Curse

*Darcy* · Mar 26, 2009, 09:33 PM // 21:33

Might I mention, that posting your email address in threads of any type of forum (game, guild, etc.) is another "DO NOT". Always keep in mind that farming the internet for email addresses is an on-going business.

Your email address is one half of your logon. If, in addition, you keep using the same "easy-to-remember" password, your game will eventually be hacked by someone.

Voodoo Rage · Mar 26, 2009, 09:39 PM // 21:39

I actually took the bait the other day and initiated a conversation with a guy wanting to buy a trial key. Sure enough he "needed" my login and password so he could transfer money directly into my account... Sure buddy...

Garreth MacLeod · Mar 27, 2009, 12:40 AM // 00:40

Quote:

Originally Posted by Regina Buenaobra

I would like to emphasize what HawkofStorms has said here. Please don't use your Guild Wars game account information on other websites. It leaves your game account vulnerable to thieves, like what happened in this recent incident.

Unfortunately, if you use the in-game store, it locks you in to that account name (email account) forever. Many people may not think of that when signing up on forums. The Xunlai house does the same thing, locks you in to the email address you sign up with.

Would be nice if you could change the account name even after visiting the in-game store

Red Sonya · Mar 27, 2009, 10:10 AM // 10:10

no one would ever guess my password in a million light years. Yessire supercalifragilisticexpialledocious is the best password anyone could use.

the_jos · Mar 27, 2009, 12:22 PM // 12:22

TBH, knowledge of the e-mail account is not really a problem.
My main account e-mail address gives quite a few hits on google. My second account which has been targeted in the past gives only a few hits.

On in-game store and XTH, it's vital for A-net to keep that information confidential.
If they somehow leak the user-accounts it would mean serious disruption of business and a lot of time and money on cleaning up again. So I would not worry too much about that. It's the same for my employer, their web-site is a vital part of business and incidents on it are handled with extreme care because personal data is involved (besides this regulations demand this). The site is audited frequently, both black and grey box. When major changes are done white box (all code and equipment knowledge is available to testers) auditing will take place.
I see no reason why A-net would not have taken similar measures.

General advice, don't re-use your password and use a 'throw-away' account for anything you don't really trust. For example, I used my second account on GWG, not because I don't trust GWG or Inde (I think incidents are handled great here, specially considering this is a non-profit site) but because I have the rule to never use my primary account on forums and such.
But as stated at the start, the knowledge of a valid GW account isn't a problem.
He/she would be guessing passwords for the rest of his life of it's not a very obvious one.

Gli · Mar 27, 2009, 01:08 PM // 13:08

Quote:

Originally Posted by the_jos

TBH, knowledge of the e-mail account is not really a problem.
My main account e-mail address gives quite a few hits on google. My second account which has been targeted in the past gives only a few hits.

On in-game store and XTH, it's vital for A-net to keep that information confidential.
If they somehow leak the user-accounts it would mean serious disruption of business and a lot of time and money on cleaning up again. So I would not worry too much about that. It's the same for my employer, their web-site is a vital part of business and incidents on it are handled with extreme care because personal data is involved (besides this regulations demand this). The site is audited frequently, both black and grey box. When major changes are done white box (all code and equipment knowledge is available to testers) auditing will take place.
I see no reason why A-net would not have taken similar measures.

General advice, don't re-use your password and use a 'throw-away' account for anything you don't really trust. For example, I used my second account on GWG, not because I don't trust GWG or Inde (I think incidents are handled great here, specially considering this is a non-profit site) but because I have the rule to never use my primary account on forums and such.
But as stated at the start, the knowledge of a valid GW account isn't a problem.
He/she would be guessing passwords for the rest of his life of it's not a very obvious one.

Getting your account name out in the open will open you up for targeted phishing attempts. That still shouldn't pose too much of a problem, except, phishing does work on some people.

DarkFlame · Mar 27, 2009, 02:38 PM // 14:38

Quote:

Originally Posted by Red Sonya

Yessire supercalifragilisticexpialledocious is the best password anyone could use.

Especially when you misspell it.

@the_jos Not everybody has multiple accounts or use multiple passwords. So getting your account e-mail address exposed is a problem, if for no other reason than that you can be attacked from different angles. Your game, e-mail, forum, whatever other site your address got lifted from, are all subject to be compromised.

Markaedw · Mar 28, 2009, 03:11 AM // 03:11

Quote:

Originally Posted by Inde

Markaedw, guildwars.com and guildwar.com are both ArenaNet. It's a legit guildwars.com website. Just strange the way they went about it.

Tht makes sense; lock up a common misspelling before someone else does.

HawkofStorms · Mar 28, 2009, 04:45 PM // 16:45

Yes, your e-mail address is out there to be found on google. The thing is, by registering that e-mail with a GUILD WARS website, the hacker knows you play/use Guild Wars.

People sending "Nigerian Finance Minister" e-mails to you is one thing. Those people just want valid e-mail addresses which is easy to find. But GW hackers need e-mail address that are also linked to Guild Wars accounts. What... maybe, 1 in 20,000 e-mails addresses in the world (conservative estimate) is a Guild Wars account. Then they have to brute force the password.

Knowing that you play GW and what one of your e-mail addresses is (which may or may not be your account e-mail) narrows down a hacker's work considerable.