Page 2 of 2 FirstFirst
1
2
  1. #21
    Quote Originally Posted by Blackmist View Post
    Plus the launcher helpfully offers to remember the account name and password for you. Presumably that means it stores it somewhere. If the game can retrieve it, a piece of malware can do the same. It's not good practice to save it, but you know 90% of people will do just that.
    If you have malware that is going through your game files, you're pretty much just as likely to have malware that records your keystrokes.. in which case typing in your account information every time would be just as bad of a practice.

  2. #22
    The Lightbringer jvbastel's Avatar
    10+ Year Old Account
    Join Date
    Jan 2011
    Location
    Flanders
    Posts
    3,789
    Quote Originally Posted by Blackmist View Post
    If this game goes over a few million sustained users, there will be hackings. They're rare at the start of a game, because few players have anything worth stealing. Pick an active WoW account at random and you'll probably get at least 50k in gold and assorted tat.

    Plus the launcher helpfully offers to remember the account name and password for you. Presumably that means it stores it somewhere. If the game can retrieve it, a piece of malware can do the same. It's not good practice to save it, but you know 90% of people will do just that.
    Obviously the password and account name are not stored in plain text.
    Monk, I need a monk!!!

  3. #23
    Deleted
    Quote Originally Posted by glo View Post
    Considering that the vast majority of "hacked" accounts come from either 0 day ad based flash exploits or shady javascript, nothing of what you mentioned (aside from giving out your password) is going to really make a difference unfortunately.

    MMO-champ itself has fallen victim to bad ads deploying keyloggers on multiple occasions if you've been following the site for a long time.
    Oh, I know. One of the emails I get spam sent to is:
    mmo-champion@mydomaín.com
    And guess which site is the only one I ever supplied that email to?

    As for the ads, noscript and similar addons can handle that, along with a good anti-malware program.
    And no, I did not give out my password. It was a generic example. Here's another:
    ISn1chUs. (In Space No 1 Can Hear U Scream)
    Last edited by mmoc7805351bd4; 2012-08-29 at 02:35 PM.

  4. #24
    I wouldn't be so quick to dismiss the possibility that something fishy wasn't going on. Yeah, that the username for logging in is a person's email address (which could easily have been stolen from any number of gaming enthusiast sites, including this one) isn't exactly perfect, but...

    I'm sitting here looking at not one but two completely legitimate (because unlike most people, I have no problems reading through email headers) password reset emails from ArenaNet which arrived in my inbox this morning at 5:18am and 7:45am, respectively. I've not signed up for any anythings directly related to GuildWars2 and outside of the emails in my email account from registration and transaction records at my bank for me paying for it, there wouldn't even be any electronic trails tying my email address to GW2 for anyone outside of ArenaNet/NCSoft... so there may actually be some kind of "dragnet" skullduggery ongoing. Far as I know the most statistically likely thing is that someone's using a userlist they stole from some gaming site and is checking for password reuse (I don't see the OP saying explicitly that the password he used for GW2 is utterly unique). That the OP was apparently able to still login would imply that the attacker did actually have his password and weren't monitoring his email account to intercept the reset request because this would require they change his password to something he would not know in order to gain access to his account.

    It would be nice if the password reset emails actually showed something as useful as the IP address of the browser which requested the reset.

    (and let's not waste time suggesting "keylogger" because I'm an unblinking SOB who sits behind his own firewall, uses a whitelist antivirus, unique and complex passwords on that are changed regularly for everything I care about, and can generally be described as a deeply paranoid individual)
    Last edited by Dagmar; 2012-08-29 at 03:12 PM. Reason: Caffiene underflow error: Time too early

  5. #25
    Is this the first time you guys play MMos?....

    Those are phishing email. They do not come from Anet despite LOOKING like they do (open the ''source'' and you will notice that it wasnt sent from the displayed sender). Also, just to test, I just did a password reset on GW2's official webpage. It changed the pw but didnt request any form of validation, which leads me to believe that linked you clicked that sent an error was the click that got you hacked.

