Getting Hacked (Not a QQ thread) - Guild Wars Forums

Eddie Frenzy Spam · Oct 11, 2009, 12:06 PM // 12:06

HI, I'm not sure if this is in the right forum so feel free to move it if you think it's in the wrong one.

Firstly I would like to say I am not creating this thread to complain about getting hacked or for others to complain about getting hacked either. I have made this thread in order to try and gain useful information about how I can PREVENT getting hacked again and to try and outline why I got hacked in the first place.

On Friday night I logged on without any problems after not being on for 2 weeks due to computer issues. On Saturday afternoon I attempted to log on and found my password had been changed but eventually I did get back in. I found that once I had logged on all my money, zkeys, armors, weapons, shields etc had all been stripped and deleted (customized) or sold.

Of course I was a bit pissed off but being a primarily PvP'er it didn't make me want to quit, I was however curious as to how I actually got hacked. My password isn't shared with anything else, it contains a mix of letters and numbers and isn't related to anything I'm interested to, all the things a strong password has. The email I use isn't really used for anything else either and I scanned my computer for keyloggers and viruses and came up with nothing. How is it possible for them to get into my account?

I should also add this is the second time I've been hacked, the first being about 7 months ago. However the password I used then was actually shared with something else that also used the same email (Stupid I know) so I kinda figured that other account got comprimised and thus they were able to get into my GW account, however this time I really have no idea how it happened and since I don't know how it happened, I don't know how to prevent it happening again...Does anyone know how you can prevent something like this happening again? Is there any extra precautions I can take?

The last thing I would like to say is, why is it impossible to change my account name....Surely being able to do this would provide a great deal more security...

IronSheik · Oct 11, 2009, 12:21 PM // 12:21

They had to have your NCsoft info to change the password, this isn't always the same as GW login.

Second, do you use texmod?

Third, there are a lot of things wrong with the password system in GW.

Eddie Frenzy Spam · Oct 11, 2009, 12:34 PM // 12:34

Quote:

Originally Posted by IronSheik

They had to have your NCsoft info to change the password, this isn't always the same as GW login.

Second, do you use texmod?

Third, there are a lot of things wrong with the password system in GW.

They don't need your Nc Soft info to change the password, you can do it once you log into the account by simply going to edit account details.

Yes I use texmod and as a matter of fact it was actually flagged on a virus scan but I assumed it was safe.

Thy Demise · Oct 11, 2009, 01:22 PM // 13:22

Hey eddie,

First off, I feel you and I've been there. I've also been on the unfortunate end of being hacked twice. It took me the second time to realize how it happened. You see I normally played on my laptop but on one occasion played on my desktop. A few days later, I found that I'm unable to log-in through my laptop.

You've most probably been hacked through your NCsoft account. Or your NCsoft account password and security question may not have been secure enough. If not through these reasons, then you should double-check or even triple-check your system for viruses, trojans, key-loggers with different scanners. Try Malwarebytes, VIPRE or BitDefender.

I managed to recover from the first hacking through the help of ANet. After the second time being hacked because I played through my desktop, I finally scanned it and found a host of trojans and other malware.

What anti-virus software do you use?

My biggest advice to you is to regularly scan your system with the latest anti-virus software.

Eddie Frenzy Spam · Oct 11, 2009, 01:36 PM // 13:36

Quote:

Originally Posted by Thy Demise

Hey eddie,

First off, I feel you and I've been there. I've also been on the unfortunate end of being hacked twice. It took me the second time to realize how it happened. You see I normally played on my laptop but on one occasion played on my desktop. A few days later, I found that I'm unable to log-in through my laptop.

You've most probably been hacked through your NCsoft account. Or your NCsoft account password and security question may not have been secure enough. If not through these reasons, then you should double-check or even triple-check your system for viruses, trojans, key-loggers with different scanners. Try Malwarebytes, VIPRE or BitDefender.

I managed to recover from the first hacking through the help of ANet. After the second time being hacked because I played through my desktop, I finally scanned it and found a host of trojans and other malware.

What anti-virus software do you use?

My biggest advice to you is to regularly scan your system with the latest anti-virus software.

I don't think they hacked through Nc Soft as I was able to access that to change my password back again. I don't think I have ever logged on another computer either so that couldn't be the issue. I scanned with AVG, Anti-Vir, Ad-Aware and also Windows Defender and all came up negative with the exception of Texmod and some cookies.

Killamus · Oct 11, 2009, 01:50 PM // 13:50

Quote:

Originally Posted by eddie the reaper

I don't think they hacked through Nc Soft as I was able to access that to change my password back again. I don't think I have ever logged on another computer either so that couldn't be the issue. I scanned with AVG, Anti-Vir, Ad-Aware and also Windows Defender and all came up negative with the exception of Texmod and some cookies.

Just want to clear this up: Textmod itself acts like a trojan, except for programs instead of your computer. This flags it on many anti-viruses (AVG, which I use, included) - Also, it will make files called XXXXXXX.wtf - .windows temporary file - It should delete these when it closes, but for some reason it doesn't. These also contain code like Textmod, and will also be flagged. As long as you got your Textmod from a reliable source (I.E. the wiki), you should be fine in this reguard. If you're uncertain, go to here and do an MD5Sum check. It's well-documented throughout the web, and I don't know how to do it on a PC (If you start running Linux, gimme a call though).

As for how you got hacked: People often use the same password for multiple things. If you were unlucky, and used the same password for your account as say, an expired Yahoo email, and that email got hacked, it's quite possible they tried it with your GW account too (Especially if it had GW related emails in it) - I'm not saying this is the case, but a common example that happened to me in a completely different game.

Gift3d · Oct 11, 2009, 02:08 PM // 14:08

you gotta understand. every single person who has ever gotten their account stolen -- it's never their fault, they do nothing wrong, they make the best use of all appropriate security measures.

yeah herp derp.

Eddie Frenzy Spam · Oct 11, 2009, 03:11 PM // 15:11

Quote:

Originally Posted by Killamus

Just want to clear this up: Textmod itself acts like a trojan, except for programs instead of your computer. This flags it on many anti-viruses (AVG, which I use, included) - Also, it will make files called XXXXXXX.wtf - .windows temporary file - It should delete these when it closes, but for some reason it doesn't. These also contain code like Textmod, and will also be flagged. As long as you got your Textmod from a reliable source (I.E. the wiki), you should be fine in this reguard. If you're uncertain, go to here and do an MD5Sum check. It's well-documented throughout the web, and I don't know how to do it on a PC (If you start running Linux, gimme a call though).

As for how you got hacked: People often use the same password for multiple things. If you were unlucky, and used the same password for your account as say, an expired Yahoo email, and that email got hacked, it's quite possible they tried it with your GW account too (Especially if it had GW related emails in it) - I'm not saying this is the case, but a common example that happened to me in a completely different game.

Ah, I'll check it now. I'm not entirely sure if Wiki is actually a reliable source, I did get it from there but due to the nature of wiki's anyone can edit them and put in an intrusive version of texmod.

Also, like I said, the password I was using for GW wasn't used anywhere else related to Guild Wars. So hypothetically if something was hacked that did use that password I don't see how they would know that I had a GW account and then decide to get into that.

Quote:

Originally Posted by Gift3d

you gotta understand. every single person who has ever gotten their account stolen -- it's never their fault, they do nothing wrong, they make the best use of all appropriate security measures.

yeah herp derp.

Thanks for that ever so useful information.

Thy Demise · Oct 11, 2009, 03:31 PM // 15:31

Quote:

Originally Posted by eddie the reaper

I don't think they hacked through Nc Soft as I was able to access that to change my password back again. I don't think I have ever logged on another computer either so that couldn't be the issue. I scanned with AVG, Anti-Vir, Ad-Aware and also Windows Defender and all came up negative with the exception of Texmod and some cookies.

Hrrmm just a precaution, I had two GW accounts one with all except NF and the other one was just Prophecies. Having added my prophecies in my friends list, I would sometimes catch it online - meaning it was hacked. But when I'd log-in much later on in my Prophecies account, I'd still be able to with the same password. Some hackers don't change your password. It's a possibility that they hacked into your NCSoft account and not change your NCSoft password.

By the way, what is Texmod?

Gennadios · Oct 11, 2009, 03:55 PM // 15:55

Being a member of any GW related resource/forum sites automatically makes you a target.

The safest thing to do would be to avoid any links sent to you via PM, and keep cookies disabled. If you visit a Guild Wars site, chances are you're already a player, any malicious code that gets run already has already found it's target.

Also, set GW to remember the acct name. If you're not typing it every time you log on, it won't show up on keyloggers.

Eddie Frenzy Spam · Oct 11, 2009, 03:57 PM // 15:57

Quote:

Originally Posted by Thy Demise

Hrrmm just a precaution, I had two GW accounts one with all except NF and the other one was just Prophecies. Having added my prophecies in my friends list, I would sometimes catch it online - meaning it was hacked. But when I'd log-in much later on in my Prophecies account, I'd still be able to with the same password. Some hackers don't change your password. It's a possibility that they hacked into your NCSoft account and not change your NCSoft password.

By the way, what is Texmod?

Well they changed the password on my Guild Wars account, so if they hacked through NcSoft why wouldn't they change the pass there as well?

Teh Awesome One · Oct 11, 2009, 05:47 PM // 17:47

Are they also able to change the account name?

I'm getting an error code 227 "We don't recognize your account information. Please try again."

I logged on just fine yesterday.

Benderama · Oct 11, 2009, 06:56 PM // 18:56

sorry if someone said this or it's really stupid but apart from an intrusive texmod isn't there a possibility that someone saw your email ona GW/gamer forum, saying you played GW and then used some hacking software or something to get in?

Eddie Frenzy Spam · Oct 11, 2009, 10:18 PM // 22:18

Quote:

Originally Posted by Benderama

sorry if someone said this or it's really stupid but apart from an intrusive texmod isn't there a possibility that someone saw your email ona GW/gamer forum, saying you played GW and then used some hacking software or something to get in?

It's one thing not reading the entire thread, which is fair enough, it's another posting a reply without reading the actual OP. As I said the email I use for the account isn't one I use on any sites related to gaming, guild wars etc.

Riot Narita · Oct 12, 2009, 01:02 PM // 13:02

This is probably no help to the OP, but everyone should bear in mind - if someone gets hold of your email address and password combination from one place, they do NOT need any clues to figure out that you also have a GW account.

They'll simply try the email/password everywhere they can think of, and see if they get lucky. Banking sites, online games, eBay, Paypal, Rapidshare... anything and everything. They probably have scripts to do it all for them.

Don't re-use any password (or email address if you can help it), on any site that's important to you.

Eddie Frenzy Spam · Oct 13, 2009, 10:08 PM // 22:08

Quote:

Originally Posted by Hissy

This is probably no help to the OP, but everyone should bear in mind - if someone gets hold of your email address and password combination from one place, they do NOT need any clues to figure out that you also have a GW account.

They'll simply try the email/password everywhere they can think of, and see if they get lucky. Banking sites, online games, eBay, Paypal, Rapidshare... anything and everything. They probably have scripts to do it all for them.

Don't re-use any password (or email address if you can help it), on any site that's important to you.

I doubt this very much. I don't doubt they will try it for all banking things etc but to think they will try all online games is stupid.

For them to this they would have to install every major online game and then the chances of finding anything of value on said accounts is also very small and then they have to go through the hassle of trying to sell all the stuff online for real cash. It's just not practical for someone who just so happens to get an email + password for something.

AtomicMew · Oct 13, 2009, 11:17 PM // 23:17

Quote:

Originally Posted by eddie the reaper

I doubt this very much. I don't doubt they will try it for all banking things etc but to think they will try all online games is stupid.

For them to this they would have to install every major online game and then the chances of finding anything of value on said accounts is also very small and then they have to go through the hassle of trying to sell all the stuff online for real cash. It's just not practical for someone who just so happens to get an email + password for something.

A stack of ecto sells for ~$75 USD. If the average account has around ~1000 ecto worth of stuff, that's $200-300 worth of stuff with virtually zero chance of any legal ramification.

Eddie Frenzy Spam · Oct 14, 2009, 05:58 PM // 17:58

Quote:

Originally Posted by traversc

A stack of ecto sells for ~$75 USD. If the average account has around ~1000 ecto worth of stuff, that's $200-300 worth of stuff with virtually zero chance of any legal ramification.

The average account doesn't have this. I would say the average player is actually relatively poor. Besides, "stuff" takes a long time to sell and thus convert into ectos which are then easy enough to sell for cash. The point is though considering the amount of accounts that actually have a lot of worthwhile stuff and then the time taken for the guy to convert the stuff into ecto, I just can't imagine it being efficient.

Oct 11, 2009, 12:06 PM // 12:06	#1
Eddie Frenzy Spam Krytan Explorer Join Date: Jul 2007 Guild: Old N Dirty [ym] Profession: W/E	Getting Hacked (Not a QQ thread) HI, I'm not sure if this is in the right forum so feel free to move it if you think it's in the wrong one. Firstly I would like to say I am not creating this thread to complain about getting hacked or for others to complain about getting hacked either. I have made this thread in order to try and gain useful information about how I can PREVENT getting hacked again and to try and outline why I got hacked in the first place. On Friday night I logged on without any problems after not being on for 2 weeks due to computer issues. On Saturday afternoon I attempted to log on and found my password had been changed but eventually I did get back in. I found that once I had logged on all my money, zkeys, armors, weapons, shields etc had all been stripped and deleted (customized) or sold. Of course I was a bit pissed off but being a primarily PvP'er it didn't make me want to quit, I was however curious as to how I actually got hacked. My password isn't shared with anything else, it contains a mix of letters and numbers and isn't related to anything I'm interested to, all the things a strong password has. The email I use isn't really used for anything else either and I scanned my computer for keyloggers and viruses and came up with nothing. How is it possible for them to get into my account? I should also add this is the second time I've been hacked, the first being about 7 months ago. However the password I used then was actually shared with something else that also used the same email (Stupid I know) so I kinda figured that other account got comprimised and thus they were able to get into my GW account, however this time I really have no idea how it happened and since I don't know how it happened, I don't know how to prevent it happening again...Does anyone know how you can prevent something like this happening again? Is there any extra precautions I can take? The last thing I would like to say is, why is it impossible to change my account name....Surely being able to do this would provide a great deal more security...

Oct 11, 2009, 12:21 PM // 12:21	#2
IronSheik Forge Runner Join Date: Mar 2008 Location: Wolfenstein: Goldrush Guild: Zombies Go Nom Nom [Nom] Profession: N/	They had to have your NCsoft info to change the password, this isn't always the same as GW login. Second, do you use texmod? Third, there are a lot of things wrong with the password system in GW.

Oct 11, 2009, 01:22 PM // 13:22	#4
Thy Demise Pre-Searing Cadet Join Date: Feb 2007 Guild: If You Build It They Will Run It[ekoc] Profession: A/W	Hey eddie, First off, I feel you and I've been there. I've also been on the unfortunate end of being hacked twice. It took me the second time to realize how it happened. You see I normally played on my laptop but on one occasion played on my desktop. A few days later, I found that I'm unable to log-in through my laptop. You've most probably been hacked through your NCsoft account. Or your NCsoft account password and security question may not have been secure enough. If not through these reasons, then you should double-check or even triple-check your system for viruses, trojans, key-loggers with different scanners. Try Malwarebytes, VIPRE or BitDefender. I managed to recover from the first hacking through the help of ANet. After the second time being hacked because I played through my desktop, I finally scanned it and found a host of trojans and other malware. What anti-virus software do you use? My biggest advice to you is to regularly scan your system with the latest anti-virus software.

Oct 11, 2009, 02:08 PM // 14:08	#7
Gift3d Forge Runner Join Date: Feb 2007 Location: Las Vegas Guild: Enraged Whiny Carebears [oR] Profession: W/E	you gotta understand. every single person who has ever gotten their account stolen -- it's never their fault, they do nothing wrong, they make the best use of all appropriate security measures. yeah herp derp.

Oct 11, 2009, 03:55 PM // 15:55	#10
Gennadios Wilds Pathfinder Join Date: Jun 2009 Profession: N/A	Being a member of any GW related resource/forum sites automatically makes you a target. The safest thing to do would be to avoid any links sent to you via PM, and keep cookies disabled. If you visit a Guild Wars site, chances are you're already a player, any malicious code that gets run already has already found it's target. Also, set GW to remember the acct name. If you're not typing it every time you log on, it won't show up on keyloggers.

Oct 11, 2009, 05:47 PM // 17:47	#12
Teh Awesome One Pre-Searing Cadet Join Date: Aug 2009	Are they also able to change the account name? I'm getting an error code 227 "We don't recognize your account information. Please try again." I logged on just fine yesterday.

Oct 11, 2009, 06:56 PM // 18:56	#13
Benderama Krytan Explorer Join Date: Jul 2008 Location: UK Guild: [Rage] Profession: Rt/	sorry if someone said this or it's really stupid but apart from an intrusive texmod isn't there a possibility that someone saw your email ona GW/gamer forum, saying you played GW and then used some hacking software or something to get in?

Oct 12, 2009, 01:02 PM // 13:02	#15
Riot Narita Desert Nomad Join Date: Apr 2007	This is probably no help to the OP, but everyone should bear in mind - if someone gets hold of your email address and password combination from one place, they do NOT need any clues to figure out that you also have a GW account. They'll simply try the email/password everywhere they can think of, and see if they get lucky. Banking sites, online games, eBay, Paypal, Rapidshare... anything and everything. They probably have scripts to do it all for them. Don't re-use any password (or email address if you can help it), on any site that's important to you.