Page 1 of 7
1
2
3
... LastLast
  1. #1
    The Patient
    Join Date
    Jul 2011
    Location
    Australia
    Posts
    338

    11,000 accounts compromised

    ... 11,000 Guild Wars 2 accounts have been compromised after an attack on an unknown fan site
    http://massively.joystiq.com/2012/09...unts-affected/

    http://arstechnica.com/security/2012...0000-accounts/


    Many users are now asking for some sort of authentication service, one such user as below

    https://forum-en.guildwars2.com/foru...rity-is-a-joke
    Last edited by peterpan007; 2012-09-09 at 06:27 PM.

  2. #2
    This is why you shouldn't use the same password for other online accounts, especially fan sites of the game your playing or guild sites

  3. #3
    The Insane DrakeWurrum's Avatar
    Join Date
    Mar 2011
    Location
    Isle of Faces
    Posts
    15,040
    Quote Originally Posted by Aileron View Post
    This is why you shouldn't use the same password for other online accounts, especially fan sites of the game your playing or guild sites
    ^this

    Sounds like 11,000 accounts that very much deserved to be hacked.

    Account Security

    Hackers have lists of email addresses and passwords stolen from other games and web sites, and collected through spyware, and are systematically testing Guild Wars 2 looking for matching accounts. To protect yourself, use a strong, unique password for Guild Wars 2 that you've never used anywhere else!

    When accounts are hacked and then used for botting or spamming ads for gold sales, we ban the accounts until we can return them to their rightful owner. If you login and see the message, "this account has been permanently banned for a violation of the User Agreement," and if you're not a gold seller, it's likely that your account was hacked. Please contact customer support using the instructions below.

    If you see email authentication messages in your inbox asking you to approve a login that you didn't initiate and from someplace you don't recognize, that's a sign that a hacker knows your account name and password, and is only being prevented by the email authentication feature from accessing your account. You should immediately change your password to a new, unique password that you've never used anywhere else.
    I hope you haven't forgotten my role in this little story. I'm the leading man. You know what they say about the leading man? He never dies.

    If you give in to your impulses in this world, the price is that it changes your personality in the real world. The player and character are one and the same.

  4. #4
    What a shock, there are people dumb enough to use the same email (probably same password in some cases) for a forum as they do for important stuff...

  5. #5
    The Patient
    Join Date
    Jul 2011
    Location
    Australia
    Posts
    338
    Quote Originally Posted by zurgs View Post
    What a shock, there are people dumb enough to use the same email (probably same password in some cases) for a forum as they do for important stuff...
    Unfortunately some people will only learn the lessons of online security only after they have been affected.

  6. #6
    Quote Originally Posted by DrakeWurrum View Post
    ^this
    Sounds like 11,000 accounts that very much deserved to be hacked.
    Deserve? How cyber Darwinist of you.

    ---------- Post added 2012-09-09 at 05:53 PM ----------

    I Know people bitching about Website redirects that lead to a remote Hyjack shit in D3. Just told me today. I wonder if it's the same crap.
    "If you want to control people, if you want to feed them a pack of lies and dominate them, keep them ignorant. For me, literacy means freedom." - LaVar Burton.

  7. #7
    The Patient
    Join Date
    Jul 2011
    Location
    Australia
    Posts
    338
    A user comment from http://arstechnica.com/security/2012...0000-accounts/

    This is why online games should never launch without two factor authentication. There's no excuse now either, as Google allows any application to use Google Authenticator, and it supports mobile apps, SMS, and one-time codes.

  8. #8
    The Insane DrakeWurrum's Avatar
    Join Date
    Mar 2011
    Location
    Isle of Faces
    Posts
    15,040
    Quote Originally Posted by moogogaipan View Post
    Deserve? How cyber Darwinist of you.
    I very much subscribe to "survival of the fittest" in general. Stupid choices should have repurcussions.

    ---------- Post added 2012-09-09 at 12:58 PM ----------

    Quote Originally Posted by peterpan007 View Post
    How ironic, since GW2's two-factor authentication is e-mail authentication.
    I hope you haven't forgotten my role in this little story. I'm the leading man. You know what they say about the leading man? He never dies.

    If you give in to your impulses in this world, the price is that it changes your personality in the real world. The player and character are one and the same.

  9. #9
    Quote Originally Posted by DrakeWurrum View Post
    ^this

    Sounds like 11,000 accounts that very much deserved to be hacked.
    deserved, wtf??. please leave this planet.
    my PSN ID - Kobold_Rider

  10. #10
    "unknown fan site" just as easy to say it was their family of websites without making people scared

  11. #11
    The Patient
    Join Date
    Jul 2011
    Location
    Australia
    Posts
    338
    Quote Originally Posted by DrakeWurrum View Post
    How ironic, since GW2's two-factor authentication is e-mail authentication.
    I don't think it launched like that though ... though I could be mistaken.

  12. #12
    Quote Originally Posted by peterpan007 View Post
    This is ridiculous. We have raised a whole generation of sissies by "childproofing" everything in or around the house/school, now those sissies wants us to childproof life. Sorry man, but this is easilly preventable by taking what most people would consider to be normal precautions. Why should a dev/producer protect your account from yourself. Are you that childish that you cannot, somehow, take your own responsabilities without someone holding your hand and doing it for you?

    deserved, wtf??. please leave this planet.
    And why would he do that? If you enjoy touching the oven element despite knowing it might burn you, do you not deserve to burn yourself when it happens? Enough with this ridiculous mentality of excusing stupidity. Those people made their own bed by acting stupidly, now they deserve to lie in it. Its called a lesson, and life has a way of throwing those at you...
    Last edited by Nikijih; 2012-09-09 at 06:07 PM.

  13. #13
    Brewmaster Chry's Avatar
    Join Date
    Mar 2011
    Location
    Washington
    Posts
    1,380
    Yep, this happened to me. Got my account set up, went to PAX for the weekend and came back to my E-MAIL being changed. Very poor preventative measures on Arenanet's part.

  14. #14
    Herald of the Titans Keosen's Avatar
    Join Date
    Oct 2009
    Location
    Sin City
    Posts
    2,892
    Quote Originally Posted by nemro82 View Post
    deserved, wtf??. please leave this planet.
    If you write down your email and password of a secure site and the publish it on non-secured sites then yes you pretty much deserve to be hacked in order to learn the hard way.

    Online game security 101
    - Create a new email for your account i.e. [email protected] and use it only for this purpose, don't use your old one which is probably already compromised and that you already using it across 100 sites with more than half being warez or alike.
    - Create your password with a password generating tool like the awesome Keepass. That way even you won't know your password.
    - If you are totally insane about safety create a key file and put it on a usb this way your password would be as safe as it could ever be.

  15. #15
    Quote Originally Posted by peterpan007 View Post
    I don't think it launched like that though ... though I could be mistaken.
    It did indeed launch like that. I played at headstart and was asked to verify my email for authentication from day 1.

    Just like any other online company, Arenanet can defend against a lot of things but it can't really stop the sheer stupidity of its users. If you are stupid enough to ignore ALL warnings from the company saying "Use a different password", use the exact same password and email combination as another game or entity (especially if said game or entity was ever hacked...), and then get hacked because of it... well, what can Arenanet really do about that beyond REQUIRING everyone receive and respond to an SMS text message on every login?

    We were all taught how to follow directions in kindergarten. Time to put those mad skills to the test and try following the very basic and simple instructions Arenanet gives on protecting accounts. It's amazing how well that works out.

  16. #16
    Quote Originally Posted by Keosen View Post
    If you write down your email and password of a secure site and the publish it on non-secured sites then yes you pretty much deserve to be hacked in order to learn the hard way.

    Online game security 101
    - Create a new email for your account i.e. [email protected] and use it only for this purpose, don't use your old one which is probably already compromised and that you already using it across 100 sites with more than half being warez or alike.
    - Create your password with a password generating tool like the awesome Keepass. That way even you won't know your password.
    - If you are totally insane about safety create a key file and put it on a usb this way your password would be as safe as it could ever be.
    Well to be fair thats more like online game security 102 and 103. 101 is "do not use the same freaking password on every fucking site you visit!"

  17. #17
    Quote Originally Posted by Keosen View Post
    If you write down your email and password of a secure site and the publish it on non-secured sites then yes you pretty much deserve to be hacked in order to learn the hard way.

    Online game security 101
    - Create a new email for your account i.e. [email protected] and use it only for this purpose, don't use your old one which is probably already compromised and that you already using it across 100 sites with more than half being warez or alike.
    - Create your password with a password generating tool like the awesome Keepass. That way even you won't know your password.
    - If you are totally insane about safety create a key file and put it on a usb this way your password would be as safe as it could ever be.
    but this is just a bloody game, not my bank account ffs, most of the people don't give a damn about it.
    Having new e-mail for everything, new pasword and what not, is madness.
    my PSN ID - Kobold_Rider

  18. #18
    Herald of the Titans Keosen's Avatar
    Join Date
    Oct 2009
    Location
    Sin City
    Posts
    2,892
    Yes this is a game i agree but your time spending on it it's very real so it would a pity to lose your 300hours played account wouldn't be?

  19. #19
    The Insane DrakeWurrum's Avatar
    Join Date
    Mar 2011
    Location
    Isle of Faces
    Posts
    15,040
    Quote Originally Posted by nemro82 View Post
    Having new e-mail for everything, new pasword and what not, is madness.
    Having a new e-mail for everything, yes, that's madness. New password? Definitely not. If you're stupid enough to use the same password for multiple accounts, you deserve to lose your account. It does the hacker's job for them.

    I've got dozens of passwords memorized. I can't always remember which password goes to which account, but it usually doesn't bite me in the ass. Until we get thumbprint identification built-in to all PC applications, we'll have to deal with passwords.
    I hope you haven't forgotten my role in this little story. I'm the leading man. You know what they say about the leading man? He never dies.

    If you give in to your impulses in this world, the price is that it changes your personality in the real world. The player and character are one and the same.

  20. #20
    Brewmaster Chry's Avatar
    Join Date
    Mar 2011
    Location
    Washington
    Posts
    1,380
    Quote Originally Posted by Keosen View Post
    Yes this is a game i agree but your time spending on it it's very real so it would a pity to lose your 300hours played account wouldn't be?
    How about Arenanet doesn't take a step backwards and provide an authenticator on launch? Nobody wants to remember a laundry list of emails and passwords for video games.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •