Curse

Sniper22 · May 02, 2008, 05:44 PM // 17:44

Funny how it seems only the rich people are getting hacked... dunno how this would keep happening though. You sure you guys don't have any keyloggers hidden on your computer?

Lord Xivor · May 02, 2008, 05:45 PM // 17:45

There is one other way that is so obvious, yet no one ever wants to think of it.

How many of you use the same email and password for GW as you use on websites such as this one? Or gw.incgamers, etc? There are tons of these sites. All it takes is one corrupt admin to think a bit deviously, access the database, and go to town on the account. I know this, because I have seen it done in other games. You would be surprised the kind of people that are around.

NOTE: I am not accusing GWGuru admins of anything. I am merely giving an example. There are hundreds of sites out there...it can be anything from a community site to a guild/alliance website. The point is...use different log on information.

Inde · May 02, 2008, 05:52 PM // 17:52

Lord Xivor, you don't know how this forum software works. There is no way for an admin on GWGuru or GWO to decrypt the passwords as it's a one way encryption in vbulletin. We don't have access to any passwords. I don't know about other sites and their forum software.

Lord Xivor · May 02, 2008, 06:00 PM // 18:00

As I said, I was not pointing a finger at GWGuru. I was giving one very valid explanation. And for your information, I DO know how this forum software works, and have used it before. I am a web developer myself. And with enough effort, any encryption can be decrypted. There are even online tools to decrypt md5 hashes straight off of a website. The question is...who would actually go through that kind of trouble for a silly game. Well, I doubt anyone would. However, other sites may not have as secure of software as you use here, but I am thinking more of the smaller community sites, not the big ones.

Rayzor · May 02, 2008, 06:09 PM // 18:09

Lord,

Fortunately the site doesn't use generic MD5 encryption, since it relies on both MD5 with salt. The likelihood of that being decrypted is so remote that it can be used for one way encryption of passwords with little concern for it being compromised. All passwords are stored in a unreadable format and are not even decrypt during login. It is far more likely that a person with ill intent has compromised the passwords through use of a logger etc.

That being said, can someone modify a forum to store an unencrypted password? Yes, but it is most likely a smaller lesser known site. I can assure everyone that their data is well encrypted on Guru and is not being used for hacking accounts. (My qualifications for saying this, I use to develop ICBM Software)

Finally you should NEVER use the same password for a forum that you use for any type of account you want to keep secure such as bank accounts etc.

Rayzor

Lord Xivor · May 02, 2008, 06:18 PM // 18:18

And you are absolutely correct, in reference to maybe this website. But can you say the same for other websites that run off of PhPBB, SMF, Joomla, PhPNuke, etc, etc, etc? I myself administrate a website running off of SMF/Joomla, and trust me...I know the security flaws it has, and I worked my butt off to make it secure, which partially comes from just regularly updated with the new patches and such. But for example, if someone in my guild ticked me off and left, it would take me about 45 seconds to figure out that persons password and should it be the same email/password for the site as it is for his account, then I would be able to do as I please.

Does this mean I would? Absolutely not. I have much higher standards than that. Does this mean someone else can do it? Absolutely. Someone with the right knowhow (really, intermediate web/database development knowledge). Any wannabe web developer that uses a packaged open source application that has set up a website for his guild/alliance/community really can do this.

I was never referring to someone from the outside accessing the information, nor was I referring to an admin with "mod" status. I was referring to admins with access to things like phpmyadmin, etc. A site admin.

NOTE: Again, I am not saying THIS IS THE CAUSE. I am giving just one option, and really, my point is not to argue the security of this site. My point is to inform the community to be very careful of the login credentials they use. It is always good to have different passwords for each website you use.

Inde · May 02, 2008, 06:29 PM // 18:29

Yes, I know what you were referring to Lord. I can assure you, with even all that aside, I can't tell you how many people send me their keys, their passwords, and everything else under the sun asking for help with some minor problem on GW. Thinking I am support or can send their information to the correct people. Quite frankly, I wouldn't even need to waste effort on such a thing with how people give out their information so freely without prompting to me. It's just not something that crosses my mind though. No matter how corruptable someone may think I can be.

