I just caught a hacker...

In the main login screen, there is a button that says "reset password". Just click on that and it wipes out your password and assigns you a new temporary one (and e-mails the temporary one to your e-mail address).

You then can re-login in with the new temporary one and change your password.

I just PM'd all the information to Regina. Once she reads it (hopefully she does), I'll send it to A-Net's technical support if she thinks that is best.

I wonder if Gaile would be interested in something like this in her new role...

ahh never knew that. That kind of sucks for me since I no longer have my old email account that I originally had when I first created my account. Anyone know if you can change the email information?

Actualy, she did comment on it in the previous thread. They are apparently aware of the surge of them, suggested you send her any info, and open a ticket with support on it.
Might be good to call support and open a trouble ticket on this. It's a big deal.

I really hope its not true.

if so, anyones account can be hacked easily. they dont even need your email/password, just being in the same zone is enough.

please make sure to contact them about it and mention other attacks within the past few weeks, maybe use my description if you want. more info they have the faster its fixed

How can a hacker change a password without access to the email to confirm it? How can we safe guard against this? Doesnt make sense if you have to have access to the persons email in order to confirm, or even see the password. I dont see how a hacker could do it.

It also sounds like these hackers using this program can only hack active accounts, so now would be a great time to take a break and play something else, just keep reading forums to see when its be resolved. Then come back. Anet should stop all events and make taking a break a good thing without missing anything, Other wise they are basically providing hackers with opportunities.

I'm going to look online to see if there are any programs like this, If there are I will come back here and see if the mods can contact anet and expose the program. The more we know the better we can protect ourselves.


actually, I take that back, I dont wanna risk anything by looking at a site, But googling guild wars account hacker and guildwars hacks brings up tons of stuff. Anet needs to look into this. There is also a video on youtube, and a walk through on google on how to hack an account. Seems no matter what no one is gonna be safe.

Problem is, the hackers are being stopped AFTER they hack accounts, which screws players who wont get their stuff back, Which i find very unfair. Anet could replace everything lost, some other games do that very thing. Anet is really slippin on this.

Glad you didnt lose anything else jetdog. my friend lost +200e and some minis and hacker salvaged his obsi to mats

I don't think PlayNC makes you confirm a password change. All you need is the PlayNC Game Account username and password to get in. Once you're there you can change the PlayNC account password and your Guild Wars password without one "verify this password change" email sent. Yeah, it sends an "This so-and-so IP Address has changed your password... Please reply if you aren't knowledgeable of this change..." email, but that doesn't hinder hackers any. If you aren't knowledgeable in the first place, you probably aren't bothering to check your email address frequently for possible changes. You'll most likely find out about it too late.

It's what sucks about PlayNC. I want a damn verification email for my password changes, not some automatic 'change this to this and done' crap. If I want to change my Guild Wars account password, send me a link to my email to have it verified BEFORE changing it. At least that way a potential hacker would have to crack two passwords (PlayNC game account password and your email address password) instead of just the one.


EDIT: Just changed my GW password. Not only does PlayNC not send a verification email before changing your GW password, they don't even ask you for the OLD password first! What a load of crap. Seriously - get someone's PlayNC game account username and password and you have them by the balls. BY THE BALLS. Hey PlayNC, thanks for asking me to set up separate accounts for Game and Support though... rolleyes.

hmm. that makes me believe anet is somehow involved in this, i mean even most forums offer this security feature.

I am somewhat safe, even if someone hacked my password they wouldnt make any real money off my account aside from my mini's. And even then I dont have any of the very rare ones, I think my most expensive mini is the celestial pig. I have a bunch of greens and golds, but they are worth about 5k or less each. My material stash is nearly empty from selling to merchant for quick cash, Most of my "keeper" items that I use are customized and I'm about to customize the rest for my heroes. I dont have any sup vigors.

i keep my account completely worthless, yet useable. I'm thinking of changing my password again. Just a pain in the ass to keep changing it and keeping my password list up to date and then remembering where I put that list...

