Guildwars Account Security Sucks.

I guess you live and learn but really this is just plain bullshit.

Anyways. I got hacked. Well not really "Hacked" Just some asshole managed to get my password somehow or Guess it. But how in the hell do you guess my password which was this ----> (6njfxtzvlo) <--- Which is now changed of course.

Anyways the whole point of this thread is this. Looks like you can easily change an account password by only knowing the Old Password. SO that means, Log into the account you want to take from soneone. As soon as you can do that, you go Click Click "Edit Account" Click Click "Change Password", Out with the old, in with a new one password Bam bam Done. BUT if you want to Reset the password like in my current situation to get my account back from this "Hacker". You go Click Click Password Reset Type Type Account name.

Oh Look what we have here. Redirected to NCsoft.com Please, Oh my Jesus anit that just a walk in the park. Why yes of course I want to make a useless Ticket and wait 2-3 Business Weeks to get a reply from a BOT telling me to wait another 2-3 Business Weeks so that an Anet Employee may better Assess the situation, while in that time (OR more like within 1-10 minutes of that time) my characters are Stripped, my Gold is transfered, and my characters are Deleted and the Account sold to the Asian man in the corner working for GW-GOLD-4dirtCHEAP-Prices.com

Why Yes of course I want to do that. GG Anet GG on making Accounts EZ PZ shampoo Squeezie to steal. Man at least make it so that "Reset Password" is something that can be done in-game like "Change Password" is so that I dont have to follow Steps 1 through 64 as stated above. OR at LEAST make the "Change Password" option harder to do then simply asking Old Password for New Password.

For Example. Want to reset the account password in-game like that?
Whats the old password? Then type out 2 of the 4 CD keys used in the Creation of the account.
Dont have the CD keys or bought the games in-store?
NO PROBLEM, Type in the Email Address attached to this Account so that a password change MUST GO THRU Email Validation Like on Diablo 2.

Jesus is that really so much to ask? Once again Anet GG.

Don't expect much from these people they are useless.

Tried putting in a question at NCSoft and it asks me to register after i ask the question EVEN THOUGH IM LOGGED IN and I can't get the question through.

I wish they would pull their heads out of their asses.

It's nice to blame ANet or NCSoft for this but somehow i don't see how it's their problem here.

You don't guess a password like that and unless someone really hates you, nobody would spend their time bruteforcing it(Not even sure if it's possible to do it). Also, let's not forget the fact that the person would also need to know which email address you are using for the account.

Are you somehow saying that someone found your email address AND your password?

I belive that NCsoft handles the account not Anet, and like manager said theres obviously a lot here your not telling us.

Personally I've not had that much trouble with support, the bot reply is automatic - It doesnt mean that they've forgotten you.

Wait your complaining that its too easy to change sombodies password, but too hard for you to do it?

Oh yeah, I can't see any flaws in that - why arn't they paying you $$$ already?

moar laik der r trojan on ur computa

I've had both of my accounts for years. Somebody must have really hated you to go through so much effort.

you did somethign yru not tellign us about , you got a key logger end of story or you told a friend your pw and he got mad at you and stole your account.
or just stop doign thing on the internet that are wrong hacks and heats for guildwars dont work bots programs are there to steal yoru account and so on.

i dont feel sorry for you in anyway. had my account for over 4 years now never once had aissue with it. al though i dont fall for scams orhacks for guildwars. and if i want porn family video is done the street

NOT ANETS FAULT YOU LOST YOUR ACCOUNT ONLY PERSON TO BLAME IS YOURSELF !!!!!!!!!!!!1

No offense, Nightmare, but I have a hard time believing your "case". If history has shown us anything, alot of these claims conviently leave out certain details. The sensible thing to do is to contact support right away and see what they can do. Making a thread bitching about it only makes you seem more suspicious. (Just like those stupid "I got banned threads".

tl;dr

How dare a company who would only gain money by people stupidly getting their accounts stolen (and thus having to rebuy the game) not care about the stupids getting their account stolen?

I bet you probably have keylogger on your computer.
Come on, do you think anyone can figure out the password you had?

o.0

Uh Huh. Key logger, gave friend/little brother access to your account, went to a "gold selling/hacks" - take your pick. The stories are all the same, and un-refutable since this is the age of anonymous internets.

Did you really just tl;dr a 400 wordish post? How short is your atten - Oh shiney!

Still I think you won the Tinfoil hat contest

I'll bet Adobe Flash is the culprit, it's full of security holes. I remember last year my WoW account got hacked (the first time I've ever had malware on my computer) because of a Flash vulnerability that was less than 2 days old at the time. Since then I've browsed with noscript and flashblock so that won't happen again.

Ive had my accounts for almost four years. my friends knew my passes, and i hardly ever changed em, and i never got my stuff taken. to make a long story short, people cannot just "figure out" your password. the person placed a keylogger on your pc which is possible to do through instant messenger and other means, or you told it to them. There is no way to just magically "know" somebodies password. It has to be either taken or given, and from the story you're telling it seems as if it was given.

Seriously though, the people on here that have stuff stolen from them off of their account either do not know anything about internet security, which I know about but am not very careful about it, and nothing has ever happened to me. heck, the only time ive had an account "stolen" was one time on runescape. then i figured out that my friend actually sold my account to sombody in order to just use recovery questions to get it back, but then he figured out i had changed em and he didnt know them.

Whatever the circumstances may be, he raised real problems.

First problem: to change the password, you only need the old password, which means that if they get your password, you have lost your account.

Second problem: if your account gets stolen, you can't reset the password fast enough to save anything, even if you're the one controlling the mail address attached to it and if you've got all the game keys.

Third problem: NCSoft support sucks.

OH S#@%! That is my password too! I knew I should have picked a harder one!

Well, technically your password isn't that strong. To be better, use multiple numbers, as well as case.

6nBiLq65 would be much stronger.

I have 3 accounts, 1 is 4 years old the others 2 years. Now i've never hacked in any game (using cheats is something else :P), and i've never gotten a account hacked. I don't respond to e-mails when they say there is something wrong with servers asking for your password and username or something similar, I don't give out my info in e-mails.

And to say the Support is slow is wrong in my case, the longest i've had to wait was 4 days because I submitted my ticket on friday and that was because I forgot my NCSoft master accounts username and password had to give my cd-keys and such, had no problem identifying myself to them and they gave me new but temporary password (they said I should change it). But I keep records tho of everything, I have also never been banned. If I ever get banned i'll probably know why but atm they never had a reason to ban me and i'll probably never give them one.

NCSoft support does not suck if you know how to ask for help and in comparison to the many other games i've played, they are the ones that have given me the best support I have seen.

Tips:
- Be polite and stay polite (Asking it nicely probably helps alot)
- Give them as much info as possible if they ask for it, otherwise don't give out your Info to anyone. Even if it means saying that you have violated certain agreements, be honest. This part is where some probably say "why would you say that you have violated certain agreements", well it will probably not help you but it might help them to warn others about it.
- Say thank you when they have helped you.
- When choosing a password use numbers, lower and uppercase letters and other characters if possible.
- Scan your pc atleast once a week for viruses, I recommend scanning daily.
- Do not download third-party programs.
- Do not allow your Internet Browser to remember your passwords and usernames.
- Do not use any other pc besides your own to play Guild Wars because they might have malicious software on them.
- Do not use words, names, birthdates as your password.

Oh yes perhaps it's me being paranoid or not but you always seem to get a quicker reply with NCsoft when you go through all the polite formalities.

Hmm... I've played GW for over 3 years and I owned 11 accounts and never have I been "hacked". As everyone else has said to you: there is a LOT more to the story than what you just told us.

That's funny, i have 11 too and have also played for 3 years. I got most of my accounts by hacking but have never been hacked myself.

\0/ reap the benefits, free z keys and travellers gifts.

He probably downloaded a trojan.

Guild Wars Account Security is fine. Your account was stolen because you failed to protect it. This is 100% your fault.

Don't assume right away that if someone says he got hacked is not telling you full story. A few weeks ago, someone logged onto my account (had same password for 3 years, never EVER downloaded any kind of 3rd party program for gw, or any other game. Hell i didn't even download p0rn on this pc) and swooped it clean. Everything worth selling was taken and who inventories of my chars destroyed. Ofcourse chars were found in asian district in GToB.

Guess somebody just picked you out on random and force tryed your pass until he got that right (ther are programs for that)

There should be something like: if you don't get your pass right 3 times, you can't log on for the remainder of the day

From what you have said above, you almost certainly got keylogged, rather than someone trying out random combinations and randomly stumbling across your account name and password. It can happen even if you think you've been completely safe, and have never downloaded or run anything suspicious. Frequently there are security vulnerabilities in regular software you already have, and Adobe Flash is the prime candidate for these sorts of attacks.

Brute forcing passwords in games pretty much doesn't happen unless the hacker obtained the game's password file (that consists of the password hashes) to run dictionary attacks on, which doesn't happen. Keylogging is the most probable cause.

Also, disabling an account after 3 incorrect attempts is not a good solution, because then you could grief someone's account by failing to enter the correct password.

There are tons of Flash vulnerabilities, there's about one critical vulnerability a month; I know, because last year my WoW account got keylogged from a Flash vulnerability that was only 2 days old. For example (this is just one), here's a critical Flash vulnerability from Feb 24 of this year that lets any Flash app take control of your computer.

http://www.adobe.com/support/securit...apsb09-01.html

You can find others here:

http://www.adobe.com/support/security/

Now maybe in your case it was something other Flash, but either way, a keylogger installed by exploiting buggy software you already have installed is the most likely cause, not a script sitting there spamming arenanet's login servers with every possible account name and password.

