GW2 - Poorest Account Security ever?

[Abstieg]

Just for the record, the email saying your email has changed is a bit misleading. Unless you click that link, the verification does not go through and your email remains unchanged.

[Deleted]

Compared to a mobile phone application where you put in a random series of 12 digits upon your request, which lasts for a total of 30 seconds?

Sounds a lot more secure.

[Frozen Death Knight]

Let's not make the mistake of pretending that e-mail authorization isn't a strong security measure.

Still beats having no protection at all, as far as I'm concerned.

[lawomous]

I'm pretty floored by GW2 security as well. Within a week of making my account, with a unique password, I got three emails in one day saying someone was trying to reset my password. Of course I ignored the requests, but the next day it says someone with a China IP address is logging into my account. I changed my pass and I'm a bit sorry for even buying the game if this is already happening.

[DrakeWurrum]

Compared to a mobile phone application where you put in a random series of 12 digits upon your request, which lasts for a total of 30 seconds?

Sounds a lot more secure.

You might as well be comparing your front door to a secret gold vault in the Pentagon or something.

Just because it's not the ABSOLUTE best security method ever, does not mean it's not secure.

---------- Post added 2012-09-12 at 11:01 AM ----------

I'm pretty floored by GW2 security as well. Within a week of making my account, with a unique password, I got three emails in one day saying someone was trying to reset my password. Of course I ignored the requests, but the next day it says someone with a China IP address is logging into my account. I changed my pass and I'm a bit sorry for even buying the game if this is already happening.

In other words, the security methods worked, and you're regretting buying the game, simply because of people who already know your e-mail address by hacking other games and fan web sites?

Blizzard products aren't that much more secure. Thousands of Diablo 3 accounts were hacked on day one.

[Abstieg]

I'm pretty floored by GW2 security as well. Within a week of making my account, with a unique password, I got three emails in one day saying someone was trying to reset my password. Of course I ignored the requests, but the next day it says someone with a China IP address is logging into my account. I changed my pass and I'm a bit sorry for even buying the game if this is already happening.

Did you use a unique email? Most emails already used for online games are compromised, and flooding GW2's website with emails to try to get password resets isn't something that is ArenaNet's fault. I made a new unique email and haven't had a single attempted access.

[Deleted]

This is story is always the same... I give away something and go next day and say I´ve got stolen this country is not safe.

I give away the password to someone and then say i´ve got hacked. Oh yeah obviously blame Anet.

[Deatheryn]

I'd like to know, ultimately, in an age where so much of our information is available to people - why, when we're paying £50 for a game, the said game doesn't come with any means of protection. The security systems in place are completely non-existent and the systems to fix these issues are non-existent too. I'm completely stumped.

The answer is,..~drumroll~... Anet doesn't give a fuck about the ppl that bought their game because they already got all the money from those customers they're going to get. Which means that I'd say at least 25% of the people who have lost their account will buy a new copy, garnering Anet two sales from one customer.
This is one of the ways the whole "No Sub Fee" thing takes a hot steaming shit all over the playerbase. Paid MMOs get you your account back fast because if your not playing, your not paying.

[Deleted]

I did a quick google search using the following terms:

"WoW mass hack issue"
"Warcraft mass hack issue"
"battle.net mass hack issue"
"battle net mass hack issue"

I found nothing relating to a mass attack on WoW accounts. There were a lot regarding D3 but I couldn't find an actual figure.

I then did the following search:

"gw2 mass hack issue", this is the first page: google.co.uk/search?q=gw2+mass+hack+issue

One could argue that it gets more attention because it's newer, but I'd be more inclined to believe it's because of failing systems on A-Nets part.

[Gray_Matter]

All these complaints about security. Just a couple of things:

1) 11000 people haev been hacked at the last figures. Thats about 0.4%. Not exactly a large percentage of the base.
2) Authenticators cost money. My guess is that they are subsidised to a certain extent. this can easily be done with a sub game. It takes a bit of a back seat with a game like GW2 where they are dealing with issues that effect more than 0.4% of the people.
3) The fault in the majority of cases lies with the people who have used the same user name and password for a number of different web sites, games, etc. You are only as secure as the weakest link and you can be suse that there is a dumb company out there who are storing your password verbatim.

Yes, there is more that A/Net could have done but they will definitely be focusing on issues that effect the majority of people at the moment.

[Strah]

In other words, the security methods worked, and you're regretting buying the game, simply because of people who already know your e-mail address by hacking other games and fan web sites?

