1. #1

    so, apparently, i just got my GW2 account hacked... but I didn't buy the game

    I received a mail from ArenaNet reading:

    Someone -hopefully you!- has requested to change the email address associated with your Guild Wars account.Need help or have questions about your Guild Wars account? Visit our support site: http://support.guildwars2.com/.
    -The ArenaNet Team
    I didn't initiate this, so i'm pretty sure i am hacked. And yes, i state in the subject that I didn't buy the game, but I did, however, participate in the 3rd Beta Weekend Event. I never bought the game, though, because A) i 60 EUR is too much for me, especially since B) I didn't like what I saw in the Beta Weekend. I sent them a support ticket (I really don't like calling someone myself, i'm terrible at oral communication, much better at written though), but is there anything else I can do about it, apart from calling them (which i only want to do as a last resort)?

  2. #2
    Brewmaster Cairm's Avatar
    Join Date
    Dec 2009
    Montréal, Canada
    Its a scam...I doubt hackers would hack beta account at this point...maybe just a fail on their part.

  3. #3
    The Lightbringer Istaril's Avatar
    Join Date
    Jun 2011
    Scotland. Freedom and So on.
    It'll be a phishing email. I once got one regarding my non-existent Diablo 3 account. They send the emails in bulk to people in the hopes that someone will give them their password and other details.

  4. #4
    yeah, but i've tried logging into my account, and I got an error saying they didn't find an account with that address. and it looked legit, because these are the headers:

    Return-Path: bounce+781968.35e-***=[email protected]: from beatrice.telenet-ops.be (LHLO beatrice.telenet-ops.be) ( by zcshobo21.telenet-ops.be with LMTP; Sun, 11 Nov 2012 19:39:03 +0100 (CET)Received: from mail-s33.mailgun.us ([]) by beatrice.telenet-ops.be with bizsmtp id NJf31k00H0jVomo02Jf33l; Sun, 11 Nov 2012 19:39:03 +0100Delivered-To: ****DKIM-Signature: a=rsa-sha256; v=1; c=relaxed/relaxed; d=guildwars2.com; q=dns/txt; s=pic; t=1352659143; h=From: To: Subject: Mime-Version: Content-Type: Date: Message-Id: Sender; bh=mLDMSKvBPkOxFgpyh9Fp6NeBY33a5itJPnUl1b5f0fA=; b=UQNkhhjOOpGoDTOcsYEjOy22YcpMTBL5t3G0l2NynoedgkDCtFsHwSwggLKLe9aeKT6Quc7L f209edpS+ykjOsp5+oDnGQDz5aFksJSWngxIp5JHmr2J2ybkTiG52aXChVNOljqo9KvMrV5p Pqw6n3s79sTBf3sCDUYj4BvQTss=DomainKey-Signature: a=rsa-sha1; c=nofws; d=guildwars2.com; s=pic; q=dns; h=From: To: Subject: Mime-Version: Content-Type: Date: Message-Id: Sender; b=LRJXZpLi80+amKGAj6E8fWMK9//j5rmChfDqvHKxOJQ99aj4HrS6dTFOj9gVIFlXVtJNQb 2txTQXXmxO6h7vsQIb4Mu9cyyX7E+whsDEMVuX4ASD+nYYpGlAK1z0aylyX/Lv1if/omQqSA qCneVIknEWdxe/LWkkInpiXRcqFwY=Received: by luna.mailgun.net with SMTP mgrt 8740359387525; Sun, 11 Nov 2012 18:39:02 +0000Received: from guildwars2.com (Unknown []) by mxa.mailgun.org with ESMTP id 509ff0c6.55b0490-luna2; Sun, 11 Nov 2012 18:39:02 -0000 (UTC)From: ArenaNet <[email protected]>To: ****$*Subject: The e-mail address for your Guild Wars account has been changedMime-Version: 1.0Content-Type: multipart/alternative; boundary="PartBound_20121111_184336"Date: Sun, 11 Nov 2012 18:39:02 +0000Message-Id: <[email protected]>X-Mailgun-Sid: WyJkYTg1NiIsICJuYXRlLmtlcmtob2ZzQHRlbGVuZXQuYmUiLCAiMzVlIl0=Sender: [email protected]

  5. #5
    so your scared your beta account is getting hacked...right...

    You dont own the game. You dont even have an account. Why do you care? If were to participate in TESO beta, decided i dont like the game, and then months later i get an email saying someone is trying to change or has changed the email associated with that beta account. I would either be like "good for them" or i would be trying to figure out if they have hacked my own email, which is what you should be doing.

