Guild wars 1 players are still seeking assistance from the gw staff; however, none has been directed. Gaile suggested we create tickets so they could “investigate” or instigate a method to help but we’re getting no responses / no help. Hm, we get you aren’t “support” Gaile but the person who got ahold of your account was capable of doing destruction and you have the ability to undo those changes? I’m confused on why we’ve had to wait so long and been given no information as for whether or not we will ever see assistance due to your own staffs ineptitude. Because right now we’re feeling pretty burned to say the least.
It’s been nearly a week and arena net has done nothing! Those effected by the tragedy have yet to receive assistance or be given ONE WORD that would indicate they plan to help those who were maliciously targeted by the imposter GM. What’s even more astonishing it was gw’s own breach of security that led to this and then a slap in the face when they leave the players with no help. NICE ONE!
One of the main problems with a socially engineered account take over is that it’s well known that many players do not use their real name or real contact info when they create an account.
I would guess that the reasons range from privacy concerns to people being under age to carelessness, (“it’s only a game!”, etc) to concerns that the system could be hacked and their private data (social security number in the US, address, etc) could be released.
Account Recovery has to remain relatively lax because there are so many people who legitimately own their account, but don’t have very complete or accurate information.
It’s frustrating because I’m willing to include accurate personal information – my real name, telephone number, etc but because there seems to be an assumption that that could all be fake, or somehow all my information could suddenly change – it does not seem like we can establish a permanent ID in the system and then have recovery attempts be based on knowing or proving that info (as opposed to just saying you forgot all your real ID info).
Maybe I’m a bit off in my perception, but I wish there was a way to established a verified ID that includes some static personal information and sets the bar much higher for account recovery.
I don’t know how lax you expect it to be but when I lost my account info I gave them a picture of my state id or license to prove residency, who I am. To me it’s not unreasonable to prove who you are with your id…
Last night a hacker socially engineered one of our CS agents to gain control of Gaile’s account, and accessed GW1 using it. Gaile of course has two-factor auth on her account, and despite the social engineering, the two-factor auth worked and protected her, so the hacker had no access to her forum or GW2 accounts. Only GW1 pre-dates our 2FA/SMS system.
To socially engineer the CS agent, the hacker provided a variety of personal details about Gaile. But we don’t accept personal details as primary proof of account ownership. We require things like verifying billing info, two-factor auth, access to the account’s primary phone number, or access to its primary IP address in cases where IP address ownership is clearly established. When we can’t verify, we decline access, knowing that incorrectly declining is an unfortunate but better outcome than incorrectly granting access. These are all established and documented policies. We have a great team of customer support agents who follow these policies, and the hacker tried a bunch of times and found one agent who didn’t.
We want to protect all accounts as much as we want to protect our own. Some of you were particularly concerned about the impact to the game of hacking a GM account. You should know that we don’t give GM accounts or any accounts the ability to cheat progress, synthesize items, or manipulate the game’s economy. We play the game the same way you play the game. The hacker was able to use Gaile’s GM access to manipulate guild trims, but mostly he handed out Gaile’s personal items that she had collected from years of playing GW1.
We take your account security seriously and will continue to do everything we can to ensure that our support team consistently applies this security policy and prioritizes protecting you from account hackers.
Mo
Again,
Is Robert Gee going to re-add the gold capes? Since THIS incident is related no thanks to the mod who removed my post rude.
Why are you still posting? You are wrong, uneffected, and biased. This is a larger issue than you could even fathom. You are only derailing my thread and not positively and properly criticizing the material in it.
Back on topic:
Give us better security and undo what has been done!
k my sry, as for answering on tickets i can only agree it’s very person depending. As for gw2 account safety i cannot agree what you said in y first post. It’s definitely a human fault with big consequences. I hope your issues are solved quickly. (i didn’t say they reacted fast, but relatively fast)
You are missing the point. If they have access to your gw1 account they have access to your gw2 account.
There isn’t a set system first of all. It varies depending on who is answering your ticket. There isn’t an exact criteria they follow in which they give back an account, which is exactly why it was negligence. For some of the staffers apparently it’s evident all they require is your email or ign. And possible your RL name as was a means for Lynie to get Gaile’s account. This system isn’t automated, so most definitely it was human fault. They didn’t react fast but granted it’s guild wars 1 nobody expected a fast response although I did expect a resolution by morning as of which we’re still waiting and have not got 1 word.
It’s wasn’t a lapse of judgement. What it was is what I said it was. Negligence to give access of an account to somebody else with very little information provided. And yes I was effected personally but that is all in my ticket. You weren’t effected hence your bias. But you’d be singing a different tune had you been. It’s also important for people to know that their system is weak in order for it to be changed it’s not about attention it’s about change and getting help. Which will not happen without exposure. So kindly stop spamming and posting so you can get attention.
Nobody has been helped since the incident first took place nor are they responding to tickets regarding the manner. It’s also evident they don’t care at all with a lack of response of an indication they are investigating / planning a roll back. At this very moment what we are left with is the after math. In the event they do fix the problem I would be happy but not happy to know how weak are accounts are protected. As previously stated the extent of all that has happened is unknown and people have not got a lick of information or assistance since. You’re missing the bigger picture here this is not a light issue this is a serious case of negligence and fraud.
y lol, just a misjudgment as any people can do. What you wanna achieve with this post? As i can see ANET acted accordingly.
In your eyes how did anet act accordingly? First a Gm’s account was compromised with little information provided about the account. Secondly people in game was adversely effected by being permanently muted, banned, or having their characters and in game assets deleted. This has yet to be taken care of and further as previously stated many accounts leading up to this exposure could have been compromised due to failed security measures upheld by the support staff. What’s unknown is all that was currently done in game but these are the facts:
1) people were muted by a mod imposter (they are not unmuted yet)
2) people were banned by a mod imposter (they are not unbanned yet)
3) people had characters deleted (afaik still deleted)
4) peoples guilds had their gold trim revoked (many still remain revoked)
5) the person who used gaile’s account gave his own guild gold trim
6) support willingly will give any account away with little information provided
What exactly did they do right or handle? What I want to achieve with this post is to get a rollback for people who lost items, characters, guilds or were banned due to the person who abused the system to make a point. I also want support to actually provide security.
Last night the support staff willingly gave a Gm’s account to a random player simply because he knew her e-mail and in game name. This means if anybody knows your real life name, your email, and your IGN you are at RISK due to the incompetence of the gw2 support staff. The measures taken to protect your account are NOT there and it is even easier if the person knows you have a gw1 account linked to your gw2 account. The person who exposed and abused this method is Devout Lynie. The GW staff has done nothing to alleviate the issue as many were effected. But also how many cases have gone unknown where a person was gained access to an account they did not really own due to the negligence of the support staff? The GM account he was willingly given access to by our lovely support staff was none other than Gaile Gray.
!