Guild Wars 2

I’m not the only one to see this happen.

His email is a different pw to the game.

I don’t know how it was done. But it clearly was done and others have posted that this is how they knew that their account got hacked because they receive emails saying the email address associated with their account had been changed. The point is this, the security of the associated email address should be improved so that even if a hacker somehow log into an account they can’t change the email address without 2-step authentication (txt a one time pass code to account owners mobile) as being able to change the email address completely undermines the so called 2-step logon authentication… correct me if I’m wrong?

This is EXACTLY what happened to my sons account. He was on his email at the time so we know for sure that he received no communication prior to the email address being changed. All he got was the same your wife received “hopefully by you!” notice. What a joke. People are trying to log in thinking that their passwords have been stolen when it is entirely probable that the passwords are being reset after the email has been changed. Who needs a password when you can change the email address on the account without warning or making sure that it is infact the account holder that want to change the email address? GW2 security is a joke at the moment and Mike O’Brien needs to wake up and stop blaming his customers for management failure.

As I wrote in different thread. I think there is a big hole somewhere in GW2 account security that allows hackers to change the associated email address. Personally I don’t think the stolen password scenario holds water for such a widespread problem, my sons account was hacked and the first he knew about it was an email from arenanet saying that his email address had been changed, and they even said in the email “hopefully by you!” ….. hopefully are they serious. Why hopefully, hope should play no part in such an important change to an account! If a hacker can easily change the email address associated with an account then the password isn’t a problem as they can recover/change the password and authenticate the account no problem! I think the Mike O’Brien news posting smacks too much of poor management blaming everyone else for not doing what they expected…. Fail to prepare, prepare to fail!

I’m not fully convinced that the whole problem is to do with passwords. My son’s account was hacked (restored now). His account was taken because the email address on his account was changed. He didn’t change it and there was absolutely no communication from Arenanet prior to an email that arrived and said “A request to change your email address has been made – hopefully you! – …” That was it. He tried to log onto his account and couldn’t, presumably because someone was able to change the email address of his account without warning. How? Think about it. If a hacker is able to change the address associated with an account just like that the password is pretty useless as the next step is to reset the password to whatever they like and they can authenticate etc etc… Clearly there is something somewhere that is very wrong with the way security has been implemented in GW2 and Arenanet are not being entirely up front about this for the obvious reasons.