Guild Wars 2 impressions diminished by rampant hacking [Update]

Here’s my brief synopsis of Guild Wars 2 thus far:

Fantastic game all-around. Laughable security settings that can easily be circumvented.

For the first time in memory, my online account has been hacked and exploited. Up to this point I was cruising along pretty well if I do say so myself, but stopped completely short yesterday after finding an empty in-game wallet.

Yesterday I saw a couple of “Request to change your password” type e-mails come into my inbox, completely unsolicited. Crap, I thought, I had already heard of one of my friends being hacked just the day before and I knew what was coming. I felt powerless to do anything about it as I was at work. Sure enough, upon logging in to the game later that night I found that all of my in-game money was stolen and anything not account-bound taken.

Thankfully this was not a “took everything down to my boxers” situation. Had the hacker been more savvy they would have taken things from my bank or even unbound equipped weapons and then I would have been really mad. But turns out they left all that stuff so I was easily able to recoup some cash simply by crafting and questing. I even told fellow people in the chat about the situation whereby a very polite fellow from Europe donated me a silver to get back on my feet.

Oh, did I mention I was playing in Europe? This was the other bizarre part of the hack, but one that adds up when you think about it. It seems that the hacker relocated my character to another server in the Euro region, which I didn’t realize until about 2 hours in. A friend of mine and myself couldn’t figure out why we were having such a hard time partying up until reading eachother our server names. “No, I know I’ve chosen Sorrow’s Furnace,” I told him “I was fighting for them in World vs. World just yesterday!” He told me that my server ID said otherwise and a lot of stuff started to click. Now that I think about the situation, it makes sense. The hacker probably switched it to a server they were actually located on so as to directly make a transfer.

At first someone in the server let me know that it was probably some bug related to a quest that lost everything, but considering all of the circumstances I doubt that’s the case. I don’t see another reason all of my unbounded gear only was taken and why my character was moved to another server. That just doesn’t add up to a bug.

The call to action now that I’ve repeatedly been pinging Arenanet about is that they need to get an authenticator up pronto. Most MMO games have this available these days. They also need to place far tighter restrictions on password reset requests and e-mail changes, which appears to be a problem for many others. If this doesn’t have a good solution by the end of the week I would be surprised.

Update: Let me quickly update with some more useful information. I originally wrote this more out of frustration than anything, but I would like to offer some help to anyone out there who suffered from the same experience as myself.

First of all, I do want to point out that this is not an isolated incident. Many within the game, on twitter and on sites like Reddit and Guild Wars 2 Guru are reporting the same problem. Joystiq has also done a quick blurb on the issue on their Massively site. This is real and should be taken seriously and coming from a guy who honestly never gets hacked I would say you should heed my warning.

What can you do to stop this? Well first let me start with the warning signs. If you see literally any suspicious-looking e-mail, at least for the next week or two, throw up the blaster shields immediately and take action. Personally I saw the signs and didn’t do anything and probably could have prevented some problems if I had just done something. If you see any sort of e-mail linking to change your password or e-mail come into your inbox and you didn’t personally request it, then you are likely getting hacked.

First off, immediately head over to the Guild Wars 2 website and request another e-mail to change your password. I recommend changing to something completely different. Choose something random if you can and write it down. Or take some advice from XKCD and make something hard to crack, but easy to remember.

Next, change your e-mail password. I would highly recommend this as I can see part of the problem being having a password in GW2 similar to the one you are using on your e-mail address, making it extra easy for the hackers to simply send a change password e-mail and click on it themselves.

After this is all done, make sure you actually log into your game account ASAP. This will log out the hacker if they did happen to get in and could save a lot of face.

Finally, report it to Arenanet’s support dept. They need to know this is a huge problem. Please also recommend they get an authentication service implemented as it will save us a lot of future problems. Let me know if you have questions in the comments below.

Advertisements

Tags: , , ,

About Ryan Saul

Hailing from Portland, OR I work by day and blog by night. I like to consider myself a video game connoisseur, playing as many new things as I can get my hands on. Its hard to hold me down to one game for very long before I move on to the next big thing. Luckily, that works pretty well in terms of video game blogging.

6 responses to “Guild Wars 2 impressions diminished by rampant hacking [Update]”

  1. giantsbane says :

    I don’t get the comic. Don’t most logins lock after several failed attempts at entering the password? Hopefully now you’ll stopped using flintsteel as your password for everything…haha.

    On a related note, what is the customer service like? I thought in MMO’s they’d restore your stuff if you got hacked. Several people I played with in TOR submitted tickets after accidently breaking down an uber item for crafting materials or spending tokens on the wrong item and then got it fixed. On a couple of raids items didn’t drop for us and I complained about it and they assigned our party loot.

    • Ryan Saul says :

      I haven’t used flintsteel ever as a personal password. I notified arenanet, but haven’t gotten a response yet. I wouldn’t be surprised if they are inundated with requests like mine though, so I’ll give it some time.

  2. giantsbane says :

    If they’re overloaded then I bet you’re right and you’ll be SOL. They’ll probably fix it for you, but by the time they do you probably won’t care that much about getting your stuff back.

    • Ryan Saul says :

      Yea, it was about 45 to 50 silver and that took my lazy approach to leveling about 2 days to get. Later levels are going to give way more money imo, so it won’t be badly missed. I’m more worried about future hacks and hoping they can add an authenticator or even something as simple as a “Secret Question” thing on the forgot your password e-mail.

  3. giantsbane says :

    BTW, what does “mared” mean?

    • Ryan Saul says :

      Its weird, I thought that was a word for diminished, but I must have been thinking of something else entirely, I’ll just change to diminished, I’m not sure what the word I was thinking of was. Yes I need to proof-read the titles better.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: