Originally posted by Orphes

Originally posted by WizGamer

 

I received an e-mail from ArenaNet:

 

Someone -hopefully you!- has requested to change the email address associated with your Guild Wars account.

Need help or have questions about your Guild Wars account? Visit our support site: http://support.guildwars2.com/.

Thanks!

-The ArenaNet Team

 

They didn't even bother checking with me before changing my password. How did that happen? 

This is really unfortunate for ArenaNet, but I really feel like they should have had better security systems in place. This is ridiculous.

 

TL; DR GO CHANGE YOUR E-MAIL and PASSWORD NOW 

 

I changed my email a few minutes ago.

To my old email I got the same as you got and to the new email I got a link for verification of that email.

 

This is a homerun for account thieves...

Yes i do agree, they need to change this to be sent to the old one or even a two step validation where you have to click the link in the old email and then one gets sent to the new email.

Originally posted by WizGamer

 

http://www.guildwars2forum.com/threads/9418-Error-3002-email-not-found

http://www.gamefaqs.com/boards/938738-/63906420

 

Thousands of accounts (apparently it's a problem growing at a very quick pace) have been hacked in the last couple of days. Apparently these hackers were able to change the e-mails registered to each account so it appears as if you never had an account. I have barely played in the past week (maybe 20 minutes total) because of real life obligations. I attempted to login tonight to give myself a break and I am somehow no longer affiliated with Guild Wars 2 in any way, as the e-mail address I entered was not found. Logging into the website, no luck. Logging in with my username, doesn't exist.  At least I didn't sink much time into any character so it's okay if my data is lost, but I feel for others who have already spent days in this game.

 

I've played nearly every launch for the last decade and never have I seen this chaos or mishandling of player security. Really, their priority is banning instead of stabilizing their infrastructure during the first week?  It wasn't even a problem on the player end. Players are registering, BUYING the game, and finding they are not able able to login at all. 

I received an e-mail from ArenaNet:

 

Someone -hopefully you!- has requested to change the email address associated with your Guild Wars account.

Need help or have questions about your Guild Wars account? Visit our support site: http://support.guildwars2.com/.

Thanks!

-The ArenaNet Team

 

They didn't even bother checking with me before changing my password. How did that happen? 

This is really unfortunate for ArenaNet, but I really feel like they should have had better security systems in place. This is ridiculous.

 

TL; DR GO CHANGE YOUR E-MAIL and PASSWORD NOW 

The common vectors:

1.   People stupidly use easy to break passwords or, even dumber yet, the same password every gaming site they go.    Many of these were stolen from legitimate web sites when they've been hacked in the past.

2.   People stupidly signed up using their email and password at a Phishing site that promised "free in-game giveaway."   (Yes, they did!!!   How dumb was that?)

3.  Many people go to 'helper' sites (not knowing they're Honeypots) and down-load keyloggers with those macros and botting programs they use.

4,   They stupidly answer phishing emails.

Those are the common vectors that allow phishing attacks and none of those are ANet's fault.   And yet you get on your high-horse and act as if it is their fault.   

I don't buy it.   ANet isn't responsible for security on my end.  I am.     It's part of adult living.  

And, for the record, since they've hacked some of the gaming sites I frequent, those Chinese hackers tried to get me, too as I use a centralized gaming email because I got tired of my professional email being filled with spam.   But they failed because I never answer any kind of 'account security verification' emails (phishing), I have a brutally hard password unique to my email.  Each game has a brutally hard unique password containing Caps, lower-case, signs and numbers.

And, no, they didn't change your password, despite your claims.   What they REALLY said is:

Somebody (hopefully you!) asked to reset the password on your Guild Wars account.

To change your password, click the link below. 

(Clickable Link)

If you did not request to reset your password, you can ignore this email and no changes will be made to your account.

Need help or have questions about your Guild Wars account? Visit our support site: http://support.guildwars2.com/.

Thanks!

--The ArenaNet Team

Buy why let those additional little FACTS in green get in the way of a good BLAME THE DEVELOPER rant.

Originally posted by Crazy_Stick
They simply were not prepared for this. If what's being related above regarding change of email is true then this is atrocious security planning on their part without excuse. I mean even Cryptic is doing significantly better now thanks to a new PC identification system with various codes from your account you have to enter. Not even Trion was this ill prepared at launch and they were fast to take action. I don't care if its only a handful of stolen purchases right now. There is a big hole waiting to be fished and now that it's known... Well, I hope Anet is fast and those people get their moeny back or game account fixed

No.  He's not telling the whole truth.   He doctored his email that he presented as proof.  I posted mine I received when the Chinese tried to hack my account.  So, I'm sure there is more to the story.  And I doubt he'll ever come cleann with the dumb things he's done.

