This is the story:
I was playing HA, and all of the sudden, someone starts spamming "Rank 17 Guild recruiting!", so I thought "This can't be right", so I asked why a Rank 17 guild would randomly recruite, and asked of this was a lame joke, but apperiantly it wasn't. I got an invite (since I was guildless), and I saw alot of random people were invited, so I knew something was wrong.
I asked the guy who invited (who had a friend who also helped) me what was going on, and he didn't reply for a while. When I asked again, he told me he hacked someone's account, which was apperiantly the account of one of the Officers in that guild, and he kicked all excisting members, and invited new ones, randomly.
I'm glad they didn't hack the Guild Leader's account, since this way, he still has the upper hand, though, this is pretty serious in my opinion. I obviously got the names of the 2 hackers (if it's not the same guy), and the account of the Guild Leader (so I can explain this to him). I'm reporting these guys immidiatly, in case these guys can get an IP track, so they can get a ban, which I really hope is possible.
So again, watch out with every way you might get hacked, so this is what happens. This is the most serious way of hacking I've seen untill now (since obviously, these guys stole every single item on the accounts as well).
Rank 17 Guild entirely messed up by hackers!
Maxiemonster
twicky_kid
I've seen this happen before. Got an officers account and kicked all the members in the guild.
Hard to remember all those names when every one doesn't play each day. Cut the guild population in half.
Hard to remember all those names when every one doesn't play each day. Cut the guild population in half.
Tufty
That sucks ! How do they steal accounts? How do I protect mine?
VGJustice
On the plus side, the Guild window keeps track of who got the boot, so you could sort through that and figure out who should be re-added. Granted, I'm not sure if there's a limit on how many names it will track -_-;
[EDIT] To Tufty: The way they steal accounts is by either guessing or finding out what your e-mail and password are. After that, they can change the password and the e-mail to whatever they want, and the account is gone.
If you want to protect your account, the first step is easy. Never download any Guild Wars add-ons. But that's a duh. After that, keep your e-mail secret. If they can't get your e-mail, then they'll have a harder time getting your account. Next, try not to surf the web while playing Guild Wars. There *could* be a key logger program within a web page (don't quote me on that, I'm not positive about that). Also, never ever tell anyone your password, even if you know they don't have your e-mail. No sense in giving them a chance.
[EDIT] To Tufty: The way they steal accounts is by either guessing or finding out what your e-mail and password are. After that, they can change the password and the e-mail to whatever they want, and the account is gone.
If you want to protect your account, the first step is easy. Never download any Guild Wars add-ons. But that's a duh. After that, keep your e-mail secret. If they can't get your e-mail, then they'll have a harder time getting your account. Next, try not to surf the web while playing Guild Wars. There *could* be a key logger program within a web page (don't quote me on that, I'm not positive about that). Also, never ever tell anyone your password, even if you know they don't have your e-mail. No sense in giving them a chance.
MSecorsky
Quote:
|
Originally Posted by Tufty
That sucks ! How do they steal accounts? How do I protect mine?
|
Tufty
Cool I wouldnt think of downloading anything for the game unless it was streamed directly during the game
Diablo???
Even if the guild is completely restored, that guild officer is gonna be booted off the guild anyway for safe measures.... Tragedy strikes. 
dansamy
NOt only that, but unless Arenanet makes a special allowance, the guild will be disqualified from the tournament. Players can't change guilds during the guild lockdown period, and since there's bound to be at least one of the top 16 that is declared ineligible, the 17th guild WOULD have been eligible until this fiasco.
Maxiemonster
If dansamy, I really hope ANet makes an exception, since that'd be lame. I REALLY hope they can track this guy, since he might've used pograms that fools ANet.
Ctb
In addition, don't use wimpy passwords. The ideal password would be a totally meaningless string of characters, but the next best thing is a psuedo-word comprised of various characters.
Example: gu1ldeeg00
It sounds kind of like a real word "guildy goo", but obviously it's just gibberish.
Another alternative that I used for a while is to put all your passwords in one place and have them be actually long nonsense strings of complex text. Then, you protect that location with one very strong password and just open it up when you need to know the nonsense string for a particular account somewhere. I used to do this with an encrypted text file on Windows using AxCrypt, but AxCrypt doesn't work right on 64-bit unfortunately.
The obvious downside there is that, while you're exceptionally safe, if you forget that one password, you lose them all for good :\
Of course, on the flip side, you only have to remember one password as well.
The fix for that is keeping the password written down somewhere in a physically secure location, but it's not always practical to buy a safe just to store a piece of paper (and then you still have to remember the combination anyway).
Example: gu1ldeeg00
It sounds kind of like a real word "guildy goo", but obviously it's just gibberish.
