Guild Wars 2 Accounts Hacked Immediately After Launch

Me and my sidekick Weenie.Me and my sidekick Weenie.Guild Wars 2 is seemingly off to a great start, racking in positive reviews and pushing players into overflow shards due to the high volume of traffic. The latter is simply GW2 speak for the queuing system which tosses players into an overflow server when the primary map or world has reached its peak capacity.

In other words, Guild Wars 2 seems rather popular.

That said, that popularity rings like a dinner bell for hackers and scammers, drawing them in like flies to a picnic table. On a personal note, the account used for a hands-on evaluation of Guild Wars 2 saw a hacking attempt, so the latest report from Ars Technica isn't all that surprising. The site claims that several unknown websites – one of which is a Guild Wars 2 fan site – were recently hacked, thus spilling sensitive information leading to the compromise of more than 11,000 Guild Wars 2 accounts in mere days.

This is nothing new, however. Account hacking became somewhat of a nuisance with the original Guild Wars, forcing NCsoft to take extra precautions like forcing long passwords and setting up multiple security questions. Even my own Guild Wars account was somehow broken into and used to sell virtual goods – proving my identity and regaining access to the account was a nightmare (putting it nicely).

However according to the Ars Technica report, NCsoft officials claimed to have received around 8,500 support requests related to hacked accounts from Friday to Sunday. The publisher then received an additional 2,574 related requests on Monday. Naturally the company suggests that users not use the same password with multiple accounts.

"If you don't want your account hacked, don't use the same email address and password for Guild Wars 2 that you've used for another game or web site," officials wrote over the weekend. "Hackers have big lists of email addresses and passwords that they've harvested from malware and from security vulnerabilities in other games and web sites, and they're systematically testing Guild Wars 2 looking for matching accounts."

One of the newer security measures offered by Guild Wars 2 and developer ArenaNet is an email-based confirmation. Served up as an optional feature, users must confirm by email when they try to log into a Guild Wars 2 account. If they don't respond to the email, then they're denied access. It's definitely an annoying procedure (like using Battle.net's authenticator or Google's 2-step phone-based confirmation method), but it seemingly prevents anyone from hacking into the account unless the user's email account is compromised as well.

ArenaNet's confirmation arrives after "a wealth of anecdotal evidence" surfaced in the MMOG's first week pointing to a possible Chinese group of hackers trying to gain unauthorized access to player accounts. Even one employee of Norway-based security firm Norman ASA said she received an e-mail warning that someone used her details to attempt to log in to her Guild Wars 2 account just one day after it was created.

"It's been just over a week since the game launched, and I’ve now had 10 e-mails detailing attempts to access my account from China," the unnamed Norman employee wrote. "I live in Europe. Thankfully, creators ArenaNet make players confirm login locations via e-mail, so all these hacking attempts have failed."

Guild Wars 2 players wanting to avoid the headaches of a hacked account should use a password that's exclusive to the service. Gamers should also use the email authentication method to help secure the account.

 

Contact Us for News Tips, Corrections and Feedback

Create a new thread in the US News comments forum about this subject
This thread is closed for comments
43 comments
    Your comment
    Top Comments
  • schnitter
    Well, when tons of hacking attempts occur that means the product is worth their time... so I guess Guild Wars 2 is off to a great start.
    20
  • samwelaye
    these are ALL user errors. If the fansite gets hacked, and you use the SAME email and password for that and your gw2 account, that isnt gw2 accounts being hacked. That is you being stupid.
    20
  • cmcghee358
    samwelayealso, passwords like h324o3!@ arent secure. they are short and easy to brute force. passwords like toastersdonttoastsoggybread are VERY secure, as it is extremely hard for a computer to brute-force through something that long, and they are also VERY easy to remember! if anything, add a . or a , between each word if that makes you feel any better. just dont use an 8 letter password no matter how complex you think it is.


    I just tried to log into tomshardware.com with your username and the password of toastersdonttoastsoggybread

    Was worth a try
    12
  • Other Comments
  • schnitter
    Well, when tons of hacking attempts occur that means the product is worth their time... so I guess Guild Wars 2 is off to a great start.
    20
  • memadmax
    There's an easy way to stop list bruteforce tactics: 30 minute timeout with an email enforced password change after 3 failed login attempts... also, forced password change after first time login, with previous passwords cached for non-use later(if the user attempts to use a previous password again, it fails)...

    These password tactics are very, very, very easy to implement... few lines of code in most cases....
    1
  • Kami3k
    Uh, how do fansites can someone's main account info...

    Oh right, ID10T errors.
    5