It's like those people ranting at Reddit about being 'banned' for 'nothing' and then ANet posts their homophobic, racist, profanity-laced tirades that caused the banning and they delete their Reddit Accounts in embarrassment and go some place else to lie about how mean ANeit.

Originally posted by Dranny

Originally posted by WizGamer

 

http://www.guildwars2forum.com/threads/9418-Error-3002-email-not-found

http://www.gamefaqs.com/boards/938738-/63906420

 

Thousands of accounts (apparently it's a problem growing at a very quick pace) have been hacked in the last couple of days. Apparently these hackers were able to change the e-mails registered to each account so it appears as if you never had an account. I have barely played in the past week (maybe 20 minutes total) because of real life obligations. I attempted to login tonight to give myself a break and I am somehow no longer affiliated with Guild Wars 2 in any way, as the e-mail address I entered was not found. Logging into the website, no luck. Logging in with my username, doesn't exist.  At least I didn't sink much time into any character so it's okay if my data is lost, but I feel for others who have already spent days in this game.

 

I've played nearly every launch for the last decade and never have I seen this chaos or mishandling of player security. Really, their priority is banning instead of stabilizing their infrastructure during the first week?  It wasn't even a problem on the player end. Players are registering, BUYING the game, and finding they are not able able to login at all. 

I received an e-mail from ArenaNet:

 

Someone -hopefully you!- has requested to change the email address associated with your Guild Wars account.

Need help or have questions about your Guild Wars account? Visit our support site: http://support.guildwars2.com/.

Thanks!

-The ArenaNet Team

 

They didn't even bother checking with me before changing my password. How did that happen? 

This is really unfortunate for ArenaNet, but I really feel like they should have had better security systems in place. This is ridiculous.

 

TL; DR GO CHANGE YOUR E-MAIL and PASSWORD NOW 

The email was no doubt a phising scam.

And as for thousands the links you provided so a few posts not the thousands you claim.

 

P.S. Do they not send out validation emails to the current email inorder for you to change to the new one .?

Yes.  They do.   You have to log in.   Reset your password.   Go to you email and click on the validation link.   Then finish the process.

Somebody (hopefully you!) asked to reset the password on your Guild Wars account.

To change your password, click the link below.

LINK REMOVED

If you did not request to reset your password, you can ignore this email and no changes will be made to your account.

Need help or have questions about your Guild Wars account? Visit our support site: http://support.guildwars2.com/.

Thanks!

--The ArenaNet Team

Originally posted by MosesZD

 

 

I don't buy it.   ANet isn't responsible for security on my end.  I am.     It's part of adult living.  

 

And, no, they didn't change your password, despite your claims.   What they REALLY said is:

 

Somebody (hopefully you!) asked to reset the password on your Guild Wars account.

To change your password, click the link below. 

(Clickable Link)

If you did not request to reset your password, you can ignore this email and no changes will be made to your account.

Need help or have questions about your Guild Wars account? Visit our support site: http://support.guildwars2.com/.

Thanks!

--The ArenaNet Team

 

Buy why let those additional little FACTS in green get in the way of a good BLAME THE DEVELOPER rant.

 

 

 

You're pasting the password reset email the email sent after changing the email looks exactly like what the OP posted.

How about your facts?

And yes, ArenaNet is responsible to have at least good enough security for our accounts.

It would have been much easier for us and it would have given more security to verify a change of account name/email adress by adding a verification to the old email just like the one they send to the new email adress. (Just to name one example.) 

This email is sent to the former email adress:

---

Someone -hopefully you!- has requested to change the email address associated with your Guild Wars account.

Need help or have questions about your Guild Wars account? Visit our support site: http://support.guildwars2.com/.

Thanks!

-The ArenaNet Team

---

This email is sent to the new email adress:

---

Your e-mail address has been changed. Please remember to use this new address the next time you log in to your account.

To confirm this change, please click on the link below.

[LINK FOR EMAIL VERIFICATION]

Need help or have questions about your Guild Wars account? Visit our support site: http://support.guildwars2.com/.

Thanks!

-The ArenaNet Team

---

Which is just wrong...

Originally posted by Dranny
I have multiple email accounts for different games none of which get these scams, The only email addy that gets the phising scams is the one i use for fan sites. go figure.

Yeah.  I don't register at a site unless it's a legit gaming site run by a legit company.    I've seen too many people register at fan sites, especially 'mod' and 'hack' sites, and get hacked to death later.

Originally posted by MosesZD

Originally posted by WizGamer

 

http://www.guildwars2forum.com/threads/9418-Error-3002-email-not-found

http://www.gamefaqs.com/boards/938738-/63906420

 

Thousands of accounts (apparently it's a problem growing at a very quick pace) have been hacked in the last couple of days. Apparently these hackers were able to change the e-mails registered to each account so it appears as if you never had an account. I have barely played in the past week (maybe 20 minutes total) because of real life obligations. I attempted to login tonight to give myself a break and I am somehow no longer affiliated with Guild Wars 2 in any way, as the e-mail address I entered was not found. Logging into the website, no luck. Logging in with my username, doesn't exist.  At least I didn't sink much time into any character so it's okay if my data is lost, but I feel for others who have already spent days in this game.

 

I've played nearly every launch for the last decade and never have I seen this chaos or mishandling of player security. Really, their priority is banning instead of stabilizing their infrastructure during the first week?  It wasn't even a problem on the player end. Players are registering, BUYING the game, and finding they are not able able to login at all. 

I received an e-mail from ArenaNet:

 

Someone -hopefully you!- has requested to change the email address associated with your Guild Wars account.

Need help or have questions about your Guild Wars account? Visit our support site: http://support.guildwars2.com/.

Thanks!

-The ArenaNet Team

 

They didn't even bother checking with me before changing my password. How did that happen? 

This is really unfortunate for ArenaNet, but I really feel like they should have had better security systems in place. This is ridiculous.

 

TL; DR GO CHANGE YOUR E-MAIL and PASSWORD NOW 

 

The common vectors:

 

1.   People stupidly use easy to break passwords or, even dumber yet, the same password every gaming site they go.    Many of these were stolen from legitimate web sites when they've been hacked in the past.

2.   People stupidly signed up using their email and password at a Phishing site that promised "free in-game giveaway."   (Yes, they did!!!   How dumb was that?)

3.  Many people go to 'helper' sites (not knowing they're Honeypots) and down-load keyloggers with those macros and botting programs they use.

4,   They stupidly answer phishing emails.

 

Those are the common vectors that allow phishing attacks and none of those are ANet's fault.   And yet you get on your high-horse and act as if it is their fault.   

 

I don't buy it.   ANet isn't responsible for security on my end.  I am.     It's part of adult living.  

 

And, for the record, since they've hacked some of the gaming sites I frequent, those Chinese hackers tried to get me, too as I use a centralized gaming email because I got tired of my professional email being filled with spam.   But they failed because I never answer any kind of 'account security verification' emails (phishing), I have a brutally hard password unique to my email.  Each game has a brutally hard unique password containing Caps, lower-case, signs and numbers.

 

And, no, they didn't change your password, despite your claims.   What they REALLY said is:

 

Somebody (hopefully you!) asked to reset the password on your Guild Wars account.

To change your password, click the link below. 

(Clickable Link)

If you did not request to reset your password, you can ignore this email and no changes will be made to your account.

Need help or have questions about your Guild Wars account? Visit our support site: http://support.guildwars2.com/.

Thanks!

--The ArenaNet Team

 

Buy why let those additional little FACTS in green get in the way of a good BLAME THE DEVELOPER rant.

 

 

 

The Risk of playing video games on computers is risky if you scare of hackers go play Consol games you get more protection ther from hackers except playstation console or learn how to protect yourself from harm like identity theft to start of with.

Originally posted by Orphes

Originally posted by MosesZD

 

 

I don't buy it.   ANet isn't responsible for security on my end.  I am.     It's part of adult living.  

 

And, no, they didn't change your password, despite your claims.   What they REALLY said is:

 

Somebody (hopefully you!) asked to reset the password on your Guild Wars account.

To change your password, click the link below. 

(Clickable Link)

If you did not request to reset your password, you can ignore this email and no changes will be made to your account.

Need help or have questions about your Guild Wars account? Visit our support site: http://support.guildwars2.com/.

Thanks!

--The ArenaNet Team

 

Buy why let those additional little FACTS in green get in the way of a good BLAME THE DEVELOPER rant.

 

 

 

 

You're pasting the password reset email the email sent after changing the email looks exactly like what the OP posted.

How about your facts?

And yes, ArenaNet is responsible to have at least good enough security for our accounts.

It would have been much easier for us and it would have given more security to verify a change of account name/email adress by adding a verification to the old email just like the one they send to the new email adress. (Just to name one example.) 

 

 

This email is sent to the former email adress:

---

 

Someone -hopefully you!- has requested to change the email address associated with your Guild Wars account.

Need help or have questions about your Guild Wars account? Visit our support site: http://support.guildwars2.com/.

Thanks!

-The ArenaNet Team

---

 

 

This email is sent to the new email adress:

---

 

Your e-mail address has been changed. Please remember to use this new address the next time you log in to your account.

To confirm this change, please click on the link below.

[LINK FOR EMAIL VERIFICATION]

Need help or have questions about your Guild Wars account? Visit our support site: http://support.guildwars2.com/.

Thanks!

-The ArenaNet Team

---

 

Which is just wrong...

Sorry, he specifically claimed TWO THINGS:  

1. I received an e-mail from ArenaNet:  (email)
2. "They didn't even bother checking with me before changing my password."

Read more carefully.   His claim was wrong.   They didn't even change his password to steal his account.   They knew it.  The security breech was his own -- reused passwords. 

I will admit, the second part should have explained better.   I plead 6:00 AM and lack of coffee.  A password reset email has the go-back-to-link.   I was pointing that out.  

Originally posted by MosesZD

Originally posted by WizGamer

 

http://www.guildwars2forum.com/threads/9418-Error-3002-email-not-found

http://www.gamefaqs.com/boards/938738-/63906420

 

Thousands of accounts (apparently it's a problem growing at a very quick pace) have been hacked in the last couple of days. Apparently these hackers were able to change the e-mails registered to each account so it appears as if you never had an account. I have barely played in the past week (maybe 20 minutes total) because of real life obligations. I attempted to login tonight to give myself a break and I am somehow no longer affiliated with Guild Wars 2 in any way, as the e-mail address I entered was not found. Logging into the website, no luck. Logging in with my username, doesn't exist.  At least I didn't sink much time into any character so it's okay if my data is lost, but I feel for others who have already spent days in this game.

 

I've played nearly every launch for the last decade and never have I seen this chaos or mishandling of player security. Really, their priority is banning instead of stabilizing their infrastructure during the first week?  It wasn't even a problem on the player end. Players are registering, BUYING the game, and finding they are not able able to login at all. 

I received an e-mail from ArenaNet:

 

Someone -hopefully you!- has requested to change the email address associated with your Guild Wars account.

Need help or have questions about your Guild Wars account? Visit our support site: http://support.guildwars2.com/.

Thanks!

-The ArenaNet Team

 

They didn't even bother checking with me before changing my password. How did that happen? 

This is really unfortunate for ArenaNet, but I really feel like they should have had better security systems in place. This is ridiculous.

 

TL; DR GO CHANGE YOUR E-MAIL and PASSWORD NOW 

 

The common vectors:

 

1.   People stupidly use easy to break passwords or, even dumber yet, the same password every gaming site they go.    Many of these were stolen from legitimate web sites when they've been hacked in the past.

2.   People stupidly signed up using their email and password at a Phishing site that promised "free in-game giveaway."   (Yes, they did!!!   How dumb was that?)

3.  Many people go to 'helper' sites (not knowing they're Honeypots) and down-load keyloggers with those macros and botting programs they use.

4,   They stupidly answer phishing emails.

 

Those are the common vectors that allow phishing attacks and none of those are ANet's fault.   And yet you get on your high-horse and act as if it is their fault.   

 

I don't buy it.   ANet isn't responsible for security on my end.  I am.     It's part of adult living.  

 

And, for the record, since they've hacked some of the gaming sites I frequent, those Chinese hackers tried to get me, too as I use a centralized gaming email because I got tired of my professional email being filled with spam.   But they failed because I never answer any kind of 'account security verification' emails (phishing), I have a brutally hard password unique to my email.  Each game has a brutally hard unique password containing Caps, lower-case, signs and numbers.

 

And, no, they didn't change your password, despite your claims.   What they REALLY said is:

 

Somebody (hopefully you!) asked to reset the password on your Guild Wars account.

To change your password, click the link below. 

(Clickable Link)

If you did not request to reset your password, you can ignore this email and no changes will be made to your account.

Need help or have questions about your Guild Wars account? Visit our support site: http://support.guildwars2.com/.

Thanks!

--The ArenaNet Team

 

Buy why let those additional little FACTS in green get in the way of a good BLAME THE DEVELOPER rant.

