Account Hacks: Your help in this matter are invaluable! - Guild Wars Forums

plum64_uk · Dec 03, 2009, 02:45 PM // 14:45

Good afternoon all,

Before I go into this I ask that you do not "flame" me for what I am about to write here. I'm in no way trying to point fingers or play the blame game. I am just curious to see if there are any others out there that may have had a similar experience as I and, with a little luck, maybe get some answers.

Recently I had my account hacked. I have written about this at length in previous posts and need not bore you with the whole story here, but in a nut shell, I lost plenty of loot and coin (~350k's worth), and after some Virus/Spyware Scanning, password changes and a complete overhaul the account is now back in my hands, characters still there. It was, naturally, the result of a key logger program.

Now, I've always considered myself to be extremely cautious with my security. Nothing like this has happened to me in all the +4 years of playing GWs (or ever for the matter with anything IT). So, looking back, I asked myself "What have I done past 14 days that could have caused this?" (I update my password for GWs every 2 weeks)

Turns out there was something I did do that was, for me, very unusual. Recently my main character became a GWAMM (30) and I thought, with a mixture of both pride and arrogance, "Where can I show this off?". Turns out there is a site where one can show off their character(s) and titles.

I ask that no-one reading this post attempt to Google or go to this site, just to be on the safe side mind. It's called: gwchars.de ??? a predominantly German site but also has an English portal.

My question to you all in the GWGuru community is ???Has anyone else been to this site, signed up with their details and then had their account hacked???? If so please inform myself and others. I'll have Anet support look into it further.

However, if it turns out that there has been mostly positive feedback regarding the safety of this site please do let me know, I shall attempt to find the alternative cause.

Let me know your thoughts.

All my best,

Aurelius

Inde · Dec 03, 2009, 02:54 PM // 14:54

plum64_uk, you probably haven't done anything in the last 14 days to cause this. People who have been away from their accounts for months are being affected as well.

Windf0rce · Dec 03, 2009, 03:09 PM // 15:09

I am registered at GWChars.de for quite a few months and never had a problem.

Obviously, I use a different e-mail address and password than the ones I use for my actual account - so even if GWChars.de has some security hole, the retrieved info won't be useful to hack my account.

I'd say just avoid using the same e-mail address/pass from your account in any GW fan sites and you should be safe.

Dzjudz · Dec 03, 2009, 03:19 PM // 15:19

So now googling a site will get you hacked? Jeez, what will these hackers come up with next?

Carboplatin · Dec 03, 2009, 03:44 PM // 15:44

I've never been to that site and i was hacked.

Hengis · Dec 03, 2009, 03:52 PM // 15:52

I've never even heard of that particular site but had my account hacked not too long ago.

I still don't know with any degree of conviction how my account was hacked and am sort of resigned to never really knowing now.

The forth fly · Dec 03, 2009, 03:57 PM // 15:57

i have belonged to that site for over 8 months with 2 diffrent accounts and i have never been hacked.its good site btw

nitetime · Dec 03, 2009, 03:59 PM // 15:59

The reason behind all the account hacks may have something to do with yesterdays update:

Originally Posted by Update - Wednesday, December 2, 2009
Bug Fixes

* Fixed a crash bug.
* Fixed the URL for requesting a password reset.

found here in this thread:

http://www.guildwarsguru.com/forum/s...php?t=10415403

doesn't explain much, but its something.

Riot Narita · Dec 03, 2009, 04:00 PM // 16:00

I realise how omgparanoid this is going to sound... but announcing that you have reached GWAMM probably identifies you as a juicy target, one that's worthy of attention from would-be hackers.

Tharg · Dec 03, 2009, 05:19 PM // 17:19

I got hacked when I started to bid on, and pay a lot of money for sweets. I think that that identified me as a juicy target. Somebody approached me in-game referring to a bid I made for sweets (the correct items and the correct price) but he was not the actual seller. We concluded the transaction and within seconds he was off line. Within days my account was hacked. I lost about 1.5 million worth of stuff.

I was registered on NC Soft, Guru and GW Online. I visited the German site once but was not registered.

rcelbrechter · Dec 03, 2009, 06:30 PM // 18:30

As an alternate to the above conversation, my son had an account taken from him (his own fault). He did learn from this, but from an outsider observation I believe that there are elements of changing a password that Anet has backwards making account theft easier.

Most major sites have as policy to send out a note to verify an email change. The normal default action is to refuse the change unless a verification is made to the emailed notification. In Anets case - Their email notification states that the change will be made unless you respond (deny the change) to the email. This is quite contrary to almost everywhere else. This fact created a situation where we scanned over the email not paying it much heed until the account became inaccessable. His account had been shifted to a temporary .yahoo email account - and immediately shifted again to a more permenant email (yahoo account deleted thereafter). Unfortunately we could not find the small slip with his original GW activation numbers and as such he GAVE his account away with a little help from Anet.

