GW2 - Poorest Account Security ever?

[DrakeWurrum]

This thread reminds me of the time my account got hacked on WoW when I had not even played it in 6 months or use that password for anything else. So ofcourse I get told its my fault and to delete my WTF folder.

Yeah yeah, blame the victim

*sighs*

People need to stop throwing around the word "blame" like they're looking down at you, sniggering, and calling you an idiot. Because that's not what they're doing. Some people in customer service just blindly follow procedure, or else just aren't the brightest of the bunch to begin with. Sometimes they just don't know the right way to help you, and they're doing their best to figure out the solution.

Seriously, when somebody says that you're responsible for being hacked, stop trying to be insulted. There's no insult in it.

[PBitt]

Yep, my email just got changed on me, what a piss-poor system. Used a PW I don't use anywhere else ever. I'm always very careful and have never been hacked before. I have a feeling I'm all done with the game and their products forever as based on what other people have said I won't be getting anything back. I'll try, I guess, but don't expect anything. Pretty fucked up, I don't even have anything worth stealing other than the client itself.

[Zeek Daniels]

Yep, my email just got changed on me, what a piss-poor system. Used a PW I don't use anywhere else ever. I'm always very careful and have never been hacked before. I have a feeling I'm all done with the game and their products forever as based on what other people have said I won't be getting anything back. I'll try, I guess, but don't expect anything. Pretty fucked up, I don't even have anything worth stealing other than the client itself.

its not about a pass you dont use anywhere else its an email you dont use anywhere else.

[Remilia]

its not about a pass you dont use anywhere else its an email you dont use anywhere else.

The usual accusation that the account was compromised due to same email account and password, the password plays a lot into it unless there is a loop hole in the system that has yet to be found.

[PBitt]

its not about a pass you dont use anywhere else its an email you dont use anywhere else.

So....I should have a different email account for every thing I do because of piss-poor security? I guess my correct response is I shouldn't have played this game to begin with, I take good care of my information and PWs and emails, and have never had anything even remotely like this happen and this took 2 weeks. I did not make a new email address for GW2, did not deem it as necessary, okay it's my fault I used an email I've used before on things completely unrelated to GW2. Why should someone be able to hack my account by just having an email address? They shouldn't, right. If all I need is an email address I can probably hack a couple hundred thousand players right now myself. What the fuck.

[DrakeWurrum]

Yep, my email just got changed on me, what a piss-poor system.

Funny thing about that is that they have disabled the ability to change the e-mail from account options unless you also have access to the serial code used to activate your account. So I'm not sure, at all, how that happened to you.

---------- Post added 2012-09-16 at 05:10 PM ----------

as based on what other people have said I won't be getting anything back

It's only temporary until they get their rollback system up and running. That begs the question of why it isn't up and running yet. It also begs the question of why they didn't mention that it wouldn't be until after they launched, and for several weeks to come.

Still worth pointing out that, for now, all we can really do is be extra careful.

[Fenlnir]

It's only temporary until they get their rollback system up and running. That begs the question of why it isn't up and running yet. It also begs the question of why they didn't mention that it wouldn't be until after they launched, and for several weeks to come.

Still worth pointing out that, for now, all we can really do is be extra careful.

They may not have had the capabilities at launch to do it, given that so much is client side in the way of data.

[Remilia]

They may not have had the capabilities at launch to do it, given that so much is client side in the way of data.

All of the known game is client side. It is impossible to expect a server side game.

A roll back system may take about 100-150kb of data for the account for a certain period. Unless they use a very inefficient method of recording and saving data, the actual data isn't really big. 90% of the file size in your game... is actually just graphics... The actual computational part is very very little.

Spare 20TB of space and a automated recording system recording images of the account at the very least 6 / 12 / 24 hours, 1 day, 2 days, 3 days, a week and a month.
They have the ability to mass ban accounts, they should have the ability to mass restore accounts. However they didn't implement a back up system which means if your account gets corrupted, bai bai account.

Record the images in correspondence to the UserID and have it set in a suitable data structure, stack, link, or what not. Recall and replace when needed.

[Zeek Daniels]

So....I should have a different email account for every thing I do because of piss-poor security? I guess my correct response is I shouldn't have played this game to begin with, I take good care of my information and PWs and emails, and have never had anything even remotely like this happen and this took 2 weeks. I did not make a new email address for GW2, did not deem it as necessary, okay it's my fault I used an email I've used before on things completely unrelated to GW2. Why should someone be able to hack my account by just having an email address? They shouldn't, right. If all I need is an email address I can probably hack a couple hundred thousand players right now myself. What the fuck.

they got your email doesnt that mean your not secure? and i dont mean that you have somthing on your system but that your email was taken from some compromised site. I dont see how its Anets fault that someone is using the same email or pass as another location and the hacker stealing info from that loc and using it to hack GW2 accounts. Unless a hacker can type in random email addresses and get account access i dont see how this is Anets fault.

Pretty sure they need your password + email address.

[Fenlnir]

All of the known game is client side. It is impossible to expect a server side game.

A roll back system may take about 100-150kb of data for the account for a certain period. Unless they use a very inefficient method of recording and saving data, the actual data isn't really big. 90% of the file size in your game... is actually just graphics... The actual computational part is very very little.

Spare 20TB of space and a automated recording system recording images of the account at the very least 6 / 12 / 24 hours, 1 day, 2 days, 3 days, a week and a month.
They have the ability to mass ban accounts, they should have the ability to mass restore accounts. However they didn't implement a back up system which means if your account gets corrupted, bai bai account.

