Recent Accounts that were hacked

it was "a mistake in security"? can you prove this statement, or elaborate?

i'd just like to say to all the people who have posted in this thread who are arguing whether or not ANYONE who has their accounts hacked should not recieve some sort of benefit from anet is just dumb. If your account gets hacked, looted w/e it sucks, you want your shit back, if anet can do something about it they should, whether that be in the form of all of the items you lost or only the gold etc. I know this isnt how it has worked in the past but in an ideal situation this is how it SHOULD work. I know sometimes its legitamately the person who got hacked's fault that they lost their stuff, but in my experience this has not been the majority of cases. For everyone else who has lost stuff, its frustrating and infuriating and its very easy to point the fingure at anet for some sort of assistance who basically in response will say "lol your fault u got hacked pz."

with that being said, i was a victim in the febuary incident, and through strict confidentiality with anet the persons who lost items in question were not supposed to talk about anything that has to do with how this happened or why or who, no details. This morning i did however recieve another email from support saying that they did track some of the items that were stolen and depending on which items were taken they might be able to give them back to the original owners (me).

To be honest i was suprised, i had expected my items to be long gone and didnt even think they would return any of them. I am still wary as to whether or not its going to happen, and will remain skeptical untill i see it actually happen. I dont really see how this sorta thing should remain confidential considering its a great thing for the comunity to know that anet is actually trying to retrieve stolen items and return them.

The thing that is upsetting as cacti pointed out, was how little of help has been given to people who have been keylogged etc and had their whole accounts wiped out. I have never had this happen, but several friends have had it happen and ive given the majority of my money and countless hours of help in an attempt to just redo old charcters with titles and areas etc. I find it slightly upsetting, maybe all that needs to be done is for anet to be a little moreinformative with individual circumstances idk. In my experience with what happened over febuary they were extremely helpfull, and even though it took a while to get my support ticket sorted out because of an massive overflow of support tickets, my ticket was sorted out in a timely manner. Its just that in my experience this is not what has happened to players in the past even though the severity of the incidents was far worse

yesh...i remember it very clearly. it was during the sorrow's furnace era. as forth fly said, it was because of the npc rune traders bug'd up.

While clearly it sucks to get hacked, or even just scammed in game, my feelings are Anet shouldn't have to waste time fixing it unless Anet did it. Sorry, but I'd rather resources go to preventing future hacking and developing the game for the entire community rather than recovering items for a percentage of it.

I haven't received any items back from what was taken last month. I don't expect anything to be given back. If they would have had any intention of doing so, I'm sure they would have already contacted the affected persons about doing so.

Knowing that they've finally traced back to and eliminated the source is fine enough for me, but you're gonna have to show me where they've said that rather than claiming you heard from a guy that heard from a guy.

In an ideal situation maybe, but in the real and imperfect world, what you'd actually wind up with is people who collude to trick ANET. You tell your buddy your password, he "steals" all your stuff, sells it, launders it through other accounts and friends, etc. Then you "discover" this theft, tell ANET, they ban the now emptied account that "stole" it all, give your stuff back, and now you and your buddies have twice as much stuff as when you started.

ANET can't differentiate between different types of behaviors. Any given victim knows more or less what happened, but humans are humans and ANET can't trust their account of an event anymore than it can the attacker's. Sometimes it's obvious what happened, but most times there are subtleties that put ANET in a very bad position if it takes on any of the responsibility for cleaning up the mess. What happens, for example, in cases where somebody buys a rare mini pet that was stolen? Do they just duplicate it and devalue it for everyone, or do they take it back from the person who had no idea they were buying stolen property? How does ANET address that "fairly"?

It may sound harsh, but your computer security is nobody's responsibility but your own. ANET has no responsibility at all to ensure that your computer is being properly maintained and monitored and, as such, has no responsibility to compensate you for any damage done on your account as a result of a breach on your end of the connection. Exceptions granted, of course, in cases where ANET's software actually causes or enables a breach.

In the vast majority of cases, we are not able to return items. This is for several reasons. When an account is stolen, goods are usually moved off of that account extremely quickly. It is usually completely impossible for us to identify items that are stolen from players with 100% certainty because they are salvaged, sold, or traded to innocent third parties.

In this _specific_ incident, we were able to track a _few_ of the items that were stolen. We are in the process of returning those few items to the small number of people who contacted us in the three weeks following the incident. Our support team spoke to these players via phone to help get us more information about the hacking incident. We were not able to trace and retrieve every stolen item for the reasons outlined earlier. Those items that we were unable to trace, we were unfortunately not able to return.