Another alternative that I used for a while is to put all your passwords in one place and have them be actually long nonsense strings of complex text. Then, you protect that location with one very strong password and just open it up when you need to know the nonsense string for a particular account somewhere. I used to do this with an encrypted text file on Windows using AxCrypt, but AxCrypt doesn't work right on 64-bit unfortunately.
The obvious downside there is that, while you're exceptionally safe, if you forget that one password, you lose them all for good :\
Of course, on the flip side, you only have to remember one password as well.
The fix for that is keeping the password written down somewhere in a physically secure location, but it's not always practical to buy a safe just to store a piece of paper (and then you still have to remember the combination anyway).
Vanquisher
One of the players from Rift also got hacked, and I believe he was in the main 8 to play in the tournament. The hacker removed him from the Guild, and he is no longer allowed to play (his computer is also messed up).
On a side note, it was Kava apparently. Incredibly unfortunate thing to happen.
On a side note, it was Kava apparently. Incredibly unfortunate thing to happen.
Tufty
If they have a key logger I dont suppose it matters if your password is 8000 characters long they'll still have it
Valerius
that sux... ScV was a pretty good guild
Maxiemonster
Yep, it's Kava. The hacker said he got into the forum of the guild or something, and it contained the accounts and passwords.
I hope the guild leader speaks English, so I can explain what happened. I really hope this guild can still get their members back and get into the tournament, since with a bunch of randomly invited people, they won't get far.
I hope the guild leader speaks English, so I can explain what happened. I really hope this guild can still get their members back and get into the tournament, since with a bunch of randomly invited people, they won't get far.
Killmur
Shouldn't you be taking this matter up with A-Net and not in the GWG Forums?
VGJustice
Ctb makes a good point. I'd like to add to it a bit.
Figure on making your password as long as you feel comfortable with, but no shorter than 10-12 characters. Longer is better.
And mix it up a lot. Not just letters, but caps and lower case (passwords are case sensitive) as well as numbers and symbols. And the less sense that your password makes, the better.
Figure on making your password as long as you feel comfortable with, but no shorter than 10-12 characters. Longer is better.
And mix it up a lot. Not just letters, but caps and lower case (passwords are case sensitive) as well as numbers and symbols. And the less sense that your password makes, the better.
Sir Skullcrasher
I would think the motive is to ruin these guilds so they can't get far in the tournament. Guess its a safe choice to change your password every week?
96TSi
a very good way to protect yourself from password theft is to have letters and numbers in your password. that makes it alot harder for people who are just trying random passwords
anyone see the movie hackers?
do not use the password "god" lol
anyone see the movie hackers?
do not use the password "god" lol
Lord Iowerth
Password integrity is a very important issue ... you'd be surprised at how many never bother to update and change their passwords, because they become complacent.
Here's a good article on how to build a strong password: http://www.linux.com/article.pl?sid=04/07/16/1530201
And this situation is horrible. Some deviant kid, bent on ruining a guild's chance to participate in the tournament, wants to exact revenge or get attention.
To the hacker: if you really need attention that bad, look me up and i'll play with you. There's no need for this.
Here's a good article on how to build a strong password: http://www.linux.com/article.pl?sid=04/07/16/1530201
And this situation is horrible. Some deviant kid, bent on ruining a guild's chance to participate in the tournament, wants to exact revenge or get attention.
To the hacker: if you really need attention that bad, look me up and i'll play with you. There's no need for this.
Inde
This is unfortunate. Killmur, Maxiemonster all ready said he's reporting it. He's letting the community know.
One thing that confuses me... why would you ever keep your guild's accounts and passwords on a forum? This is either misinformation or something is seriously wrong there.
One thing that confuses me... why would you ever keep your guild's accounts and passwords on a forum? This is either misinformation or something is seriously wrong there.
VGJustice
Quote:
|
Originally Posted by Inde
This is unfortunate. Killmur, Maxiemonster all ready said he's reporting it. He's letting the community know.
One thing that confuses me... why would you ever keep your guild's accounts and passwords on a forum? This is either misinformation or something is seriously wrong there. |
Sir Skullcrasher
They probably got a member page where each users upload their characters name and (i hope not) account information they used in game.
Still, hackers has way to break through the security system to get your information.
Still, hackers has way to break through the security system to get your information.
Killmur
I know Inde, I know. I read the first post. However sometimes I don't like reading about this stuff at all. I use simple passwords since my memory is crappy with numbers. Kinda has me worried that I may have to start using numbers in my passwords but I just am not willing to.
Maxiemonster
The guy who messed up this guild told me, so don't take that as evidence 
And yes, I'm just letting others know, and warning you that it's not just your items getting hacked.
And yes, I'm just letting others know, and warning you that it's not just your items getting hacked.
Inde
Most forums are now encrypted. For example, there is no way in vBulletin for me to obtain or hack anyone's passwords. The encryption is that good. I know that older versions of Invision you could. This would also be the reason that I have different passwords for everything. For my GW Account, forum account, emails, admin access, etc.
dansamy
Well, truthfully what most likely happened is that when the hacker (allegedly -) hacked the forum, Kava's email that was used to sign up on the forum and his forum password were the same as those he uses for his game account. That allowed the thief very easy access into his GW account. I've had forum accounts to get hacked before.
SnipiousMax
Quote:
|
Originally Posted by Inde
Most forums are now encrypted. For example, there is no way in vBulletin for me to obtain or hack anyone's passwords. The encryption is that good. I know that older versions of Invision you could. This would also be the reason that I have different passwords for everything. For my GW Account, forum account, emails, admin access, etc.
|
All the same. Common sense says you don't use the same password for different things.
Killmur
Yep so true Inde. I know for a fact the worst forum board to use for major communties is phpBB. Infact all free forum boards are not that great for major communities due to security issues. phpBB has infact had to release many updates late last year to fix security flaws and holes. I would rather pay the 80+ dollars for a board like IPB or vB due to the fact that they are way more secured than the free boards.
Inde
SnipiousMax, you would think so. I know many who do, just as I know many who download attachments in their emails from people they don't know. Or that some people don't shred credit card offers sent to them, or guard their ATM pin #'s with their life. Some good information in this thread though to educate others.
96TSi
my website was once victim to some poor soul hacking our phpbb. since then i have been a proud member of vBulletin. definitly worth the $160
Berlucchi
These guys steal accounts ALL the time. This isnt the only time theyve done this. Thier main guild is - and they are quite the jerks. On the factions event they recruited people just so they could farm faction then kicked them all.
I am leaving the guild because i am fed up with them doing this.
Thier IGNS are:
Removed-Sent them to Anet instead
I am sure the thread starter can confirm this.
I am leaving the guild because i am fed up with them doing this.
Thier IGNS are:
Removed-Sent them to Anet instead
I am sure the thread starter can confirm this.
Ctb
I would strongly suggest you delete those names. Even though it may be true, the proprietors don't like the idea of people posting names on this site in retribution.
I fully understand, as it's really ANet's responsibility to look into it and make a call, not ours or GWG's.
I fully understand, as it's really ANet's responsibility to look into it and make a call, not ours or GWG's.
Maxiemonster
Yep, remove those names please It doesn't matter who did it.
And again, I'm not trying to solve this by posting this.
It doesn't matter who did it.And again, I'm not trying to solve this by posting this.
xRustyx
<3 Kava. Apparently the hacker was - Deleted his PVE Warrior among other things. :< I <3 you - but this shit is gay.
koneko
Quote:
|
Originally Posted by Inde
The encryption is that good. I know that older versions of Invision you could. This would also be the reason that I have different passwords for everything. For my GW Account, forum account, emails, admin access, etc.
|
That's just sad. What were they trying to prove by doing this? Shits and giggles? =\
Count to Potato
I was skeptical when - was recruiting before the preview, and it seems i was right they just got alliance standing up, i was right in a way, the reason i got kicked was cuz my friend went afk in a gvg so he got kicked with all his friends which was me and another guy, luckily i got back in becuz i qualified. Woot, Being good FtW
vtrajan
You can put all your passwords into a text file and put it on a flash drive, but first I would reccomend downloading PGP for Windows and encrypting the txt file.
just call me jimmy
One other thing to be carefull about all!!
DON"T use your primary e-mail address in Forums, and make sure it is not displayed. I know Game Amp is very bad for that, if someone left their e-mail displayed anyone could see what it is. Then a hackers job is Half over already. Also a good idea to change you GW password every few weeks, and use letters and numbers and even slashes,$ signs anything. Pasword cracking programs are designed primarly for letters.
DON"T use your primary e-mail address in Forums, and make sure it is not displayed. I know Game Amp is very bad for that, if someone left their e-mail displayed anyone could see what it is. Then a hackers job is Half over already. Also a good idea to change you GW password every few weeks, and use letters and numbers and even slashes,$ signs anything. Pasword cracking programs are designed primarly for letters.
Vanquisher
The site the forum was on probably saw a keylogger downloaded to his computer. From there the information was easily accessible.
doskir
i have been using this method for safe passwords a long time now and heres how it works:
get a piece of paper and write every letter and the numbers 0-9 on it then randomly assign each letter and nummer a different number or letter. now create a password for each site/game by using it. ie: guildwars = df5onm68z. you can put this anywhere you want because NOBODY will know what this thing does copy it a few times and store it somewhere you wont loose it perfect password aslong you dont tell anybody that has access to it what it does
get a piece of paper and write every letter and the numbers 0-9 on it then randomly assign each letter and nummer a different number or letter. now create a password for each site/game by using it. ie: guildwars = df5onm68z. you can put this anywhere you want because NOBODY will know what this thing does copy it a few times and store it somewhere you wont loose it perfect password aslong you dont tell anybody that has access to it what it does