a log in attempt in there. If nothing, also see if you have an option to recover deleted messages and see if there is an attempted log in as well. Hopefully all this proves to be clean. If not, you need to change that password immediately.

Anet’s official response is they are backlogged to due all these hacked and rollback requests coming in. If your lost your items and gold, expect it to take at minimum a week to get things back. They are claiming the the breach isn’t on their side but the user’s fault as 99% of the time the e-mail was compromised.

While it’s probably true the person’s email was compromised, what they fail to realize is that in some (if not many) cases, the hackers are getting people’s e-mails off of Anet’s site. These e-mails could have been obtained during their last security breach (back in 2012). There are also many people whom have taken all the suggested security measures by Anet and still got hacked.

The next issue is the one account rollback. If you did not roll your account back before, you are guaranteed to be safe (as long as everything checks out on your account). There are instances (I know of at least 1, where multiple roll backs have been granted) but don’t rely on it.

The bigger issue I see is with people like yourself who’ve spent loads of money on the game. It doesn’t make sense business wise to alienate players like you from the game whom have spent lots of money. Driving people away from the game who spend money is not entirely smart. It also doesn’t give confidence to people whom are willing to spend money to actually do so if there is a chance they lose their stuff. I myself lost gems, so why would I ever buy them again?

Thank you very much for your response!

I checked my email and different boxes to look for attempt-emails. There were none and I didnt see any recovery options. For good measure I changed my email password as well. I know that the authenticator system works because I’ve had attempts from China before and theyve been succesfully blocked (good job letting them get my password by the way anet.) What concerned me here is that there was no message at all about attempts. I even checked through my account on the website here and there havent been any logins from anywhere else besides my home internet.

I havent had a virus on this computer in…. nearly EVER. But to be safe I’m currently running an Avast scan to look for potential keyloggers anyway. I dont believe Ive ever had my account rolled back before. The only change theyve ever made to my account is to refund some gems and move my account back to my original server after I accidentally switched and I dont believe that was a rollback as nothing had been lost/changed besides what I listed here.

As you said, this is a huge concern for people like me who have invested a ton of time and money into the game. I just finished my 2nd legendary a month ago and im finishing up my 10th 80. That stuff plus the $700 makes this a very big problem.

For anyone from anet reading this: I CANNOT stress enough… what a dangerous thing you folks have going on here. As I’m sure NCSOFT would be quick to remind you guys, you are a business foremost over everything else. I’ve been an excellent customer to you guys and I love your game, but it really feels like you arent taking these hacking attempts seriously. I say this because of the /one time rollbacks/ and the finger of blame being pointed at US for being hacked. I know that there are tons of people playing this game and it’s a TON of work to take care of all of us. But at the risk of sounding like some spoiled kid, you need to take care of us. We’re customers and we deserve not only assurance that our time and money werent wasted, but assurance that if things go wrong, we can rely on YOU to help us. And i mean always, not just once.

You’ve helped me out with problems before and I really appreciate the work you do. But it’s important that your customers feel safe and cared for. These account hacks really make us feel uneasy. A good first step to help would be to rescind your strict rollback policy. The fact that we could be abandoned if youve already helped us once is such a horrible thought, that it makes me want to run for the hills and never play this game again. Empathy is key here, just want to remind everyone of that = /

Their reason behind their 1 rollback policy is due to the over inflation of the economy (which I can understand). There is a very easy way to combat this though, hard gold sinks. Ones that will have little effect to 98% of the players, and only to the gold sellers or those whom buy the gold seller’s gold

One other concern I thought of is, how safe is our credit card info on Anet’s servers (if it’s there) if we’ve purchased gems? Looking at old threads I see that Anet does in fact store credit card information (not sure if this is still the case). How exactly safe is it really? If hackers can obtain our e-mails off their server, whats to say they can’t get a hold of our credit card info. Best be safe to watch that too.

DeadlySynz.3471:

Their reason behind their 1 rollback policy is due to the over inflation of the economy (which I can understand). There is a very easy way to combat this though, hard gold sinks. Ones that will have little effect to 98% of the players, and only to the gold sellers or those whom buy the gold seller’s gold

One other concern I thought of is, how safe is our credit card info on Anet’s servers (if it’s there) if we’ve purchased gems? Looking at old threads I see that Anet does in fact store credit card information (not sure if this is still the case). How exactly safe is it really? If hackers can obtain our e-mails off their server, whats to say they can’t get a hold of our credit card info. Best be safe to watch that too.

Do they only save it if you click on the option to save your card? I have that option unchecked to avoid the monthly limit or w/e. Mine has been like that since before December or so.

