Did an Officer or Elder move 95% of the items out of the Gaiscioch Bank?

Just happened to be bear guild bank and someone named unknown user cleared out all of the vaults minus some food.

I am wondering if we were robbed and the person left guild after stealing everything

Hacked account. Thats the downside and risk of open vaults. Its alright we needed to clean the vaults anywho. Jeff has put in a ticket. Jeff is one of the 3 founding members of our family.

I'll fall over in shock if Anet offers to replace the items, they have a strict policy of no backsies. Interesting that the logs say "unknown user" because I thought logs tracked by account name, not character name. I wonder if Anet caught and banned the account, already. Shame, I do like hunting and reporting bots and hackers. :)

That's what I was afraid of Fog :( And ya Sekkerhund I like hunting the botters and hackers too. Although my ignore list I dont see anyone on it those were my botters and hackers I was appealing. The new thing is noticing every so often someone appears to loot a crafting node after me and vanishes. I havent been quick enough to catch the names though.

Yeouch :( I've not delved into the permissions in GW2 but is there a way to limit how many items someone can take out in one go like World of Warcraft? Obviously this is something you don't expect to happen at that level of Officer but these things (unfortunately) happen to anyone!

Node warping, yea. Its very hard to catch them. Have to train yourself to remember names when you are at a node and someone suddenly appears next to you, then when they warp away, add them to Friends/Block list and use that to right-click and Report them. Very tricky, its just pure luck, being in right place at right time, and I'm still trying to train myself to be on guard.

Actually jay its a certainty in these games. With gw2s setup there is no protection at all. Elder or no. I knew when it launched that everything put in can be liquidated in an instant. Thats why I have people send book donations my way and not place them in the bank. It sucks but it comes with the territory. Nothing we can do aside from making all vaults 1 way and I dont have time to pass out loot everyday.

All we can do is try to mitigate hacking by encourage people to use strong passwords, don't buy gold from non-NCsoft sources and change your password each month or so.

someone from china tried to hack my account about a month ago. Changed my password really fast!

I'm sorry to hear another account got hacked :( and I couldn't agree more about having a strong password. I had a weak password that I had used on a blog that I have for a virtual world (nothing to do with Guild Wars) and I also have a twitter account for that character. I haven't been very active in the last few months there, due to being more interested in GW2, but a couple of days ago I decided to google the avatar's name to see what came up. I have used it for over 5 yrs so there was a lot, but the first thing I saw was spam posts by her telling people they can make big $$ doing surveys - you know the type 'follow this link and you can too!!' type of thing. Turned out my blog had been hacked, and also my twitter account. The blog is syndicated to several feeds so each time they posted on the blog it appeared the other places too. What a mess! Took me ages to get it all cleaned up and removed. I think they used one of those programs that runs many passwords though till it hits a match. I was one of those who always thought, oh it won't happen to me, no one is interested in my little account, but I was wrong and a strong password would have helped prevent it.

» Edited on: 2012-12-03 07:25:43

I was just working with one member who had their account hacked, due to having a key-logger installed on their computer via a browser security hack, while they were browsing some GW2 crafting websites (one of them had been hijacked and redirectd to a malicious attack site). There are not only malicious website redirects, but malicious advertisements, that will attempt to exploit browser security flaws to force-ably download a Trojan installer onto the target computer, then silently download and install a key-logger and/or other malware. Make sure that you have an anti-virus suite that is capable of detecting these "Toolkit" attacks from websites, and blocking them from installing malware onto your system. Not all AV programs are designed to do this. One I use and have learned to trust is Norton 360, which was originally provided for free by Comcast, a couple years ago when I had them, and it was able to clean some nasty malware from my GF's computer, that other AV programs failed to detect and clean properly. It too, was one of those browser vulnerability "toolkit" installers, she was nailed by a malicious ad on Facebook. I hate to say it, but be afraid, be very afraid. Be paranoid, trust your gut if something "funny" happens when you visit a website and scan the daylights out of your computer, not with just one AV program, but several. If you need help cleaning a nasty virus, go to BleepingComputer.com and visit their security forums for assistance with cleaning your system.

» Edited on: 2012-12-03 07:44:17

Hacked accounts really suck. Was the hackee using an authenticator at all? I'd be really interested to know.

If in response to my post, yes. Via the keylogger, they had gotten access to his email and responded to and deleted the authentication alert email. With a keylogger, they don't just have your game login, they have the info for everything that you log into.

» Edited on: 2012-12-03 20:50:13

"There are not only malicious website redirects, but malicious advertisements, that will attempt to exploit browser security flaws to force-ably download a Trojan installer onto the target computer, then silently download and install a key-logger and/or other malware." Do browser add-ons like Adblock stop this from happening? Sorry, I'm kinda clueless, but I'm always careful when clicking links.

If you use gmail I recommend turning on two factor authentication. At least then they can't get your email. Even if they know the password they can't log in from another computer. Since email is really the key to all your accounts it is the most important thing to keep secure. http://support.google.com/accounts/bin/answer.py?hl=en&answer=180744

» Edited on: 2012-12-04 06:23:25

I'm not familiar with Ad-block, but if you have an add-on that blocks the ad from displaying, then yes, it will prevent malicious ad attacks. Speaking of browser add-ons, make sure Flash Player is always up-to-date, or not installed. Its the most common add-on that hackers target for browser intrusions. Its also best to use a stand-alone browser, like Firefox, Chrome, Opera, Safari, etc. Microsoft has Internet Explorer linked into the operating system, so IE has system privileges that a browser should not have, even though they try to keep it run in a "sandbox". Related anecdote: When I worked on the Windows 2000 project, the first OS to really integrate the browser, I fought tooth and nail to show the IE team that tying IE to the OS was a BAD idea, but ugh, they didn't care even though I showed them proof of potential issues sent to, and tested and reproduced by me, from our Win2k Beta testers. My girlfriend uses IE, even though I advise her against it. I use Firefox. She's been hacked, on Facebook, by malicious advertisement. I have not. Draw your own conclusions. ;)

I use Google Chrome of late but I also use Firefox if I have to. I really, really, avoid IE with a passion (as we all should). After seeing this thread, I installed Malwarebytes and Spybot and did a few scans to be safe. And I doubly approve of the Google Authenticator if you have a smartphone. Both Marrra and I have ours set up and won't ever turn that back off now.

» Edited on: 2012-12-05 16:11:41

Make your login id/password for your verification email, gsch forum and gw2 are not identical, thats the most common way of getting hijacked, not key loggers

I am a bit paranoid, but when browsing sites that may even be remotely risky I use a live cd on an old laptop or run it from within a virtual machine. My family and I all use one system that all we do is electronic banking on. Overkill, might be, but we have never had any compromises.

o.O ... and here I thought I was a wee bit overly paranoid. lol