This would not have happened if it had been set up not to change unless verification had been obtained.

snowman relic · Dec 03, 2009, 06:32 PM // 18:32

the above post makes me wonder if this game is safe at all anymore you can get hacked for buying something amazes me

Bob Slydell · Dec 03, 2009, 08:19 PM // 20:19

Quote:

Originally Posted by tvalentijn

I got hacked when I started to bid on, and pay a lot of money for sweets. I think that that identified me as a juicy target. Somebody approached me in-game referring to a bid I made for sweets (the correct items and the correct price) but he was not the actual seller. We concluded the transaction and within seconds he was off line. Within days my account was hacked. I lost about 1.5 million worth of stuff.

I was registered on NC Soft, Guru and GW Online. I visited the German site once but was not registered.

So packet sniffing/decryption is still not ruled out? or did this happen long ago?

Quote:

Originally Posted by the western warrior

the above post makes me wonder if this game is safe at all anymore you can get hacked for buying something amazes me

I haven't traded with people outside of my guild in years, I haven't talked in depth with people outside of my guild in years, I haven't grouped with people outside of my guild in years, I haven't done things in the game that add world announcements, ever. I use strong passwords and avoid the public as much as I can. I can as least say since I have been playing since March 2006 I have never been hacked, ever and hoping all this paranoia and stressful constant account checking/password/email changing will pay off. But I just have this feeling from this day out will be a stalemate and the hacking will never stop so long as there is some out-of-our-hands exploit and anet basically is holding us by the balls not fixing it.

Martin Alvito · Dec 03, 2009, 09:17 PM // 21:17

Quote:

Originally Posted by tvalentijn

I got hacked when I started to bid on, and pay a lot of money for sweets. I think that that identified me as a juicy target. Somebody approached me in-game referring to a bid I made for sweets (the correct items and the correct price) but he was not the actual seller. We concluded the transaction and within seconds he was off line. Within days my account was hacked. I lost about 1.5 million worth of stuff.

I was registered on NC Soft, Guru and GW Online. I visited the German site once but was not registered.

I'm going with coincidence on this one. If the price is right, people will swipe someone else's forum sale if they can, and your seller may only have logged on to see if you were available in-game to complete a sale.

That happens pretty frequently without resulting in a hack.

If it were possible to efficiently target people, most of the High End admins would have been hacked by now. Since they have not been, I think we can safely assume that the only way you can be "targeted" is if someone can get your username, and that those admins have been appropriately paranoid about concealing that piece of information.

JimmyNeutron · Dec 04, 2009, 04:26 PM // 16:26

Like I said, hopefully you weren't STUPID to register w/ your real email address that is used for GW or anything important to you.

if you did, well, I guess you deserve to be hack and hopefully its a lesson learned.

Always create a bogus account for forums and registrations of any kind.

Dec 03, 2009, 02:45 PM // 14:45	#1
plum64_uk Ascalonian Squire Join Date: May 2005 Location: London Guild: Reason for Rebellion Profession: R/Mo	Account Hacks: Your help in this matter are invaluable! Good afternoon all, Before I go into this I ask that you do not "flame" me for what I am about to write here. I'm in no way trying to point fingers or play the blame game. I am just curious to see if there are any others out there that may have had a similar experience as I and, with a little luck, maybe get some answers. Recently I had my account hacked. I have written about this at length in previous posts and need not bore you with the whole story here, but in a nut shell, I lost plenty of loot and coin (~350k's worth), and after some Virus/Spyware Scanning, password changes and a complete overhaul the account is now back in my hands, characters still there. It was, naturally, the result of a key logger program. Now, I've always considered myself to be extremely cautious with my security. Nothing like this has happened to me in all the +4 years of playing GWs (or ever for the matter with anything IT). So, looking back, I asked myself "What have I done past 14 days that could have caused this?" (I update my password for GWs every 2 weeks) Turns out there was something I did do that was, for me, very unusual. Recently my main character became a GWAMM (30) and I thought, with a mixture of both pride and arrogance, "Where can I show this off?". Turns out there is a site where one can show off their character(s) and titles. I ask that no-one reading this post attempt to Google or go to this site, just to be on the safe side mind. It's called: gwchars.de ??? a predominantly German site but also has an English portal. My question to you all in the GWGuru community is ???Has anyone else been to this site, signed up with their details and then had their account hacked???? If so please inform myself and others. I'll have Anet support look into it further. However, if it turns out that there has been mostly positive feedback regarding the safety of this site please do let me know, I shall attempt to find the alternative cause. Let me know your thoughts. All my best, Aurelius

Dec 03, 2009, 02:54 PM // 14:54	#2
Inde Site Contributor Join Date: Dec 2004	plum64_uk, you probably haven't done anything in the last 14 days to cause this. People who have been away from their accounts for months are being affected as well.