Record the images in correspondence to the UserID and have it set in a suitable data structure, stack, link, or what not. Recall and replace when needed.

Sorry, what I meant was, they may not have had the data needed to do it, thinking more of a cloud type thing, but the cloud didn't work. Does that clarify? I didn't mean it in, we host everything which means they have no access to our characters. BUT, they may not, given that they had to ask people to delete stuff from the exploit.

[Remilia]

Sorry, what I meant was, they may not have had the data needed to do it, thinking more of a cloud type thing, but the cloud didn't work. Does that clarify? I didn't mean it in, we host everything which means they have no access to our characters. BUT, they may not, given that they had to ask people to delete stuff from the exploit.

It means that they didn't have a roll back aka back up system. They do have access to your account. Why do you think they are able to ban you, unban you, account retrieval, etc.

[Fenlnir]

It means that they didn't have a roll back aka back up system. They do have access to your account. Why do you think they are able to ban you, unban you, account retrieval, etc.

They could have access to the account, but given that they asked people to delete, it would lend to the idea that they couldn't touch characters. Just a thought though, not like I would defend it to the end.

[Remilia]

They could have access to the account, but given that they asked people to delete, it would lend to the idea that they couldn't touch characters. Just a thought though, not like I would defend it to the end.

That has to do with no rollback and the manpower to manually delete item or currency is a waste of time over 4000 accounts.

[Fenlnir]

That has to do with no rollback and the manpower to manually delete item or currency is a waste of time over 4000 accounts.

True. Maybe I just wanted them to be behind on what they could do, so when they did it, it was done properly.

[DrakeWurrum]

I'm mostly wondering how they justified not having their account rollback system as a high priority, internally.

[Woceip]

Unfortunately the core of the matter can be summed up in scumbag steve format.

Uses compromised password and email address combination

Surprised when account is 'hacked'.

As a.net clearly states, the info's already out there. Since you chose to use it again, why is it there fault you used a compromised password?

[PBitt]

they got your email doesnt that mean your not secure? and i dont mean that you have somthing on your system but that your email was taken from some compromised site. I dont see how its Anets fault that someone is using the same email or pass as another location and the hacker stealing info from that loc and using it to hack GW2 accounts. Unless a hacker can type in random email addresses and get account access i dont see how this is Anets fault.

Pretty sure they need your password + email address.

You might be right, but I just don't see how they could have gotten my PW I never used anywhere, and I've never visited any kind of fansite for any MMO (or pretty much any game for that matter) of any kind other than this one, which is mostly for WoW. I guess what I really don't like is how they can just casually change my email address with no information other than my PW...I would think for a PW change you would need to confirm via email and an email change should have to be confirmed via serial code or something. Simple, and unless they hack your email too, it's a pretty failsafe system as far as I'm concerned. Now, I can see how somewhere along the line someone could have obtained my email address, I do use it for WoW and to me, to require a different email address for every MMO I play seems kind of ridiculous. I suppose I also *may* have used the PW once before for something else a while ago, but I'm not sure. Case in point, it's not so much that I got hacked it's that it's extremely not hard to do. Blizzard offers more secure protection, IMO, even without authenticators.

[Deleted]

Funny thing about that is that they have disabled the ability to change the e-mail from account options unless you also have access to the serial code used to activate your account. So I'm not sure, at all, how that happened to you.

Pretty simple, really.

Guy uses a particular email and password for a site that got compromised.
Guy buys GW2 via the website, has code sent to email.
Guy also use the same password for their email.
Hacker logs into email using the password from the compromised site. Acquires serial code.
Hacker uses serial code to change email.
Guy can't log in.
Guy gets upset and blames the company.

I've seen it far too many times.

[Gray_Matter]

All of the known game is client side. It is impossible to expect a server side game.

A roll back system may take about 100-150kb of data for the account for a certain period. Unless they use a very inefficient method of recording and saving data, the actual data isn't really big. 90% of the file size in your game... is actually just graphics... The actual computational part is very very little.

Spare 20TB of space and a automated recording system recording images of the account at the very least 6 / 12 / 24 hours, 1 day, 2 days, 3 days, a week and a month.
They have the ability to mass ban accounts, they should have the ability to mass restore accounts. However they didn't implement a back up system which means if your account gets corrupted, bai bai account.

Record the images in correspondence to the UserID and have it set in a suitable data structure, stack, link, or what not. Recall and replace when needed.

I think the problem is that the "archiving" process would have put additional load on the already overloaded servers (at the time). It's more than likely something that they disabled early on as a temporary measure to keep the performance up and something that they will be enabling again in the future.

[bbr]

Their customer service is why I have NCsoft and ArenaNet on boycot. January 2011 I decided to go play GW1 again, found out I had been hacked in my 6 month hiatus, about a week before I came back actually. The first automated email I recieved was the usual how to fix it. The second, after I asked if there was a way to restore it was responded to with an email that said basically that yes, they knew that I had been hacked, they knew I wasn't the one that had done it, they knew who had, what province in China he was in, yes they had the technical ability to restore my stolen items, but they were not going to because of some policy.

So in summary, NCsoft and ArenaNet have no protection at all against being hacked besides passwords, which can be reset by anyone, and they will not restore anything taken while you were hacked.

I got a whole bunch of mails stating "my password or email has been changed" on an email address that I'm not even using for GW2, since i dont have GW2 yet,.
so,. clearly a scam message.

Im sure others will be targetted,. it's nothing new.


Aion has pretty decent character security,. (requiring you to mouse enter a pin code before using a char or deleting it)
As does the blizz authenticator - more games should add that.