We were happy that we were able to track down the stolen items this time. 99% of the time, we're not able to do this.

Thanks for the clarification, Regina. It'd be nice if everything could be returned, but it's good to see that not everybody is going to be walking away from this empty-handed.

Good news Regina.
So it's safe to assume all the hackers were identified and banned?

thanks for clarifying regina, thought for a minute i was losing my mind as everyone thought this was somehow impossible lol.
like i said i think its a GOOD thing that youve been able to do this, and i was unsure of the circumstances.

I've never seen Anet give back any items, except for that 1 roll-back. Is this an admission by Anet that there was a security problem? Because the overwhelming response from Anet has always been to protect your account so this stuff doesn't happen and live with the consequences.

It also begs to question what kind of precedent they are setting. Now we know that if they act quickly enough you can get your items back. I mean this hacking was weeks ago, and they are now saying that nothing's happened to those items in all this time? They just have been sitting there and they can give them back? I think this was a bad move by Anet's part. I mean, I'm glad that they are actually trying to help players but this can only escalate and now all those past people who were hacked have been snubbed. Not to mention any future people who get hacked. What is Anet's response going to be to the next person who gets hacked and reports it within minutes/hours. By this reasoning of Regina's they should fully expect to get their items back if they act quickly enough.

I for one would like to know the extent of the security problem? if one exists at all?

My account was one of the accounts that were accessed (and i am a security paranoid person at the best of times) luckily i lost nothing because i store everything and pretty much anything valuable or otherwise on another account, but if there was something i could have done to protect myself even more then i would like to know.

On the other hand if it was a problem arena net/guild wars side then it would be great to hear instead of everyone thinking they are at fault some how.

__________________
Honesty is the best policy...

Going by that what would you say about items that were stolen from an account. The account password had been changed by the hacker and the account was linked to PlayNC so the PW change had to be done on the PlayNC site.
The PlayNC PW was different to all others as was the GW password(both over 10 digits in length and alphanumeric).
No keylogger was found on the victims PC and neither of the other 2 accounts on the PC were touched. Just the one linked to PlayNC.

Is that the fault of the victim or PlayNC/ArenaNet?

What happened between the time of the incident and today is that our support team has been investigating every possible angle in this incident. We're not going to discuss the details of the investigation. Investigating these incidents can take some time.

I think it's not quite correct to state that players "should fully expect to get their items back" if we act quickly enough. It's not necessarily a matter of our response time. If we're made aware of an incident five days after it happened, and we act fast to ban those accounts -- but between the time it happened and the time we were notified, the stolen items were moved off of the stolen account, well... As I said before, the vast majority of time, we are unable to recover stolen items.

We are working very hard to improve our customer support, and one of the ways we are trying to do this is by attempting to return stolen items when we can. The circumstances of this specific incident allowed us to recover the stolen items. Not to put too fine a point on it, but again -- the majority of time, we're unable to return stolen items.

I find it hard to believe that they cant track items. When my account got hacked last April, support did tell me that my account was accessed by an unauthorized person from Germany. Now if they can tell that someone from Germany accessed my account, Im sure they can see trades that person made.

Then what about the infamous 112 or w/e number it was, They could tell they accessed a certain area & how many times they accessed it.

What about the Real Money Traders? They can track Real Money Trades but not scammed accounts?

Now we hear that 1% of the people that got hacked last month are able to get their goods back.

Freakin BS!

They can and always could gives goods back, they just choose/chose not to do so.

Do you even read what Regina just typed...?

If someone was able to steal account information directly from the PlayNC/ArenaNet servers, that would be a critical issue. I'm not sure, if any company would admit this anyway.

If account information was stolen via keylogger or some other security hole in player's computer, it is like throwing you house key on the street and then complaining to the authorities because there was thieves in your house. In that case one must pay from his mistakes and learn.

I have played online games about seven years, but never encountered account theft.

Actually I was typing that AS Regina posted.

and nothing has really changed in their response cept "NOW theyre looking at EVERY angle" and "The circumstances of this specific incident allowed us to recover the stolen items."

I still think its funny they can track what everyone does in this game but they will not give goods back.

I'm glad that A-Net finally got to the bottom of this! Too bad they can only retreive few of the items that were stolen. Hopefully they banned those accounts to prevent them from stealing again!

To someone who knows, just to clarify things,

The stolen items are not going to just appear on their original accounts, right? From Regina's first post, I take it that Support has seized control of the offending account(s) and have found some items still there. And through those phone conversations(in conjunction with their logs) have managed to identify who some of those items belong to. The items are going to be transferred off onto a GM account and then physically returned to players via another in-game trade, right?