hacked again and i may not come back.

1st time i was hacked support told me that they couldnt restore my items.

i was just hacked again and they changed my email. im guessing that when they do get my account back i will have nothing again.

and if they say they cant restore all of my stuff back then screw this game. im not going to keep building my toon up with the chance of getting hacked and not restored. i havent started crafting yet and my bank is full of mats that i been getting since i started leveling. the mother load of mats, that hacker is happy.

i went through the security tips after the 1st time. and still got hacked 2 times in 2 weeks.

i spent around $120 on game and gems so far. i have a feeling that when they tell me that my items cant be restored im going to go nuts and my account will most likely be banned because there will be a lot of "f" bombs in the next email i send to support.

why cant they restore items? every other game i played did.

i love this game and love the wvw even more. i really dont want to quit it. any input would be great.

I think the first priority is figure out how you got hacked. Otherwise you might get hacked again even in another game.

Who changed your email? If you use a email already known by the hackers from previous games. Key loggers are not detected by virus software very much. They are more malware. Hackers can have access to your email and never use it till its needed. If the password you use in GW2 is the same as in another game that is used for the email, they could have access. many say I was never hacked in other games, that is good. But hackers might still had your info and never bothered to hack you. Could be authenticator on your account, other security measures. They do this, as they get paid to hack your account. It is a job for them. Some times you get an email for GW2 or even other games, saying account breach or access. You click the link and sometimes its actually from the hacker, not from the company. Some good info here. https://www.guildwars2.com/en/news/mike-obrien-on-account-security/

» Edited on: 2012-09-22 08:29:39

» Edited on: 2012-09-22 08:30:25

yeah, sounds like a keylogger is dug into your PC. i wouldn't do any banking or ANYTHING online till you get it fixed.

tnx for the info. i did all the scans with maleware bytes and virus program. i will make a new email acc and take other measures. but i cant believe they refuse to refund items and gold. thats a lot of time spent getting all the items gold and gear. its 50/50 for me right now b/c i know they wont give me my stuff back. if i do come back i promise you that i wont spend any real money ever again with this company. rift had a great security system. how hard is it to copy that? and this is dumb: Someone -hopefully you!- has requested to change the email address associated with your Guild Wars account. at a loss of words with that one...

Its an email that is sent out. There is links in them and sometimes those are real from Anet and some are fake. In the email you can see the location and IP address. In your account info, under security you can see what your IP/location is. Make sure your password for GW2 is not something that can be easily found. Mine is 16 characters all random with lower and upper case letters with numbers (sometimes with symbols, if their system allows for it.) Also what I do is I never type my password anywhere, I just copy and paste via mouse clicks. harder to determine passwords that way.

» Edited on: 2012-09-22 11:41:31

You don't know me, but I attended Shmi's gathering event today, and after hearing about this thread I'm saving everything I got from the event for you if you don't get your stuff back. It's not much, but there are some blue mats in there and even some strawberries. :) -Beeker (Natalia Rasputin, Zephyr Stormsurge, and Dynometric Jones)

Yeah I feel for you. I got my account hacked before the 3-day head start was even over. Took about a week to get it back and luckily nothing was taken. In fact, I gained 3 levels and about 20 silver lol. I know for a fact my email/password was obtained from the Battle.net hack a few months back. I haven't played WoW in almost three years, so when I heard they got hacked I didn't really think much of it. But out of habit I used the same email for my account and the same password. Unfortunately, at the time ANet's email verification thing wasn't working, so I couldn't use that either. After I got my account back I made a new, much harder password, changed my email password (same account), made sure all my passwords were unique (no account sharing a password) and did the email verification, because that was up by then. If you haven't done the verification, I'd highly recommend it. Basically, ANet (or NCSoft, not sure) records your ip range and location when you log into the verification system the first time. You can choose to set it to remember the location or not. I chose yes. I sometimes play at my bro-in-laws and I have to verify my login from there too. And, if you play from several locations you can actually set it to remember all of them if you want. After this, even if someone else has your login/password, ANet sends you an email to allow or deny the connection. So basically, any unauthorized login attempt would also have to have access to your email account to make it into your GW2 account. Now, if you've done all this and still got hacked, then you have a much worse security breach than just a game account. For someone to have access to all of this, means you most likely have a keylogger like someone suggested already. And the fact that this has happened twice now, may support this as well. Getting rid of those can be tricky, and talking to some friends who work in computer security, your best bet is a full system reformat and reinstall. Just to be safe. Lastly, I'm going to include a few links here for password strength testing. There is always the possibility that your account password was just too easy to guess. The first link shows a bit of the technical side of password testing, and the second gives estimated times it would take for someone to guess it. I found them both on Symantec's website so I'd assume they are safe. However, I would just use them as a guild to understanding what makes a password stronger. I'm somewhat paranoid now, so I refuse to put my actual passwords in ;) http://rumkin.com/tools/password/passchk.php http://howsecureismypassword.net/ Good luck!

