Think you're safe? Secure your Email!

Think you're safe? Secure your Email!

in Account & Technical Support

Posted by: Muusic.2967

Muusic.2967

My wife’s Hotmail account was recently hacked and the people who got into it were able to clean out all of her gold and items in a matter of minutes. If we would have known that Hotmail and many other email services offer 2 step verification to secure your account we would have had it enabled.

We do now.

For those of you who say “This couldn’t happen to me” you are wrong. I was in the process of smugly trolling my wife about getting hacked and she suggested I check my personal email. Hotmail offers the ability to see how many log in attempts were made in the last 30 days and to my shock I had over 40 attempts from China and Vietnam (pic attached)

Take the time to secure your email account now and also DO NOT keep your serial number on the same email account as you have registered to your account. This is like leaving a signed title to your car in the glove box!

Attachments:

Be who you are and say what you feel for those who mind dont matter and those who matter dont mind
~Dr. Seuss

Think you're safe? Secure your Email!

in Account & Technical Support

Posted by: Brother Grimm.5176

Brother Grimm.5176

With that kind of activity, why in the WORLD would you not ditch that email and get another? Especially if she uses that address for any RL finanical or Retail website associations….VERY dangerous (even with the 2 step authentication turned on).

We go out in the world and take our chances
Fate is just the weight of circumstances
That’s the way that lady luck dances

Think you're safe? Secure your Email!

in Account & Technical Support

Posted by: Muusic.2967

Muusic.2967

In the process of looking into a more secure email now, but i’m not really sure I trust any of them now because if they want your information they’re probably going to get it.

None of the email services i’ve looked at seem to have better than the 2 step but if you’re aware of one please let me know.

Be who you are and say what you feel for those who mind dont matter and those who matter dont mind
~Dr. Seuss

Think you're safe? Secure your Email!

in Account & Technical Support

Posted by: Gaile Gray

Gaile Gray

ArenaNet Communications Manager

This is very solid advice, thank you for sharing. ANY type of authentication system is valuable to protect against compromise situations!

Gaile Gray
Communications Manager
Guild & Fansite Relations; In-Game Events
ArenaNet

(edited by Gaile Gray.6029)

Think you're safe? Secure your Email!

in Account & Technical Support

Posted by: Draygo.9473

Draygo.9473

With that kind of activity, why in the WORLD would you not ditch that email and get another? Especially if she uses that address for any RL finanical or Retail website associations….VERY dangerous (even with the 2 step authentication turned on).

A single attempt every day is not uncommon..

If your email address has ever been used its probably on some list to get spammed. I have a server that sees over 10,000-50,000 log in attempts a month to attempt to guess the administrator password (even though there is no “administrator” or “admin” account).

This is why using a strong password is important, and 2 step verification is recommended. Google and yahoo do not share failed login attempts, which to me is a shame.

Basically its not as dangerous as you seem to think, log in attempts are an extremely common event.

Delarme
Apathy Inc [Ai]

Think you're safe? Secure your Email!

in Account & Technical Support

Posted by: Kelly.5293

Kelly.5293

Gaile,

3 things

1. Is it worth it to change the account email from time to time and is it a headache for us and anet to do? My email is fairly clean and not used for anything else at least in the last 12 years. New password that is extensively long, complex and highly random. I only get emails from Anet.

2. You’ve had some great security articles in the past. If i wanted to i probably would have trouble finding them. I think having a easy find dev post only area on the forums might be helpful. Unless it’s here somewhere? With new players all the time it should be a constant reminder to everyone. I’d even put a link at the login. The more individuals protect themselves the less work for all of you and fewer sadfaces in game. But you knew that already.

3. Most importantly, keep up the amazing job and thanks!

Think you're safe? Secure your Email!

in Account & Technical Support

Posted by: Inculpatus cedo.9234

Inculpatus cedo.9234

Gaile,

3 things

1. Is it worth it to change the account email from time to time and is it a headache for us and anet to do? My email is fairly clean and not used for anything else at least in the last 12 years. New password that is extensively long, complex and highly random. I only get emails from Anet.

