This is the current status of the most important issues we're tracking with Guild Wars 2 live service.
Account security - Hackers are systematically scanning email addresses and passwords harvested from other games, web sites, and trojans to see if they match Guild Wars 2 accounts. We're taking a number of steps to protect our players from this, listed below, but we need your help too. To protect your account, make sure you use a strong, unique password for Guild Wars 2 that you've never used anywhere else. If your password isn't strong and unique, change it right now. For the highest level of protection, also create a unique email address to use solely for Guild Wars 2.
Here are the things we're doing to protect your accounts.
Email authentication - We started ramping up email authentication after last night's server update, and it's now enabled for 100% of players with verified email addresses. Email authentication provides a high level of security for everyone, and can provide an even higher level of security when combined with two-factor email authentication. Here's how you can set that up. Create a new unique Google or Yahoo email address solely for your Guild Wars 2 account. Verify that email address with Guild Wars 2 to turn on email authentication. Then follow the instructions at Google or Yahoo to enable two-factor authentication for all logins to your email address.
- We have the "password reset" feature temporarily disabled. If you need to reset your password, contact our customer support team.
- We now have email authentication turned on for all players with verified email addresses. With this feature, even if someone guesses your password, when he tries to login from a location that you've never logged in from before, you'll have an opportunity to approve or disapprove of the login through an email check.
- We've noticed that hackers who discover a working email address and password combination don't always immediately exploit the compromised account. We sent email to everyone whose account has been suspiciously logged into asking them to immediately change their email address and password.
- We will also be sending email to all customers whose accounts have been unsuccessfully tested by hackers. We strongly recommend that these customers create a new, unique email address for their account.
- We left in-game mail disabled for another half-day, because it's difficult for hackers to loot accounts when both in-game mail and the trading post are disabled. Keeping mail disabled this morning to prevent account looting gave us time to get email authentication turned on for all players, and gave players time to secure their accounts. But we will be turning in-game mail back on soon, so we ask everyone to quickly secure their accounts.
Parties, guilds, etc. - We're working to address problems with parties, guilds, and other social features, which cause symptoms such as party members not appearing on the map, party members not staying in the same overflow servers as they travel between maps, and guild invites and guild chat failing intermittently.
Overflow servers - During this initial surge of high concurrency, and especially while most characters are low-level and thus playing in the same starting areas, it's common for players to be directed to overflow servers. If you want to play with a friend, but you're not on the same overflow servers, you can form a party together, then right-click on your friend's portrait in the party list and click "join". Note that this functionality is sometimes intermittently unavailable due to the issues with parties and guilds noted above.
We expect the use of overflow servers to naturally subside as players spread out more through the world.
Botting - Yesterday we applied 72-hour account suspensions to 500 players who were running bots. We're continuing to detect and ban bots. Soon we will ramp up to our normal policy of applying permanent account bans to anyone who runs a bot.
Exploits - If you discover an exploit in the game, do not exploit it or publicize it, but instead notify us immediately at this new email address: exploits (at) arena (dot) net.
This morning there was a widely-publicized, newly-introduced exploit in which specific cultural weapons were selling for one-thousandth of their normal price. We fixed it with an emergency build this morning. We want to thank the vast majority of players who became aware of the issue, responsibly reported it, and did not exploit it. However, a smaller group of players did significantly exploit it, each purchasing hundreds or thousands of these weapons. We permanently banned 3,000 accounts of players who substantially exploited it, and applied 72-hours bans to another 1,000 accounts of players who mildly exploited it.
In-game mail - In last night's software update we fixed the potential abuse of the in-game mail system that we identified yesterday. We kept in-game mail turned off for another half-day while working to secure accounts against hackers, since in-game mail can be used to loot an account. And we kept in-game mail turned off while responding to this morning's exploit. We're now ready to re-enable it, and will do so this afternoon.
Trading Post - Yesterday we tested Trading Post with a random 15% of players. This test helped us gather valuable data to fix important bottlenecks. This afternoon we will test Trading Post with a random 25% of players, and then work to ramp up from there.
Tournament Rewards - We're working on fixing tournament chest rewards. Because this requires substantial testing, we do not have an estimated release timeframe to provide at this time.
Forums - Our most important priority at the moment is to ensure that the game runs stably and flawlessly. So as to not create additional demand on our infrastructure and on our programming team, we made the decision not to open the forums until the initial mass influx of players has calmed down a bit.
Next software updates - We're making non-disruptive changes throughout the day. We'll publish the next back-end server update tonight at midnight Seattle time. The game may be unavailable for approximately 20-60 minutes while we perform this update.
Arenanet have posted another status update on important issues over on reddit including in-game mail being turned back on soon and account security updates.