ArenaNet Seems to Have a Security Issue on it’s Hands [GW2] (Updated August 30th)   4 comments

Isn’t that a scary thing to see when first logging into anything? “Permanent Ban”. Yikes. What the heck did I do?! I’m not one to use profanity or any insulting language to other players. Being offensive to others is not exactly the best way to build in-game (or out of game) relationships. I’m assuming there is nothing wrong with my character name either… Checking my e-mail resulted in this….

Well damn. I did not institute that, so since this might still be spam, there’s NO WAY I’m clicking on that. I was then able to log into my Guild Wars account and on checking my account security settings, I encountered this quite large anomaly…

AHA! Hacked from China. Well, that solves that mystery.

So… that was quick. Looking into it, though, this appears to not just be an isolated incident, but appears to already be a big problem. Right now, I’m patiently waiting my turn in the Support Ticket line, hoping for this to be resolved quickly.

But this speaks to a deeper issue. World of Warcraft and Battle.net have a physical or app authenticator. Google has a two-step authentication in place. Rift has, among other things, a Coin Lock that is based on the region of signing in. Even Guild Wars 1, you needed to enter one of your character names as well as the password to get in. For such a large game, which was obviously going to be heavily targeted by hackers and gold sellers (which is a legitimate job in parts of the world), where was the focus on account security? It’s nice that they have systems of getting these things righted. But shouldn’t the age-old addage “an ounce of prevention is worth a pound of cure” have been given a little thought?

I’m all for banning or suspending players for insulting/bullying/offensive names and acts, which I think is awesome, and at least I haven’t received any mention from ArenaNet how this was my own fault and I was so negligent that I deserved it (which is the attitude I find from a lot of people who simply haven’t been hacked yet, and the attitude I received from Blizzard after my World of Warcraft account was hacked). The reality is that accounts will be hacked! Even if you avoid phishing attempts, even if you have the best security on your system ever, even if your passwords require you to have 20 fingers, with today’s technology brute force attacks are ridiculously easy.

It’s not a question of “if” a password will be cracked, but just a question of “when”.  That’s why two-step authenticators like Blizzard’s are almost seen as a necessity now. (I hate to keep using them as an example, as Blizzard does like to blame the victims of an attack which is simply reprehensible, but they at least do offer more than others)

So, ArenaNet, in the game of security it is your move. Riding high on the current success an “ounce of prevention” may not be on your shopping list, but you might want to pick some up when you’re at the store.

\\ Ocho

P.S. – Now, just in case you’re wondering, after I discovered this, I went to town on my system with Microsoft Security Essentials, Malwarebytes, and Norton Anti-Virus and my system came back with a full bill of health, and it has periodically come back clean since my last reformat a month or two ago. Also, I’m not one to easily fall for phishing scams, and am diligent about account security, making sure all my passwords are different. To be fair, my password for GW2 up until now had not been a very secure password (not stupidly easy, but not exactly hardcore cryptography either), and most likely didn’t take them that long to brute force it at all.

P.P.S. – Here are a few links from Reddit to peruse:

This person agrees. Something needs to be done immediately to help with account security.

This guy is awesome, as hacked account money has been arriving in his in-game mail, and he has been returning it back to the affected players. Great community!

A few tips for account security from another Reddit user.

And as always, if you have questions about account security, please contact your local tech person, check out tech blogs like Technical Fowl, or search around for security tips. Browse safe, folks.

[8/29/12 Update: It looks like ArenaNet is taking this situation seriously. Already, through both Reddit and on the Guild Wars 2 site, they have announced that rolling out August 30th, 2012, they will be instituting an E-mail verification for any new location you sign into. Just have to make sure that your e-mail address is secure. Take that, China!]

[8/30/12 Update: Day 2... still no resolution. I replied to three different people from ANet all asking for information to verify my account... still nothing. The launcher for me did change, though... now, it's saying it's for engaging in RMT. For the record, I have never purchased gold from a gold seller. I know upwards of around 30% of the gaming population has, but I have not. I refuse to assist any organizations that achieve their income from the theft of others.

*Sigh* Hopefully, this will be settled soon. Reading updates of everyone playing, while I'm still "banned", I find myself just seeing ArenaNet in a worse and worse light. Just reinstate my account people! I already changed my password and have given you the information you need multiple times.]

[Update 8/31/12: Day 3... still no resolution. Check out my new post on this issue here.]

Posted August 29, 2012 by Ocho in Guild Wars 2

Tagged with , , , , , , ,

4 responses to “ArenaNet Seems to Have a Security Issue on it’s Hands [GW2] (Updated August 30th)

Subscribe to comments with RSS.

  1. I got two of the same emails…they are legit password reset emails it seems from all the looking into them I did. Just in case I went and reset my password not thru the email. I also had a login attempt from a crazy area. Sadly my account is not even a real working account, it was what I made for beta and have yet to get a retail copy(can’t get myself to cough up 60 bucks right now).

    • Yeah, that’s what my research came to as well… the password reset emails were sent as it was a way to check if the e-mail had an account attached to it. Hehe I don’t blame you about the money. $60 is no easy thing to cough up. I’m sure it will come down in price eventually, most likely around Christmas is my guess.

  2. Btw I have gotten two more password reset request emails lol.

  3. Pingback: Hacking, Customer Service, and Guild Wars 2 [Warning: Angry Rant Ahead] « Casual Aggro

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 616 other followers

%d bloggers like this: