Jump to content

  • Curse Sites
Help
Regional FlagSecurity issue?Source
avatar
Genev.2450
Target Source
#1 -

Hej,

Today, 2 of my guildmembers got hacked, one lost all characters and legendary, the other “just” lost all of his stuff. Neither got an e-mail about anyone else trying to access their account, 1 got told it was done from her IP (Couldn’t have happened.), 1 is waiting for an answer from support atm since he was out all day and only just checked.

This made me and some others paranoid and change our passwords. None of us got an e-mail our passwords were changed, when the first guildmate’s password got changed by ANet, even though she’d already changed it, she got no e-mail about it either, just sudden password change.

We all have the correct e-mail adresses linked to our accounts.

This really makes me worry about security, the fact that apparently people can log in despite e-mail authentication (and i don’t have a smartphone so can’t get a mobile one) and change passwords without anyone finding out until they log in again, get into our accounts, whatever.

Is the e-mail system still active? Has there been a security breach somewhere on ArenaNet’s side?

Thank you,
Gen


avatar
ArenaNet Poster
Target Source
#2 -

The fact is, I spoke directly with our Security Coordinator about a few issues today, including these. When the team tells you the account was only accessed from one’s own location, that’s a fact. That means it was not accessed by an RMT in China or a hacker in some other state, country, or continent. So “Couldn’t have happened” makes no sense when it did happen according to our records.

Now, if there’s absolutely solid evidence that it truly could not, in any way, have happened, that player should update her ticket and say “It could not have happened because A, B and C.” But in the last many years, the “I know it didn’t happen here” has been proved to be wrong.

Much as we hate to think it, family members, friends, neighbors, and others sometimes do get access to an account, and do end up getting the account banned or do strip off the items and sell them or move them to another account.

Our team will help you, but flat-out statements about what could and could not happen must be tempered with the factual evidence in front of us. If the account was always accessed from the same IP, then how could it be argued it was accessed from somewhere else? And of course if the intrusion comes from within one’s IP, then it cannot be a fault of authentication if an email is not sent, for the IP has already been approved.

I hope that eases your concerns about a security issue in this particular situation. We’re open to input, always, but we have a lot of evidence in front of us, and that helps form the responses that we give and the actions that we take. If a player is “hacked” from within his house, or from right next door, surely you’ll agree that’s a personal account security issue and not a game security problem.