  6. #26
    Quote Originally Posted by Nikijih View Post
    Is this the first time you guys play MMos?....

    Those are phishing email. They do not come from Anet despite LOOKING like they do (open the ''source'' and you will notice that it wasnt sent from the displayed sender). Also, just to test, I just did a password reset on GW2's official webpage. It changed the pw but didnt request any form of validation, which leads me to believe that linked you clicked that sent an error was the click that got you hacked.
    They actually are coming from Anet. Headers, links, wording all legit. It actually looks like they are phishing for accounts by trying to get resets on all the accounts in their database, then checking the e-mails they have access to.
    ~ flarecde
    Reality is nothing; Perception is everything.

  7. #27
    The Patient Dairios's Avatar
    10+ Year Old Account
    Join Date
    Jun 2010
    Location
    Outside your window... sit up straighter, that's bad for your posture!
    Posts
    276
    I never clicked the link in the email (it was plain text anyways, not a clickable link), for the very reason I can't be sure if it's legitimate or not. I went to the site manually to change everything, but it looks like the damage was done while I was at work anyways so I honestly have no idea how it all went down. Regardless, I'm just waiting on my tickets now to appeal this ban and hopefully I can have my Digital Collectors Edition mount back and not be out the $80 I spent on it. -_-

    wtb Authenticators...
    "Is it a crime to know the truth? Is it sin to reach for those things which you fear?" - Schwarzvald

  8. #28
    Deleted
    Quote Originally Posted by Dairios View Post
    This happened monday, I've had a ticket in since Monday night. But yeah has this happened to anyone else? I came home, found a Password Reset Request for my GW2 account in my email, logged over to the GW2 site and put in my info, it all worked, so I changed my account email address and password.

    I got the Verification Email for the change, but when I clicked the link inside to verify I authorized the changes, it just returned an Invalid/expired link error. Regardless though, the new email worked and I could log in with that. So I fired up the launcher, went to log into the game to see if anythings been tampered with and was greeted with this message: "Account blocked for unacceptable behavior. Please try again when the block has expired." But I got no emails saying I was banned or suspended or even a reason! It just is. I'm trying to be patient but it's still frustrating.

    The error code I get is: 45:6:3:2114

    Soo... Yeah. Anyone else?
    Did you act like an ass to someone at some time? You can get banned for that.
    Last edited by mmoc4a603c9764; 2012-08-29 at 07:33 PM.

  9. #29

  10. #30
    Deleted
    Quote Originally Posted by Dagmar View Post
    there wouldn't even be any electronic trails tying my email address to GW2 for anyone outside of ArenaNet/NCSoft...
    There doesn't have to be.
    They're trying all the emails they know of, regardless where they obtained them from.
    I've recieved several WoW phishing emails on various different email accounts with no connection to WoW, as has many others.
    It's a known behaviour.

    It would be FAR more time-consuming for them to sort the emails, rather than just start a script that works through ALL the emails they have.

  11. #31
    Careful about those e-mails saying password has been reset, GW2 accounts are getting hacked/stolen, already;

    http://www.gamebreaker.tv/mmorpg/gui...2-anet-hacked/

    I got one of those password reset e-mails today and ignorged it, was able to log on just fine.

  12. #32
    The most notable point here is: Reference real-life people

    Of all of the other points, this is primarily because they want to have a tribute to their favorite singer for example. I wouldn't think the account should be banned if a player chooses the name Michael Jackson or Justin Bieber for example, but I would expect a name change. Even if the player is famous and really is Justin Bieber, he shouldn't be allowed to use it.

  13. #33
    From what I've heard, one of the best ways for hackers to compromise game accounts is through various third party message boards. They can easily obtain your password through less secure boards and add it to a list of email + pw combinations. If you use the same password on a forum as your game account, you are very likely to be a target. On that note, I've gotten 2 emails asking for a password reset already myself by Arenanet but I'm still safe, but it leaves me wondering if it's just a matter of time since there's no extra layer of protection. Even something like an on-screen keypad verification would be nice (one that randomizes the keypad matrix every time you use it).

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •