Thread: Got Hacked

  1. #1
    High Overlord dPwnShop's Avatar
    Join Date
    Jun 2012
    Location
    The Dirty Third
    Posts
    126

    Got Hacked

    So I haven't been playing GW2 since MoP released but my buddy sent me a text earlier today asking if I was playing because he saw my character online. I let him know it wasn't me and when I tried to log on it said that my email was not associated with any account. I received an email from arenanet....

    "Someone -hopefully you!- has requested to change the email address associated with your Guild Wars account.
    Need help or have questions about your Guild Wars account? Visit our support site: http://support.guildwars2.com/.
    Thanks!
    -The ArenaNet Team"

    I went over to the support site and tried getting together a ticket. For me to even fill out a support ticket, I need to include my product key. I looked through my email trying to find the key but was unsuccessful. I did get the "Welcome to GW2" and the "Activation of your GW2 email" but not the product receipt email I normally get with digital purchases of game.

    Did you guy's end up getting the product key/receipt from arenanet when ordering a digital copy? I didn't really have plans to play much anymore until an expansion came out but it still sucks knowing my character/account is probably being abused right now. Another question I have, when ordering anything from the online shop... you have to enter your credit card or paypal info before being able to purchase anything right? I don't remember tying my credit card or anything to the account so I'm sure this isn't something I need to worry about.

    *Edit*- Also, why does arenanet make it possible to change the email of an account without email conformation. I don't ever remember not having to confirm through an email when making any account changes.

    TL;DR- Account got hacked, email associated with account changed. Did you receive a receipt or product key via email? Is there a credit card/paypal account tied to these arenanet accounts?
    Last edited by dPwnShop; 2012-10-09 at 02:28 AM.
    Sorry for the bad English. English is my first and only language but Southern Louisiana public school system has taken its toll.

  2. #2
    Pandaren Monk barackopala's Avatar
    Join Date
    Mar 2012
    Location
    Chile, Viña del Mar
    Posts
    1,750
    Yes iirc you receive a mail with the activation key when you buy the game, lemme check on my mail and I'll edit this post.

    *Yes I still have the mail that was sent to me when i bought the game:

    "Thank you for pre-purchasing Guild Wars 2!"
    IMPORTANT! Please take a moment to register your Guild Wars 2 account.

    Registering your Guild Wars 2 account lets you play the game before launch by providing you with Headstart Access and guaranteed access to all Beta Events.

    Save this e-mail for reference. If there is a problem with your order, customer support will ask you for your order number.

    Order number: --
    Order date: 4/14/2012

    Guild Wars 2 Digital Edition $59.99
    CD-Key: *edited for obvious reasons*

    Online game codes are non-returnable, non-refundable, and can only be used to create or upgrade one game account.
    Last edited by barackopala; 2012-10-09 at 02:27 AM.

  3. #3
    yea im looking at mine right now. Email called : Thank you for pre-purchasing gw2

  4. #4
    I don't play GW2 but I'd imagine your best bet is to call their support hotline and go from there.

  5. #5
    High Overlord dPwnShop's Avatar
    Join Date
    Jun 2012
    Location
    The Dirty Third
    Posts
    126
    Ok, thanks for the replies. This is crazy... I don't know any reason why I would have deleted that email. I'm still seeing several receipt emails from other games, I always make a point to hang on to those instead of deleting them. I'll try and call their support number.
    Sorry for the bad English. English is my first and only language but Southern Louisiana public school system has taken its toll.

  6. #6
    Pandaren Monk barackopala's Avatar
    Join Date
    Mar 2012
    Location
    Chile, Viña del Mar
    Posts
    1,750
    My tip for you would be this:
    -Create an e-mail account for gaming, just for buying games, so you don't compromise any kind of information on forums or else.
    -Create an e-mail just for forums for random stuff
    -Create an e-mail for private stuff (or college stuff)

    If you already did that, then try to create some more accounts (yeah lol) for categories, like have one for MMO-RPGs, one for steam, one for origin and so on and so forth, it helped me on getting sh*t in order !
    That way if you break up with your long time gf, she'll never be able to take revenge of you changing your e-mail passwords! (has happened to a friend of mine before)

  7. #7
    High Overlord dPwnShop's Avatar
    Join Date
    Jun 2012
    Location
    The Dirty Third
    Posts
    126
    That's a really good idea. I've been using the same e-mail for the last 5 years for EVERYTHING. I think I should probably change my email provider also. I use yahoo, but it seems I get a lot of trash email's. Not sure if that has to do with Yahoo or just the sites I go to sending junk email.
    Sorry for the bad English. English is my first and only language but Southern Louisiana public school system has taken its toll.

  8. #8
    Pandaren Monk barackopala's Avatar
    Join Date
    Mar 2012
    Location
    Chile, Viña del Mar
    Posts
    1,750
    It actually came in mind to me when i first started buying games online, learnt a lesson from forums and people posting stuff like you did (it's not my intention to insult you or anything else) but you get lessons from past mistakes and one of them for me was to be organized on everything I did... it's amazing that it has helped a lot ... and it's free (to create an e-mail ofc, not buying games, which, when hacks happen to you, hurts).

    One way for you to never forget your "buying games" e-mail is to make it related to a certain game you want to buy, in my case, it was the first game i bought online which was starcraft, so it is something like ibuystarcraft@... (that's my gaming e-mail, for steam and stuff)

    What you can do is create one for each game like:
    Iboughtguildwars@...
    Iboughtwow@...
    Iboughtsteam@...
    Last edited by barackopala; 2012-10-09 at 03:04 AM.

  9. #9
    Quote Originally Posted by dPwnShop View Post
    That's a really good idea. I've been using the same e-mail for the last 5 years for EVERYTHING. I think I should probably change my email provider also. I use yahoo, but it seems I get a lot of trash email's. Not sure if that has to do with Yahoo or just the sites I go to sending junk email.
    Is your GW2 password the same password that you use for any other account for anything? Your password needs to be unique, something you don't use for anything else at all.

    I also posted this in another thread earlier this week so I'm just going to copy it over here.

    If they changed the account name/email and you aren't sure what it is now, but you have your GW1 account attached to your GW2 account, then you can easily figure out what the hackers email is. Go to NCsoft.com, log in to your account and go to your account profile, you'll be able to see the hackers email.

    Go to https://account.guildwars2.com/recovery and fill it out with your information. You'll be able to reset the password and disable email verification.

    If you do get access to your account by yourself don't cancel the ticket. You'll want them to restore the account back to your email as well as enable email verification, which they'll do when they restore it.
    I had to do this myself last week...fun times.
    Last edited by grandpab; 2012-10-09 at 03:15 AM.

  10. #10
    Herald of the Titans Jigain's Avatar
    Join Date
    Dec 2011
    Location
    Sweden
    Posts
    2,718
    If the password you used for GW2 is the same as the password you used for your email address, it's fairly obvious what happened.

    Hacker acquires your email and password, probably from a compromised site somewhere. Logs into your GW2 account section with it and requested an email change. Next they log into your email using the very same login information (and click the confirm link if it's necessary to confirm email changes, I don't actually know how it's set up these days). Knowing that you need your activation key to reclaim your account, they also delete that email. Now they have your account and there's basically nothing you can do about it unless you can somehow convince the ANet support team that you are indeed the original owner of the account, even without the activation key.

  11. #11
    Bloodsail Admiral Riavan's Avatar
    Join Date
    Sep 2010
    Location
    Australia
    Posts
    1,031
    Quote Originally Posted by Jigain View Post
    If the password you used for GW2 is the same as the password you used for your email address, it's fairly obvious what happened.

    Hacker acquires your email and password, probably from a compromised site somewhere. Logs into your GW2 account section with it and requested an email change. Next they log into your email using the very same login information (and click the confirm link if it's necessary to confirm email changes, I don't actually know how it's set up these days). Knowing that you need your activation key to reclaim your account, they also delete that email. Now they have your account and there's basically nothing you can do about it unless you can somehow convince the ANet support team that you are indeed the original owner of the account, even without the activation key.
    I was just thinking that.
    I guess they would probably accept your CC information or something as means of vertification and the fact that they can tell via the IP address that someone in napal is now playing ur account, lol.

    Either way, you probably want to change your e-mail password.

  12. #12
    Pit Lord philefluxx's Avatar
    Join Date
    Dec 2010
    Location
    Silicon Highway
    Posts
    2,295
    I actually bought a box copy after seeing the way Arenanet handles account's. Definitely not impressed, but dont you have email authorization enabled? My modem reboots every night because it fails to take my ISP's firmware update so every time I log in I have to authorize.

  13. #13
    Quote Originally Posted by philefluxx View Post
    dont you have email authorization enabled?
    This is the oversight where they failed. Email verification doesn't mean a thing when they can just change the email without any kind of verification. Last I heard changing the email was disabled so the OP must have been hacked over 3 or so days ago.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •