Guild Wars Guru Security Notice

They can match them up, yes. This is why we are advising people to change their passwords as soon as possible.

The Auction page was also compromised, though I find it very unlikely that they managed to get your character name from there. Inde might be able to confirm that either way. I don't have any problems with my accounts on GWGuru, my credentials are unique so well, all I might get is phishing/spam e-mail. Maybe my account accessed as an adbot, so if you see me promoting Viagra or whatever, mind you it's not me!

All I'm concerned about is information matching. One of my passwords was... not so unique and so wasn't one of my e-mail addresses. I completely forgot about it, my bad. Any info the hacker could retrieve wouldn't be enough to acquire access to my GW account, but who knows what the hacker is going to do with the data acquired. So I've set new passwords both here and in game anyway.

Getting a bit paranoid here: I had to change my GW password through the NCSoft master account. Has anyone tried this lately? Is it safe? Well, if I ever get hacked, I'll know who to blame...

EDIT - I was a bit dragged by this and forgot to thank you. Thanks a lot to all the GWGuru Staff for letting us know and helping us restoring our account's security.

I wanted to raise a point for the members on this forum who are using the same e-mail address and password as their GW log-in details.... For these people i hope that Arena Net will put in more effort to make it possible to change ones Account Name, if possible via the NC-Soft account page ... since it cant be changed this to me atleast is the biggest 'hole' in GW-game Security ... I also think the Ingame Name was not that big of an advancement, and it actually created a sitiation where players can no longer identify themselves outside the GW-game with their Ingame Name ... I would somehow Urge Arena-Net to change this into a second password option ...

This way, people can change their Account login details, incase they have the feeling the name might be compromised, they can use their Ingame Name on messageboards in order to recognisable by the community both ingame and outside ... and with 2 passwords (that have to be different), though to log in only one has to be typed by the user, i would feel much more secure yet free to play the game and be appart of the community with my IGN ...

Right now we assume the hacker's motivation was simply to obtain the list of email addresses, for the purpose of sending spam. That's cool for me... I used my ex-wife's email address: she and the spammers deserve each other...

I get at least 4 emails for WoW phising scams every week even though I've only ever had a trial account for that game when it was released. I started getting some for Aion recently even though I don't even have that game.

I doubt it's going to be much different for GW. I've already had my account stolen once because of NCSoft's incompetent website security, thinking I was safe using the same pass there as ingame, and I've learned from my errors and have no passwords that match anywhere anymore. I get exactly the same thing! It looks like our email addresses where hacked from somewhere as I never have had anything to do with WOW or Aion only GW.

Wow.

Guild Wars and all its affiliates must just be easy prey, considering the sheer volume of hacking attacks I've seen the game and its biggest site's experience. I had a white hat hacker friend (and some black hats frankly) in-game for quite some time and they always had a chuckle over the general ease with which the whole system could be pwned, but as things have panned out its clear they were quite right. Sad. Sha Noran, any white/black hat is going to tell you this of any site or server. Why? Because not only is it true, it's the internet. Every site is vulnerable. Every server connected to the internet is vulnerable. This is a constant reality check more than it is a "let's just hang up our hats and give up now".

I hope that with big names like Facebook, Google, Adobe and more that have recently been in the news, this would be clear to many by now. It's a constant process to keep on top of security, to assess vulnerabilities and to do what is in your power to protect those accounts and information that have been entrusted to a site/game/server. This constant process must now be applied to users, and in the ability to put some power back into your hands as well. This is why we informed all of you of the issue as quickly as possible.