Guild Wars 2

Guys, i had my account hacked like a week ago, i wrote to Arena.net, and they changed my login e-mail to a new one. I just made a new one, never used it anywhere else. I was safe for like 3 days, but i start to get password reset e-mails to my new mail, again, but this time they can’t get it, and reset my pass. How they got to know my new address? I’m quite sure it isn’t a malware/virus keylogger, cause with that they could just log in, knowing my pass.

This is the million dollar question that i wan to know too…..

Is it on a major e-mail network? Did you use a similar account name but new provider?

Nop, brand new e-mail provider and brand new name, just to be sure :P

Is there a way btw, to “brute force” the password recovery? i mean they can just try million of different combination

There are email address/password lists from places that were hacked that are in circulation among blackhats.

Didn’t ask if your new e-mail was with a new provider. I ask if it’s with any of the big 3 free (hotmail/gmail/yahoo) or major ISP provider (cable/telco)? And the more obscure/absurd the account name the better. Proper RL name variation is just to kitten easy to guess.

Yep, i’m with one of the 3 main ( don’t wana give away it ) but i gave them a quite absurd, and btw, they can’t know for sure they guessed the right one, or the variation of it, becuase i just tested, i can type any random e-mail to the password recovery, it always says “succes, we sent the stuff to the e-mail”

I get the implication that you think they somehow obtained your new address from ANet, but how would you explain them being able to obtain the new email password? I certainly HOPE it isn’t the same as your GW2 account password (which would be the only password Anet servers would have to give the hakcers).

The above simple fact shoots down any speculation that somehow a security issue on Anet’s side led to the compromise of your email account (again). As much of a stretch as it seems, I would begin to suspect a keylogger (but anyone with any security experience knows those are very few and far between and are quite easy to detect).

On a side note, if you set up a PROXY email at the account and use that for login / association with GW2, the hackers are MUCH less likely to figure out that is what is needed to log in and also they must SEND from that PROXY to successfully make a password change request.

Okay, so to be clear, they haven’t got in. I just received passoword recovery e-mails, i can still go in. I don’t think it was a keylogger last time, and i don’t think it is now. I check my computer for such with 2 different software very often. And btw, if they have keylogger shouldt they just log in to my GW2 knowing my password? why would they bother with password recovery.

Because if they change your password, YOU loose access to try and stop them from hacking for as long as it takes to open a new ticket with Support. Yes, keyloggers are very rare and I doubted it but from the original post it sounded suspicious.

Does the password change emails have a ticket # associated with it (if not, are you sure it’s valid and not a phishing email)? Getting phishing emails for popular games is certainly possible (even to a new email address).

If the password change email is valid and from Anet Support, reply to it and TELL Support to quit changing the password from this ticket as it’s a hacker requesting them (that’s my best guess at what is happening if the change emails are legit).

It’s kind of ironic that everyone who comes here saying they’re hacked always says they have super-tight security, unique emails, and 47-character randomly-generated passwords.

Meanwhile I’ve been using the same email address for everything since 2009 and I haven’t even had a phishing mail.

Bluestocking, your situation is much like mine. I’d really like to learn how the hackers find their victims. Am I just lucky, or is my Email provider really good at security?

if you are getting emails from ArenaNet informing you that somebody is trying to change your account password, or recover access to your account, all this means is that ArenaNet knows your new email address and is sending you an email to confirm that the request is legitimate.

this is as it should be.

it does mean that somebody is actively trying to get access to your account, though. be very very careful not to click on anything in these emails that looks even remotely like it might “allow” the request.

-ken

bluestocking.6148:

It’s kind of ironic that everyone who comes here saying they’re hacked always says they have super-tight security, unique emails, and 47-character randomly-generated passwords.

Meanwhile I’ve been using the same email address for everything since 2009 and I haven’t even had a phishing mail.

I said the same thing until my email go hacked and my account got compromised. Granted, mine was an old email account (I think it’s been in use since 2002) and it was using a password that I have used for other sites since before then. I have LONG since quit using that password, but neglected to go back and change that email account password and that was my error.

Overall, I think it’s less about good email provider security than whether or not any websites you ever used that email address at (and possibly the same password) have ever been compromised (and their user DB stolen and sold). Obviously 2 step authentication on both the email associated with our GW2 account AND the GW2 account itself should lock down your account (but still use unique and strong passwords at every site). Strong means longer than 12 characters (46 character passwords are insane overkill).

I’m sorry… I have been following this forum the last few weeks and I do wonder if the GW2 email list got compromised. The number of hacked posts here has been the most I have seen since I started playing over a year ago. I wonder how these hackers targeting GW2 accounts happened to find GW2 player’s emails out of the several hundred million emails out there. I mean if you are going to hack GW2 accounts you need to have a email list. I don’t think GW2 hackers just targeted every email on the internet in hope of getting a positive.

I hope I’m wrong but something seems off in this forum recently with all the hack problems reported.

This April 11th sticky and suddenly we have several “I got hacked” posts here (many of which were closed) in the last month.
https://forum-en.gw2archive.eu/forum/support/account/Account-Security-What-you-need-to-know/

I’m sure I’ll get hell for this but something seems off. I think I stated what others were thinking as well and afraid to talk about.

JustTrogdor.7892:

I’m sorry… I have been following this forum the last few weeks and I do wonder if the GW2 email list got compromised. The number of hacked posts here has been the most I have seen since I started playing over a year ago. I wonder how these hackers targeting GW2 accounts happened to find GW2 player’s emails out of the several hundred million emails out there. I mean if you are going to hack GW2 accounts you need to have a email list. I don’t think GW2 hackers just targeted every email on the internet in hope of getting a positive.

Your log in ID is your email address also, not sure if there’s a way they capture it by entering the actual account name i.e. player.1234 (not real) but one disturbing thing I found is that If I type my player.1234 (not real) but don’t enter my password at the login screen it will autofill my email address in place of the account name and ask me to try again.

Not sure if this is because it’s a trusted machine or if it’s just how the launcher works though.

Muusic.2967:

JustTrogdor.7892:

I’m sorry… I have been following this forum the last few weeks and I do wonder if the GW2 email list got compromised. The number of hacked posts here has been the most I have seen since I started playing over a year ago. I wonder how these hackers targeting GW2 accounts happened to find GW2 player’s emails out of the several hundred million emails out there. I mean if you are going to hack GW2 accounts you need to have a email list. I don’t think GW2 hackers just targeted every email on the internet in hope of getting a positive.

Your log in ID is your email address also, not sure if there’s a way they capture it by entering the actual account name i.e. player.1234 (not real) but one disturbing thing I found is that If I type my player.1234 (not real) but don’t enter my password at the login screen it will autofill my email address in place of the account name and ask me to try again.

Not sure if this is because it’s a trusted machine or if it’s just how the launcher works though.

I tried that on my computer, put in my display name of Astral Projections.7320 and tried to login with the real password and a fake one. Both times it rejected and Astral Projections.7320 was shortened to Astral. If I didn’t put a password in, nothing happened. It just sat there.

So maybe it’s just your machine.

JustTrogdor.7892:

I’m sorry… I have been following this forum the last few weeks and I do wonder if the GW2 email list got compromised. The number of hacked posts here has been the most I have seen since I started playing over a year ago. I wonder how these hackers targeting GW2 accounts happened to find GW2 player’s emails out of the several hundred million emails out there. I mean if you are going to hack GW2 accounts you need to have a email list. I don’t think GW2 hackers just targeted every email on the internet in hope of getting a positive.

I hope I’m wrong but something seems off in this forum recently with all the hack problems reported.

This April 11th sticky and suddenly we have several “I got hacked” posts here (many of which were closed) in the last month.
https://forum-en.gw2archive.eu/forum/support/account/Account-Security-What-you-need-to-know/

I’m sure I’ll get hell for this but something seems off. I think I stated what others were thinking as well and afraid to talk about.

If ANet had any security breach the number of posts and tickets would be so astronomically high that there would have to be something posted by ANet. There’s not so the breach isn’t of an ANet database.

Now nobody has tried to hack my account for a long time but the day that it released in China people got into my account and I got hacked, they got into my email, deleted the authentication emails, kicked me out of the game while I was playing, and then put a mobile authenticator on the account to keep me out.
I just think that the hacks have increased because of the influx of new players coming into the game so its like the day that the game came out for the rest of us.

Pacrage.5236:

Now nobody has tried to hack my account for a long time but the day that it released in China people got into my account and I got hacked, they got into my email, deleted the authentication emails, kicked me out of the game while I was playing, and then put a mobile authenticator on the account to keep me out.
I just think that the hacks have increased because of the influx of new players coming into the game so its like the day that the game came out for the rest of us.

I hope you aren’t suggesting these new players have anything to do with the China release. As their client has no connection to the NA/EU client.

It is true we have had an influx of new players, though, as the game was just recently put on sale a couple of times.

My wife’s account was hacked yesterday, with the help of anet we managed to get back into the account but it had been stripped. We followed the advice from the anet email and changed the email address, password and assigned the email authentication but guess what? hacked again the very next day and this time they put mobile authenticator on just to make sure we couldnt access the account. All we have had back from anet is an email saying that they are looking into it and no other replies. I would very much like to know what else we are supposed to do to when we do all the things anet ask for a secure account and then get hacked again within a few hours.

wraith mournblade.7396:

My wife’s account was hacked yesterday, with the help of anet we managed to get back into the account but it had been stripped. We followed the advice from the anet email and changed the email address, password and assigned the email authentication but guess what? hacked again the very next day and this time they put mobile authenticator on just to make sure we couldnt access the account. All we have had back from anet is an email saying that they are looking into it and no other replies. I would very much like to know what else we are supposed to do to when we do all the things anet ask for a secure account and then get hacked again within a few hours.

How similar is the new email address to the old one?

Did that email account have the same password (or a very similar one) as the old account?

Did you email from the old account saying you’ll be responding from X new email address?

Muusic.2967:

Your log in ID is your email address also, not sure if there’s a way they capture it by entering the actual account name i.e. player.1234 (not real) but one disturbing thing I found is that If I type my player.1234 (not real) but don’t enter my password at the login screen it will autofill my email address in place of the account name and ask me to try again.

Not sure if this is because it’s a trusted machine or if it’s just how the launcher works though.

Your browser is doing that, probably. I can not reproduce it.

frans.8092:

Muusic.2967:

Your log in ID is your email address also, not sure if there’s a way they capture it by entering the actual account name i.e. player.1234 (not real) but one disturbing thing I found is that If I type my player.1234 (not real) but don’t enter my password at the login screen it will autofill my email address in place of the account name and ask me to try again.

Not sure if this is because it’s a trusted machine or if it’s just how the launcher works though.

Your browser is doing that, probably. I can not reproduce it.

Yes, I just tried it…didn’t matter what I put in, my browser auto-fills the field with my Account Name. So, if you don’t want that to happen, don’t save your password and/or Account Name in your browser.

Gaile Gray.6029:

JustTrogdor.7892:

I’m sorry… I have been following this forum the last few weeks and I do wonder if the GW2 email list got compromised.

Absolutely not. And by that do you mean the e-mail addresses and the passwords?

No I mean I wondered if a GW2 related email list got acquired from somewhere and nothing to do with passwords. There are what, 100’s of millions of email addresses out there? It just seems that for hackers to have a starting point they would need a list otherwise it would be like finding a needle in a 20 square mile haystack.

Anyway I trust it wasn’t on Anet’s end but maybe another 3rd party GW2 related website where people used the same email address to register as they did for their GW2 account. Those hackers had to get a starting point from some place.

i always love reading the “we’re perfect its your fault posts/3rd party’s fault” you know? PSN said the exact same thing, its just like when the connection goes down and the client tells me its something wrong on my end xD i dont think so, but yeah its quite bad to say we’re 100% its not anet, there could be an insider, youre 99% becuase in my experience its always the cheap fan websites and other guild websites that let your passwords be compromised but MAINLY guild sites like enjin and shivtr and maybe even your own made ones. but you can never say youre 100% sure its not anet

They can certainly say it’s 100% not Anet if they please….it’s entirely up to you if you believe them or not. The fact remains that the majority of the latest hacks are due to email accounts being compromised (not ANet’s responsibility). There are not THOUSANDS of players reporting hacks (like in the case of the PSN issue), so stating, “that’s what PSN said.” is really not applicable in this situation.

Now saying that, I do think ANet could reduce the number of hacked account if they simply QUIT allowing passwords to be changed by a simple email request, but I’ve expressed that concern in the past and would really just like to hear they are considering changing that policy.

Another explanation is you linked your new email account with an old or different account. For example you create example@example.com and in the recovery options you list myoldemail@example.com. If myoldemail is compromised (even if it is different from your original hacked account) they can obtain your new email address.

Another possibility is keylogging. A third is an upstream provider has a security issue.

Didn’t consider that but if you FORWARD (or link) your new email from the old one, a hacker with access to you old email can easily obtain the new address from those settings.

I suggest setting up a UNIQUE PROXY email address (even from a new account) as your GW2 associated email and use it nowhere else. This should prevent any future hacker from being able to easily reset your password with Support NOR being able to easily have your actual GW2 account log in (as it is now different from the email account login).

Also enable any available 2-step authentication with the new email account. I know that Outlook.com allows you to do this without a smartphone via your Microsoft login (but it is a bit of a PitA).

Brother Grimm.5176:

They can certainly say it’s 100% not Anet if they please….it’s entirely up to you if you believe them or not. The fact remains that the majority of the latest hacks are due to email accounts being compromised (not ANet’s responsibility). There are not THOUSANDS of players reporting hacks (like in the case of the PSN issue), so stating, “that’s what PSN said.” is really not applicable in this situation.

Now saying that, I do think ANet could reduce the number of hacked account if they simply QUIT allowing passwords to be changed by a simple email request, but I’ve expressed that concern in the past and would really just like to hear they are considering changing that policy.

No they cant, they have oblications to thier customers, what annoys me is that they will blame the customer first with literally 0 investigation, all companies do this to protect their image, not once did i say that anet had been hacked either thats ludicrous and i do believe that all incidents have been the customers fault, but that doesnt mean they are 100% and it doesnt justify the language they use, like i said, blame customer first, just look whats happended to ebay, if anet had been breached (i highly doubt it) they wouldnt tell you until the very last second

If you haven’t heard, eBay got hit and suggest you change your password. Now if they do get into your eBay account it will likely have your email address. And if you recycle passwords … well you might be in trouble if not here but maybe in other places.

RedCobra.7693:

No they cant…..

I beg to differ….they CAN and as you stated…THEY do…..all companies do. If you mean they SHOULDN’T, that is a different issue and we are arguing semantics that do nothing to solve the actual problem. The fact is (again, like you stated) companies WILL NOT state they “may” be at fault as that would simply be a PR nightmare.

You are right that customers will be the last to know, but a company CAN say whatever they want about any issue they want and your feelings of annoyance are not going to change that in the least. Your expectation that a company would ever imply their own security is not 100% is simply NOT realistic. Annoyance and disappointment are sure to follow if you seriously think that would ever happen.

Brother Grimm.5176:

They can certainly say it’s 100% not Anet if they please….it’s entirely up to you if you believe them or not. The fact remains that the majority of the latest hacks are due to email accounts being compromised (not ANet’s responsibility). There are not THOUSANDS of players reporting hacks (like in the case of the PSN issue), so stating, “that’s what PSN said.” is really not applicable in this situation.

Now saying that, I do think ANet could reduce the number of hacked account if they simply QUIT allowing passwords to be changed by a simple email request, but I’ve expressed that concern in the past and would really just like to hear they are considering changing that policy.