    Now ppl in this thread have also mentioned that this was a scam. And it could be i have gotten emails about games i have never played on a compromised email address, which is why i no longer use that email for games but its always fun to check out all the fake emails that come to it.

  6. #6
    Herald of the Titans Achaman's Avatar
    Join Date
    Jan 2010
    pfft as if you care..
    i get this for diablo almost every day which is funny coz i dont play it

    i played the beta at some point where the level cap was 13 but other than that not a single second more

  7. #7
    Even if it's not a scam, why care? You're not playing anyway.
    My Cracked articles, writing blog, and Twitter.

    The problem with the internet is parallel to its greatest achievement: it has given the little man an outlet where he can be heard. Most of the time however, the little man is a little man because he is not worth hearing.

    Want to chat with people who aren't idiots? Join our IRC.

  8. #8
    Moderator Shamanic's Avatar
    Join Date
    Jul 2009
    Cardiff, Wales
    The headers look legit. Doesn't sound like there is anything for them to steal though; if you don't want to call them, but you do want to double check what's going on, you could just register a new account with your email address and open a support ticket, copy/paste them the email and explain the situation to give them a heads up but if you didn't even have a product registered to it, seems a bit like a waste of time.

    You should run some security scans just to make sure your PC isn't compromised though... it's most likely that your email is listed in a database somewhere though and as that email is undoubtedly on some list now... you may want to not use it for important accounts in the future anyway. If you had the same password on any other site, change it, just to be sure, although I don't see it being a keylogger if you hadn't even logged in since the beta weekends.
    Moderator of Professions & Garrisons | General Discussion | Diablo 3 | General Off Topic
    Please take the time to read the Forum Guidelines & Sig Guidelines
    Steam - Friend adds welcome.

  9. #9
    High Overlord Peahorse's Avatar
    Join Date
    Sep 2010
    I agree with Zeek, I would be worrying more about whether my e-mail address has been compromised rather than if I had been hacked in a game I don't play.

    I have an old e-mail where I get scam e-mails for everything from Runscape & Everquest through to Diablo 3. I've never played any of them, or I've only trialled them. Either way I don't care and I have registered a new e-mail address for gaming.

    I would shrug this off, carry on and register a new e-mail address for gaming and use only for your game of choice. You say you have already notified Anet of this, which was good to do as they may be able to try and prevent this happening to anyone else who has got an active account.
    Yeltha - Retired
    Yettah - Retired

  10. #10
    Something to note: headers are easily forged. The main reason why most fishing mails can be found by headers is because so few people actually know of their existence, that there's little point in forging them.

    Those who know how to view and disseminate information contained in email headers is not their target audience. They are looking for people ignorant enough to be socially engineered into giving their account information to a phishing website.

  11. #11
    Quote Originally Posted by Lucky_ View Post
    Something to note: headers are easily forged. The main reason why most fishing mails can be found by headers is because so few people actually know of their existence, that there's little point in forging them.

    Those who know how to view and disseminate information contained in email headers is not their target audience. They are looking for people ignorant enough to be socially engineered into giving their account information to a phishing website.
    indeed, and that's why this mail rang some warning alarms with me. because they didn't ask for my account data, they didn't ask me to reply. the URL goes to the official support website for GW2, with no URL faking, and i couldn't log in with my usual credentials when I clicked through to main page -> services -> my account. I made a support ticket on the official support page, and they gave me an official looking acknowledgement and an official looking reply, where they asked me for my serial code (I gave them the one I got from Curse for the Beta) and my email address (I registered a new mailbox with my ISP for this). i always went through official channels for this, or at least ones that looked authentic, had a proper certificate, and had the proper URL. I mean, can the URL in the address bar be made to look legit while the page itself is non-legit? because it seems like if the address bar is faked, they went through a whole lot more hoops than i could see a normal spammer take to get my account data, including recreating the entire GW2 website, faking a support website and manpower that responds in a realistic timeframe. I got the reset mail yesterday evening at 7.39 PM, made a support ticket at 1.30 pm, got the automated reply at 1:35 PM, the support response at 16.20 PM, and a moment ago at 17.01 PM a request to finish my support account. seems like an awful lot of work just to get a beta account.

  12. #12
    Its entierly possible that the email was legit from Anet and some hacker got ahold of the PW/UN you used for the beta account and tried to change the email/PW like they would on a normal account. Apparently this one tries to do the account changes before finding out if the account is actualy a live one or a holdover in the system from beta with no game access. Either way this does not really effect you as far as GW2 goes but I would be very concerned about what other accounts might have had their info captured at the same time.

    Who is John Galt?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts