Guild Wars 2

DrakeWurrum.6049:

My account has not been hacked, but I am hearing some very disconcerting things through the grapevine about Arena Net’s policies on restoration and recovery that I do not have an inclination to believe without absolute proof and official sources.

So, my question is this: When a person’s account is hacked, and then proper access is restored, without any risk of further account compromise, can deleted items/gear/coinage/etc be restored by the support team?
I’ve also heard that “accidental” deletions will not be restored, but I personally feel that deletion in GW2 cannot ever be purely by accident (you HAVE to type in that character’s name, so there’s no way you don’t know what you’re deleting) – what concerns me is if my account is compromised, what sort of security do I have against damages to my account?

I want to get this question settled once and for all by an official source, and hopefully open up some discussion between us, the players, and the devs, in the case that these policies are not found to be acceptable by the playerbase.

Drake, we’ren’t you one of the guys in another thread telling me that if your hacked it’s your fault not AreaNet? If you really believe this, then why should AreaNet have to restore anything? Not trying to push your buttons here as I think it’s a valid point. If Gaile and the other GMs really have evidence that all these compromised accounts are our faults then you can’t really hold them accountable for restoring a deleted character that has a solid verification process in place.

I think Gaile’s post in closing the other thread was legitimate. I think she said they’re working on security improvements or maybe I read that somewhere else?

We just have to try to be constructive and not abusive in these conversations.

DrakeWurrum.6049:

Angelkitten.3674:

No its a fake email, they mask who it’s from.

You even said your self you haven’t got a Diablo III account, it’s for stupid people who click the link that links to a really random mix of us. someword here blizzards website.

It’s fake, it’s not real, just another misinformed person claiming security breaches…
I get it to my email address that isn’t even a battle account

Actually, common practice for hackers is to manually change the e-mail address associated with the new game’s account, to an e-mail from a large database of accounts that they have collected (either through stupid mistakes, keyloggers, or even actually hacking a company’s servers). If the e-mail change goes through, then that e-mail does not have an account with that game. If it doesn’t go through, they’ve got your number, and know you have an account with that game.

Obviously, these game developers need to start putting in proper verification responses where you have to actually verify the change from your e-mail address.

I agree. It may also be time to start using a console approach to entering your credentials. If ArenaNet posted a webbased keyboard for entering in credentials to the site and the same for the client, there would be no keys to log except a mouse click… if that truly is the attack vector.

DrakeWurrum.6049:

Spectorx.9762:

Read the last 20 posts where people switched emails, and changed passwords and still getting hacked.

If they have changed emails and passwords and still get hacked, either those email/password combinations are already in the hacker’s database, and are therefore compromised, or else there is a keylogger on the machine in question.

email authorization should still prevent access, but in that situation, the only thing you can do is to get a really thorough virus scan.

This isn’t accurate. It may be an easy answer but it isn’t the only plausible scenario. Keyloggers are VERY easy to detect. I was rehacked and ran a very good key logger scanner during the 5 days I had between attacks and found nothing. I also ran Avast before and after with mutliple deep scans and even 3 boot-time scans. You can’t explain that away with simple finger pointing.

I also had a brand new email and a random 32 char ASCII password. I did everything ANet said to do and more and still got smacked a 2nd time.

mcl.9240:

Widowmaker.5812:

mcl – your idea is plausible but it’s unlikely here. While we don’t have data I can tell you this as fact,

When my account was taken the first time, I blamed myself. I ran Avast boot-time scans, Microsft Security Esstentials scans, installed a keylog scanner, ran it and monitored for activity. I found nothing during the 5 days my account was lost. After I got my account back, I created a brand new email, used a trusted security site for generating random ASCII passwords and created a 32 character password. I updated my account with the new information and validated my email.

24 hours later my account was taken again.

This time while I’m waiting, I’ve deleted my C drive, formatted my drive and have only reinstalled Avast!, Office, and Guild Wars 2. I’ve been logging and watching my network and there’s been no local access attempts. The only conclusion I can come to is that ArenaNet’s compromised not me. Anything else is pure speculation as there’s nothing more a customer could or should have to do to use their product….

If that were the case, all ArenaNet accounts would be hacked. But they haven’t been. Since the attackers exhibit a pattern of compromising an account and then immediately using the account, it would appear that the attackers are using the accounts as they obtain them. This is not the behavior of an individual or group that has access to every account on ArenaNet.

I’m not sure I agree. A week ago it was 11,000 reported accounts. We don’t know how much this has grown to but we do know that the stream of support threads on hacked accounts hasn’t stopped.

We also know that pattern or not, most people aren’t getting “rehacked” like has happened to me so that in itself is a pattern and indicates a path of least resistance.

You can’t tell just because there are no rehacks that the attack vector is client side.

mcl – your idea is plausible but it’s unlikely here. While we don’t have data I can tell you this as fact,

When my account was taken the first time, I blamed myself. I ran Avast boot-time scans, Microsft Security Esstentials scans, installed a keylog scanner, ran it and monitored for activity. I found nothing during the 5 days my account was lost. After I got my account back, I created a brand new email, used a trusted security site for generating random ASCII passwords and created a 32 character password. I updated my account with the new information and validated my email.

24 hours later my account was taken again.

This time while I’m waiting, I’ve deleted my C drive, formatted my drive and have only reinstalled Avast!, Office, and Guild Wars 2. I’ve been logging and watching my network and there’s been no local access attempts. The only conclusion I can come to is that ArenaNet’s compromised not me. Anything else is pure speculation as there’s nothing more a customer could or should have to do to use their product….

The disturbing thing to me is how easily most people dismiss security threats on this scale as random customer faulted attacks.

- It must be your unsecured wireless and someone hacked you
- It must be that you reused a UID/PW
- It must be that you have a key logger
- It must be that someone is using a packet sniffer and got your credentials
- It must be that you have multiple AVs running
- It must be that you dont use an AV
- It must be that…..

So if any of these are true please explain how the attacks are resulting in French IPs, Chineese IPs, Korean IPs, US IPs, and so on…..

The vector is an unknown from where I’m sitting and the dispersion is wide. Logic doesn’t direct this as script kiddies and organizaed attacks are not likely this broad. It’s more likely that an ArenaNet vulnerability was posted on several foriegn hacker sites and it’s being exploited. It’s also plausible that the hackers have an email list but not everyone being hacked is using old reused emails or passwords.

I don’t claim to know what’s going on but I sure have a lot of free time to speculate since my primary account (this is a 2nd one I purchased) has been taken twice and I’ve had no access for 8 days.

I thought it was obvious that people knew this is what the hackers were doing. I figured that out after the first time they stole my account. I’m still without an account now for 8 days.

One of the biggest issues I see with the premise that these hackers have a large list of emails and passwords to hack the AreaNet security is that the cycling through a list that large is abrute force attack against a single URL and would appear as a DNS attack and should be REALLY easy to pickup by security.

Something just doesn’t add up for me that the sole vector of attack is an email/password list combination attacking the login URL/client.

Incident:120910-008101

While “this” ticket was opened 3 days ago, my account was hacked on 9/4. I had one day of access before the email was changed “again” and my account was stolen a 2nd time by hackers. I’ve now had 8 days without access to my other account.

DABhand.2079:

You would be surprised how easy it is to get your hands on a keylogger or an infector that infects .exe files. Even the source code.

I’m not surprised at how easy they are to download but pushing them out into the world undetected, sorting through the billions of lines of code they return unless they’re coded for GW2, and using the data is so specific it’s really unrealistic.

It begs further considerations by ArenaNet and I’m not sure why you’re not conceeding that point if your a Sec expert. Gotta jet to my kids practice. Peace.

I’m not blaming anyone which is why I wiped my hard drive. What I’m trying to stop is everyone pointing the finger at the consumer. ArenaNet in my case needs to take a serious look at my ticket and figure out how it’s possible my account was compromised the 2nd time with a new email, 32 char PW, and a verified email.

Even if I was compromised there are only 2 stealth methods to steal my account, 1-key logger and 2-root kit. Both are hardly the tools of a game hacker. These are tools of espionage or commerial theft not the tools of kids stealing wow or guild wars accounts.

DABhand.2079:

Well I did warn you, mayhap thats how you may have been infected with a keylogger or something similar?

I said that because you have a serious backdoor now on your PC by having 2 AV’s running at once. But hey its your pc

I’m not sure you know what he heck your talking about. 2 AVs does not give anyone a back door lol. At most it causes file locking and could cause a harddrive to fail. Back doors are authored code the create and expose a security vulnerability for an attacker to gain control over a device. Google it before you post like your an expert.

DABhand.2079:

Widowmaker.5812:

- I had and do have Avast! and Microsoft Security Essentials running on my PC and always scan daily. I even ran a boot-time scan and had no infections.

Never have 2 Anti-Virus programs running at same time, that is asking for trouble, especially when they fight over trying to scan a file to the point it gets passed any attempt to block it.

Same goes for Anti-Malware programs also, just have one installed.

These two do not conflict. I’ve researched it and verified it. Of all the comments you could make about the serious issues I posted you comment about that? WoW..

anonymouse.9053:

Widowmaker.5812:

There’s more to these hacks than ArenaNet is letting on. Gaile and the other GMs are stating that online sources are the cause however, I was hacked yesterday and,

1. I used a brand new email (just created) and never used anywhere before
2. I created/used a 32 chacacter ASCII password (numbers, caps, symbols etc)
3. I verified my email and was watching login attempts (and saw none)

My email was changed and the notification email did NOT give me an opportunity to prevent it.

I’ve come to the conclusion that either the hackers have admin access to ArenaNet systems or buy.guildwars2.com sold my serial key to multiple people and we’re opening hacking tickets making the assignment of it go back and forth. I made a similar post about this yesterday and a MOD deleted it. Why would they delete it?

You admit in other posts to having had your account compromised multiple times. I suggest scanning your PC for malware using BOTH an updated and reliable antivirus program and something that detects other types of malware, such as Malwarebytes Anti-malware.

You claim that ArenaNet’s databases might have been hacked. I find it odd that hackers would get access to over a MILLION accounts but pick just yours to hack multiple times. Unless, of course, their system wasn’t compromised.

Really though, scan that pc. Thoroughly.

You didn’t fully read those other posts then. This is a typical response that’s propogating the problem and allowing support to overlook the real threat….

FACTS:
- This is the 2nd time my account has been taken.
- I had and do have Avast! and Microsoft Security Essentials running on my PC and always scan daily. I even ran a boot-time scan and had no infections.
- I even ran a Key Logger scanner and found nothing
- After the 2nd hack to ensure I didn’t have a root kit I deleted my C drive, recreated it, formatted the drive and reinstalled Windows 7. Now I only have Office and GW2 on it.

The source of the compromise it not me…. For the record I’m an IT engineer for a large company on the top of the fortune 500 list and am MCSE certified. I’m not your average user.

There’s more to these hacks than ArenaNet is letting on. Gaile and the other GMs are stating that online sources are the cause however, I was hacked yesterday and,

1. I used a brand new email (just created) and never used anywhere before
2. I created/used a 32 chacacter ASCII password (numbers, caps, symbols etc)
3. I verified my email and was watching login attempts (and saw none)

My email was changed and the notification email did NOT give me an opportunity to prevent it.

I’ve come to the conclusion that either the hackers have admin access to ArenaNet systems or buy.guildwars2.com sold my serial key to multiple people and we’re opening hacking tickets making the assignment of it go back and forth. I made a similar post about this yesterday and a MOD deleted it. Why would they delete it?

Current Incident: Ticket #120910-008101

Previous Incident Tickets:
#120905-006021
#120905-006971
#120905-008484
#120907-007363 (account restored)

I’ve been hacked again for the 2nd time and only 24 hours after you restored service. Please fix this immediately!

I was hacked on 9/4 and finally got my account back on 9/9. Immediately upon getting my account back I changed my email to a brand new email, setup a 32 character ASCII password and validated the new email address.

Today, 9/10 at 3:02 PM PST, I recieved an email that my email had changed… What’s going on ArenaNet? I never received the email with an option to deny the email change…. PLEASE look into this urgently and dont make me wait another 5 days!

Incident: Ticket #120910-008101

I’ve been hacked again for the 2nd time. Please fix this immediately!

I was hacked on 9/4 and finally got my account back on 9/9. Immediately upon getting my account back I changed my email to a brand new email, setup a 32 character ASCII password and validated the new email address.

Today, 9/10 at 3:02 PM PST, I recieved an email that my email had changed… What’s going on ArenaNet? I never received the email with an option to deny the email change…. PLEASE look into this urgently and dont make me wait another 5 days!

Posting this to see if anyone else has been hacked multiple times like I have?

I’m thinking there are 3 possibilities here but am interested to see what others think.
Here’s some quick background.

- Hacked first time but used an email I used before but with a strong password not used before.
- Have always run Avast! and Microsoft Security Essentials and ran a key logger detector after the first hack and found nothing.
- After 1st hack, I created a new email address, a 32 character ASCII password and validated the email.

My thoughts on how this can happen…
1. Develop Compromised
ArenaNet systems are still compromised since this was a new email and 32 char random password

2. Developer Support Error
Is it possible they revisted my old tickets and screwed up?

3. Producer Mistake
ArenaNet sold duplicate serial keys through buy.guildwars.com and I’m fighting with another player reporting hacks and activating the key.

4. User Compromised
Maybe I had a root kit? In case I did which is really unlikely, I deleted my C drive, formatted it and re-installed Windows 7 and the game client.

I’d love to hear of anyone else having these issues. I was on another forums and one of the mods was calling out everyone saying its their own fault. Well, I used a new email, a 32 character random PW with ASCII, and followed all of ArenaNet’s instructions and was still hacked for a 2nd time. Something’s fishy right?

Incident: Ticket #120910-008101

I’ve been hacked again for the 2nd time. Please fix this immediately!

I was hacked on 9/4 and finally got my account back on 9/9. Immediately upon getting my account back I changed my email to a brand new email, setup a 32 character ASCII password and validated the new email address.

Today, 9/10 at 3:02 PM PST, I recieved an email that my email had changed… What’s going on ArenaNet? I never received the email with an option to deny the email change…. PLEASE look into this urgently and dont make me wait another 5 days!

Support Tickets
#120905-006021
#120905-006971
#120905-008484
#120907-007363

Hacked 9/4 on my other account and still no correspondence or help aside from an auto-response on two of the tickets. I can’t access forums or update/consolidate these tickets because the email was changed for that account.

Honestly, I’ve never felt so helpless or ignored by a game company. I couldn’t even post for myself until I gave you another $60 today. That’s just really bad business to not to give paying players an avenue to communicate you with you outside of an account with a registered email – when you know hackers are changing the emails…

Support Tickets
#120905-006021
#120905-006971
#120905-008484
#120907-007363

Hacked 9/4 on my other account and still no correspondence or help aside from auto-response on two of the tickets. Can’t access forums or update/consolidate these tickets because the email was changed.