I really do hope that maybe ArenaNet can shed some light on all this, that maybe they can tell us what happened to so many accounts and why they were compromised if that data is available to them. Tell us how many accounts were affected, make changing passwords easier for the players to protect themselves. That one person was able to gain access to so many different accounts in such a short time period is concerning and I do hope that they will open up about how it did happen.

Lord Xivor · May 02, 2008, 06:36 PM // 18:36

Haha, I can imagine, Inde. Being such a large community as this, I am sure it is readily assumed by many new or younger players that you and the other admins just HAVE to have direct access to the Guild Wars Gods or something.

But yeah, I have been following these posts on the forums, because frankly, it concerns me. Every game has its idiots, but this is something that is happening from outside the game...beyond what you see in the Guild Wars screen. That bothers me.

TheRaven · May 02, 2008, 06:44 PM // 18:44

Inde, I know exactly what you mean. I work in the IT department at my company and you wouldn't believe how dumb some people can be. I'll send an e-mail to someone asking them to describe the issue they are having with the software and they'll response with:

Thx for your help!!!! Each time I access this field the screen goes funky and <blah blah blah blah blah>. My user name is <usrname> and password is <password>. My network user name is the same and the password there is <password>. My e-mail is <email> and my SSN is <ssn>. If you need to verify any of that my mother's maiden name is <name>.

Oh, and I really want to change my GW password too as soon as I can figure out how to navigate thru NCsoft's hoops. Especially since I'm registered on Lord Xivor's forum.

(Although, my forum password is not the same as GW!, whew!)

Age · May 03, 2008, 12:10 AM // 00:10

Quote:

Originally Posted by Inde

Ummm... because we happen to be the largest GW site out there??? It's not a conspiracy Age, it's just where people go to post. I'm pretty sure that if we were to tally up all the "I got hacked" posts out there across all the GW fansites that we'd probably have the majority of them. I also really doubt you can read French, German, Spanish, Chinese, Danish, Dutch, Finnish, Italian, Russian, etc. etc. to know if it wasn't posted on any other GW fansite.

It might be helpful, though I don't think anet would do this, to tell us how many accounts were affected, the method they believe they were compromised by, or if they can indeed find out this information at all.

Yes.You happen to be the largest board for GW as Incgamers is second and they now have a reported hack.I am not drawing on any conspiracy theories here just curious.I was just more concerned with the pop ups that is all.

To Lord Xivor.The same applies to PhPBB and PhPBB Fully Modded which is what we use over at Star Trek Gamers as all password are encrypted and I as an Admin don't have access to them.

How many of you are playing on other PCs not your own as I only play on my own PC?For instance Internet Caffees.

Red Sonya · May 03, 2008, 08:22 AM // 08:22

This is why I've always wanted an official forum and not these unofficial sites. Even a well known site for EQ was eventually found out to be keylogging/hacking EQ accounts. You just can't trust individuals no matter how nice in wolves clothing they appear. They can tell you all kinds of security measures they use, but, does that mean it's so?

Fril Estelin · May 03, 2008, 09:43 AM // 09:43

Quote:

Originally Posted by TheRaven

Iyou wouldn't believe how dumb some people can be.

One part of the security problem is education. People are NOT "dumb", they're failing to grasp the very basics of a good security behaviour. Nowadays there's so many people that educated themselves with regards to computers (and security) that they're expecting everyone to do the same, and this is a big fail. It's a bit like car mechanics or cooking, it'd actually be very easy for anyone to become very good at it, to the point where you can service your car or sell a pro-quality meal, but this is not what most people want, so it'd be stupid to call them "dumb" for not being able to change a battery or radiator, or do their own bread.

I'm NOT saying that people are fine the way they behave or trying to find excuses for some people that are really dumb. I've been working enough in security to know that the problem is more complex that people believe. I can even tell you that the "big stories" (like company/state spying/hacking) are very much like the "small ones" (normal people hacked), they use the same "social engineering" tricks that EVERYONE can fall into, even you, me or Inde (except she's going to be extra-carefull due to her responsibility).