Dec 03, 2009, 03:09 PM // 15:09	#3
Windf0rce Wilds Pathfinder Join Date: Jan 2007	I am registered at GWChars.de for quite a few months and never had a problem. Obviously, I use a different e-mail address and password than the ones I use for my actual account - so even if GWChars.de has some security hole, the retrieved info won't be useful to hack my account. I'd say just avoid using the same e-mail address/pass from your account in any GW fan sites and you should be safe.

Dec 03, 2009, 03:19 PM // 15:19	#4
Dzjudz Furnace Stoker Join Date: Jun 2005 Guild: gwpvx.com/user:dzjudz	So now googling a site will get you hacked? Jeez, what will these hackers come up with next?

Dec 03, 2009, 03:44 PM // 15:44	#5
Carboplatin Jungle Guide Join Date: Jul 2005 Guild: [PIG] Profession: W/A	I've never been to that site and i was hacked.

Dec 03, 2009, 03:52 PM // 15:52	#6
Hengis Wilds Pathfinder Join Date: Apr 2006 Location: London Guild: Better Than Life (BTL) Profession: R/	I've never even heard of that particular site but had my account hacked not too long ago. I still don't know with any degree of conviction how my account was hacked and am sort of resigned to never really knowing now.

Dec 03, 2009, 03:57 PM // 15:57	#7
The forth fly Krytan Explorer Join Date: May 2008 Location: england Profession: Mo/	i have belonged to that site for over 8 months with 2 diffrent accounts and i have never been hacked.its good site btw

Dec 03, 2009, 03:59 PM // 15:59	#8
nitetime Krytan Explorer Join Date: May 2005 Location: eotn Profession: W/	The reason behind all the account hacks may have something to do with yesterdays update: Originally Posted by Update - Wednesday, December 2, 2009 Bug Fixes * Fixed a crash bug. * Fixed the URL for requesting a password reset. found here in this thread: http://www.guildwarsguru.com/forum/s...php?t=10415403 doesn't explain much, but its something.

Dec 03, 2009, 04:00 PM // 16:00	#9
Riot Narita Desert Nomad Join Date: Apr 2007	I realise how omgparanoid this is going to sound... but announcing that you have reached GWAMM probably identifies you as a juicy target, one that's worthy of attention from would-be hackers.

Dec 03, 2009, 05:19 PM // 17:19	#10
Tharg Krytan Explorer Join Date: Jun 2006 Location: Massachusetts Guild: Omega Glory Profession: Mo/	I got hacked when I started to bid on, and pay a lot of money for sweets. I think that that identified me as a juicy target. Somebody approached me in-game referring to a bid I made for sweets (the correct items and the correct price) but he was not the actual seller. We concluded the transaction and within seconds he was off line. Within days my account was hacked. I lost about 1.5 million worth of stuff. I was registered on NC Soft, Guru and GW Online. I visited the German site once but was not registered.

Dec 03, 2009, 06:30 PM // 18:30	#11
rcelbrechter Ascalonian Squire Join Date: Dec 2008 Location: E. Texas Gulf Coast Guild: Forced By Death Profession: W/A	As an alternate to the above conversation, my son had an account taken from him (his own fault). He did learn from this, but from an outsider observation I believe that there are elements of changing a password that Anet has backwards making account theft easier. Most major sites have as policy to send out a note to verify an email change. The normal default action is to refuse the change unless a verification is made to the emailed notification. In Anets case - Their email notification states that the change will be made unless you respond (deny the change) to the email. This is quite contrary to almost everywhere else. This fact created a situation where we scanned over the email not paying it much heed until the account became inaccessable. His account had been shifted to a temporary .yahoo email account - and immediately shifted again to a more permenant email (yahoo account deleted thereafter). Unfortunately we could not find the small slip with his original GW activation numbers and as such he GAVE his account away with a little help from Anet. This would not have happened if it had been set up not to change unless verification had been obtained.

Dec 03, 2009, 06:32 PM // 18:32	#12
snowman relic Krytan Explorer Join Date: Feb 2009 Guild: your just a meatsheild to me Profession: N/Mo	the above post makes me wonder if this game is safe at all anymore you can get hacked for buying something amazes me

Dec 04, 2009, 04:26 PM // 16:26	#15
JimmyNeutron Krytan Explorer Join Date: Sep 2007	Like I said, hopefully you weren't STUPID to register w/ your real email address that is used for GW or anything important to you. if you did, well, I guess you deserve to be hack and hopefully its a lesson learned. Always create a bogus account for forums and registrations of any kind.