Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Quick Links
Wow they really screwed up. Many accounts lost due to hacking
This discussion has been closed.
It looks like you're new here. If you want to get involved, click one of these buttons!
Comments
You're pasting the password reset email the email sent after changing the email looks exactly like what the OP posted.
How about your facts?
And yes, ArenaNet is responsible to have at least good enough security for our accounts.
It would have been much easier for us and it would have given more security to verify a change of account name/email adress by adding a verification to the old email just like the one they send to the new email adress. (Just to name one example.)
This email is sent to the former email adress:
---
Someone -hopefully you!- has requested to change the email address associated with your Guild Wars account.
Need help or have questions about your Guild Wars account? Visit our support site: http://support.guildwars2.com/
Thanks!
-The ArenaNet Team
---
This email is sent to the new email adress:
---
Your e-mail address has been changed. Please remember to use this new address the next time you log in to your account.
To confirm this change, please click on the link below.
[LINK FOR EMAIL VERIFICATION]
Need help or have questions about your Guild Wars account? Visit our support site: http://support.guildwars2.com/
Thanks!
-The ArenaNet Team
---
Which is just wrong...
I'm so broke. I can't even pay attention.
"You have the right not to be killed"
Yeah. I don't register at a site unless it's a legit gaming site run by a legit company. I've seen too many people register at fan sites, especially 'mod' and 'hack' sites, and get hacked to death later.
The Risk of playing video games on computers is risky if you scare of hackers go play Consol games you get more protection ther from hackers except playstation console or learn how to protect yourself from harm like identity theft to start of with.
Sorry, he specifically claimed TWO THINGS:
Read more carefully. His claim was wrong. They didn't even change his password to steal his account. They knew it. The security breech was his own -- reused passwords.
I will admit, the second part should have explained better. I plead 6:00 AM and lack of coffee. A password reset email has the go-back-to-link. I was pointing that out.
Because its easier to blame someone else than to admit that they did something stupid....
the trouble is that too many people just do not pay attention, they treat the internet as if its a playground, and think web security is somebody elses responsibility.. the mind boggles sometimes it really does.
if you havent seen this (link is on the game launcher)
http://wiki.guildwars2.com/wiki/Game_status_updates
Friday, August 31, 2012
EQ2 fan sites
Seriously , never used an authenticator in any game , played EQ since launch and most every mmorpg since , and never , not once , have had an account "hacked'. Zero , nilch such issues.
I just don't get it , unless people truly use the same login/password for fansites and click on links in emails that people by now should know better.
Either way , it's quite possible to never lose an account or be hacked and never even touch an authenticator.
People need to educate themselves , not scream AN was hacked wheres my authenticator.
Ehm no, he claims 1 thing.
The most logical interpretation is that he is talking about the change off account name (email adress) and that ArenaNet have made that to easy.
He "begins" with:
"Logging into the website, no luck. Logging in with my username, doesn't exist."
And "ends" with:
"They didn't even bother checking with me before changing my password."
*Password is more likely a typo, there are no reasons to believe that any company should verify a change of password other than typing the old one at the time of change. Also as he is pasting the email change notification sent by ArenaNet, and that is the easy way ArenaNet made it to actually steal accounts by changing accountnames vithout verifications.
And he acknowledge the need for changing p/w and email to make it more safe.
There is no need to defend Arena Net, they have made stupid choice with how the account name change can be done.
I'm so broke. I can't even pay attention.
"You have the right not to be killed"
Perhaps a stupid question.
But what is wrong with (just) clicking a link?
I thought as long as you don't type in your account info on a phishing website you are fine..
When Online Game Companies get hacked, the hackers and gold-botters keep the information that was obtained for years.
A new anticipated game comes out, they use programs that scans and probs down a list to see who they got from prior hacked games. If they find a matching email or an account using the *same* password then they got that person's account. It's always good to change e-mail and password frequently on these MMO websites as well as not using the same emails or passwords for different games too.
MMO sites aren't very secure to began with(and a lot of other sites aren't either, unfortunately with all the hacking incidents that have occured in the past) and as technology becomes more sophisicated you will have a criminal element that increases with it.
It's one of the main reasons I use Game-Cards for MMO's rather than CC methods of paying for a game or in-game products.
Can you motivate why ArenaNet are not to take blame when they made it this easy to change an account name?
Now it is a fact that all people are not honest, not on internet nor outside the door. Some will steal your password and others will steal your wallet.
You say we should not treat internet as if it is a playground... that's good. But the context of your post says that on the internet the victim are to be blamed.
Why?
I'm so broke. I can't even pay attention.
"You have the right not to be killed"
Some sites can plant a cookie on your computer that key logs your strokes. Just as bad as giving it to them.
That's how my WoW account never got hacked. I never clicked anything nor filled in any passwords anywhere. I don't know that ANet is to blame for this anymore than Blizzard is to blame.
Look gw2 is awesome, but something beyond user error seems to be going on.
When a malicious or fishy link is clicked it's highly possible that that link is connected to a phishing website or attack website. What may look like a harmless URL could be a link re-directing a person to a website that may try to re-route their browser URL's by exploits, or possible viruses and malicious programs that open up because they were allowed "access" by clicking on them. Think of hyperlinks as a gate-way door.
I've known people that clicked on phishing links and they ended up getting redirected to a bad websites. Browsers got Hijacked. Ended up putting their information on the website they thought was legitimate and next thing known their accounts has been wiped clean.
http://www.antiphishing.org/
http://onguardonline.gov/articles/0003-phishing
It's abolutely ridiculous that after 20 years of commercial internet there are still new kids entering the segment that choose their birthdate or 1234qwer or 1qay2wsx as their passwords on every other occasion.
In 15 years of online gaming I've never ever been hacked. I use a password for random boards that could probably be hacked given enough tries and another one for accounts linked to bank account information (which is considerably longer and uses things like % or ü or #) and then theres MMO accounts.
The password for an MMO account is never ever stored digitally, anywhere. Period. It's in a bound book in a drawer under the desk I'm sitting at. And it's changed every 6 months or so and consists of min 12 characters, randomly generated.
The last one I had for LotRO was "0&et2$8s2!1(" (don't bother, it's already changed).
And for people who are too lazy to spend 20 seconds instead of 3 for entering their password. Well, you guys deserve to be hacked and robbed then.
And well, don't get me started about discarding any email with links in it unless it's from a hand-picked whitelist. EVERYTHING that is remotely important and relevant will be send by postal mail or phone call anyways. At least in Europe that is. There's a law here that forced me to tell the government where I live and what I do for a living, so if someone wants to talk business, I want ink and paper. Period.
M
Unfortunately I'm going to have to side w/ Blizzard on this one. While they get hacked a lot also, Blizzard most definitely has more security on WoW than Anet has atm w/ GW2.
For starters, WoW has more checks on your account (+authenticators) to make it harder for people to steal your account, even if they phish your email (which happens fairly frequently nowadays). Secondly, WoW has a much quicker response team. When people's account gets hacked in WoW, they usually are talking to a person within a few hours. If their items were stolen, it took Blizzard another week or so on top of that. In GW2, you just get banned (can't play at all), and in some cases people didn't hear a word from Anet for close to a week.
When you do get in contact w/ Anet it's usually pretty smooth. However, their response isn't consistant enough to be considered good. Furthermore, their security is far from flawless, so saying Anet is 'blameless' for blanketly banning 1000s of accounts, many of them innocent, without having a proper response ready for people who got caught in the crossfire, is pretty irresponsible imho. It's not as though they didn't expect this game to be hugely popular, and rampant hacking is not exactly a new problem to MMOs. They should've had a plan just incase this happened (though I know it's kind of tough to expect such a huge attack even before the actual launch.
Even still, a lot of pre-purchases lost most of their headstart gametime while doing absolutely nothing to deserve such a response.
Never click a link if you get a suspicious email it could put a trojan, keylogger or worm on you PC. Always go to the site in question manually through google or type in the address in the header. With emails always check the sending address as well to see if its genuine. Also get web security software that actually scans your emails if you have them downloaded to your PC.
This doom and gloom thread was brought to you by Chin Up the new ultra high caffeine soft drink for gamers who just need that boost of happiness after a long forum session.
1st email: The e-mail address for your Guild Wars account has been changed
2nd email: Confirm new e-mail address for your Guild Wars account
You do not click the link. You go to the site manually. Email does not exist.
ANet sends two emails to an email that does not exist, eh?
For some, they've commented that the email address is not even tied to GW/GW2. In which case, why exactly did ANet send those emails out? For some, they've commented that they may have registered for the GW2 beta - but never got in or never used it. In which case, why does the email exist for the emails but not for an account? For some, they're just wondering WTF happened - since they received two emails, where the second is asking for confirmation...something they do not confirm...yet they're no longer able to get into their account.
There's all sorts fun to be had in discussing this. The curious discussions are involved in blaming the users.
Say somebody does grab their username/password combo from another site. They're able to login. They might be able to login to the game account and cause all sorts of havoc, but even there - not really. In this day and age, the game should recognize that a person is logging in from another location and request an auth code for that location. C'mon, it's 2012...
But you say they've changed the email, so that doesn't matter. How did they change the email? They have the user/pass. Really? To change the email, it should require verification from the current email. Heck, the same goes for the password.
In order to compromise the account, the person should have to compromise both the account and the email.
Then you could really get into blaming the user - because they're likely to fall into crowd that's installed a trojan by downloading something they should not have or made the silly mistake of using the same password for their email as some other account.
Outside of that sort of thing though, it's 2012 - there's a certain level of responsibility that falls on the developers at this point, since they should have learned from the mistakes made by their fellow developers over the past 15+ years.
I miss the MMORPG genre. Will a developer ever make one again?
Explorer: 87%, Killer: 67%, Achiever: 27%, Socializer: 20%
Plus disable any kind of plugins and set them to "ask" so that if the site wants to activate anything else than "information" the browser asks you if that's ok.
Use uncommon browsers like Opera.
Be paranoid!
M
And when ANet goes as far as they can...then you can make that statement.
I miss the MMORPG genre. Will a developer ever make one again?
Explorer: 87%, Killer: 67%, Achiever: 27%, Socializer: 20%
Yep, a lot of players assuming that hackers didn't trade or maintain dbases.
Welcome to the information age, already in progress.
Self-pity imprisons us in the walls of our own self-absorption. The whole world shrinks down to the size of our problem, and the more we dwell on it, the smaller we are and the larger the problem seems to grow.
WOW how did you guess that, Opera is a great browser. I heartily recommend it.
This doom and gloom thread was brought to you by Chin Up the new ultra high caffeine soft drink for gamers who just need that boost of happiness after a long forum session.