2. You’ve had some great security articles in the past. If i wanted to i probably would have trouble finding them. I think having a easy find dev post only area on the forums might be helpful. Unless it’s here somewhere? With new players all the time it should be a constant reminder to everyone. I’d even put a link at the login. The more individuals protect themselves the less work for all of you and fewer sadfaces in game. But you knew that already.

3. Most importantly, keep up the amazing job and thanks!

Well, there is Dev Tracker….and the Stickies.

Think you're safe? Secure your Email!

in Account & Technical Support

Posted by: Brother Grimm.5176

Brother Grimm.5176

Basically its not as dangerous as you seem to think, log in attempts are an extremely common event.

I know it can be common, but that’s a definite sign you need to CHANGE your email address…likely the prefix as it is now going to be spammed to every major provider out there.

If you had security footage of someone trying to pick the lock on your front door every night, would you be concerned?

We go out in the world and take our chances
Fate is just the weight of circumstances
That’s the way that lady luck dances

Think you're safe? Secure your Email!

in Account & Technical Support

Posted by: Draygo.9473

Draygo.9473

Basically its not as dangerous as you seem to think, log in attempts are an extremely common event.

I know it can be common, but that’s a definite sign you need to CHANGE your email address…likely the prefix as it is now going to be spammed to every major provider out there.

If you had security footage of someone trying to pick the lock on your front door every night, would you be concerned?

If I did that I would have to change some email addresses every day. It just isn’t realistic. Just because someone walks up to a door with a keypad and punches random numbers doesn’t means you should be replacing your entire security system. A strong unique password is the first line of defense, a second level of authentication is also recommended. Changing your email address just because someone is attempting to log into it is not recommended, and its likely to happen on your new account as soon as you start using it.

Do you suggest I change the IP address of my server because its seeing login attempts? Its seeing log in attempts in an order of magnitude greater than the OP’s email account. No matter what I change it to its going to get hit like that. Its the reality of the internet.

Delarme
Apathy Inc [Ai]

(edited by Draygo.9473)

Think you're safe? Secure your Email!

in Account & Technical Support

Posted by: Mecklar.2589

Mecklar.2589

Just received two guildwars 2 password reset emails in the last 8 minutes that I didn’t request. Luckily I have two step authentication on both my email and guild wars 2 account.

Even though should I take any action about this or just leave it for now?

Also is there anyway Arena net can track where these request came from as my account was hacked a while ago and this may be the same guy trying to get in.

Think you're safe? Secure your Email!

in Account & Technical Support

Posted by: Inculpatus cedo.9234

Inculpatus cedo.9234

Even if they did track the IP address, what would that serve? It could just be spoofed. What if they happened to spoof your address? Would you want it blacklisted? What if an address is shared by many?

Think you're safe? Secure your Email!

in Account & Technical Support

Posted by: Quintosh.9613

Quintosh.9613

Same thing happened to me, on two of my different hotmail emails, activity from China, and I have rather safe passwords. They resetted/allowed access to my gw2 account and cleared everything from it. Waiting for something to happen now..

(good luck with the china release and 100x more hacked accounts ;o )

Think you're safe? Secure your Email!

in Account & Technical Support

Posted by: Devildoc.6721

Devildoc.6721

My wife’s Hotmail account was recently hacked and the people who got into it were able to clean out all of her gold and items in a matter of minutes. If we would have known that Hotmail and many other email services offer 2 step verification to secure your account we would have had it enabled.

We do now.

For those of you who say “This couldn’t happen to me” you are wrong. I was in the process of smugly trolling my wife about getting hacked and she suggested I check my personal email. Hotmail offers the ability to see how many log in attempts were made in the last 30 days and to my shock I had over 40 attempts from China and Vietnam (pic attached)

Take the time to secure your email account now and also DO NOT keep your serial number on the same email account as you have registered to your account. This is like leaving a signed title to your car in the glove box!

That looks like the recent activity page of my hotmail too, all those invalid password attempts from freaking China. the really crazy thing is sometimes there are invalid password attempts from my IP from an unknown email client or from “POP3”. When my account got hacked in February, there weren’t any authorized networks aside from networks in the US that I’ve legitimately logged on from, so the hacker was actually spoofing my IP when logging into my account! During the time I got hacked, I never got a text message stating an attempt to log into my email either, the flurry of Chinese login attempts started AFTER I got my account back.

Zapp – 80 Asura Afromancer