Jump to content

  • Curse Sites
Help
Regional FlagHigh Ranked players & Commanders hacked [Merged]Source
avatar
Irontodge.9524
Target Source
#1 -

Yet more hits on high ranking player accounts on Ruins of Surmia.

Anet, every day that passes make this seem less and less like our issues and more and more like a security threat in the game.

This issue needs to be escalated and a proper investigation needs to be done.

Many Thanks


avatar
ArenaNet Poster
Target Source
#88 -

Guys,

I relayed your concerns to the Security Team and to to others at ArenaNet when this thread started. You can be absolutely sure we are looking at these situations very carefully. Again, the evidence does not point to a server hack, a database theft, or that sort of systemic issue. But still, it is worthwhile having Security’s eyes on the issues and you can have confidence that this is something they’re investigating.

Please be sure you include as much information as possible in your tickets — this thread has some sugggestions on what to include. In situations where you witness someone threatening another player, submitting a ticket with those screenshots would be very welcome!

Please take care when posting that you not include sensitive info here in the forums. I haven’t seen anyone doing that in this thread, but please exercise your usual caution and that’ll be helpful. I know it can be frustrating for those who are hacked and have lost access to their accounts to find they are (temporarily) unable to post here in the forums. Posting to update us on behalf of a friend is ok, but I’m sure you’ll understand that we want to work directly with the account owner in the tickets (for security reasons). So please have anyone who may have been impacted file his or her own ticket.

Thanks.


avatar
ArenaNet Poster
Target Source
#89 -

They won’t reset accounts mate, so I don’t need any hope…
I’m just asking a ’we’re still looking into this’, nothing much. This silence could also mean they’re not caring, which I hope is not the case, but meh…

Sorry, Maetel, I just saw this post, but I did write that note a few minutes ago. You can bet on it: We care and we’re investigating.

Incidentally, account restorations are very, very close.


avatar
ArenaNet Poster
Target Source
#124 -

Update: This evening, I emailed a few of the people who were mentioned in the early comments in this forum thread.

I will update you on this situation when I have more details, but we are making forward progress!


avatar
ArenaNet Poster
Target Source
#153 -

Incidentally, account restorations are very, very close.

Can you confirm this Gaile? I have tickets from GM’s stating otherwise dated today.

Yes, account restorations are very close to being rolled out for all players. There will be qualifiers and requirements, of course, so not every account will be rolled back upon request. (For instance, restorations are only for compromised accounts.)

We’ll have more information in the next few days.

If your ticket says something different, could you please give me the number so I can review the messaging?


avatar
ArenaNet Poster
Target Source
#155 -

Once again I got 2 DC under 3 minutes at 1 am ….. WTF ? !!!!!
I checked my account email and the IP connexion from here, absolutely nothing is suspicious. the only thing I could do was to change my password again in order to block the “f……. hacker” and keeping the non stop logging after DC !!!!!!

I’m desperated and tired to be feared 24/24 … every day before going to work I need to check my account if my characters and their stuff that I restarted to collect after the 1st hack are still here …. and every times I’m scared to see weither they re deleted or naked as it could be ….

Arena net support doesn’t give me any available answer about my account ’s security and keep asking me to protect my email adress which is done for sure a long ago.

Besides I’d like to know if the support need screenshot to prouve the lost gear ???
If yes then I’ m going to sent them every screen shot in order to be enable to have a roll back to catch back my 898hours of gaming …

This sounds as if you need a thorough scan of your system, because the symptoms you describe are very like those of a keylogger. And yes, until you remove that malicious code, you can be hacked again and again.

Obviously, there’s nothing that our Support Team can do on our end to increase your personal computer’s individual security. This is coming from outside the game.

Consider using the tips that they shared with you during the first hacking incident or perhaps, as others have done, “flattening” your system to the OS and reinstalling all your programs. Doing this is a lot of work, but it may be the only way to really address the issue and I truly believe your computer may be the problem, if you are absolutely certain your email is clear.


avatar
ArenaNet Poster
Target Source
#167 -

Today i logged into my account and had all my 8 characters deleted, 3 level 80s one with a legendary Twilight. No email to say that the account was accessed from another IP everything i have ever worked on has gone. I’m very disappointed to say the least as i have worked very hard on all these characters one of which is a commander with a substantial amount of gold on its person.

My guild mates advise me that i was logged in when i was sleeping but they didn’t think anything of it as i have a strange sleeping pattern.

I would really appreciate my account being restored asap especially the legendary (and if you can make my Mesmer an Asura i would be doubly grateful! (just joking to try to cheer up my bad mood, but this would be a nice bonus considering i have a different password for my email and game account, and restore my faith in anet :p

What sort of authentication do you have on your account? Two-factor auth or email auth? Thanks.


avatar
ArenaNet Poster
Target Source
#169 -

If your account has been accessed and you have access to the account, please be sure you change your password as soon as possible. Consider that your email may have been compromised (especially if you have the same password on your email as you have on your game account).

