Recent Accounts that were hacked

Yes, but then the victims will get auto-banned by the anet bots that search for large one-sided trades (we've seen this happen many times)

This sounds dubious. I mean, if all these people had visited some site or installed some app, then this should have been IMMEDIATELY communicated to the player base, so that they avoided them. I can understand keeping a hush on it for a few days after the initial incident, but to drag it out for over a month without saying why, sounds unreasonable.

The only thing I can think of to explain these covert activities, is that something happened on their server-side end. In fact, using so many resources in an effort to actually recover and return stolen electrons seems to support this premise (and violate established precedence).

As to a rollback, it seem to me that any 'modern' backup database stores stuff as files, and certain files (e.g. account data) can be loaded over the current files. Perhaps they have a piss-poor implementation that doesn't allow this to occur while the servers are 'live', whatever that means/entails. However, it seems a choice could be made if such a 'simple' backup system existed:
1. Sacrifice past month's account activity and revert to stored account
2. Do nothing (e.g. forget about losses and save month's 'achievements')

And finally, as to item tracking, they'd need some kind of unique 24/32 bit key for each item, and something else similar for 'stacks'. As they only use 8 bits for stack item count, I doubt they have the space for such additional item info. As to text logs for player activity/trade that they 'apparently' maintain, scripts would need to be written to parse them in certain ways (e.g. for some date, for some player/item, find line -> feedback loop to follow trade further). Perhaps it's actually databased (doubtful, prolly rolling text log) - code still needed to query...

I disagree.
It could well be that this is a client side incident executed by a single individual. That way only a very limited (relatively) amount of accounts is affected and there is no need to inform the community at large.

That would also make it possible to track some items back, those items that would be on that account or on accounts traced back to the same IP address (assuming no dynamic IP).

How this attack was executed doesn't really matter.
Everyone will tell you that they did fine, no-one who gets hacked has a key-logger or trojan on his/her computer and they never reused a password anywere. It's easier to blame the company providing the hacked account, in this case A-net while all research on security shows that there is a 99.9999% chance that an attack is client side and only a 0.0001% chance that it's server side.

Let's assume it's server side. First of all, if I were a hacker I would brag on what I did in the hacking community. I didn't catch any of that.
Second, I would loot as many accounts as possible. And since I'm a knowledgeable hacker I would inform my friends (there are very few hackers who operate completely alone) so they also can make some profit.
This would result in a far greater number of hacked accounts than we are aware of now.
The only reason why this didn't happen on that scale was when the known hacks were a test-run. But I doubt that, it's easier to do that with 'safe' accounts, like a primary and secondary or a friend's account.

I really doubt that this is a server side related issue, all signs point the other way so far.

i have no 3rd party programs running related to guildwars, visit no gold buying sites, never sold items online etc etc. after my account was "hacked" both norton and avg detected 0 viruses/keyloggers etc.

They wont roll back the servers, they are just going to give the items back that they were able to track. Yesterday i was the first to recieve the items that were stolen, and im assuming anyone else she talked to will soon be getting a similar email =]

If they really did go through the trouble of retrieving items and giving them back to their owners, I hope that's their way of saying that the security problem was on their side. It's a little scary to think that they would be willing to go through that much trouble for people that buy gold and/or download software from shady websites.

For the past 4 years, we have been told that nothing could be done if our items were lost, so this sudden change of tune is a bit weird. Knowing why the most recent incident is being handled differently would be nice.

Since it's a hypothetical situation with no evidence to actual peruse, who knows? Did the hypothetical attacker break into the PlayNC site, or did they just brute force a weak password. The former would be a breach against PlayNC, and thus their responsibility. The latter is the player's problem as it's their responsibility to use strong passwords.

Those are two entirely different things. A person will generally only use a very small number of different IP addresses to access Guild Wars, even over periods of years, unless they move or switch ISPs. Even then, most of the IPs will all be on the same subnet even if they're different. Spotting one wildly different IP address all of a sudden is not difficult, especially since an IP address is an inherent part of any bilateral communication on the internet involving any software or hardware it touches, making it easy to record. Trades, on the other hand, could easily number into the thousands. Recording and then combing through them for each person who has a problem would be much more time-intensive and difficult, and would also require an explicit effort by the company to devise a system for doing just that. Not a good way to spend resources, in my opinon, since the majority of stolen goods are not ANET's fault.

Hear, hear!

The reason this incident has been handled differently is because we would like to provide our customers with better service. If we are able to retrieve stolen items, which again I stress is usually impossible, then we would like to be able to retrieve them and return them.

We extensively investigated this incident, tracked down, and closed the accounts that were involved in this. I have been given clearance to let you know that it appears that this hacker logged into the compromised accounts by using account credentials that he or she had already stolen from somewhere else. Our advice to Guild Wars players is to use a unique password for Guild Wars that has no relation to passwords that you use on other sites.

Was Reading a Couple days back about how there was a large scale wave of hacking being done, and many accounts were hacked and their Zkeys/Cash/Ectos/Whatever was Looted and in there spots, Replaced with a lowend Crap item.

Is this still going on? or has Anet cracked down on these people?

I read somewhere in-detail what actually happens during the process that your randomly disconnected and trying to reconnect fails and anywhere from minutes to hours later your shit is gone.

That random Disconnecting sequence has happened me to more than 2 times early today, Its not my internet or anything, so this is why im wondering now.

Any news on this would be Great, and if anyone has any good tips too would be cool.