The day people stop being "intellectually lazy" by putting all security problems into the "you're dumb" bag, and start thinking "maybe I should try to help rather than blame", we'lll have made collectively a giant step, one that technology itself can't do. Individually, a lot of people are doing great, collectively we're failing like kids, because of a various reasons (here I'm blaming a bit everyone and noone at the same time). Hackers have huge established networks, they share (i.e. sell) a lot, and they've got in front of them a crowd of people divided into the few that understand the problem and the others that fail prey of the hacker's tricks.

Anyway, just my 2 cents, feel free to join me on this thread.

farahmir sanz · May 03, 2008, 10:24 AM // 10:24

Wow, I had no idea that there were so many hacked accounts out there lately. A friend of mines just had his account hacked into a few days ago and had missing black dyes, money, and runes taken from his storage.

I'll point him to this thread. :\

Regina Buenaobra · May 05, 2008, 04:52 PM // 16:52

The folks at Support, including Gaile Gray, have been looking into this problem over the past several days. It is a priority problem. All hacked account reports are being reviewed for more information. In all, 16 player accounts were affected as of May 1.

Right now, it is believed that someone was using two accounts to hack other players' accounts. Those accounts have been banned. If there are more accounts involved, they will also be banned. It is suspected that they are using a key logger or a fake website to obtain account information.

If you believe you have been hacked, please contact support immediately and open a ticket. It will help them figure out how widespread this is by cross referencing data, and will help them in their investigation.

As others in this thread have advised, please safeguard your account information. Don't fall for tricks such as people asking you to input your account name and password into their website.

makosi · May 05, 2008, 05:06 PM // 17:06

Can any of the victims list the GW related websites or message boards that they have signed up to then? That might help indicate which website (if that is in fact the method of hacking) is abusing people's information.

The Arching Healer · May 05, 2008, 05:14 PM // 17:14

Someone hacked me aswell, well on Guild Wars fansites. And he pmd me in Guild Wars sending me inlog names + passwords from other people (yes from the game itself). Offcourse I didnt use the info etc and ignored him. I think he hacked me aswell but I kept changing my password 3 times a day for ~4 days. Good for me no money / ecto's etc were missing

. Good to hear the accounts are banned.

Witchblade · May 05, 2008, 05:24 PM // 17:24

How do you know if nothing is missing?

Chthon · May 05, 2008, 06:34 PM // 18:34

Well, since it seems that the PlayNC site has a vulnerability that makes phishing attacks ridiculously easy, I have to ask: Did any of the hacked people follow a link from somewhere to the PlayNC site, and then log in?

Sir Pandra Pierva · May 05, 2008, 09:03 PM // 21:03

that could be it.

could someone be doing that with people following the link inside of guildwars itself?

or it could probolly just be a key logger adress thingie.

SurareVaera · May 06, 2008, 08:38 PM // 20:38

The only way someone could have gotten my email is from the Team Quitter Forums - though my email has since been changed. Honestly, a few people on QQ forums have bragged about being able to get the account info of well known players from those forums. http://www.teamquitter.com/phpBB2/vi...=asc&star t=0
However, a topic addressing hacked accounts hasn't come up on QQ, so I don't know how much merit those (joke) claims have.

Another possibility is this site of course, but I don't think the email is public and Inde has vouched for the security here. Then again, there was a thread http://www.guildwarsguru.com/forum/s...php?t=10283360 indicating some ads here on guru may contain viruses and/or keyloggers.

No keyloggers appeared on a virus scan or spybot search & destroy. I don't suspect any type of phishing related to plaync, since my access to plaync occured by clicking the "reset password" link on the login screen to the guild wars client. Also, the reason I only lost ectos and shards, and not my entire account is because my account was tied to plaync due to purchases from the online store. While there may have been doubts about plaync's security in the past, I don't think it's the case in this particular instance.

As an earlier poster demonstrated, it may be possible to remotely access saved passwords on your computer. http://guildwarsguru.com/forum/showp...&postcount=100
If that was the case, then lesson learned; I've turned off that feature on Firefox and made stronger passwords for everything i could think of. If I could change my username for Guild Wars I would, but that's impossible (I think) with a plaync linked account. Losing 300k in ecto's and shards is annoying but not particuarly damaging in the grand scheme of identity theft.