If you do not have access to your account, be sure to tell the Support Team that detail when you submit your ticket.


avatar
ArenaNet Poster
Target Source
#171 -

If your account has been accessed and you have access to the account, please be sure you change your password as soon as possible. Consider that your email may have been compromised (especially if you have the same password on your email as you have on your game account).

If you do not have access to your account, be sure to tell the Support Team that detail when you submit your ticket.

i have changed all the above, (ma game email and main email and passwords are all different) and the response to the ticket i sent was this

We are sorry for your breach of account, however as the account was accessed from your IP address there is nothing we can do, we are sorry for any inconvenience this has caused and trust that you understand our reasoning. Maybe a family member did this. If you have any further questions or problems please do not hesitate to contact us again

I was just going to respond with the information that I had acquired: “This account shows zero logins from unapproved IPs – not even attempts. If all the details are accurate, they were attacked by someone who has physical access to their approved/accepted machines.”


avatar
ArenaNet Poster
Target Source
#173 -

If your account has been accessed and you have access to the account, please be sure you change your password as soon as possible. Consider that your email may have been compromised (especially if you have the same password on your email as you have on your game account).

If you do not have access to your account, be sure to tell the Support Team that detail when you submit your ticket.

i have changed all the above, (ma game email and main email and passwords are all different) and the response to the ticket i sent was this

We are sorry for your breach of account, however as the account was accessed from your IP address there is nothing we can do, we are sorry for any inconvenience this has caused and trust that you understand our reasoning. Maybe a family member did this. If you have any further questions or problems please do not hesitate to contact us again

I was just going to respond with the information that I had acquired: “This account shows zero logins from unapproved IPs – not even attempts. If all the details are accurate, they were attacked by someone who has physical access to their approved/accepted machines.”

I live alone….

Very confusing, then! Let us continue to look into this for you. We have your ticket info and will discuss with you to get more info. Oh, do be sure that you share the latest info in your ticket, so we have it all in one place.


avatar
ArenaNet Poster
Target Source
#199 -

My concern’s atm are:

Why does the “your email has been changed” email not have a confirmation link etc?
Why was the hacker able to login to one of my characters and access my bank while I was also logged in on a different character?

Shame I can’t get mobile auth due to my phone type, but some of the players hacked are using mobile authenticator anyway. Once they change your email they can login and disable it I believe?

So the root of the problem is how are they changing the email to begin with.

Because confirmation link was sent to new e-mail address. Whoever thought it was a good idea should be fired on spot.

Agreed- I just got hacked and lost EVERYTHING except the armor I was wearing. They even deleted all my email :*(

All the correspondence from AN has been on my email address that was hacked- AND they requested my serial number- so it’s right there to see in my email responses. I changed my email password, but if it gets hacked again- they will have the whole conversation, numbers and all.

I don’t care- I don’t want to play anymore
I was just starting to really have fun and it was almost everything I’d been waiting for (I’ve been waiting for something that would take me back to my EQ days)

And now this. I’m done.

As I’ve mentioned, we really can’t be held responsible for an email hack, as much as we sympathize with the situation. If you are sure your system is clear of keyloggers and Trojans, I recommend that you create a new email account and contact Support through that account, explain what has happened, and work with them to establish that you are the account owner. There is a challenge here, I cannot deny it, when two people are able to provide the serial codes, but we have a lot of experienced agents who will work very hard to get this reset for the proper owner.


avatar
ArenaNet Poster
Target Source
#200 -

So here is what happened to me just about 3 hours ago. First, I have an email and password dedicated to GW2 and nothing else. I also have the mobile authenticator enabled. I am 100% sure there are no trojons, or keyloggers on my computer. I logged on this evening and was put into a Lions Arch overflow server. I was standing at the bank when I was asked to ping my Twilight in /say, which I did. About 1 minute later I was disconnected to the character select screen, I jumped back in the game and was disconnected almost instantly. Jumped back on, disconnected again but this time a message popped up saying something along the lines of the account being used from another location. I immediately went to the account management page and tried to access my account but of course my password had been changed. I was able to reset it to a totally never before used password and log back on. In a period of maybe 3 minutes the hacker had got all my gold, t6 mats, and a good bit of my other mats. Of course when I logged back on I imagine the hacker got kicked to the character select screen and so we battled for control back and forth for a few minutes. Here is the strange part tho, once I stopped getting kicked I went to log into account management only to discover my password was changed again! Within maybe 8 minutes of me setting it to a totally unique password the hacker had changed it! This time I was unable to reset it and created a support ticket. Support was able to help me get control of the account again but I’m not at all sure that it will stay that way considering how quickly and easily it was hacked in the first place.

Most of the people who have been hacked in this thread have had it done via support tickets. If they kept changing your password like that, it sounds like your computer has been infected with a keylogger. However, it doesn’t make sense if you’re positive you had the mobile authenticator enabled, unless they used said keylogger as a proxy somehow, which would fit in with one of the posts above who said he had mobile authentication enabled and lived alone and yet his account was hacked without any other IPs accessing it.

I don’t think his pc was infected but even with full protection he got hacked !!
Why ?? The response is simple : someone can have acces to arena net ‘s database, the hacker only need to pick up wealthy people then he’ll receiving information to log into the target’s account and stole everything.