Edit: Also: Having an unstable in-game economy is one way to drive players away… but having an unstable security system seems like a worse way. I dont personally understand how the economy effects the rollbacking (not that it doesnt, just havent given it much thought before) but it seems like the 1 rollback limit is the bigger worry here… to me at least >.<.

Thanks for your post

Also if you want to explain the rollback/economy thing I’d love to read it. Curious now.
Thanks ^-^

DeadlySynz.3471:

Their reason behind their 1 rollback policy is due to the over inflation of the economy (which I can understand). There is a very easy way to combat this though, hard gold sinks. Ones that will have little effect to 98% of the players, and only to the gold sellers or those whom buy the gold seller’s gold

One other concern I thought of is, how safe is our credit card info on Anet’s servers (if it’s there) if we’ve purchased gems? Looking at old threads I see that Anet does in fact store credit card information (not sure if this is still the case). How exactly safe is it really? If hackers can obtain our e-mails off their server, whats to say they can’t get a hold of our credit card info. Best be safe to watch that too.

As to whether are not ANet has a security breach as you are alleging, this is what she has to say:

Gaile Gray
ArenaNet Support Liaison
“I want to point out, once again, that a compromise of our system would result in tens of thousands of hacked accounts and thousands of forum threads, not the handful that you see. Again, we’re taking longer (too long, we confess it!) to address compromised accounts. The delay sometimes drives people to the forums, meaning that we see a few threads that in a normal day would not be visible. But we are not seeing dozens, hundreds, or thousands — and that assuredly would be happening with a security issue within our system.”

Astral Projections.7320:

DeadlySynz.3471:

Their reason behind their 1 rollback policy is due to the over inflation of the economy (which I can understand). There is a very easy way to combat this though, hard gold sinks. Ones that will have little effect to 98% of the players, and only to the gold sellers or those whom buy the gold seller’s gold

One other concern I thought of is, how safe is our credit card info on Anet’s servers (if it’s there) if we’ve purchased gems? Looking at old threads I see that Anet does in fact store credit card information (not sure if this is still the case). How exactly safe is it really? If hackers can obtain our e-mails off their server, whats to say they can’t get a hold of our credit card info. Best be safe to watch that too.

As to whether are not ANet has a security breach as you are alleging, this is what she has to say:

Gaile Gray
ArenaNet Support Liaison
“I want to point out, once again, that a compromise of our system would result in tens of thousands of hacked accounts and thousands of forum threads, not the handful that you see. Again, we’re taking longer (too long, we confess it!) to address compromised accounts. The delay sometimes drives people to the forums, meaning that we see a few threads that in a normal day would not be visible. But we are not seeing dozens, hundreds, or thousands — and that assuredly would be happening with a security issue within our system.”

Thanks for the quote Astral. I guess that’s slightly reassuring = /… slightly…

DeadlySynz.3471:

It sounds like you were hacked or at least there was an attempt made. Lucky for you it sounds like you changed your password in time before any damage was done.

For your own safety though, check your e-mail that is attached to your account. See if there is a log in attempt. Check your deleted messages folder to see if there is a log in attempt in there. If nothing, also see if you have an option to recover deleted messages and see if there is an attempted log in as well. Hopefully all this proves to be clean. If not, you need to change that password immediately.

Anet’s official response is they are backlogged to due all these hacked and rollback requests coming in. If your lost your items and gold, expect it to take at minimum a week to get things back. They are claiming the the breach isn’t on their side but the user’s fault as 99% of the time the e-mail was compromised.

While it’s probably true the person’s email was compromised, what they fail to realize is that in some (if not many) cases, the hackers are getting people’s e-mails off of Anet’s site. These e-mails could have been obtained during their last security breach (back in 2012). There are also many people whom have taken all the suggested security measures by Anet and still got hacked.

The next issue is the one account rollback. If you did not roll your account back before, you are guaranteed to be safe (as long as everything checks out on your account). There are instances (I know of at least 1, where multiple roll backs have been granted) but don’t rely on it.

The bigger issue I see is with people like yourself who’ve spent loads of money on the game. It doesn’t make sense business wise to alienate players like you from the game whom have spent lots of money. Driving people away from the game who spend money is not entirely smart. It also doesn’t give confidence to people whom are willing to spend money to actually do so if there is a chance they lose their stuff. I myself lost gems, so why would I ever buy them again?

There was no security breach back in 2012. Exactly how do you know ‘hackers’ are getting information off of any ArenaNet site? What proof have you of these allegations? I keep seeing you spout this in all the threads, but it is the first I have heard of it. You should really stop spreading these rumors, and trying to frighten the playerbase.

