Account Hacked

Account was hacked today. Funny thing was I received an email stating that a password recovery had been activated but it didnt give me any more information. My email wasn't hacked. So im guessing they just did a brute force attack to get my account.

If you see any posts from me starting 9/13 until I confirm that my account is back in my possession, please just ignore them as they are probably spamming gold crap.

If anyone has any other way of contacting Arena.net by some other way than this abysmal "account recovery tool" that they keep sending me I'd love to hear about it. I can't believe a company as big as this doesn't have a phone number on their contact us page.

Do you know your account name.number? I can't promise anything but, I do have one Anet contact that might be able to help.

Sorry to hear that. Best of luck getting it back.

Account name is Luma.9204 What I don't understand is that I received an email stating: Someone -hopefully you!- has requested to change the email address associated with your Guild Wars account. Need help or have questions about your Guild Wars account? Visit our support site: http://support.guildwars2.com/. Thanks! -The ArenaNet Team This does not look like security to me at all. There's no confirmation, no way to contact Arena.net, and virtually no way for me to get an immediate fix. It really irks me that this company does not have a support line for issues such as this. I can't even log onto the GW2 forums to try and get a response.

I passed on word, not sure what will come of it but, fingers crossed. :D *edit* In the mean time if you have not already, go over here http://en.support.guildwars2.com/app/answers/detail/a_id/9212 and get a ticket in.

» Edited on: 2012-09-14 12:56:57

Have already placed it and just waiting for someone to call me or email me. But, thank you for passing that on for me.

» Edited on: 2012-09-14 12:59:41

I feel your pain. I logged in yesterday and my account had also been hacked. They moved my toon to a different server, wiped out my bags and everything in the bank. They left me with 38 copper. I have filed a report and changed my password. Hopefully they can do something about it.

How did you get your account back so fast? They have changed my email, changed my account name, no idea on anything else they have done.

Two different types of hackers. Some just want to steal your stuff and then move on. Others want to take total control of your account and keep it for as long as possible. Minimum - Anet needs to institute some security measures on password changing and logging in from a different IP - if they do have this in place, it obviously isn't working. A few security questions before allowing such things can go a long way. I wasn't aware they were even allowing password resets without calling in since they had such a problem with it.

Another guildie was hacked where they just took his money and did not change anything else. Seems many different preferences for the hackers :(

I think I may have had my money stolen, but my password wasn't changed. I have no way of knowing whether I was hacked or not, as I never receive any authentication emails no matter how many times I request them, and neither do I get any when I try to "recover" my account. No, they are not in my spam folder. I have submitted a ticket, but I'm really getting tired of this.

Wow, I know this is a big guild but that's half a dozen accounts taken over in the first week. :(

How to not get "hacked" Pick a strong, unique password for GW2. Kee Pass (keepass.info) can generate good passwords for you, and store them. 20 characters should be considered the minimum. 90%+ of account hacks will now fail.

Step 1: create separate mail for each game. kalizaarsawesomegw2mail@gmail.com, kalizaarsawesomediablo3mail@gmail.com, etc. Easy to remember which is which, use them only for that game specifically. Step 2: create separate passwords for each game and each email that uses multiple words. SillyOysterGW2MailPuppies, SillyOysterGW2GamePuppies, SillyOysterDiablo3MailPuppies, SillyOysterDiablo3GamePuppies. Again, easy to remember which is which and would take an eternity to brute force and be unguessable. Of course if some how you did get hacked even with that they could guess your other ones, but then again if you only use one e-mail you've had for 15 years for every game, and the same password (that happens to be your dog's name with your kid's birthdate) then chances are they'll have no problems anyhow. ;)

Kalizaar's advice contains a fatal flaw. The password examples are of low entropy, and thus very easily guessable. If one is discovered (say, Blizzard gets their password database leaked, oh wait that happened last month) then it's very easy for an attacker to substitute GW2, Guildwars2, GuildWars2, etc, programmatically, for Diablo3. If you're going to use a passphrase, use Diceware (or another, similarly random method) and use DIFFERENT passwords for different games. The name of the game changing doesn't make it sufficiently different. Let's pretend you used "SillyOysterDiablo3GamePuppies" as your D3 password. Blizzard converts all characters to upper case, so "SILLYOYSTERDIABLO3GAMEPUPPIES". IIRC they use SHA256. So the hashed passphrase is "c8645c8e57a38f00c2529bb722dc6e209b0ffbcb044ddf1bf00cf25c8c30c878". It took about 45 minutes to crack using a Core i7 930 and an ATI Radeon 5850 GPU, with the G8, Known passwords, and PC games list dictionaries, in oclHashcat-plus in hybrid mode. "an eternity" is a bit of an exaggeration.