Friend keeps getting hacked
Hi YoniSL,
I can’t help you with this issue and support needs to help your friend with this. I am worried however bout your friend. Getting hacked means he either has a very bad choice of passwords, or his own computers secrutiy is breached. I suspect he has a keylogger.
I would urgently advise him to do a good security check. If nothing is found he should reinstall the entire computer. Such a hacker does not only have access to your friends gw2 account, but to ALL things he does on his pc. This includes creditcard info, bank info, emailaccount, etc.
Arise, opressed of Tyria!
Thanks, will tell him that.
Also why was I logged in from texas as well as another friend of my?. I suddenly popped up in my ip list. And it’s the ip from ncsoft. Perhaps a bug?
Nope, not really a bug, more glitch. When you login to the forum here, the forum checks your log-in details with the log-in server. Result is that it shows that you logged in from Texas (where the forum server is).
Arise, opressed of Tyria!
I see, thanks for that info
Also, have your friend read Mike’s blog posting on how hackers do it. I found it very helpful and I have shared it even with people who do not play GW2, because it shows a lot of problems we can face ANYWHERE.
https://forum-en.gw2archive.eu/forum/support/account/Mike-O-Brien-s-Article-on-Account-Security
In a way, if he is ONLY getting hacked in GW2, and no where else, he is lucky so far. Hackers will try anything. And if the problem is a bad password (if the hackers know you use GwHZehr898 , they will keep that information and then next time try GwHZehr899 and GwHZehr897). For them it is a business, so they approach it like one.
So I guess the best steps for your friend would be:
- Check the PC. He may wanna use two or three anti-visrus checkers after one another.
- Check ALL his passwords. As convinient as it is, he should never share passwords between sites and he should use a unique one in each case. (If that’s too much work, he may want to concider getting a password manager.)
- Check his email. He may also want to see what email was deleted recently, if hackers are in his email, they will clean up after themselves.
Also, if your friend has other places where his email is his account name, such as Battle.net – have him check those accounts as well.
Nope, not really a bug, more glitch. When you login to the forum here, the forum checks your log-in details with the log-in server. Result is that it shows that you logged in from Texas (where the forum server is).
This is incorrect.
It checks the client IP not the server IP.
@OP most likely your friends email account is compromised, he should change his email account password ASAP then change his game account password.
Apathy Inc [Ai]
Nope, not really a bug, more glitch. When you login to the forum here, the forum checks your log-in details with the log-in server. Result is that it shows that you logged in from Texas (where the forum server is).
This is incorrect.
It checks the client IP not the server IP.
@OP most likely your friends email account is compromised, he should change his email account password ASAP then change his game account password.
This glitch has been confirmed by Arenanet: https://forum-en.gw2archive.eu/forum/support/account/My-recent-connections/first#post2846022
Please dont make the OP more afraid then needed.
Arise, opressed of Tyria!
Unless I know your friend’s display name, I am unable to help with any account security questions he may have. As for the login from Texas, that is a known issue.
Hello,
At the launch of guildwars2 my friend, like many others, got hacked by some Chinese guy.
Since then he keeps retrieving his account and get’s hacked a few weeks later which is getting annoying as hell.Now he finally set up an authenticator to be sure to kick that guy out (who is now botting from the USA).
One problem, we can’t kick the guy out. He just keeps on going, which raises some questions.
Why doesn’t the guy get kicked out completely?, as in just about the same effect as an alt+f4 exit.
My friend will make a ticket again, but I am just getting quite annoyed about the fact that people can’t seem to kick people from their accounts. Banning the ips doesn’t seem like an option either which could be really handy.
I would suggest an option for the users to ban ip-ranges or just block every ip except for the one they use.
tl;dr; Why can’t we kick people out completely, perhaps even a 5min ip ban afterwards.
-YoniSL
When you friend logs in to his GW2 account, he does kick the other player off the account. He then can change the account’s credentials and hopefully prevent further issues. However, it sounds to me as if your friend may be compromised in other ways, such as through his e-mail account or via a keylogger.
The way for him to get help is to continue to work with Support on this, privately and individually, through his ticket. If he still needs help after three days, go ahead and make a post — including the 12-digit support ticket number — in the Tickets for Review thread.
Best of luck — I hope this will be resolved very quickly.
(And yes, the IP from Texas is a known situation, where one of our log-in servers is adding an access IP to your account. No need for worries, it’s us. )
Communications Manager
Guild & Fansite Relations; In-Game Events
ArenaNet
Isn’t the IP range authorization the OP is asking about already available? I certainly have a list under MY ACCOUNT > SECURITY that lets me manage the IP ranges that have attempted to access my account. Is this only available to certain servers / regions?
So the hacker can still log into the account after the mobile authentication has been activated? I find that very hard to believe.
Fate is just the weight of circumstances
That’s the way that lady luck dances
(edited by Brother Grimm.5176)
Isn’t the IP range authorization the OP is asking about already available? I certainly have a list under MY ACCOUNT > SECURITY that lets me manage the IP ranges that have attempted to access my account. Is this only available to certain servers / regions?
So the hacker can still log into the account after the mobile authentication has been activated? I find that very hard to believe.
When an ip (range) has been authorized it stays there till you go to my account and remove it yourself. I use the mobile authenticator, but never actually used cause I don’t log in from strange locations and my ip has always been the same. So the IP’s in my account have been approved with the old system (by email).
Arise, opressed of Tyria!
also got hacke by americans and i am on EU server, texas and california
have done some many sweeps i lost count still cant find anything.
also got hacke by americans and i am on EU server, texas and california
have done some many sweeps i lost count still cant find anything.
The Texas IPs are the forum servers. It’s a known “bug” and nothing to worry about. Many hackers from China use proxy servers located in California as well as other locations.
All it takes to get hacked is visiting the wrong website. A simple javascript can read website login and password information. Since the forums use the same login as the game once you visit the site and the script runs, they have you login info. This is one of the reasons from the very beginning I have said it’s a poor design to have the forum and game logins the same. It’s a huge security hole.
also got hacke by americans and i am on EU server, texas and california
have done some many sweeps i lost count still cant find anything.
Please contact Support by filing a ticket through the “Ask a Question” tab on that linked page. They will be able to assist you. For tips on what information to provide in a ticket — mostly intended for security reasons to establish that you own the account — please read this post and provide as many suggested details as possible to expedite the ticket.
Communications Manager
Guild & Fansite Relations; In-Game Events
ArenaNet