Hacked account
So didnt touch game for months (i think at least a half year)…
And last thursday, I think, i got 5 mails that someone wants to change my password on account. I DIDNT click on links or did anything with mails, but tried to start game to check whats going on because I didnt tried to change the password. And obviously my password didnt work anymore.
So i sent mail to support to send me a link to change my password (because i lost my serial number that is needed for password change) and they did. I changed the password, logged in and it was obvious that account was hacked. Everything was sold but money was still on character (around 400g). I check imediattely my account and noticed that email notification is disabled and i enabled it again.
Again reported on support that account is hacked. I got reply do i want to restore my account on some date in past and i said yes. But same day i was unable to log again and i thought that account is blocked while they do restoration.
So next day i got confirmation its restored and my serial number. Password didnt work so i changed it again and couldnt log because someone was already PLAYING my game.
In meantime they took money too.
Now i am waiting for support to respond but how can i be sure anymore that this will not happen again?My question is:
how is possible that someone change password and i dont receive notification in mail. Every time i try to change password i got notification (and you need serial key for this). Every time i just try to log in game i get notification (email notification is enabled). But someone is changing my password and playing without it. How???I never shared account, password and i checked email – all logins was from my IP.
Ok the security issue is at your site. By hearing bout the speed in wich they are able to (re)hack your account I assume there is something installed at your computer.. Very likely a key-logger. This gives them access to your emailaccount and enables them to remove warningmails before you see them. This also means they can read the new password and can remove trail of their actions perfectly.
The only solution is to re-install your whole computer.
a: Make back-up of your personal files (movies, pictures and documents). Do not save any program you can also re-download. consider every executable file as potentially contaminated.
b: Whipe your harddrive and re-install windows.
c: enable your internetconnection and download a good anti-virus program and update it. There are many free anti-virus products that are pretty good.
d: change your email password
e: change your gw2 password
f: download the game and log in
g: If possible (you need a phone using iOS, Android or windows mobile) start using the mobile authenticator
h: now download and install all the other programs you use and need. Make sure you use legitemate sources.
Arise, ye farmers of all nations
Arise, opressed of Tyria!
Arise, opressed of Tyria!
First thanks for trying to help.
I thought same as you, that they have access on my mail. But thats impossible. I checked “View you recent sign-in activity” on my mail, and noone (except me) logged on it these days. I am tracking it every few hours. There is only my IP adress, only my country, and i was checking hours also.
How can they log in my mail and remove this information?
Also, as i explained, i didnt log for months, so not sure how can they use key logger?
They may have installed something on your computer that allows them to control it remotely. Thus, any attempts to login to your e-mail is read as coming from your own IP.
imo it’s not normally necessary to resintall an operating system when malware is involved. If you haven’t already, run a full antivirus scan using one of the better known antivirus products, assuming you’re using a Windows PC. Also do scans using
http://www.malwarebytes.org/products/malwarebytes_free/
or one or more of the others on this page:
http://www.techsupportalert.com/best-free-trojan-scanner-trojan-remover.htm
With that said, it’s theoretically possible that your PC is clean and there could be an issue with the history reporting of the email service you are using. Which email provider are you using (don’t post your email address here)?
When you changed your password, did you change it to something that was VERY different from your previous password?
imo it’s not normally necessary to resintall an operating system when malware is involved. If you haven’t already, run a full antivirus scan using one of the better known antivirus products, assuming you’re using a Windows PC. Also do scans using
http://www.malwarebytes.org/products/malwarebytes_free/
or one or more of the others on this page:
http://www.techsupportalert.com/best-free-trojan-scanner-trojan-remover.htm
With that said, it’s theoretically possible that your PC is clean and there could be an issue with the history reporting of the email service you are using. Which email provider are you using (don’t post your email address here)?
When you changed your password, did you change it to something that was VERY different from your previous password?
Those tools can be used but they are only capable of removing the more simple malware. I have used those tools to help people get rid of malware and have given up cause I could remove them manually better and faster then they could. They miss a lot and are not scanning very deep and are easily to be tricked.
I think the OP truly needs to be sure his PC is safe again and isn’t up for trying a lot of solutions that might or might not work. Thats why I adviced him to go directly to the ultimate action that should solve it
Arise, ye farmers of all nations
Arise, opressed of Tyria!
Arise, opressed of Tyria!
imo it’s not normally necessary to resintall an operating system when malware is involved. If you haven’t already, run a full antivirus scan using one of the better known antivirus products, assuming you’re using a Windows PC. Also do scans using
http://www.malwarebytes.org/products/malwarebytes_free/
or one or more of the others on this page:
http://www.techsupportalert.com/best-free-trojan-scanner-trojan-remover.htm
With that said, it’s theoretically possible that your PC is clean and there could be an issue with the history reporting of the email service you are using. Which email provider are you using (don’t post your email address here)?
When you changed your password, did you change it to something that was VERY different from your previous password?
I am using yahoo mail.
Yes, i created completely different password. There were no similarity at all.
This is all too strange. Problem is that even hours in “View you recent sign-in activity” seems fine. I searched net and it seems that there is no way to alter this informations.
The only thing i never did was changed email password (i did this today).
But there are lots of questions. Why i had like 5 mails to change password on thursday when all this started? If they had all data for my mail why they needed 5 attempts and didnt delete these messages? Also why didnt i receive authentication mail when they log in for the first time (every time after hack this option was disabled)? The only idea on my mind was that they had my email password and thats how they controled everything but still puzzled with “View you recent sign-in activity” results.
I ran Spybot Search and Destroy and nothing was found. I know its not best (and its free) but nothing. I am really carefull and basically never clicked any suspicious links.
I read that there are some keylogers wifi, you need to have a good firewall. somebody can use your same ip and see your passwords.
I would suggest that you contact our Technical Support Team. You can do that via your existing ticket if you are sure that your email is secure. However, I agree that you should not reject the possibility that your computer is hosting malware. So can you access the support site from another, secure computer?
Anyway, TS often can help a customer re-secure his/her computer so that is what I recommend.
Gaile Gray
Communications Manager
Guild & Fansite Relations; In-Game Events
ArenaNet
Communications Manager
Guild & Fansite Relations; In-Game Events
ArenaNet
And this is how ArenaNet works… Without any proof i am blamed for hacked account and they CANT restore it again because they did restore few days ago and they “cant give more money to goldselers”!!! Well whatever you restored i never saw. I was not able to log because someone was already in my account.
Nice job!
So basically they rejected giving me back my stuff (and i didnt even had anything really special) because this is all my fault. Never mind that all my other online games has never been hacked and i dont have any virus on my computer.
But they made my job easier. Dont worry I am going to delete all my characters and forget about this game. I am really sorry i paid for this (and bought some things in store) and this is how they behave. Paying customer is wrong but someone earned money from my time spent in game and they are unable to track them? I guess its imposible to see where is money sent?? Thats your gold seler or whatever but its easier to reject the paying customer.
Thanks again!
And this is how ArenaNet works… Without any proof i am blamed for hacked account and they CANT restore it again because they did restore few days ago and they “cant give more money to goldselers”!!! Well whatever you restored i never saw. I was not able to log because someone was already in my account.
Nice job!So basically they rejected giving me back my stuff (and i didnt even had anything really special) because this is all my fault. Never mind that all my other online games has never been hacked and i dont have any virus on my computer.
But they made my job easier. Dont worry I am going to delete all my characters and forget about this game. I am really sorry i paid for this (and bought some things in store) and this is how they behave. Paying customer is wrong but someone earned money from my time spent in game and they are unable to track them? I guess its imposible to see where is money sent? Thats your gold seler or whatever but its easier to reject the paying customer.
Thanks again!
No one “blames” you for having your account hacked. But whether we can help you — and usually we can — is dependent on specific circumstances. You must secure your computer, and based on what you yourself have said, I do not think that is the case in that you were hacked repeatedly and there’s nothing on our end that is causing it.
Yes, it’s true that we cannot be held responsible for the security of your computer or your email. But may I have your ticket number so I can verify that this is what one of our agents said to you? You have a quotation above and it doesn’t read like anything I’ve seen our agents say.