As me, Proxy Violence was in Lion arch overflow ’s server and said something on channel then be hacked !!!

There ’s obviously a failure so be carefull !! Until Arena net give us an answer players should avoid Lion Arc and WvW as much as they can, especially wealthy ones.

Stop and think: If the database had been hacked, hundreds of thousands of accounts would have been stolen. That is not what happened. Flat out not what happened. The situation has nothing to do with Lion’s Arch, or World-versus-World, or anything of that sort. These are individual cases, and we will work to help the account owners back onto their accounts.


avatar
ArenaNet Poster
Target Source
#207 -

Stop and think: If the database had been hacked, hundreds of thousands of accounts would have been stolen. That is not what happened. Flat out not what happened. The situation has nothing to do with Lion’s Arch, or World-versus-World, or anything of that sort. These are individual cases, and we will work to help the account owners back onto their accounts.

I’m sorry but I have to disagree with your logic. If burglars had magic skeleton keys that could open any house, would you suddenly see hundreds of thousands of houses broken into? Nope, that’d just draw attention to the fact there was a hole in the system. They’d target the houses with the most loot and pick those off one by one.

Just the same, RMTs would only hack enough accounts to collect the gold they’re selling. Hacking thousands of accounts would both reveal the system flaw and hit their own customer base, when people stop playing GW2.

I’m not saying ArenaNet’s database has been hacked, just that your argument doesn’t hold water.

You forget, in your analogy there are dozens of would-be “burglers” (in our case, RMT companies) who compete with each other in a shark-like frenzy. If there were a loophole, they’d be rushing to take advantage of it to (1) make hay while the sun shines (until the loophole is corrected) and (2) to beat out their competitors.

I stand behind what I say about the volume not being consistent with a systemic issue, but I will ask Security to read this thread, as I have in the past, to make sure we’re watching for any anomalies that you’re concerned about.


avatar
ArenaNet Poster
Target Source
#230 -

Now.. where are the final versions of them authenticators?

I talked to the Security Team, and they expect a final version with in the next several weeks. More testing, feature reviews, etc.


avatar
ArenaNet Poster
Target Source
#247 -

I made this post and Gale Gray closed it after it was getting alot of attention… wow are you serious? Company image management?

Wait a second, please. You were told there was an existing thread about this subject, and yet you continue to make new ones. We should keep the topic focused, so that our security team and others interested in this subject can update themselves on any situations that may exist.

Please do not take a forum thread closure personally, and for goodness sake, do not make rude and insulting comments about the fact that it was closed when there was a very valid reason for doing so.

And, as you can see, I’ve merged this new thread into the existing thread I mentioned to you yesterday and ask you with all due respect to keep your comments of a reasonable nature and to post in the topic at hand.


avatar
ArenaNet Poster
Target Source
#248 -

So, what you’re saying is… someone got access to your email account? If so, the issue most likely is not on anets end.

It is true that we cannot possible be involved in someone’s individual email account security.


avatar
ArenaNet Poster
Target Source
#249 -

I talked to the Security Team, and they expect a final version with in the next several weeks. More testing, feature reviews, etc.

Is there any intend on releasing official physical authenticators rather than ‘certain brands may or may not work’? Also any updates on the rollback system for compromised accounts?

We have no plans to sell physical authenticators, but again, you are welcome to use one if you desire. I recommend that you verify that the set-ups will work with the authentication systems in place, as recommended by players in this thread. I will ask our Security Team if they can comment, but I am sure they cannot recommend brands, only the basic configuration details. If you think that would be helpful to you, let me know and I’ll get what information I can.


avatar
ArenaNet Poster
Target Source
#251 -

Rubbers, if ANets intentions were to sweep this under the rug they would not have replied to any of the threads. Right now this thread is in the dev tracker thus giving it more exposure.

I also doubt very much they will share details on what they are doing on their end… it would give cues to the hackers.

True, and true. This thread, and several others you see, are evidence of us giving as much transparency to and by our players. We’re not trying to stifle things, or brush them off, or hide them. Case in point: I just “bumped” a thread that hadn’t had posts in more than 2 days to make it more visible, not less.

Please have confidence we are reviewing each compromise, helping as much as we are able, and carefully monitoring our processes and security every hour of every day.


avatar
ArenaNet Poster
Target Source
#254 -

We are very sorry that guild banks are not part of the restoration system, but as pointed out in this thread, there is a great deal of complexity in restoring an individual account, and restoring a guild bank is many, many times more complex.

To do a restoration properly, while protecting the game economy and impacts every single players, we would need to investigate every single account that had access to the guild bank to see what happened before, during, and after the event. To do otherwise could have major negative impacts on the game economy, if players could “hide the gold” and then ask for a roll-back of the whole guild bank.

Consider that guild banks potentially hold a lot of combined wealth, and that confirms that the impact on everyone who plays the game, over time, could be considerable.

It’s possible that sometime in the future we will be able to restore guild banks, just as we very soon will be able to restore individual accounts. We would like to do this, but we know that if we initiate that service, we must do that sensibly and accurately, for the good of the game.