Blizzard products aren't that much more secure. Thousands of Diablo 3 accounts were hacked on day one.

Yet blizzard gives you an opportunity to buy an authenticator.
Anet doesn't. I would defo get one if they would sell them.

[Deleted]

The 11k hacked accounts was just 1 of several attacks.

[Gray_Matter]

"gw2 mass hack issue", this is the first page: google.co.uk/search?q=gw2+mass+hack+issue

One could argue that it gets more attention because it's newer, but I'd be more inclined to believe it's because of failing systems on A-Nets part.

I will say the same thing that I have said in the past. If someone hacked A/Net then they would have just updated the DB to give themselves tons of gold. No need to go through the effort of hacking the client machines.

[lawomous]

Did you use a unique email? Most emails already used for online games are compromised, and flooding GW2's website with emails to try to get password resets isn't something that is ArenaNet's fault. I made a new unique email and haven't had a single attempted access.

Same email I use for most logins, with the Gmail 2-step authentication that I recently added since.

[Abstieg]

The 11k hacked accounts was just 1 of several attacks.

There's a difference between hacking incidents using compromised data from external data and hacking the actual game company's database. Blizzard got hacked. ArenaNet, as far as I know, did NOT get hacked, simply, accounts were compromised from the outside and that information was used to gain access. Aka people need to use unique emails, as much of a pain as it is.

[Jerot]

-Got email asking to confirm login from an IP in china (Why would you ever have this turned off?)
-Made sure computer was Malware/Virus free
-Email was secure but created a new email, better safe then sorry (Email password should always be unique)
-Changed my password to something I don't use for anything else.
-Reported IP address/Login attempt to Arenanet

Science!

It your fault for not using a password unique to guildwars even if your normal password was xxxxxxx and your gw2 one was xxxxxxx2, or for having turned off login authentication. They wouldn't be able to login to the website and change your email if you had authentication turned on and/or seperate secure passwords for the game and email.

I've had 3 Main passwords, with 2-3 variations each over hundreds of online accounts and the only time I've been hacked was my Aion account ~3 months after I stopped playing. (I had a unique password for that game) In that situation, you can blame the games account security. Otherwise its your responsibility.

[notorious98]

I don't accept the premise that I should be *forced* to use 15 billion different emails and passwords just to keep my security. I don't have to lie about where I live to everyone who asks me, and I don't have to rely on 15 billion different mobile phone numbers to stop potential stalkers. ANet simply do not have the proper systems in place to prevent being hacked: from what it looks like, I didn't even receive an email that my account email had been changed. Nor did I receive an email regarding an "intrusion" - simply, the email was changed without my authorisation.

From what it looks like, someone could simply *guess* the details - without needing to hack, just guess because the systems aren't in place to stop intrusions or even warn you.

Agreed. In this day and age, I don't know how on earth it's possible for a AAA MMO to release without an authenticator. I even question the competency of Trion with authenticators that can only be used on Android or IPhones. It's not a problem for me anymore now that I have a phone with the Android OS, but when I have a Blackberry a month ago, it kinda sucked. Authenticators are easy and cheap to produce and can be sold for $5 to a profit. Just look at Blizzard. It's just lazy.

[Deleted]

The 11k hacked accounts was just 1 of several attacks.

Hey, copy & pasting is not hacking...
They are copy pasting password and logins you gaven on other sites they are not hacking Anets servers.

[DrakeWurrum]

Yet blizzard gives you an opportunity to buy an authenticator.
Anet doesn't. I would defo get one if they would sell them.

To be sure, I'd get one as well. I'm not saying it would be bad to have one.

I'm just saying the game is still quite secure without it, and it's not really a requirement. People like Iawomous have had attempted hacks, but didn't actually get hacked, which means the security measures worked.

It's not really bad to use the same e-mail for everything, so long as that specific e-mail is plenty secure, but don't blame Arena Net for poor account security, when it was Blizzard's poor security that resulted in hackers having your e-mail. Arena Net can't do anything about their databases that have already been created.

[Grraarrgghh]

The answer is,..~drumroll~... Anet doesn't give a fuck about the ppl that bought their game because they already got all the money from those customers they're going to get. Which means that I'd say at least 25% of the people who have lost their account will buy a new copy, garnering Anet two sales from one customer.
This is one of the ways the whole "No Sub Fee" thing takes a hot steaming shit all over the playerbase. Paid MMOs get you your account back fast because if your not playing, your not paying.

Yeah because Blizz NEVER took 3+ months to get accounts returned back in the BC/early WOTLK days...nope, never happened.