Just to prove that this isn't a QQ thread, i'll ask my question immediately:
How are these hackers getting away with it?
I've seen countless threads complaining about hackers infiltrating accounts for the past 4 years and despite everyone being so angry about it, i haven't read anything about justice being upheld by Anet.
My case is quite simple, I stopped GW (again) just before i left for university and now that i've gotten some free time, i logged straight on. My password has been the same since the beginning and i constantly check for keyloggers or anything on my laptop.
I'm not going to mention the amount of crap i lost because it's irrelevant. But the hacker didn't delete my characters and my non-FoW armours and left my customized weapons alone, so my titles are still intact. The hacker also left without changing my password.
So these guys just do a quick in and out job? it's amazing, because now thinking about it, they probably don't want to harm players that badly, so they can hack their accounts again and obtain more gold/crap.
I've sent e-mails to support stating the same things i'm posting here, i am not asking for my crap back, i'm just happy my titles are safe, i just want to know if anything can be done against these bastards. And it would be easy to check where the log ins came from because i was completely inactive between September 20th and November 16th.
Hackers: What's Their Deal?
Fate Crusher
Arduin
I don't know if Anet has to means to track and hunt down those persons that are hacking accounts.
I suppose the hacker could be identified via the IP address he connects with, but with IP's being random or masked, I think it's a tough job finding them.
However, I'm no IT-genius, so maybe I'm all wrong.
I suppose the hacker could be identified via the IP address he connects with, but with IP's being random or masked, I think it's a tough job finding them.
However, I'm no IT-genius, so maybe I'm all wrong.
Ninja Ninja
People usually get hacked by giving out there own information so it really doesn't have anything to do with anet and the only time i hear about people getting keyloggers is from people who get textmod. It would be nice if anet would step up security in gw2 like make a second password or code to make deleting characters harder or maybe add an inactive switch so if your going to be away for a while no money or items can leave your account till you login and use you other code or password.
Hengis
It would seem that almost all of the recent account hacks have been carried out by RMT (Real Money Traders) rather than by other "real" players.
Quite simply, the RMTs hack an account and then pass the sellable items and gold to one of their hundreds of other accounts. I would suspect that they then pass it on through multiple other accounts/split it between multiple other accounts in quick succession in order to muddy the trail for ANet. They then sell anything sellable for quick gold, and then sell the gold for real money.
Mods: Please can this thread be added into the master list of hacked accounts in Inde's thread.
Quite simply, the RMTs hack an account and then pass the sellable items and gold to one of their hundreds of other accounts. I would suspect that they then pass it on through multiple other accounts/split it between multiple other accounts in quick succession in order to muddy the trail for ANet. They then sell anything sellable for quick gold, and then sell the gold for real money.
Mods: Please can this thread be added into the master list of hacked accounts in Inde's thread.
Mikki
Fate - I'm sure the message you got from support said something like - change your password regularly. Unfortunately, they're pretty much on target. As a general rule, if your password is a mix of upper and lower case, includes numbers, and looks like it's randomly generated, it's more difficult to crack. But let's be realistic - if you've kept the same password since you got your account, never changed it, and it's still the same - it's likely someone is going to hit your account.
My IT shop recommends passwords greater than 8 characters - 10 is better. Begin the PW with an Uppercase character, have numbers alternating with letters - both upper and lower case - and change your pw at least quarterly - so every 90 days or so. This should at least keep the slug who's already stolen your account at bay - or - accept that your account is compromised and live with it...
Mikki
My IT shop recommends passwords greater than 8 characters - 10 is better. Begin the PW with an Uppercase character, have numbers alternating with letters - both upper and lower case - and change your pw at least quarterly - so every 90 days or so. This should at least keep the slug who's already stolen your account at bay - or - accept that your account is compromised and live with it...
Mikki
Fate Crusher
Quote:
|
Originally Posted by Hengis Stone
It would seem that almost all of the recent account hacks have been carried out by RMT (Real Money Traders) rather than by other "real" players.