Please... I doubt it... With a password like his? And "never telling anyone his email?" Almost ALL account thefts are from actions/programs on behalf the owners end.

Thank you. PC-knowledged ftw.

i once got scared when i thought i had a keylogger on my computer.

i was online and suddenly i log off out of nowhere. checked my internet connection and it was fine. so it wasn't a DC. so i figured.. hmm some bitch is trying to steal my account, no f**king way..
so i changed my password everytime i logged on

since i don't know much of computers, like how to remove it with anti-virus or how to format your computer

now my friend has formatted my computer (for other reasons too) and well still have everything

True story.

Of all the online games i have played/own, and accounts i use, never once has one been hacked.
Iv'e never had problems with NCsoft support either, of the 3 times i have contacted them, i have always had a reply within 24 hours.

I have a little tip for account security...

Go here: http://rumkin.com/tools/password/pass_gen.php
Set it to +Num +alpha +ALPHA and 15 characters

Generate a string. Examples:
Now, take that string, and replace some random characters with a couple alt codes, without typing the rest of it, ever.

Now, download this: http://passwordsafe.sourceforge.net/
Put your password in there, and never ever type it.

Account secure, even if you do get a keylogger.

The other thing you can do, which is what I do, is just use the -password switch to the gw.exe command line to specify your password for your Guild Wars shortcut, so that you don't ever type it, so no keylogger will catch it. Just double click the icon on your desktop and you're in game without having to type anything, it's very convenient. Obviously if your machine is not physically secure from other people, don't do this.

Its not their fault someone had your password, its yours

I don't entirely think that may be safe... If you have a trojan, you're storing that password unencrypted in a shortcut, so they could just view the shortcut and easily get your password.

But, that may just be me being paranoid... That's why I made a post about encrypted shortcuts... http://www.guildwarsguru.com/forum/s...31#post4635631

If you have a trojan, your machine is already totally compromised by having hostile code executing on it, so at that point you just have to play the odds and hope that whatever other defense you took is obscure and specific enough.

Even passwordsafe isn't completely safe, as at some point the unencrypted password has to be entered into a field somewhere, even if by cut and paste from the clipboard.

If you use a special executable with an encrypted password that launches GW.EXE, it could just watch and see what gw.exe (rather than the launcher) actually gets launched with, since gw.exe takes the plaintext password as a parameter.

Luckily though, trojans are just opportunistic keyloggers that try to catch passwords for ANY game, bank account, or really anything you enter into a password field in any application or web page. They aren't specific to Guild Wars, and certainly not enough to look around your machine hoping you are one the 0.01% of the GW population that puts a -password switch on the gw.exe shortcut. Or so I hope anyway At some point you just have to balance convenience vs paranoia.

I'd say though that installing a virus scanner is definitely worthwhile for anyone who doesn't have one. I used to never use one, because I was always paranoid about installing anything, and always kept up to date on security updates. I also know how badly most of them slow down machines. I would check my system once a year and then immediately uninstall the scanner, and I always came up clean. However, for the first time, last year, I got keylogged through no fault of my own; shitty adobe products like Flash are filled with security holes that can be exploited to allow arbitrary code to run on your system, and need to be kept up to date every month. I then realized the days of doing without a permanent virus scanner were over.

Luckily Kaspersky is very low overhead and doesn't bog down my system. I wasn't at all surprised that the only vulnerabilities it ever finds on my machine are in adobe software.

Am I the only one who sees the problem here?

Stop visiting porn sites and downloading game torrents and you will 99.9% stop getting hacked. Continue to visit them then quit coming to forums complaining you got hacked. The percentage of people who visit porn sites and download game torrents have a 75%+ chance of getting a key logger trojan or a virus. The other is thinking no one around you could know your password. There are people out there with photographic memories that can just watch you type on your keyboard from a distance and tell you what you typed. Who's been sitting beside you watching you play?

I never understood this. If you don't tell anyone your password, how is changing a password regularly safer than keeping the same for a long period of time?

Gigashadow, you don't like Flash very much I take it?

Wow. How many people does it take to gripe at the guy's security, and ignore his actual complaint. It wasn't so much about being hacked, as it was being unable to reset his own password without going through NCSoft support.

It should take more than just an old->new password. They should, at the very least, require the account name and email verification to change the password. And, if the password needs to be reset without inputting the old password as well, there should be a block placed on the account until it goes through support. At least that way there's a chance that some of your stuff and characters will still be there when it's done.

His original complaint is stupid. It's essentially "Baww, someone got my super duper awesome password because I suck at the internet and a gaming company who has no financial motive to give a shit doesn't give a shit. They should change their system because I'm a retard."

Yeah, no. Quit being bad and no one will get your password. If you got it stolen it's because you have dickish friends or went to a dubious GW fansite and downloaded an exe or didn't have noscript on. Period.