As to the OP, it could just as well have been a glitch in the program after your crash. Your password not responding is not always an indication that someone tried to compromise your account, as there have been threads about the password resetting with no ‘hack’ attempt whatsoever.

I’m not sure how many, if any, threads I’ve seen about accounts that had a Mobile Authenticator (that the account-owner personally) enabled that were compromised. Usually, it was placed on the account by the ‘hacker’.

As for the ART, the policy is and has always been…one restoration per account, usually, but that each case/time is decided individually, and circumstances may influence Customer Support’s decision.

Inculpatus cedo.9234:

DeadlySynz.3471:

It sounds like you were hacked or at least there was an attempt made. Lucky for you it sounds like you changed your password in time before any damage was done.

For your own safety though, check your e-mail that is attached to your account. See if there is a log in attempt. Check your deleted messages folder to see if there is a log in attempt in there. If nothing, also see if you have an option to recover deleted messages and see if there is an attempted log in as well. Hopefully all this proves to be clean. If not, you need to change that password immediately.

Anet’s official response is they are backlogged to due all these hacked and rollback requests coming in. If your lost your items and gold, expect it to take at minimum a week to get things back. They are claiming the the breach isn’t on their side but the user’s fault as 99% of the time the e-mail was compromised.

While it’s probably true the person’s email was compromised, what they fail to realize is that in some (if not many) cases, the hackers are getting people’s e-mails off of Anet’s site. These e-mails could have been obtained during their last security breach (back in 2012). There are also many people whom have taken all the suggested security measures by Anet and still got hacked.

The next issue is the one account rollback. If you did not roll your account back before, you are guaranteed to be safe (as long as everything checks out on your account). There are instances (I know of at least 1, where multiple roll backs have been granted) but don’t rely on it.

The bigger issue I see is with people like yourself who’ve spent loads of money on the game. It doesn’t make sense business wise to alienate players like you from the game whom have spent lots of money. Driving people away from the game who spend money is not entirely smart. It also doesn’t give confidence to people whom are willing to spend money to actually do so if there is a chance they lose their stuff. I myself lost gems, so why would I ever buy them again?

There was no security breach back in 2012. Exactly how do you know ‘hackers’ are getting information off of any ArenaNet site? What proof have you of these allegations? I keep seeing you spout this in all the threads, but it is the first I have heard of it. You should really stop spreading these rumors, and trying to frighten the playerbase.

As to the OP, it could just as well have been a glitch in the program after your crash. Your password not responding is not always an indication that someone tried to compromise your account, as there have been threads about the password resetting with no ‘hack’ attempt whatsoever.

I’m not sure how many, if any, threads I’ve seen about accounts that had a Mobile Authenticator (that the account-owner personally) enabled that were compromised. Usually, it was placed on the account by the ‘hacker’.

As for the ART, the policy is and has always been…one restoration per account, usually, but that each case/time is decided individually, and circumstances may influence Customer Support’s decision.

Thanks for your post. I’m still paranoid (understandably i think) but its very good to know that situations like this have happened with no actual hacking attempt.

It’s especially nice after two virus scans (both for keylogger software) and checking both of my email accounts for activity AND checking my gw2 account for activity AND changing my passwords and still finding nothing. All of this plus the authenticator….. if they can get through all that stuff… just wow.

You know, you could have just made a typo when putting in your password. You didn’t say that you tried it more than once before changing it. A typo would give you that warning and considering that you haven’t seen any indications of a hack, it’s a distinct possibility.

Gaile Gray
ArenaNet Poster
Snip
A large number of the tickets that we receive reveal that folks typo a lot. They may think they are typing the password on the account, but they’re off by a letter or number, or they forgot that they used a capital letter instead of lowercase.

Astral Projections.7320:

You know, you could have just made a typo when putting in your password. You didn’t say that you tried it more than once before changing it. A typo would give you that warning and considering that you haven’t seen any indications of a hack, it’s a distinct possibility.

Gaile Gray
ArenaNet Poster
Snip
A large number of the tickets that we receive reveal that folks typo a lot. They may think they are typing the password on the account, but they’re off by a letter or number, or they forgot that they used a capital letter instead of lowercase.

I tried it three times and once at the website itself. Had to reset through my email. and I know it was right because I have the exact password written down on a pad including upper/lowercase. And I live in a community of old people… noone’s gonna steal it lol.