Regina just stated in another thread that it appears that the hacker got into these accounts by hacking a different database, retrieving account names and passwords, and using them. She did not state which database.

Long story short: if the password for your GW account uses the same password as the corresponding e-mail account, or if you use the same e-mail account and password for any internet site, forum, or what have you: go change your GW password right now.

Hackers are always present. Some tips...
a) don't use your guild wars e-mail to register an account in a Guild Wars fansite/guild site.
b) have a good password, http://www.whatsmypass.com/?p=415 instead of one of these

Hackers are never a threat in the first place, if you're smart.

Well, if they have comprimised a database containing Usernames and Passwords then being hacked wouldn't entirely be the persons fault.

Personally, none of my passwords are the same and I use different emails for everything just to make sure things are safe.

Although at the moment, if someone hacked the email my GW Account is linked with, I'd be very suprised, considering it doesn't seem to exist anymore =/.

do what i do-- use a completely random and non-associated email as your GW log-in and never use that email outside of GW. simple.

Not that hypothetical as it happened as written to me last year.

In regards to getting stuff back to hacked players the way we helped was as a guild pretty much gave anything we could to the few affected players and while a toon or two was deleted the majority of stuff was replaced by guild generosity.

I know how paranoid some of the people in my guild are about passwords and the fact that they got hacked has left me wondering just hoe it could have happened. Must be related to a keylogger being sent to the same email address used to log into GW.

Anyway guild generosity ftw!

There is another possibility, there is a really good looking website that is guildwar.com. It looks real but isn't.

~fake~fake~fake~

Hey guy and gals, just cleaning up the rumors started in this thread. A GuildWars GM can't spawn items or create new ones... ever. There is one exception however, using a Master GM account (one of Izzy's account is one) the GM can use a command similar to /bonus to recieve an item that was coded to be released to that GM (However they may only use this command once, hence they cant spawn 500 Vizu's, only 1. Like Kuunavang.). When Gaile was given her Frog mini's, Izzy was given them, and he then traded Gaile the mini's.

So, basically to summon it up, their is no way to give back items unless their going to find what was deleted and give everyone who lost their stuff a special /bonus like code. Hence they people who are scammed cant get back their items and so forth.

Hope that cleared it up, thanks

Markaedw, guildwars.com and guildwar.com are both ArenaNet. It's a legit guildwars.com website. Just strange the way they went about it.

I would like to emphasize what HawkofStorms has said here. Please don't use your Guild Wars game account information on other websites. It leaves your game account vulnerable to thieves, like what happened in this recent incident.

Might I mention, that posting your email address in threads of any type of forum (game, guild, etc.) is another "DO NOT". Always keep in mind that farming the internet for email addresses is an on-going business.

Your email address is one half of your logon. If, in addition, you keep using the same "easy-to-remember" password, your game will eventually be hacked by someone.

I actually took the bait the other day and initiated a conversation with a guy wanting to buy a trial key. Sure enough he "needed" my login and password so he could transfer money directly into my account... Sure buddy...

Unfortunately, if you use the in-game store, it locks you in to that account name (email account) forever. Many people may not think of that when signing up on forums. The Xunlai house does the same thing, locks you in to the email address you sign up with.

Would be nice if you could change the account name even after visiting the in-game store

no one would ever guess my password in a million light years. Yessire supercalifragilisticexpialledocious is the best password anyone could use.

TBH, knowledge of the e-mail account is not really a problem.
My main account e-mail address gives quite a few hits on google. My second account which has been targeted in the past gives only a few hits.

On in-game store and XTH, it's vital for A-net to keep that information confidential.
If they somehow leak the user-accounts it would mean serious disruption of business and a lot of time and money on cleaning up again. So I would not worry too much about that. It's the same for my employer, their web-site is a vital part of business and incidents on it are handled with extreme care because personal data is involved (besides this regulations demand this). The site is audited frequently, both black and grey box. When major changes are done white box (all code and equipment knowledge is available to testers) auditing will take place.
I see no reason why A-net would not have taken similar measures.

General advice, don't re-use your password and use a 'throw-away' account for anything you don't really trust. For example, I used my second account on GWG, not because I don't trust GWG or Inde (I think incidents are handled great here, specially considering this is a non-profit site) but because I have the rule to never use my primary account on forums and such.
But as stated at the start, the knowledge of a valid GW account isn't a problem.
He/she would be guessing passwords for the rest of his life of it's not a very obvious one.

Getting your account name out in the open will open you up for targeted phishing attempts. That still shouldn't pose too much of a problem, except, phishing does work on some people.

Especially when you misspell it.

@the_jos Not everybody has multiple accounts or use multiple passwords. So getting your account e-mail address exposed is a problem, if for no other reason than that you can be attacked from different angles. Your game, e-mail, forum, whatever other site your address got lifted from, are all subject to be compromised.

Tht makes sense; lock up a common misspelling before someone else does.

Yes, your e-mail address is out there to be found on google. The thing is, by registering that e-mail with a GUILD WARS website, the hacker knows you play/use Guild Wars.

People sending "Nigerian Finance Minister" e-mails to you is one thing. Those people just want valid e-mail addresses which is easy to find. But GW hackers need e-mail address that are also linked to Guild Wars accounts. What... maybe, 1 in 20,000 e-mails addresses in the world (conservative estimate) is a Guild Wars account. Then they have to brute force the password.

Knowing that you play GW and what one of your e-mail addresses is (which may or may not be your account e-mail) narrows down a hacker's work considerable.