Do hackers ever stop here?

awesome, glad anet is looking into it

ANet is going to CALL people? Wow that is pretty cool... usually you have to call them.

Well I hope you get to the bottom of it Regina, I don't like the idea of people being able to access accounts when those people supposedly didn't make a mistake.

Sent in the email Regina, thanks for the concern

That's.... more than a bit worrying. But at least they're working on it? O___O

What if we already filed a ticket? Should we provide another email? or should we continue to addon to the plaync ticket information?
Is there any other advise you can give us in the mean time?
Stay loged on? Don't login? Don't do online bill pay etc?

If your incident fits the criteria, go ahead and email the address above, providing all the information listed. Also include your support incident number as well, so they will be able to cross-reference the information.

Continue to work with PlayNC, and let them know that you have emailed the Support Liaison about this.

Let's get all the facts together, with the help of all affected users.

Strangely the only reports of those incidents I've seen here in this thread, and none on other forums or wikis.

By the procedure of how the hackings were done it's clear that it has to be a RMT company, it's a massive scale project they're doing in a great hurry.
They're not malicious so don't delete any characters, they only rob, as fast as possible.
They only take top value quickly sellable items or pure currency (gold/zk/e) and always trade some junk back as a mean of preventing automated detection.
They're in great hurry so often miss obviously valuable items.
They don't change passwords - they most likely can't - it may mean this method doesn't allow that, or they would do it for sure, as accounts are more valuable to them than some money.

So some Questions that hacked people should answer, so we get more facts:

Admin Edit: You are asking questions that could compromise someone's account security.

I'd just like to add that the same happened to me. (Had to be between Monday 01:00 and 14:00 GMT+1) Someone traded my 75e for a Mini Windrider, nothing else is missing.

I've sent an e-mail to the Support Liason per Regina's request. This will hopefully be sorted out soon.

Haven't been hacked, just scanned my Gw.exe here. Mine's completely clean it looks like?

Stop feeding yourself to the phishers.

Ok. After reading about how everyone, including myself, who have been hacked over the last few days I have come to a conclusion. There is something we all have in common that a hacker could exploit. While we all have all these badass security thingies and un-beatable passwords, none of it matters if i am right.

If we look at this situation holistically...it tells us that the hacker has a very easy way of getting in to all of our accounts... the hacker hacked Anet.

It makes perfect sense to me. All our account info is there, emails and passwords. They can see when we log off, and there is probably a way to validate what is in the inventories of what ever accounts they look at. Why not go after the super rich? I am guessing they haven't come across those accounts yet...

Anyone see my logic here or am i paranoid?

I believe that ANet would have realized and halted any attempt that was targeting them directly to harm/steal other players' accounts. Someone hacking ANet or Guild Wars would be the easiest explanation for it being the most easily visible common factor. However, that seems like the least likely as well, and they probably would have told us already if there was a security breach made/fixed at their end.

I agree. I would also narrow it down to our web history, I use Opera 9.63 and I'v visited a number of gaming websites (gaming websites would most likely have gaming trojans) in the days leading up to the attack.

Which ones do we have in common? GameTrailers? Aion? NcSoft maybe?

Thought I would hop in and mention that my hacked friend got a call from Gaile Gray herself less than an hour after emailing with what Regina requested, so this is being taken very seriously.

I'm highly skeptical of this, having coded high-level language assembers, as well as multi-threaded OS's. Perhaps the AV scanners finally use dis-assemblers and look for certain signatures, but it's more than simple to add memory/register swaps and use different registers to fool them, as well as simply changing more efficient instruction combinatorics for less efficient ones (or vice versa)... I'm betting adding buttloads of assy (conditional) jumpcodes fool most scanners, but I've not done a lot with detection. An 8k vs 20k vs 60k vs 640k keylogger gives a lot of room for *fudge*... I'm also suspicious of your use of the term "heuristics", having developed them for AI routines, but whatever (I suppose people still consider spam filters to be AI)...
Did I not say *SOMETHING LIKE*? (checking...) "AKIN." As in, similar. How do you think most exploits of servers are found? Usually by sending strings of (more-or-less) random gibberish, and hoping that one of them causes the server to JMP (or fall through) to unexecutable (or out of range, or different range) code.

Who said *YOU* are the one swapping sessions? This may be the result of unintended faulty server-side code. As in, some session variable that should be CONST somehow gets overwritten by unintention, thus setting it to point elsewhere (merits of C++? LOL)...

101? Nice, Thx for the flames. You make the bad assumption that the in-house add-hoc compiler used by GW coders is *MODERN* (or complete, consistent, "peer-reviewed", etc). Are you going to jump my ass in this thread (like the other one) based on some technicality? Did I NOT say 2 was unlikely? (checking...) "QUITE A STRETCH." Pls, take the flames to private chat in the future.

There are two things that a person would need to quickly, easily, and successfully hack a GW account: a password and an e-mail/account name. You would have to compile a search based on where and when one of those two things was used at some other location than the GW client.

I'm sure that Regina would prefer that we send any such details to where she has directed so that they can be the ones holding the info and not have it posted here publicly on a forum.

One thing I'd like to bring up is that we don't really have any certainty as to when the information to our accounts was compromised. We just know that it was used against us in a short period just recently. This could have been a collection that was in the works for some time now and just suddenly activated.

From what I've read so far, this is a blaring coincidence (until shot down!).

I am working under the assumption that my login info was never divulged publicly as an account; not taken from another website. I was thinking along the lines of an infected webpage that spread enough trojans to infect enough computers that some contained mmo accounts that could be stolen. Once you login, it grabs your login packet and sends it to their server. So they could get any account they have prepared their trojan for (gw, wow, eve, steam, whatever they wanted really).
So then, what site was it. And if i am wrong, and it came from a single or mutliple other sites that we all have accounts on we should be able to single out what we have in common.