Thanks for the suggestion though :o

Nightingale.9714:

-snip-

For anyone from anet reading this: I CANNOT stress enough… what a dangerous thing you folks have going on here. As I’m sure NCSOFT would be quick to remind you guys, you are a business foremost over everything else. I’ve been an excellent customer to you guys and I love your game, but it really feels like you arent taking these hacking attempts seriously. I say this because of the /one time rollbacks/ and the finger of blame being pointed at US for being hacked. I know that there are tons of people playing this game and it’s a TON of work to take care of all of us. But at the risk of sounding like some spoiled kid, you need to take care of us. We’re customers and we deserve not only assurance that our time and money werent wasted, but assurance that if things go wrong, we can rely on YOU to help us. And i mean always, not just once.

You’ve helped me out with problems before and I really appreciate the work you do. But it’s important that your customers feel safe and cared for. These account hacks really make us feel uneasy. A good first step to help would be to rescind your strict rollback policy. The fact that we could be abandoned if youve already helped us once is such a horrible thought, that it makes me want to run for the hills and never play this game again. Empathy is key here, just want to remind everyone of that = /

This is very well said.

I feel by myself very stressed out because of all of these hackings. I have used 6000 euros to gem cards and PaySafeCards in this game. I have a total of 40 characters that are level 80’s, as well as a nameless number of lower level characters. I have several accounts in this game and I have used most of the money to my main account. ( In fact, I do not dare to log in even to this forum with my main account information, because I am afraid that these pages are not safe either. ) Part of these gem cards I haven’t use yet, but I do not intend to invest any cent on this game anymore until its safety is guaranteed and until I can be sure that I do not loose all those invested time and money on this game. I have so many accounts in this game, because it was cheaper to buy whole new game in Guild Wars 1 than buy one character slot.

My friends account was hacked some time ago and that way he was forced to use the ArenaNet’s offered only one time roll back. Since then I have been in quite a panic with this situation. I might log into the game during the day just look at the guild information, that any of our accounts have not loged out from the game. In this way I found my friend account hacking last time. When I saw what have happened I informed him immediately that his account was log-out at that time when he could not be at the computer. And what he only got from these forums was mocking, facepalms and harrasing by some specific ppl who usually answers in the forum.

ArenaNet can not understand how they cause their customers to panic and stress, as well they don’t understand how they cause psychological violence same time by saying that it is always their customer’s fault if they got hacked. I did like this game very much, but now I have started to looking for new game, which I could invest my time, my money and feel secure same time.

Astral mentioned in one of the her responses in this Forum, that Gail Gray have told that they are going to ban 1000 accounts that have been hacked. I think, this is just the tip of the iceberg, and the actual amount of hacked accounts will never be known. Some have already used the roll back feature, so they are just giving up and suffer their loss.

I do not have a smart phone, I have only old Nokia’s banana phone. If ArenaNet thinks that I’m going to buy a smartphone just because of one game, it is totally wrong. I think ArenaNet should take this situation very seriously, or ArenaNet will soon realize that they don’t have many customers who are using money to their game. They should develop a safety feature in this game that it does not require customers to purchase new gadgets, but to secure their accounts by other means, such as a PIN code or otherwise.

I do change the passwords for my e-mails every week. Apparently, I need to start to change my password every week to this game too, not only monthly like I now do, until I find a safer game. My accounts have not been hacked so far, but the danger for it is growing every day, I can feel it. Maybe Anet does not care, they have already have those money what we have spent in here. They have got those money what I have used in those gem cards too.

If you use a proxy email address to associate with GW2 account (and use that address for ONLY GW2 account), your odds of being hacked goes down DRASTICLY as now the hacker has to find your proxy email address as well as hack the password. Note that a proxy name you set up is better than a separate account because if the account is known or hacked, the hacker has to figure out which proxy address is used for GW2 and send the request from THAT proxy in order to get Support to act on the request. Granted, that’s not difficult to do, but most hackers would not consider needing to do this.

In my opinion, the most EFFECTIVE way for Anet to correct the issue of email accounts being compromised leading to GW2 accounts being compromised is quite simple (but may require some extra Suport effort up front):

ANY email based support request should be opened as a ticket and the submitter should be pointed to the open request page to answer the already existing security info before ANY account actions will be taken.

I get this is an inconvenience for players and adds another step in the support process (as long as the request is coming from email….if from the website, it is the same process) but if all the email compromised account hacks of GW2 accounts nearly stop, how much Support time will that save Anet? I’m guessing TONS, but I’m just guessing. I also understand the argument that Anet is not responsible for any players personal email account. That is 100% true and I 100% agree with the statement. However, if Anet can alter their policy to PREVENT accounts from being compromised, shouldn’t they at LEAST consider a policy change? My 2 cents on the subject.