Quite simply, the RMTs hack an account and then pass the sellable items and gold to one of their hundreds of other accounts. I would suspect that they then pass it on through multiple other accounts/split it between multiple other accounts in quick succession in order to muddy the trail for ANet. They then sell anything sellable for quick gold, and then sell the gold for real money. Mods: Please can this thread be added into the master list of hacked accounts in Inde's thread. |
So as far as we know, Anet have a very hard time with these RMTs and with the help of hundreds of accounts, it's near enough impossible to get rid of the threat entirely?
There must be something flawed with their security, or they are yet to find out how the RMTs are accessing accounts. I know for a fact my password was completely safe and impossible for someone to guess A. my account name and B. my completely random password (random numbers and letters).
Quote:
|
Originally Posted by Mikki
Fate - I'm sure the message you got from support said something like - change your password regularly. Unfortunately, they're pretty much on target. As a general rule, if your password is a mix of upper and lower case, includes numbers, and looks like it's randomly generated, it's more difficult to crack. But let's be realistic - if you've kept the same password since you got your account, never changed it, and it's still the same - it's likely someone is going to hit your account.
My IT shop recommends passwords greater than 8 characters - 10 is better. Begin the PW with an Uppercase character, have numbers alternating with letters - both upper and lower case - and change your pw at least quarterly - so every 90 days or so. This should at least keep the slug who's already stolen your account at bay - or - accept that your account is compromised and live with it... Mikki |
Thanks for the advise but i don't want to detract from my original question, but you did make me think how they were able to even obtain my account name. I do not have an NCsoft account so these hackers are really pulling something out of the hat to get past the security Anet provide.
Mikki
Fate - I'm sure the message you got from support said something like - change your password regularly. Unfortunately, they're pretty much on target. As a general rule, if your password is a mix of upper and lower case, includes numbers, and looks like it's randomly generated, it's more difficult to crack. But let's be realistic - if you've kept the same password since you got your account, never changed it, and it's still the same - it's likely someone is going to hit your account.
My IT shop recommends passwords greater than 8 characters - 10 is better. Begin the PW with an Uppercase character, have numbers alternating with letters - both upper and lower case - and change your pw at least quarterly - so every 90 days or so. This should at least keep the slug who's already stolen your account at bay - or - accept that your account is compromised and live with it...
Mikki
My IT shop recommends passwords greater than 8 characters - 10 is better. Begin the PW with an Uppercase character, have numbers alternating with letters - both upper and lower case - and change your pw at least quarterly - so every 90 days or so. This should at least keep the slug who's already stolen your account at bay - or - accept that your account is compromised and live with it...
Mikki
DBMan
Quote:
|
Originally Posted by Mikki
Fate - I'm sure the message you got from support said something like - change your password regularly. Unfortunately, they're pretty much on target. As a general rule, if your password is a mix of upper and lower case, includes numbers, and looks like it's randomly generated, it's more difficult to crack. But let's be realistic - if you've kept the same password since you got your account, never changed it, and it's still the same - it's likely someone is going to hit your account.
My IT shop recommends passwords greater than 8 characters - 10 is better. Begin the PW with an Uppercase character, have numbers alternating with letters - both upper and lower case - and change your pw at least quarterly - so every 90 days or so. This should at least keep the slug who's already stolen your account at bay - or - accept that your account is compromised and live with it... Mikki |
Ninja Ninja
Quote:
|
Originally Posted by Fate Crusher
The question is how did they get a hold of my account name.
|
Quote:
|
Originally Posted by Fate Crusher
I do not have an NCsoft account so these hackers are really pulling something out of the hat to get past the security Anet provide.
|
cosyfiep
the current 'hackers' are rmt ....that means all they want is gold to sell to other people, they dont care about your characters (unless you have a monk who they will use to bot for a bit).
why they remain at large---they use other peoples accounts, they dont buy their own (from what we have been told)...so its hard to pin them down.....also I would have to say, its pixels for the most part, and these guys are most likely in China where the internet laws are a bit different to prosecute. Even if they get caught-----not much will happen to them. (ban the ip, they get a new one, ban that, they get another and so on and so on).
The only thing we can do it make it harder for them to get our accounts and NEVER BUY GOLD!!!
why they remain at large---they use other peoples accounts, they dont buy their own (from what we have been told)...so its hard to pin them down.....also I would have to say, its pixels for the most part, and these guys are most likely in China where the internet laws are a bit different to prosecute. Even if they get caught-----not much will happen to them. (ban the ip, they get a new one, ban that, they get another and so on and so on).
The only thing we can do it make it harder for them to get our accounts and NEVER BUY GOLD!!!
Chthon
Quote:
|
Originally Posted by Fate Crusher
There must be something flawed with their security,...
|
Quote:
|
The question is how did they get a hold of my account name. Thanks for the advise but i don't want to detract from my original question, but you did make me think how they were able to even obtain my account name. I do not have an NCsoft account so these hackers are really pulling something out of the hat to get past the security Anet provide. |
So.... let's try out some possibilities here:
- Who is the e-mail provider? Hotmail? gmail? MSN? Perhaps the mail provider was compromised.
- Have you ever shared your login with another person? Perhaps they did it, or perhaps their computer was compromised.
- Have you ever used the same e-mail to sign up for forums or anything else? For example, guru?
- Do you use that e-mail address for general purpose e-mail? Does it get spam? Perhaps the RMT folks are buying e-mail lists from spammers.
- Does that e-mail appear on the internet anywhere? Where?
- Honestly, how secure is your computer?
- Router/hardware firewall?
- Software firewall? WHich one?
- Antivirus? WHich one? Up to date?
- Which browser? Extensions?
N E D M
a-net has said a trading/auction site was comprimised.
maybe this one who knows
Why on earth don't they say which one, so people stop going there...
wtf are they doing
maybe this one who knows
Why on earth don't they say which one, so people stop going there...
wtf are they doing
Konker2020
Quote:
|
Originally Posted by soul_of_misery
People usually get hacked by giving out there own information so it really doesn't have anything to do with anet and the only time i hear about people getting keyloggers is from people who get textmod. It would be nice if anet would step up security in gw2 like make a second password or code to make deleting characters harder or maybe add an inactive switch so if your going to be away for a while no money or items can leave your account till you login and use you other code or password.
|
Kumu Honua
Quote:
|
Originally Posted by Konker2020
This is not true, myself and clan members/friends have been hacked and are very secure about our information and give it to no one, don't assume that everyone is unintelligent and are completely at fault for being hacked because that is not always the case.
|
This is because anyone who is "Hacked" immediately is the beacon of security. Even if his entire guild knows his log in information. Even if his password is 1234. Even if he visits "Warez" sites. Even if he does a virus check and is loaded with them. He is the beacon of security if you will listen to him.
Even if you say that you and your clan members/friends are very secure, the likelihood that this is true approaches zero.
Can you be hacked by means other than your lapse in judgment? Sure. Just like you can be struck in the head by an air liner falling out of the sky. The chances of it are however abysmally low.
majikmajikmajik
it isnt hacking, its phishing.
Hacking is for making real life money, phishing is just to steal your stuff for use ingame.
Hacking is for making real life money, phishing is just to steal your stuff for use ingame.
Rhamia Darigaz
Quote:
|
Originally Posted by majikmajikmajik
it isnt hacking, its phishing.
Hacking is for making real life money, phishing is just to steal your stuff for use ingame. |
subarucar
Quote:
|
Originally Posted by majikmajikmajik
it isnt hacking, its phishing.
Hacking is for making real life money, phishing is just to steal your stuff for use ingame. |
However, you definition seems to be incorrect. Phishers are after your money. If they aren't, then what are all these Nigerian lottery and fake bank e-mail scams. Those guys are not after some stuff to use, they are making real life money.
A hacker in this sense is someone who breaks into computers.
A phisher is someone who uses a fraudulent process to access important information.
Dzjudz
Quote:
|
Originally Posted by N E D M
a-net has said a trading/auction site was comprimised.
maybe this one who knows Why on earth don't they say which one, so people stop going there... wtf are they doing |
Konker2020
Quote:
|
Originally Posted by Kumu Honua
99.99% of the time it is indeed the case. However to listen to people who have been hacked it would look to be 0%.
This is because anyone who is "Hacked" immediately is the beacon of security. Even if his entire guild knows his log in information. Even if his password is 1234. Even if he visits "Warez" sites. Even if he does a virus check and is loaded with them. He is the beacon of security if you will listen to him. Even if you say that you and your clan members/friends are very secure, the likelihood that this is true approaches zero. Can you be hacked by means other than your lapse in judgment? Sure. Just like you can be struck in the head by an air liner falling out of the sky. The chances of it are however abysmally low. |
Eragon Zarroc
If we knew the answer to your question we would be doing a better job in preventing hackers >_<
Fate Crusher
Quote:
|
Originally Posted by soul_of_misery
Your email is your account name.
I think that's a greater security risk because if they linked your account to an NCsoft account they could email themselves your password. |
The only auctioning websites i have used is Guru. And my account name/e-mail isn't even available for users to view.
Quote:
|
99.99% of the time it is indeed the case. However to listen to people who have been hacked it would look to be 0%. This is because anyone who is "Hacked" immediately is the beacon of security. Even if his entire guild knows his log in information. Even if his password is 1234. Even if he visits "Warez" sites. Even if he does a virus check and is loaded with them. He is the beacon of security if you will listen to him. Even if you say that you and your clan members/friends are very secure, the likelihood that this is true approaches zero. Can you be hacked by means other than your lapse in judgment? Sure. Just like you can be struck in the head by an air liner falling out of the sky. The chances of it are however abysmally low. |
However i do agree that many people who do post about being hacked are expecting sympathy/help/free crap. So i'm not surprised that you're mentioning that anyways.
Quote:
|
God i hope this doesn't return for Guild Wars 2.
Would anyone know if this is as big an issue in WoW or anything else?
Jensy
Quote:
|
Originally Posted by Fate Crusher
My account's e-mail is a discontinued hotmail account that i haven't checked on for over 2 years. My new e-mail is a live account.
|
Dzjudz
Quote:
|
Originally Posted by Jensy
Yes, well, Hotmail reuses email addresses. If someone knows your email address, they simply need to start a new account with that name and request a pw change. We had this problem on the website I used to do volunteer tech support for as well.
|
vamperik
This is what i sent to support when my account was hacked:
and this was the reply:
This leads me to believe that they can track trading ? or am I reading it wrong?
Quote:
|
Thank you I can now access my account . As I expect my account was hacked into luckily none of my characters were deleted ( my biggest worry ) but lots of my items have been taken , including all my money . weirdly some new items have appeared. I know that these cannot be replaced , but I thought I would let you know incase you can view the information of my trading in the past three days and investigate who my stuff went to . again I know you cannot get my stuff back or let me know where it went , but If you caught whoever did it and stopped this from happening again to someone else then at least something good has come from this. |
Quote:
|
Hello, I'm glad your characters were not deleted. Your account was accessed by an illegal Gold Selling company. It wasn't one person that took your items to hold, it was a professional company that tried to liquidate your items to fill orders for their buyers. We terminate thousands of their accounts a week but they continue to steal, hack, and cheat to gain access to accounts. Regards, GM Phields The Guild Wars Support Team |
Nerel
Quote:
|
Originally Posted by vamperik
This is what i sent to support when my account was hacked:
and this was the reply: This leads me to believe that they can track trading ? or am I reading it wrong? |
The best you could expect is the 'storage' accounts used by the RMTs will get closed down and the 'customers' buying gold/ectos from those accounts for real world cash getting suspended.
It really is in support's best interests to say they can't track trades, simply put the effort isn't worth the time (and thus expense) that it would cost them, other than to take action against the hackers (closed account) and their gold buying customers (suspensions/banning).
Inde
Quote:
|
Originally Posted by Dzjudz
It's probably this one, or Inde would've made a note saying "btw, Gaile isn't talking about this site" in the thread in question.
|
Perhaps you missed it though, as it was displayed for a weekend. Account Security
Here at GuildWarsGuru.com we have continually upgraded and adjusted our site, servers and even user profiles in order to better secure our users information. Our priority is providing you a protected environment, so you are able to use this website freely and without worry. For this reason, we have gone ahead and changed character names listed in your profile to private. Recent communication from ArenaNet has stated they feel the availability of character names could contribute to the risk of compromising accounts. We want to cooperate and also protect our users by proactively taking sensible security measures.
We appreciate some of you may feel inconvenienced by the change, as public IGN's are a useful feature and common to many gaming websites. We'd simply ask for your understanding, as no risk is too small at the cost of security.
We would also like to take this opportunity to firmly state that Guild Wars Guru has not been compromised in any way, nor is our security in question. We are in contact with ArenaNet. We routinely monitor and review our server logs and have security measures in place with regular updates. Any issues we may have had (and none have ever involved risk to usernames, emails or passwords) have been openly discussed with our users in our Site Feedback forum.
For your peace of mind, we would also like to clarify that had our security ever been breached the community would have been immediately and openly informed. We've also seen a number of accounts that have signed up on this forum just to post that they've had their account compromised. We are privileged and happy to be a voice of the Guild Wars community. If you have any questions or concerns please feel free to post those in our Site Feedback forum and I can address those.
Stating that, we would also like to remind our users to please read our Security Tips that have been available and to diligently protect their account information. [Guide] Security Tips for Guild Wars players
Erys Vasburg
Quote:
|
Originally Posted by N E D M
wtf are they doing
|
It's a shame that we're not all blind to the recurring issues with NCSoft security.
Ninja Ninja
Quote:
|
Originally Posted by Konker2020
This is not true, myself and clan members/friends have been hacked and are very secure about our information and give it to no one, don't assume that everyone is unintelligent and are completely at fault for being hacked because that is not always the case.
|
Giving your info doesn't always mean walking up to them and giving it, you could have used your email (guild wars username) on a guild forum or a fan site for guild wars or you could have given it out by adding a guild wars friend on msn messenger.
Quote:
|
Originally Posted by Inde
We appreciate some of you may feel inconvenienced by the change, as public IGN's are a useful feature and common to many gaming websites. We'd simply ask for your understanding, as no risk is too small at the cost of security.
|
Faer
Quote:
|
Originally Posted by soul_of_misery
What does IGN's have to do with account security, people can't hack your account with your character name.
|
Ninja Ninja
Quote:
|
Originally Posted by Theocrat
Might want to email that question to ArenaNet, as it was their idea. Be sure to let us know what they say.
|
Fate Crusher
Quote:
|
Originally Posted by soul_of_misery
But people are completely at fault when it comes to getting hacked, its either by giving your info away or a keylogger stealing it and you get guild wars keyloggers by downloading a rar file that has to do with guild wars.
Giving your info doesn't always mean walking up to them and giving it, you could have used your email (guild wars username) on a guild forum or a fan site for guild wars or you could have given it out by adding a guild wars friend on msn messenger. What does IGN's have to do with account security, people can't hack your account with your character name. |
I could be very wrong. but if this happens 1/10 times, even 1/50 times, these guys would try it.
As much as i hated Runescape, they had a very strict account retrievel system where you would set up your own recovery questions, even providing your own questions. you also would provide up to 3 previous passwords and they had in-game notifications advising you to change passwords regularly.
It IS the most popular free MMO, so i'm not surprised they've got pretty secure retrievel standards.
Kumu Honua
Quote:
|
Originally Posted by Fate Crusher
I'm a little offended that you may consider that i'm not being truthful with the circumstances i am explaining. I have nothing to lose/gain from this other than figuring out why these RMTs are on such a rampage. I am not bothered with the stuff i have lost, i'm just very grateful that my titles still exist.
|
Nearly every single instance of hacking is due to negligence of some kind by the person who is hacked. It is also universal that no matter how much negligence they had, they will swear to the day they die that they were the utmost authority on all things security.
You are no different. You are saying that YOU are the beacon of security. It's the exact same as this guy and that guy and the guy over there. Beacons of account security all. Hacked all.
Chthon
Quote:
|
Originally Posted by soul_of_misery
What does IGN's have to do with account security, people can't hack your account with your character name.
|
nitetime
Quote:
|
Originally Posted by Kumu Honua
I don't care if you are offended. It's the pure truth.