Thanks for the info!

edit: Changed my password, now its even longer. Hopefully that will help. If i ever get a disconnect, with a reconnect I wont use it, i will just log out, then log back in.

I feel really bad for the people who have been hacked. I'd like to offer my help to them, If you have been hacked (honestly) and would like some help on farm runs or whatever, let me know. Not sure how I can help, but I am willing. for free of course.

Well I was told, by the supports people,that if you changed your email it was impossible to change your PW because the email for the change would be sent to the old email address. So no you cannot change your PW.

thats 50 items out of 47 keys HACKER...

lol jk...

If you log into the character select screen, then go down to edit account,then change password. you can change the password. Just thought I'd toss that out there.

I suggest making a password using the maximum digits available, long passwords are harder to crack than short ones. Unless ofcourse someone uses a program, in which case we are not safe, we need a comfirmation email.

well for some of us it will NOT let u change your password ive been trying for almost a year with no luck, just anet and their crappy support FTW.

Not a fun thing to read. Glad you didn't lose much/anything.

I will say this , for myself anyway, doesn't encourage a sale of GW2.

Anet/NCSoft need to be proactive with the community in my opinion. And they can get serious about security, how many used the online store.


Just had a thought - has this been a more regular occurence since we have had access to all countries/regions districts?

A thought for what it is worth. A hacker won't be able to change it either. So you are never going to be denied access to your account. If you get hacked though you will have to go through support. I'd say it'd be 3 days till you got a new password and secured your account again :S

These incidents of hacking are making me nervous. I linked to the store well before it became common knowledge that linked accounts no longer had the option of changing the password in the client.

I agree with everything you said. PlayNC's security could - and should - be a lot tighter. The only security feature it provides is the "verify email address" option which sends an email containin a verification code. But if someone hacks into your PlayNC account, he will be able to change that email address.

Also, PlayNC password policy sucks badly. It forces you to start your password with a letter. That's just horribly wrong and lowers the number of possible password combinations. An account with wich enables you to administer all your games MUST have a way tighter security. SSL is a MUST. There's lots of money involved here, not to mention sentimental value of our game accounts.

They need to fix this. ASAP.

You're setting a good example jet. I think any person that is afraid that their account is getting hacked should be redirected to this thread so they know that they should reset their password immediately.

good job

I find it quite odd that you get kicked off oO.

Me and a trusted friend shared our passwords (i believe he forgot mine, cos I'm password paranoid), and i happend to have logged in once or twice, to his account (in order use his chars to run my lowwer lvl characters) whilst he was actually appearing offline.

On each of those occasions, where i logged in, as soon as i click one of his characters, and it loads up in whichever town he's in, i get booted.

So... even if a hacker did get your password i find it very strange that he was able to boot you off your session, and more so that he made a conscious decision to kick you off your session(unless... you were appearing offline?)

I know for a fact that if i were a hacker, and i could kick you off a session, i would wait until i knew u were offline, before i did anything shifty.

The kick is automatic. As soon as a second person logs into the account, the first one is kicked.

Something is going on here, are all the breached accounts linked with plaync?

From my experience, when you log on someone's account while he's logged in, that someone gets error 7 and is disconnected.

The users security should be tighter and that's about it. There is no hacking involved at all.

People who claim that they got hacked were simply uncautious.

Let's see the chances of either.

1. You downloaded a keylogger/trojan, gave your info away, used a weak password for a known email.

- You do not even need to download trojans activly. There are browser exploits to do that for you. Furthermore they can be hidden in pictures, email attachments and other media.
- Your info is available on several forums and a lot of people tend to give their email addresses away for whatever reason and use their [email protected] as game account. That combined with a weak password is another good way to get your account. There is still the option to exploit forums to get a database full or email addresses. While it is unlikely to crack a salted vBulletin password hash there are a) other forums that have your data with less security and b) email + weak pass is enough in some cases.

now compare this to 2.

2. The account really got hacked, meaning someone got access to the Anet database containing all account information.

- That would require access to the server. Chances are the Anet servers are protected about 10000000000X better then any home PC out there. It is still possible to get on it though.
- Next problem is finding the database. IF a real hacker managed to get access he has to find the database. Now you can be pretty sure that the database is hosted on a seperate network requiring him to find this server and gain access.
- Accessing the database. For the very unlikely case that someone really managed to access 2 super protected server networks fast enough to bypass all logs and security measures he still needs access to the database. You can be sure that Anet or any other online game does not use MySQL or text files to store your data so there is a big chance our hacker faces a system he doesn't know or where he doesn't know any exploits for. Now he has to gain access fast enough not to get caught.
- Cracking the passwords. Even the GW ingame packets are encrypted with a key nobody managed to find yet. Now the passwords won't be plain-text so even if our hacker gets the hashes he still needs to crack them or have enough access to the database to find his own hash and replace all others with it to have the password.
- Getting out without traces. Now if he succeeded to perform the whole chain he still needs to find the logs that had his traces stored to delete them. A lot of companies store log files on a sepearate server...you know what that means + most professional networks are mirrored so he needs access to the mirror containing the logs too.

Is all of that possible? Yes. Very unlikely but possible since nothing is impossible to hack. Would anyone go through all that for some ZKeys and Ecto? Never. It's just not worth it since anybody that could perform all this should have a million better ideas to gain profit and even if someone had access. Why should he take your items when he has the power to create stacks over stacks of items with full access?

Now compare the chances of the scenarios yourself.

1. the lost account being your fault

2. someone really went through all the above to sell 47 ZKeys, some Ecto, some gold.

I do understand though that nobody would confess that he downloaded something from a unknown source or visited a suspicious website. After all it would destroy your self-given right to QQ.

Something nobody considers is Social Engineering. Read it up. People are smart enough to ask the right questions to get the answers they need without you knowing it.

Gratz on catching him before he nicked ur stuff

Only partially correct. Security is a two folded responsibility. The User and the provider.

I doubt it's the server that has got hacked, more likely it's the client which since it resides on a PC where it can be reverse engineered is by far the most vulnerable target(after the users PC).

There have been hacks to the client in the past, which allowed people to mess with others(such as crash their clients) so it's my suspicion that the recent spate of hacks we have been seeing is related to that.

Not everyone who has had their account broken into has no firewall, AV or spyware protection. Some are very well protected to the point where it being them is very unlikely.

Going back to the first point, Anet and NCsoft can't just point to the users and go it's your fault! They have a duty of care to ensure the security of their game, some of the security(or lack of it) in for plaync(for example) is shocking and has been an outstanding issue for well over 18 months.

Also, I made a discovery at official wiki: wiki.guildwars.com

I just downloaded TexMod from there (Main mirror and first secondary mirror), and my av get nuts, not in the usual form. Usually, it yells me that the file has some unidentified trojan, but now he is telling me that the file has a virus called: Lineage2.Keylogger. I'm putting on quarantine that downloads on wiki.

I'm not saying it shouldn't, but the point is - so should PlayNC's. Even more so because they are providing a service for their customers (us) to use.

QFT

I agree. ANet and NCsoft do have a duty of care, so they need to find out what is happening and stop it pronto. Also it is completely wrong to just blame the person with the game - a lot of people have good security. Even changing your password regularly doesn't help if someone is able to hack their way in.

So in the meantime, AB is a no go zone?

You are right. They don't use MySQL. They use MSSQL on W2k3. Google it.


Don't talk about stuff you have no clue about. If someone would have direct access to Anets DB there would no need to "hack" player-accounts.

And of course it is very hard to gain access there, so you probably take some sidesteps. How much do you think this DB here is worth? 16ok users... 5ooo$? 1ok? 2ok? ...

Ofc, they will use salts, but it won't matter, because there are enough users with passwords like 'gwen10' or 'gw12345'.

Exactly. That's how it's done in 80% of all cases if you really want a *certain* account. If you just want to make money with ebay tough, you have to catch as many stupid people as possible.