I keep passwords for everything different. I was hacked in LotRO because I was using the same password for several different logins. Now everything is made of four random words, like libraryfootwaterking . It's easier to remember than random characters & numbers has a long string so to randomly guess it will take a long time. Best of luck with your account Foe.

tnx again guys. my password was 16 chars long and the word was odd with a bunch of numbers and caps. my lil brother is a computer tech and i'll have him come over to do his magic. this is the most amazing guild ive ever been a part of and i would love to keep growing with y'all. i just hope the spammer didnt start spamming with the guild tag on my toon. so could someone plz boot both my toons from the guild and when everything is cool i'll come back. Foetwenty(lvl 80 ele) and foeTwenty(lvl 2 warrior) there is another FoeTwenty in the guild i here...odd.

That sucks. I don't see why Arenanet cannot restore gold/mats as every other MMO does this for hacked players. I agree with you that a gaming company should be able to give stuff back, that is just MMO's 101 from a customer's point of view. Arenanet are a great company on the whole, so this seems strange, and there must be more to it as to why they cannot do something that to us seems very simple. All you can do is start a non-aggressive post on their forums and hope that eventually they change their policy. I know this sucks but it is pretty much the only way. Getting mad at them will not get you anywhere, even though it might be tempting. I kicked you from the guild, just let us know when you have the account back and want an invite back.

» Edited on: 2012-09-22 16:08:56

Toarr - thanks for the tips on password strength and the web sites. I had fun testing out "fake" passwords and have realized that though I use many different passwords for different things I do need to change many of them. I have changed my Guild Wars password to four random words as well as my facebook and pinterest accounts. Just the idea of having to change everything out there can be overwhelming.

Mate, change the password to your email account as soon as possible. It sounds like they have gained access to your email, hence they are able to reset your password, get the email to authenticate and change email to the account. It sucks that ANet wont give any of your stuff back. I've seen some horrible customer support posts on the official forums this past week.

key tips - 1. separate email for each game you play - if it is hacked, you only lose stuff for 1 game, and they can't find info for other stuff. 2. separate password for important stuff. I have a default username/password that I use for stuff that I don't care about, but for stuff that involves money or personal/work information, they all have a unique password. 3. realisitcally, a long chain of words is not going to be hard to brute force hack. as numbers, caps, symbols are added, it becomes way more difficult, and it's not worth the time/work then. 4. DO NOT have your guild username/password be the same as in game or as your email. I don't know about this guild's security since it is run off of a company's server so it may have much better security than normal, but MOST guild websites are ridiculously easy to get into, and that's one key source of hacked accounts. I know of quite a few guild sites that had stuff put on it that would spread trojan/keylogger malware to those that logged onto it. those are the biggest things that will reduce the problems. GW2 will have an authenticator soon, and that'll help a lot.

I was hacked years ago back in Wow , since then I never use the same email for games that i use for my actual E mail , and i opened up a brand new E mail and password for GW2 that i never used before . Only use that E mail for log in and don`1t click on any links if you get a email saying its from x game company etc. I haven`t had a account with wow since 2008 but still get e mails saying my account is being invesgiated and click the link to verfiy my account lol same as aion and Rift and i only played those games 2 months at launch . so yea its hackers . One thing you can do this is from old Blizz seceruity tips etc , is open up your Log in for GW2 type in a FAKE password and then run maleware bytes and search for key loggers , as sometimes the keylogger is attached to the log in itself and won`t show up in a normal scan of system . So scan your system, then get a NEW password and E mail that you do not use for anything else , other then loging in to GW2 . Then try and get account back and never click on anything about your account in a E mail . Lots of times they will say your E mail has changed please click on the link etc and its just hacker trying to get you to click on the link when you see this tab out and go to offical account page and check your account status . GOOD LUCK Also not sure what lvl /class you are but i`ve given away 5 complete sets of armor so far to guildes . I am 250 armor/250 weapon, and 200 leather/200 huntsman that is lvl 50 and lvl 60 gear so if you get account back look me up Runeslinger.9482 And I`ll hook ya up .

» Edited on: 2012-09-23 09:03:54

» Edited on: 2012-09-23 09:08:48

you guys are awesom, so much help and tips. i havent heard anything from them yet. but i will come back (because of you guys) naked toon and all. this guilds too cool to just give up on this game. :)

I has gold for you when you get back :)

I can help you out with stuff when you get back if you need it mate. What gear does your main use?

If you need help, let me know and I can see what I can to to help. I don't have much but I can help a little bit anyways Also, as others have stated, *never* use and password the same as any other game or website. I've only been hacked once but it was only for aeria games lol not a big priority heheheh

i use cloth gear, elementalist.

Just wanted to mention we have pretty good security actually, if you've noticed, we don't have log in error messages, which is a good thing if you want to be secure. Since people fishing around won't even know if they got the user right.

Also foetwenty when you first loged into GW2 , arenanet sends a Email to you , that asks you to verfy the account once you do that , anytime anyone attempts to log on to your account with a diff IP adress from the one you verfied when you first loged into game , it doesn`t allow them to log on . Couple post up in general forum there is a link from Arenanet about account security that explains how that works and provides some good tips , on keeping account safe .

I would suggest when you setup your new email address, set it up with two-step security. Gmail has a very easy way to do this. What it amounts to if someone tries to login to your email from another "unapproved" computer, it will call/text you with a special code you have to enter. So lets say they have your e-mail and password, and try to login from another location, say Pakistan. Guild Wars then sends an e-mail to your address gw2-secretname@gmail.com. The hacker then goes "Oh, guess I need to hack his e-mail to validate it". So he tries with your email address and password (that somehow he knows). He will only get so far, before gmail asks him to enter the code it just texted/called your phone with. So, unless he has all your account/email names, password, and your cell phone (or home phone), he's not going to be able to get in. I've set this on all my e-mail addresses (since I use gmail as my provider) and I had to enter the texted code whenever I login from a PC that isn't my home. And it can be set to keep that cookie for only a max of 30 days, or only for just that one session till you logout. I think that is about as secure as you can get.

I read from GW2 forum that ANet don't have the means to roll-back account it seems. They said they are working on a solution.

Rift had weak security at launch that permitted brute-force attempts at passwords. Apparently GW2 has nothing yet to stop brute-force attacks (?) Password strength -- if you have 8 characters, that's 2.8 x 10^12 combinations, if they even know the length. What sensible system would permit anywhere near that many attempts? It's not guessing your password, it's harvesting it from other sources. Curse, Zam, and of course battle.net and Sony Online Gaming, and any other fan site you've been part of, guildlaunch, etc. Back to Foetwenty -- What a horrible feeling! I'm sorry this happened to you once, let alone twice. It is frustrating that ANet doesn't try to roll-back.

i still havent heard anything from them. i sent a few emails too. its killing me not to be able to play. at least the hacker is still playing my toon. my brother told me that i was logged on the other day. they didnt even shut down my account! guess i'll go out drinking again.

So I finally hear from them. And OMG I almost lost it. They said hi, we need more info from you before we can do anything!!!! I sent in all that info when they first asked for it a week ago. They pretty much sent me the same email from when I was first hacked. If anyone knows any of these support guys, plz ask them WTF are they doing?

[[[ Apparently GW2 has nothing yet to stop brute-force attacks (?) ]]] Realistically I don't think anybody actually does brute force attacks. It just makes no economic sense to spend that much time trying to get one dude's login when you can use your stolen database of logins and passwords and get a ton of hits that way. Or go the keylogger route and get plenty of accounts to work with that way. Anet seems to be doing a pretty good job at monitoring how accounts are compromised and they are saying they only see a couple attempts on an account (from a database of passwords known to be used by that person) before it moves onto the next one. The unique password thing is the big thing. Securing your email account is a big one too. If they have control over your email account they can really do just about anything.

There was a blog post. ANet apparently *has* nothing in place to prevent massive repeated login attempts from the same location. They've harvested the 20-million most frequently used password attempts. i.e. they've permitted hackers to just pound away on your account. The hackers aren't getting in necessarily because they have your password, but because your password is one of the 20-million most commonly used passwords (in a game with 1/10 that many accounts). It's not brute force in the sense of trying AAAAAA, AAAAAB, AAAAAC, but it's not necessary for them to have compromised your password by keylogger or taking it from Blizzard/Sony/Google etc. 1.5% of the original accounts have been reported hacked so far. That's 30000. Scary big. What I heard (via guildcast) is (hopefully while they try to get an internal solution for security) they're going to police our passwords, and require that new passwords aren't in the 20-million most commonly attempted by hackers.

They've already blacklisted those 20 million. And there is a time delay on login attempts to the same account, but I'd bet the hackers are interleaving attempts with different accounts. It's not how I'd design a security system, but the naive method (block the IP if it fails to log in to an account too many times, or to a lot of accounts) is bad due to carrier-grade NAT coming into play.

finally got my account back. i have a set of karma pvp gear. everything else is gone. the pvp gear is all i needed anyways. i can take my time getting a pve set. tnx again for the help. i'm already back in the guild.

Awesome! Welcome back. :)

Congrats!