Gaile Gray
Communications Manager
Guild & Fansite Relations; In-Game Events
ArenaNet
Communications Manager
Guild & Fansite Relations; In-Game Events
ArenaNet
But they made my job easier. Dont worry I am going to delete all my characters and forget about this game. I am really sorry i paid for this (and bought some things in store) and this is how they behave. Paying customer is wrong but someone earned money from my time spent in game and they are unable to track them? I guess its imposible to see where is money sent?? Thats your gold seler or whatever but its easier to reject the paying customer.
Thanks again!
With all do respect. With you attitude towards security you have been lucky your other games haven’t been hacked and it is a matter of time untill it happens.
This is not Arenanet’s fault. You got robbed and you asked the insurance company to replace your stuff, they did, but you didnt even check your wardrobe if the burglar was really gone.
I know that Arenanet advises you strongly to get your security back up before asking for account restoration. and they also warn you it can only be done once.
From the account restoration faq:
’
Is there a limit on account restorations?
We offer one restoration during the lifetime of a Guild Wars 2 account. To safeguard your account, please be sure you use the best security processes, as outlined in this article.
’
(link is this: https://www.guildwars2.com/en/news/mike-obrien-on-account-security/ )
Arise, ye farmers of all nations
Arise, opressed of Tyria!
Arise, opressed of Tyria!
@Gaile Gray
Incident: 130530-002006
After taking a look at your account, I found that you’ve recently received an account restoration for a previous account hacking. Due to the liability to security your account might impose, we will be unable to offer you another restoration. Please understand we cannot provide more items for the gold sellers to steal and sell. If you require assistance with anything else, please let us know
But they made my job easier. Dont worry I am going to delete all my characters and forget about this game. I am really sorry i paid for this (and bought some things in store) and this is how they behave. Paying customer is wrong but someone earned money from my time spent in game and they are unable to track them? I guess its imposible to see where is money sent?? Thats your gold seler or whatever but its easier to reject the paying customer.
Thanks again!With all do respect. With you attitude towards security you have been lucky your other games haven’t been hacked and it is a matter of time untill it happens.
This is not Arenanet’s fault. You got robbed and you asked the insurance company to replace your stuff, they did, but you didnt even check your wardrobe if the burglar was really gone.
I know that Arenanet advises you strongly to get your security back up before asking for account restoration. and they also warn you it can only be done once.
From the account restoration faq:
’
Is there a limit on account restorations?We offer one restoration during the lifetime of a Guild Wars 2 account. To safeguard your account, please be sure you use the best security processes, as outlined in this article.
’
(link is this: https://www.guildwars2.com/en/news/mike-obrien-on-account-security/ )
So lets check this example. My appartment is robbed and all my things from apartment are stolen. Police found a burgler and return all things. But next day my appartment is robbed again. And police will tell me thakittens my blame and i didnt secured appartment enough? They will not return my stuff, although they got it back, but just for example so if i am robbed again, burggler will not have anythin to take?
I must admit i never read faq and i didnt know that only one time restoration is alowed. This is my fault but also really bad policy.
Why do you assume (like administrators and other people), without any proof, that this is my problem and my security is bad. Its impossible that ArenNet has security issues? Really? I can also say that this is their fault and their security is broken (without any proof). I can say that some disatisfied employee is selling passwords. I can say that someone is monitoring accounts that are not used for long period of time, than assume that person will not play anymore and give informations.
We can all assume whatever we want.
As i mentioned i dont have much gold on account, i dont have some special items (just one mace that can be used for legendary) but this is principle. My account is hacked, things are stolen and i cant get it back. Unaceptable for paying customer.
I hope this will never happen to you but you will definatelly think differently if it happened to you and you have been told its your security issue without any proof.
In meantime i searched computer with suggested tools and nothing is found on it. Also why they didnt change mail password if they had mine and was using my mail?
(edited by FallenCro.8074)
@Gaile Gray
Incident: 130530-002006
After taking a look at your account, I found that you’ve recently received an account restoration for a previous account hacking. Due to the liability to security your account might impose, we will be unable to offer you another restoration. Please understand we cannot provide more items for the gold sellers to steal and sell. If you require assistance with anything else, please let us know
They are blaming you that you are not being reasonable with your own online security. In the end that is the reason you got hacked and with the first hack (and lucky escape in the form of an account restoration) you should have been warned enough to be more carefull with your online security.
Myself and others have been giving you a lot of tips on how to improve your online security as well as linking Mike ‘o Brien’s article on account security (Mike is the founder and president of Arenanet, the fact that he writes an article to help you himself shows how much Arenanet cares bout those things).
The biggest mistake when being hacked you can make is to blame anyone else but you. Off course the hacker is a bad man and a cyber criminal. Hackers are the lowest low life on the internet. But bad people exist, unfortunally we don’t live in a world without them. It is Arenanet’s job to advise you as much as possible on security and help you as much as possible. But something cant be prevented by Arenanet. this includes careless behaviour with whom you share your account details yet and third party malware on your computer.
My advise is to do the following:
1: except your loss and drop the request for a second account restoration. The formal answer has been given. You don’t get one.
2: review your computer security and make sure this or any other hacker will ever get access to your account. Even if your never going to play gw2 again, you will hit a problem with other games as well if you dont take action.
3: then come back to this forum and explain to Gaile what you have done to make sure it wont happen a third time. Also explain to her that you totally missed the message the first time. Ask her friendly and humble to reconsider the decision for not giving the 2th account restoration.
Keep in mind that even doing so might result in a no. This might be cause the system isnt capable of doing it twice on the same account (and with a policy for not doing it twice why built the option in??).
I’m not saying this to bug you or to make you more angry. I’m saying this to sincerely help you. What happened to you isn’t only something that happens to Arenanet customers. It happens to Blizzard customers, SWtor customers and any other MMO customer. So I’m trying to help you to be able to enjoy and play MMO’s again without fear of hackers.
-edit: to respond on your last post. No it never happened to me, and I think it is very very unlikely it will happen to me. I have several degrees on computer security and can actually manually check for mallware better then those tools can (and remove them better as well). I have heard many claims that Arenanet was hacked. Also by people close to me. For those people I have helped them looking for the source and always found it. It always turned out to be a problem at the user’s site and NEVER at arenanets site.
Blizzard and Sony entertainment are the two biggest company’s that got a security breach on their site. The first thing they did was come into the open with it and explain. Sony even took their entire network down. Arenanet has always declared they would do so if it would happen to them. I’m happy to help you find the cause at your site if and when your willing to drop they idea it isn’t your own fault.
-end of edit-
Arise, ye farmers of all nations
Arise, opressed of Tyria!
Arise, opressed of Tyria!
(edited by mercury ranique.2170)
I do see what you are trying to say. I had the same issue happen to me on GW1. After 6 years I was finally hacked. Thing was, I rarely played. I mainly logged in and did the holiday events and that was about it. 4 month of no logging in, I finally did and found everything of value gone. Of course Anet blamed me PC, fair enough its possible. But I had two account and the second account still had not been touched. All it had on it was random items and a ton of plat. So if my PC was infected, why did they not take that stuff as well?
My point is, it can happen. But be happy that you got a roll back. In my case all I got was and emote to promote one of their other games.
Though you should check your PC anyway just to be sure. i do stand with Anet on the one rollback. If they roll back every account that gets “hacked” then they are creating gold and items and will ruin the in game economy. Not to mention that there are those that would take advantage of it if they offered it more than once.
In a game less than a year old I’d had secured my account and PC and kept the 400 gold the hackers left on it. In the case I had with GW1, if the offered rollbacks, I’d had taken them up on it and saved 6 years of playing time. from the sounds of it, you still had your characters, so the 400 gold could have come close to replacing the items lost.
Good luck to you. Do scan your system, a day or two of scanning time is worth it anyways.
@mercury ranique
Dont get me wrong i really appriciate your help (and everyone that tried to help). In all my posts i tried not to be disrespectful or rude to anyone (and if i did i appologize).
