Guild Wars 2 impressions diminished by rampant hacking [Update]
Here’s my brief synopsis of Guild Wars 2 thus far:
Fantastic game all-around. Laughable security settings that can easily be circumvented.
For the first time in memory, my online account has been hacked and exploited. Up to this point I was cruising along pretty well if I do say so myself, but stopped completely short yesterday after finding an empty in-game wallet.
Yesterday I saw a couple of “Request to change your password” type e-mails come into my inbox, completely unsolicited. Crap, I thought, I had already heard of one of my friends being hacked just the day before and I knew what was coming. I felt powerless to do anything about it as I was at work. Sure enough, upon logging in to the game later that night I found that all of my in-game money was stolen and anything not account-bound taken.
Thankfully this was not a “took everything down to my boxers” situation. Had the hacker been more savvy they would have taken things from my bank or even unbound equipped weapons and then I would have been really mad. But turns out they left all that stuff so I was easily able to recoup some cash simply by crafting and questing. I even told fellow people in the chat about the situation whereby a very polite fellow from Europe donated me a silver to get back on my feet.
Oh, did I mention I was playing in Europe? This was the other bizarre part of the hack, but one that adds up when you think about it. It seems that the hacker relocated my character to another server in the Euro region, which I didn’t realize until about 2 hours in. A friend of mine and myself couldn’t figure out why we were having such a hard time partying up until reading eachother our server names. “No, I know I’ve chosen Sorrow’s Furnace,” I told him “I was fighting for them in World vs. World just yesterday!” He told me that my server ID said otherwise and a lot of stuff started to click. Now that I think about the situation, it makes sense. The hacker probably switched it to a server they were actually located on so as to directly make a transfer.
At first someone in the server let me know that it was probably some bug related to a quest that lost everything, but considering all of the circumstances I doubt that’s the case. I don’t see another reason all of my unbounded gear only was taken and why my character was moved to another server. That just doesn’t add up to a bug.
The call to action now that I’ve repeatedly been pinging Arenanet about is that they need to get an authenticator up pronto. Most MMO games have this available these days. They also need to place far tighter restrictions on password reset requests and e-mail changes, which appears to be a problem for many others. If this doesn’t have a good solution by the end of the week I would be surprised.
Update: Let me quickly update with some more useful information. I originally wrote this more out of frustration than anything, but I would like to offer some help to anyone out there who suffered from the same experience as myself.
First of all, I do want to point out that this is not an isolated incident. Many within the game, on twitter and on sites like Reddit and Guild Wars 2 Guru are reporting the same problem. Joystiq has also done a quick blurb on the issue on their Massively site. This is real and should be taken seriously and coming from a guy who honestly never gets hacked I would say you should heed my warning.
What can you do to stop this? Well first let me start with the warning signs. If you see literally any suspicious-looking e-mail, at least for the next week or two, throw up the blaster shields immediately and take action. Personally I saw the signs and didn’t do anything and probably could have prevented some problems if I had just done something. If you see any sort of e-mail linking to change your password or e-mail come into your inbox and you didn’t personally request it, then you are likely getting hacked.
First off, immediately head over to the Guild Wars 2 website and request another e-mail to change your password. I recommend changing to something completely different. Choose something random if you can and write it down. Or take some advice from XKCD and make something hard to crack, but easy to remember.
Next, change your e-mail password. I would highly recommend this as I can see part of the problem being having a password in GW2 similar to the one you are using on your e-mail address, making it extra easy for the hackers to simply send a change password e-mail and click on it themselves.
After this is all done, make sure you actually log into your game account ASAP. This will log out the hacker if they did happen to get in and could save a lot of face.
Finally, report it to Arenanet’s support dept. They need to know this is a huge problem. Please also recommend they get an authentication service implemented as it will save us a lot of future problems. Let me know if you have questions in the comments below.