Yeah…I don’t exactly believe that its always someone’s e-mail account.

On many websites, you can check the recent login activity (complete with location and IP address), sometimes it goes back several months, and in almost all cases, you can’t delete or change it (which I atleast know to be true on Yahoo. So, if you did change email accounts recently, and your still getting hacked, you can check if its your e-mail or not for long-in activity, VERY easily.

So, say I checked that and came up empty, what would your magical reasoning be for me being hacked in that case?

So you don’t trust Anet, but you DO trust YAHOO… and their “free” email account?

All the potential speculation on how you got hacked is in this and other threads here. Believe what you want, but don’t make accusations without more proof than a few “unexplained” hacks and your highly intuitive logic.

Chrispy.5641:

Brother Grimm.5176:

They can certainly say it’s 100% not Anet if they please….it’s entirely up to you if you believe them or not. The fact remains that the majority of the latest hacks are due to email accounts being compromised (not ANet’s responsibility). There are not THOUSANDS of players reporting hacks (like in the case of the PSN issue), so stating, “that’s what PSN said.” is really not applicable in this situation.

Now saying that, I do think ANet could reduce the number of hacked account if they simply QUIT allowing passwords to be changed by a simple email request, but I’ve expressed that concern in the past and would really just like to hear they are considering changing that policy.

Yeah…I don’t exactly believe that its always someone’s e-mail account.

On many websites, you can check the recent login activity (complete with location and IP address), sometimes it goes back several months, and in almost all cases, you can’t delete or change it (which I atleast know to be true on Yahoo. So, if you did change email accounts recently, and your still getting hacked, you can check if its your e-mail or not for long-in activity, VERY easily.

So, say I checked that and came up empty, what would your magical reasoning be for me being hacked in that case?

One of the following:

1. You have the same email and password on another site and that site got compromised. And your GW2 password is the same as the password from that site.

2. You have a key logger on your computer. Not all virus scanners will catch everything. If you haven’t already find a second scanner to scan for viruses. Malwarebytes is a good free one that won’t conflict with your primary one. And the free version does not actively scan so it won’t affect computer performance unless you tell it to scan.

3. Your GW2 password while unique for you may be on a list of passwords that hackers try. And someone sold them your email address. Or they got the email from a site that got compromised.

4. Cracked your password (meaning your password likely wasn’t strong enough).

5. Your new password was too similar to the old one.

All of the above would also indicate that you have not verified your email. ANet won’t send a log in confirmation to an email that a player hasn’t confirmed.

And the number of hacked accounts that tie in with hacked emails is incredibly high. High enough that it’s worth going the extra mile and making sure that the email account is secure before going through support. Especially those who have multiple successful hacks. I’ve seen 95% be said from an ANet employee (forget who) as the percentage of times hacked emails occur along with hacked accounts.

The reality of the virtual world we live in is that is extremely easy for someone tenacious to obtain your email address by simply knowing your character name. If you’ve ever registered on a fan site or let someone in the game know your real name, where you live, etc. for instance.

From there, if you refuse to use more advanced security measures like 2-step authentication, you are a fairly easy target. And, if they use keylogger software/hacks, they are going to see your new email information every time you try to recreate it on your computer. At that point, they might as well have hacked your fingers – and none of it had anything to do with Anet.

I learned this myself the hard way a couple of weeks ago. For what it’s worth, Anet was awesome about it – three days to get my account back with almost all of my stuff (lost my first and only precursor because it was still waiting to be picked up on the TP) – and I was happy with that – because I knew it was my fault, not theirs, that I was hacked.

We are basically at war with these hackers, and when you are at war, you dont do things half way. Protect yourselves in every way possible. Use commercially known and accepted antivirus software (and manually scan your computer often), set up 2-step authentication on your email account (then immediately change your email password), use a mobile authenticator, dont repeat passwords between programs/websites/etc, create elaborate and strong nonsense based passwords (and store your passwords somewhere other than on the computer you are using for the game), and dont share personal information with people you dont really know.

I learned to do these things the hard way.