With all your knowledge (and i have no doubt in your techical knowledge for these things) your account can be hacked. Biggest companies were hacked and not just once (even you said this). I did listen for advices and used some of the tools from people that tried to help. I did change ALL my passwords and run scans (nothing was found on my computer).
Unfortunatelly i cant support this behavior. I bought game and because of that i belive I own it. If you own something and it was stolen without you knowledge or you concious actions, things should be returned to you. What if you spent 100 or even 1000 of euros to support company and they do this to you? I bought a game and spent money to support company (i really didnt need witch costume) and now i lost all things but some low-life sold it and will keep everything. Is this respectfull for paying customer? I dont think so.
People must know that this can happen to anyone and if you didnt read that sentence where they said they can do only one restore – oh those people will be suprised, belive me.
“The biggest mistake when being hacked you can make is to blame anyone else but you”.As a matter of fact this is completelly oposite than whats going on. This is ArenaNet behavior not mine. I just asked for restoration (i was not accusing anyone) and they said i am responsible and security on my computer is not good (although they dont have a clue about my computer). I just posted examples that i can imagine things without any proof and explain how i think it happened. Truth is that probably we will never know what happened.
But I will not use your or anyone else time. Also i wil not beg for something that is rightfully mine. My plan is to delete all characters and forget about this game (no i am not making scene i just cant support this behavior). I still dont think i did anything wrong.
@Synapse
I admit i was complete fool with my actions. This is first time it happened to me. First time i catched this low-life, money was still on account (400g), and instead sending it to some friend, i was naive fool trusting in this company and i left it.I didnt touch it – anything. I didnt want to do anything suspicious. Basically i imediatelly sent mail and was hoping they will froze or ban account temporarily until everything is solved. But until they responed this person logged somehow again and took everything.
Once again thanks anyone that tried to help. Unfortunatelly this incident will affect my feelings regarding ArenaNet.
Nearly every gaming company who’s products I’ve played in the last few years now has this default “you’re doing it wrong” retort to any potential problems.
I took a month or so hiatus over the new year and came back to find my account terminated for botting, etc. At the very same time that I’m looking at that notification on the launcher, I have friends telling me over other platforms that one of my characters is logged in and active (though set to away/DND or whatever the IG equivalent is). So the idea that MY system is the source of the problem struck me as patently dubious.
The company head putting out some blog about system security is not “benevolence” as some would like to spin it, this is a tried and true tactic of narrative control, distancing ANet from any responsibility while appearing to be helpful (think BP ‘cleaning’ beaches after Deepwater Horizon, yet not allowing any media to film the activity). Same thing happened in SWTOR, people with high-end systems were having major problems getting the highest settings to work (despite owning many very demanding games that ran without a hitch). BioWare staff pump out some nonsense about “a few people with older systems” trying to push them too hard and putting out “helpful” guides on how to tweak your system to perform better (to no avail because that wasn’t the actual problem, but again helped re-frame the debate with the onus on the players rather than the company).
My experience tells me some of these farming/botting groups are running absolute circles around ANet network security, but they can’t come out and say that publicly because heaven forbid they lose face.
Nearly every gaming company who’s products I’ve played in the last few years now has this default “you’re doing it wrong” retort to any potential problems.
I took a month or so hiatus over the new year and came back to find my account terminated for botting, etc. At the very same time that I’m looking at that notification on the launcher, I have friends telling me over other platforms that one of my characters is logged in and active (though set to away/DND or whatever the IG equivalent is). So the idea that MY system is the source of the problem struck me as patently dubious.
The company head putting out some blog about system security is not “benevolence” as some would like to spin it, this is a tried and true tactic of narrative control, distancing ANet from any responsibility while appearing to be helpful (think BP ‘cleaning’ beaches after Deepwater Horizon, yet not allowing any media to film the activity). Same thing happened in SWTOR, people with high-end systems were having major problems getting the highest settings to work (despite owning many very demanding games that ran without a hitch). BioWare staff pump out some nonsense about “a few people with older systems” trying to push them too hard and putting out “helpful” guides on how to tweak your system to perform better (to no avail because that wasn’t the actual problem, but again helped re-frame the debate with the onus on the players rather than the company).
