Guild Wars 2

My account was hacked and have just been recovered thanks to the rapid response of the support team. I suspect that my email account is also hacked so that someone now knows quite a lot of information about my account such as the serial code, credit card last four digits, etc.

Now, even if I changed my email address and passwords, I still feel unsafe since resetting my GW2 password only requires my email account, serial code and the name of one of my characters. Certainly, I can’t change my serial code nor my characters’ names. So if the hackers can hack into my email account again then they can reset my GW2 password.

Maybe I get too afraid after being hacked once but I think the system should ask for more secured questions and allow user to set up some security questions. I think security questions are quite common in many games or websites. Or can someone provide me some suggestions about this situation?

Anyway, once again thank you for the immediate help from the support team.

Add the authenticator to your account for another layer of protection.

Adding the authenticator wouldn’t help since it can be disabled in exactly the same way as resetting the password.

With authenticator, they will have to enter the time-based code in order to get into the account first. That means they will not be able to reset your account password.

I have tried it myself and I can simply disable the authenticator by account recovery.
Account recovery doesn’t require you to login your account (because it is also used when you forgot your password ! ) It only requires email, serial code and one of your characters’ name ! So ridiculously the only protection is my email address password ! Maybe you can try it yourself to see if it works.
https://account.guildwars2.com/recovery
Enter your email, serial code and one of your characters’ name and then click “Disable linked authentication”

As far as I know, the serial code is not in the account setting. How would hacker know about your serial code ?

Since I purchase GW2 digital version, it sends me an email with the serial code and I didn’t delete it. As mentioned, my email account has probably been hacked since the hacker was even able to change my GW2 account name.

You need to protect your email account in that case.

Another thing you can do is using Gmail’s alias function as mentioned http://support.google.com/mail/bin/answer.py?hl=en&answer=12096

With Gmail, you can even add the authenticator to it. That means, the hacker will have to guess your right gmail with the alias, then they have to have the authenticator to hack into your email.

Thank you for answering my questions. The gmail authenticator seems useful.
I agree that in general the email, serial code together with character’s name is safe enough. But the key point I want to say is that these three information are unchangable, thus it could be dangerous once they are known to hackers.

In fact, I still couldn’t figure out how the hacker is able to change my email account name. How can I change my email address?

How long ago were your account hacked ? There was a period of time we are able to change the login email but it was later disabled since a lot of people’s email were hacked ( I think it was related to a certain fan site being hacked ).

If you wish to change the login email now you will have to have support help you with that.

Then it is strange since my account was hacked two days ago…

They might have hacked your email first. You said your serial code is in it. They might have reset the password, got your character name and file for support to change your email ?

yes..probably…