Showing Posts For Lord Chaos.1729:
Thank you.
He has already done the virus and malware scan, and found nothing.
I recommended today that he change his Email password, but he’s at work right now so I don’t know if he has done that.
The two-factor authorization seems to work only if one has a cell phone, and he doesn’t. He’s not sure about Email authorization; he thought was on, but ran out of time to check it. Will look into this again.
He has already submitted a ticket to support.
My main involvement comes from wanting to know how he got hacked, so our whole guild can be better protected.
He looked for that, but didn’t find anything. He has Email in his trash folder going back to January, with nothing about a password reset request or an attempt to log in from another IP address.
Update: Tonight he requested another password change, and was able to log in. So, the account hasn’t been locked yet.
Also, his original password was unique to GW2. We’ve discussed security in our Guild, so folks are aware of what ANet has said about passwords. He does have Email verification turned on.
Thank you.
Do you mean a recovery from within the Email program itself?
I assumed that if he made up a whole new password, that would involve Email, that he’d be secure. Wrong assumption, I guess.
A friend and guildmate tried to log into his account Tuesday, May 13, and was not allowed to do so. It was late, so he couldn’t go any farther. Wednesday he asked for a password reset, and was able to log in. A little while later he tried to log in again, and was unable to do so.
This morning, I saw him on-line and tried to PM him, with no response. I then contacted him on Skype, and he wasn’t in the game. He got another password reset, tried to log in, and got the message that a character was already logged in.
He tried again, after another password reset, and was able to log in, and found his account completely stripped. They’d even apparently run his karma armor through the Mystic Forge for one salvageable piece. He logged out after that, and was unable to log in again.
I had him get another password reset. He used that, and then immediately changed his password to a long, secure one. He logged out, and was able to log in with the new, long, password. I assumed that would solve the problem of Email interception.
It didn’t. He tried to log in this evening, and was unable to do so. Now I’m very curious as to what might be happening here, because, in theory, the long password can’t be brute-forced. So, how was anyone able to log in on his account? And how vulnerable is my own long password?
His main character name is Stone Walker, guardian. He has entered a support ticket, and is waiting for a response. I’m hoping that the reason he can’t log in tonight is that ANet has locked the account.
I’m posting this because he’s still unable to log in.
(edited by Lord Chaos.1729)