My experience tells me some of these farming/botting groups are running absolute circles around ANet network security, but they can’t come out and say that publicly because heaven forbid they lose face.
Agree with everything you said. Just check any game on launch where people complains that game is crashing. Its always about your configuration, your drivers, even you OS…
I work with computer security for a living. I see “hacks” all the time of all different types.
The sad fact is, most “hacks” are nothing of the kind. They are simply social engineering.
A fake email here, a fake website login there, and your account is gone.
That being said, the people who have taken over accounts are doing something advanced. They are either employing packet sniffers, or random login generators or something to acquire passwords. I know in my case, someone in China got a hold of my login and password, but due to the email authentication, I was able to change my password before they where able to gain access. My computer was a brand new build, about as clean as you can get, with some of the best anti-malware available on it including a very sophisticated hardware firewall protecting my network. The password was unique and complex. The password was never used before for anything else, and was only for GW2. I never received any emails asking for login credentials, and if I had, I can look at a header and understand where the real point of origin is. I am the person who warns others about scams. I am the person who files reports with ISPs to get fake websites taken down. I am the person who scans headers to determine the true origin of an email. Like I said, I do this for a living and I am good at what I do or I would not have a job. In my line of business there is no room “close enough” or 90% sure. I have added all this to prove a point. The “hackers” somehow got my login and password.
They did not get it from my computer, and they did not get it from me but get it they did. How did they get it? I have no idea, but after changing my password that one time, doing nothing more to my computer or any equipment or software, they have not gotten it again.
hello support. i am the owner of account kiyomizu.3462
this morning my account was robbed by someone. i changed the password, but i cant log in: i get disconnected in character select. yesterday everything was fine. i didnt give my password to anyone.
pls help me, or at least punish them.
ty for help
hello support. i am the owner of account kiyomizu.3462
this morning my account was robbed by someone. i changed the password, but i cant log in: i get disconnected in character select. yesterday everything was fine. i didnt give my password to anyone.
pls help me, or at least punish them.
ty for help
You will need to contact CS and seek assistance after you have secured your computer and email address.
https://help.guildwars2.com/entries/28147596-Hacked-Compromised-Accounts
Good luck.
I am using yahoo mail.
Yes, i created completely different password. There were no similarity at all.This is all too strange. Problem is that even hours in “View you recent sign-in activity” seems fine. I searched net and it seems that there is no way to alter this informations.
The only thing i never did was changed email password (i did this today).But there are lots of questions. Why i had like 5 mails to change password on thursday when all this started? If they had all data for my mail why they needed 5 attempts and didnt delete these messages? Also why didnt i receive authentication mail when they log in for the first time (every time after hack this option was disabled)? The only idea on my mind was that they had my email password and thats how they controled everything but still puzzled with “View you recent sign-in activity” results.
I ran Spybot Search and Destroy and nothing was found. I know its not best (and its free) but nothing. I am really carefull and basically never clicked any suspicious links.
Yahoo and gmail was infected by Heartbleed vulnerability. And it was suggested that all Yahoo and Gmail users would change their password. That Heartbleed vulnerability is now fixed, but it really means that you need to change your password after that fix in yahoo mail and gmail.
I have a hunch, that all these hackings are happening just because of vulnerability in Yahoo and Gmail, maybe in some other free email system too. It is not ArenaNet’s fault if hackers got your email address and password because of vulnerability of another partner server, in this case Yahoo and gmail.
So please people, don’t blame ArenaNet for the problem what is not their fault at all. ArenaNet infact have done really good job for trying to minimum their playerbase’s losses. They have given the best support for all players who have been hacked, and done what they can do in this kind of situation. You all should be thankfull for ArenaNet.
Only thing what you can do is change your password right now, if you are using Yahoo or gmail and if you haven’t change it after that heartbleed incident.
And because mass media started to drumming this heartbleed vulnerability in public, it was like invitation to all those hackers, if they can use that vulnerability somehow. And yes, they did use it.