Nearly every single instance of hacking is due to negligence of some kind by the person who is hacked. It is also universal that no matter how much negligence they had, they will swear to the day they die that they were the utmost authority on all things security. You are no different. You are saying that YOU are the beacon of security. It's the exact same as this guy and that guy and the guy over there. Beacons of account security all. Hacked all. |
Dzjudz
Quote:
|
Originally Posted by Inde
I did indeed post a forum-wide notice. If you want to inform people of what's been said or hasn't, you've got to stay on top of it.
Perhaps you missed it though, as it was displayed for a weekend. |
Fate Crusher
Quote:
|
Originally Posted by Kumu Honua
I don't care if you are offended. It's the pure truth.
Nearly every single instance of hacking is due to negligence of some kind by the person who is hacked. It is also universal that no matter how much negligence they had, they will swear to the day they die that they were the utmost authority on all things security. You are no different. You are saying that YOU are the beacon of security. It's the exact same as this guy and that guy and the guy over there. Beacons of account security all. Hacked all. |
I know honesty is very hard to come by. You can trust what i'm saying or not. But i am in no way (third time i've said this) trying to gain anything from this thread. I have done as much as i could to protect my password. Maybe i slipped up somewhere, i'm not saying i'm perfect but i'm defenitely not a liar.
If you can't acknowledge that Anet have even confirmed that even a said website was previously compromised (which means account information was stolen
) then please carry on with your blinkered lifestyle.Thanks for reading.
Konker2020
Quote:
|
Originally Posted by soul_of_misery
But people are completely at fault when it comes to getting hacked, its either by giving your info away or a keylogger stealing it and you get guild wars keyloggers by downloading a rar file that has to do with guild wars.
Giving your info doesn't always mean walking up to them and giving it, you could have used your email (guild wars username) on a guild forum or a fan site for guild wars or you could have given it out by adding a guild wars friend on msn messenger. What does IGN's have to do with account security, people can't hack your account with your character name. |
Kumu Honua
Quote:
|
Originally Posted by nitetime
You honestly think that everyone getting hacked is just giving out their passwords?
|
Quote:
| So these rmt's have someway to get peoples log in emails, but how are they getting all the passwords? |
Phishing.
Brute Force.
Trojan/keylogger.
"Password" style passwords.
Quote:
| They can't just be guessing, but I would like to believe that people are smarter then just giving out passwords. |
Which goes back to the single most important thing you can do. Never use the same email for the game as you do for communication/signing up for forums and such.
Sadly, a VERY large portion of the user base uses a single email for EVERYTHING.
Fate Crusher
Quote:
|
Originally Posted by Kumu Honua
I've never said such a thing. I simply honestly believe that 99.99% of all people who have been hacked have had lapses in judgment. This ranges from giving out passwords to having the same login information for forums/other sites as they do for the game to visiting RMT sites where they pick up trojans/keyloggers to just plain stupidity.
Being giving the information. Phishing. Brute Force. Trojan/keylogger. "Password" style passwords. Why not? One of the largest problems with Guild Wars and NCSoft is that they do not have a lockout feature. You can attempt to guess a password indefinitely without locking the account. I would go as far as to say that this is the single most used method of getting into an account once they get your game email. Which goes back to the single most important thing you can do. Never use the same email for the game as you do for communication/signing up for forums and such. Sadly, a VERY large portion of the user base uses a single email for EVERYTHING. |
So once we have all stupidly given away our account name/e-mail, how easy is it for these RMTs to obtain the password?
nitetime
Quote:
|
Hello, I'm glad your characters were not deleted. Your account was accessed by an illegal Gold Selling company. It wasn't one person that took your items to hold, it was a professional company that tried to liquidate your items to fill orders for their buyers. We terminate thousands of their accounts a week but they continue to steal, hack, and cheat to gain access to accounts. Regards, GM Phields The Guild Wars Support Team |
They're creating thousands of accounts a week, maybe they tapped into the anet servers. Maybe they run their own servers and when we switch districts for speedclears they log our info.
Can one of our asian correspondents let us know if this is happening on the asian forums, or if its just a joyous celebration counting our money?
Maybe it all stems from the XTH? what a mess...