That's not possible and you have to thrust me on that one. Without going into deep details, i can asure you will get never direct connections to any player in GW. The server supervises all that. To tumb it down: Look at this forum - i won't get your IP-adress or anything if i am not allowed to know, because the forum software on this server manages it. Only people who are have permissions to know that stuff (like admins, mods, etc.) can see it. Of course there can be exploits, but as said - if you're on that level you would not need to hack "clients" - you would just abuse the server itself.

I won't drive THIS debate, but stuff like "personal firewalls" etc. are totally useless.

I never got "hacked" nor did anyone of whom i know that has some basic clue. I know how that sounds, but that's how things are.

The only connections I've seen between all hackies (by all their stories) is that they're GWGuru members.
I don't browse other fansites, but are there people on other sites getting hacked aswell? Additionaly, any info on alt GW sites regularly visited could be quite helpful.

Amen to that. You can't even use stuff like !@$% or _- for your password, it's only numbers, a's, and A's.

Where are you getting the download link from? I say this because the link I used originally:

http://wiki.guildwars.com/wiki/Guide...-game_graphics

...links to Texmod hosted on a FileFront server that doesn't even have mirrors for it. Just one link. FWIW, I just downloaded Texmod from that FileFront link, did a virus scan on it (and the Texmod.exe file inside) with Avast and a-squared free malware scanner, and compared the MD5 values with the original Texmod.zip I downloaded late last year, which is still on my hard drive. Same exact MD5, so Texmod, at least from this location, hasn't been sabotaged in any way.

Is this a different link than the one you used to get Texmod from? I ask because I have a friend in-game who was hacked this week (and lost a fortune). He thinks Texmod was the reason why it happened. I tried to tell him it couldn't have been, but if there are sabotaged Texmods going around with keyloggers inserted (not unlikely if you've ever tried to download other .exe or installers in the past from shady locations), then this is a serious issue. FWIW, Texmod is a standalone .exe file. You just open the folder and double-click the .exe to run it. There isn't an installer for it. If you download a version of Texmod that asks you for installation, DECLINE/REFUSE/CANCEL immediately.


Here's the MD5 of my "ok" Texmod.zip:

TexMod.zip
MD5: 2291F3095F14EFB847D366E2FBE4BE51

So what would you think about someone gaining access to your account, and deleting your characters? Titles... HoM... *poof*

Yes. I would like at least some reassurance that something is being done. Not just "one guy in Germany was caught and banned". Is the method he used now prevented from working? Otherwise, new account and IP and he's back in business, or maybe he passed the method to others.

But most of all I want A-net to take our account security SERIOUSLY

Why no lockout/delay after x failed attempts?

Why does a player gets kicked out when a second person gains access? I'd like to see an ingame message telling me that someone else just tried to log on, their IP address, and the option to /report instantly.

Why can't we set a character to "undeletable" or delayed deletion, so that even if we lose cash/items we don't also potentially lose our characters/titles?

Why does PlayNC password changer only allow numbers and letters, and not the extra characters from a regular keyboard?

FYI: anyone can get your ip (and ips of tons of guildwars playing people) by just posting link that those people will follow to forums or wikis.

Image is link that all browsers autofollow. all you need to put to post is transparent 1 pixel size image.

If you want IP address of someone specific, you just send him PM on forum with that image and check your server logs some time later.

One funny idea is that if (hypothetical, anet don't bother looking for it) remote attack on GW client exists people can get nailed down by browsing forums or especially wikis as they usually do it with client open and game running.

(Baseless Fiction Imagine if someone didn't need to break your password, only steal your session. They get you 007, they use reconnect and bingo, breached acc without them even needing to know your password/email.



IP is known, OS is known, browser is known (and more). And you know that that person has GWs installed, and is serious enough to post to forums, which means that he has stuff worth stealing.

Remember, attacking your machine directly is quite easy unless you are behind nat or firewall.

This is alarming.
Your quick reaction to reset the PW probably saved you, Jetdoc.

Should this not be stickied, thread title changed, people given a warning?
I did not really about read the account hacks of the last two weeks, I usually assume social engineering, carelessness or general stupidity.


But getting hacked while just playing in an Alliance Battle is really creepy.

This is much more serious than the usual "hacks" and really demands some official statements.

MSSQL? Ok didn't know that but it is worth a lol.

And I never said that someone had access or would go for it to gain access. I just commented on how hard it is to get in and some things involved with that. I even said that with access nobody would go for other players accounts but mod the own.

And 160k...well 5 million sold copies is 5 million unique and validated email addresses so it is worth a lot only for that. But still, there are other databases with unique accounts over 1 mil that are easier to aquire.

It's not important though, since it was just one of my examples to show that no "hacking" is involved at all especially seeing that only some ectos and gold were stolen.

I am still sure that ALL reported account thefts are results of either Social Engineering, keylogging or public email + easily guessable pass.

A lot of people use their name or forum name as plaync account name. So basically all you need to ask is the birthday. That alone would lead you to the form for the security questions and there are still a lot of people stupid enough to give correct answers there. All questions are perfectly designed for integration into a convo and that's what I meant with "user's security".

And again, I am sure that nobody would confess that he gave his info away, downladed something suspicous or bought gold with direct transaction onto his account.

As for the modified client...already said



Not going to happen. Excuse my badass painting skills please.

After some thought I think you are right.

That this happened while Jetdoc in AB was just coincidence. He must have fallen to the "usual" methods.

The idea that someone can hack random people that are online at will and hijack their accounts is more a nightmare than something that can really be possible without major effort.

You've escaped me for the last time, Jetdoc. You won't be so lucky next time.

I don't know a whole lot of the whole wiki page editing thing, but what's to stop anyone from changing links to valid, clean mods into links to mods with a trojan or keylogger payload?

Wiki doesn't sound like a place one should be clicking download links from.

Those are certainly the most likely causes. However, I don't take your "it's always the user's fault" head-in-the-sand attitude.

I use "strong" passwords, I don't ever tell people those passwords, or write them down, or store them in shortcuts etc. I use different passwords, email addresses, and login names for different things. I am aware of social engineering tricks, and I avoid giving out personal information of any kind in my everyday life. I have a lot of different security software running on my PC.

But despite all reasonable precautions, I still don't feel like my account is safe. I do not underestimate the resourcefulness of people determined to steal, or their ability to eventually find some way to get into other people's accounts. I am also not so arrogant as to believe I can *never* fall for a scam or my account can *never* be stolen. After all, I do use similar user names in various places, simply because it is convenient for friends to recognise me across all those places. I take that risk, and rely on different passwords for protection.

If I ever get my account stolen, people like you will tell me its my own fault for using similar user names - or even that I *deserved* to lose my account. Perhaps you'd be right. But I truly think it's unreasonable that ordinary people have to use different names everywhere they go, be constantly security-conscious, be careful of what they say and who they say it to... to make up for poor security in the things they access online. Especially when those things are just for games and leisure. Choosing a good password at each place and keeping it to yourself, *should* be all that's needed.

Most people are just gamers. They don't want to be computer/network security wizards, ever vigilant and defeating an unseen enemy. They just want to have fun. I think it's important to remember that - and A-Net should do everything they can to protect our accounts. Right now, they AREN'T doing that.

They can't stop people being stupid, using the same weak password for every login, telling it to somebody etc... but they CAN make it harder for other types of attack, and give us the ability to protect our characters from being deleted.

You should all form a big security company, you seem well aware of all technics used.

Unfortunatly since your main argument is "never been hacked therefore me>u", it's going to fail pretty bad when you'll discover that you know approximatly nothing to what's going on.

I'll quote myself:
http://www.guildwarsguru.com/forum/s...6&postcount=49
What's weird is that it didn't receive any answer. I wonder why.

I think it is obvious. Unknown keylogger/trojan.

There is no reason why antivirus software should be aware of this kind of software if it is very rare (say, someone wrote one in order to get someones specific account, or it was deployed in very small quantity - 10s of infections.)

AV softwares only chance of getting this is Heuristic scans, which are very unreliable and generally only work if author does something stupid that broadcasts "i am keylogger"