Jump to content

  • Curse Sites
Help
Regional Flag15 years, never been hacked, until...Source
avatar
Bolthar.4172
Target Source
#1 -

I have to say I think this is insane. I have been playing MMOs for the last 15 years. I use strong passwords and I do not use the same userids and passwords on all mmorpgs. I never share account information and I always pretty much stay as a loaner in games.

Along comes GW2. I play it, I get a character to level 80 and then I make about 3 others to kind of test the waters of all the different “flavors” that are out there. I then participate in the Halloween festivities and once the big Halloween event on the 31rst is over with I do not log in at all. In fact I have been so busy home life wise I have not had a chance to do much of anything.

This last weekend (11/18) I go to log in and I can not get in. It indicates my account information is not valid. I go through all my anet e-mails ,the purchase ones, the account creation ones, and finally I look at the new stuff. There I notice that someone had attempted to change the e-mails address on the account. I promptly contacted Anet support.

This is where the waiting began. I had a small glimmer off hope when Anet sent me an e-mail saying my account had been restored and that I had a new password. I logged in and this is when my heart dropped.

1) All my new flavors of characters are now gone.
2) All my items I saved up karma to buy are now gone.
3) All my items had been put up on the Black Lion market and converted to gold.
4) All gold was stripped off my character.
5) They even went as far as stripping off my bags and deleting things that would not make them any money.

I was also restored in the middle of Frostgorge Sound (which I had not visited since I was in my 70’s) where since I had no gear I immediately died and don’t even have enough money to even resurrect as I have a total of 86 copper to my character.

Does Anet really consider this customer support? Sure you restored my account to an “active” state. To say this is all that is to be done with the account for someone who has supplied money for this account is really shoddy. I still have not had any answer to the question if player X is last logged on Monday, and then someone takes the that account on Tuesday, on Wednesday when the account is recovered why can’t they recover from Mondays last logon?

Anet this will be my last contact I am sure but you may have restored an account but you lost yourself any hope of having me as a future customer. Also be aware if your strong password users are not sharing their passwords/accounts and their still getting hacked you have serious internal account issues.


avatar
ArenaNet Poster
Target Source
#7 -

Somehow, somewhere, there was a security breach and passwords where compromised. Not blaming anyone, but somehow the hackers/gold sellers where able to get passwords to accounts, either from the game servers or the forums right here.

No. That is not the case.

Stop and think: If there were a breach of ArenaNet security, we’d have thousands, tens of thousands, even hundreds of thousands of posts, tickets, emails, smoke signals, and carrier pigeons letting us know there was an issue. Instead, we see the number you might expect when people (1) use insecure passwords, (2) share their accounts, (3) reuse a password across more than one account, (4) host a keylogger or other back-end system, (5) [insert other reason].

While judging “Is there an issue?” solely by volume isn’t a 100% assurance that there is no issue, coupled with the monitoring systems in place it’s a pretty solid indicator that these are individual breaches, not a systemic issue.

I sympathize about this situation. I also understand that it’s hard to track everything that an individual may have done that lead to the compromise on one’s account. But it’s incorrect to point in our direction.

I trust you’ll understand I’m not “speaking the company line” but am answering as truthfully and transparently as possible, just as I believe we will remain on all things related to security.


avatar
ArenaNet Poster
Target Source
#8 -

Somehow, somewhere, there was a security breach and passwords where compromised. Not blaming anyone, but somehow the hackers/gold sellers where able to get passwords to accounts, either from the game servers or the forums right here.

No. That is not the case.

Stop and think: If there were a breach of ArenaNet security, we’d have thousands, tens of thousands, even hundreds of thousands of posts, tickets, emails, smoke signals, and carrier pigeons letting us know there was an issue. Instead, we see the number you might expect when people (1) use insecure passwords, (2) share their accounts, (3) reuse a password across more than one account, (4) host a keylogger or other back-end system, (5) [insert other reason].

While judging “Is there an issue?” solely by volume isn’t a 100% assurance that there is no issue, coupled with the monitoring systems in place it’s a pretty solid indicator that these are individual breaches, not a systemic issue.

I sympathize about this situation. I also understand that it’s hard to track everything that an individual may have done that lead to the compromise on one’s account. But it’s incorrect to point in our direction.

We’ll soon have the ARS in place. The Account Restoration Service will allow us to — after a verification process — roll-back accounts to a place immediately preceding the compromise. That doesn’t increase security, but it definitely does take the sting out of the incident, and we look forward to offering that soon.

I trust you’ll understand I’m not “speaking the company line” but am answering as truthfully and transparently as possible, just as I believe we will remain on all things related to security.