 

 

 

Because its easier to blame someone else than to admit that they did something stupid....

the trouble is that too many people just do not pay attention, they treat the internet as if its a playground, and think web security is somebody elses responsibility..  the mind boggles sometimes it really does.

if you havent seen this (link is on the game launcher)

http://wiki.guildwars2.com/wiki/Game_status_updates

Friday, August 31, 2012

Account Security

Protect your account! We've seen hackers systematically scan email addresses and passwords harvested from other games, web sites, and trojans to see if they match Guild Wars 2 accounts. We've taken steps to protect our players from this, but we need your help too. Make sure that you use a strong, unique password for Guild Wars 2 that you've never used anywhere else. For best security, use a unique email address too, and see our blog post

https://www.guildwars2.com/en/news/tips-for-keeping-your-guild-wars-2-account-secure

 

Email authentication

We now have email authentication enabled for all players who have validated their email addresses. This feature sends an email whenever it detects a login attempt to your account from a location you haven't played from before, asking you to allow or deny the login.

We've learned of an incompatibility between email authentication and older versions of Internet Explorer. We're working on a fix, which we expect to deploy tomorrow.

If you're not receiving account verification emails or account authentication emails, please check your junk/spam folders, and add noreply@guildwars2.com to your safe senders list.

Seriously , never used an authenticator in any game , played EQ since launch and most every mmorpg since , and never , not once , have had an account "hacked'. Zero , nilch such issues.

I just don't get it , unless people truly use the same login/password for fansites and click on links in emails that people by now should know better.

Either way , it's quite possible to never lose an account or be hacked and never even touch an authenticator.

People need to educate themselves , not scream AN was hacked wheres my authenticator.

Originally posted by MosesZD

 

 

Sorry, he specifically claimed TWO THINGS:  

1. I received an e-mail from ArenaNet:  (email)
2. "They didn't even bother checking with me before changing my password."

Read more carefully.   His claim was wrong.   They didn't even change his password to steal his account.   They knew it.  The security breech was his own -- reused passwords. 

 

I will admit, the second part should have explained better.   I plead 6:00 AM and lack of coffee.  A password reset email has the go-back-to-link.   I was pointing that out.  

Ehm no, he claims 1 thing. 

The most logical interpretation is that he is talking about the change off account name (email adress) and that ArenaNet have made that to easy.

He "begins" with:

"Logging into the website, no luck. Logging in with my username, doesn't exist."

And "ends" with:

"They didn't even bother checking with me before changing my password."

*Password is more likely a typo, there are no reasons to believe that any company should verify a change of password other than typing the old one at the time of change. Also as he is pasting the email change notification sent by ArenaNet, and that is the easy way ArenaNet made it to actually steal accounts by changing accountnames vithout verifications.

And he acknowledge the need for changing p/w and email to make it more safe.

There is no need to defend Arena Net, they have made stupid choice with how the account name change can be done.

Originally posted by JeroKane

He probably clicked the link in the phising email, just like thousands of other people who still fall for it.

A lot of (gaming) sites and MMO studios have been hacked lately, with entire databases of data being stolen!

So if you haven't bothered changing your password lately.... then sorry, but then you made it extremely easy for these hackers.

Perhaps a stupid question.

But what is wrong with (just) clicking a link?

I thought as long as you don't type in your account info on a phishing website you are fine..

When Online Game Companies get hacked, the hackers and gold-botters keep the information that was obtained for years. 

A new anticipated game comes out, they use programs that scans and probs down a list to see who they got from prior hacked games. If they find a matching email or an account using the *same* password then they got that person's account.  It's always good to change e-mail and password frequently on these MMO websites as well as not using the same emails or passwords for different games too.

MMO sites aren't very secure to began with(and a lot of other sites aren't either, unfortunately with all the hacking incidents that have occured in the past) and as technology becomes more sophisicated you will have a criminal element that increases with it.

It's one of the main reasons I use Game-Cards for MMO's rather than CC methods of paying for a game or in-game products.

Originally posted by Phry

 

Because its easier to blame someone else than to admit that they did something stupid....

the trouble is that too many people just do not pay attention, they treat the internet as if its a playground, and think web security is somebody elses responsibility..  the mind boggles sometimes it really does.

Can you motivate why ArenaNet are not to take blame when they made it this easy to change an account name?

Now it is a fact that all people are not honest, not on internet nor outside the door. Some will steal your password and others will steal your wallet.

You say we should not treat internet as if it is a playground... that's good. But the context of your post says that on the internet the victim are to be blamed.

Why?

Originally posted by thekid1

Originally posted by JeroKane

He probably clicked the link in the phising email, just like thousands of other people who still fall for it.

A lot of (gaming) sites and MMO studios have been hacked lately, with entire databases of data being stolen!

So if you haven't bothered changing your password lately.... then sorry, but then you made it extremely easy for these hackers.

Perhaps a stupid question.

But what is wrong with (just) clicking a link?

I thought as long as you don't type in your account info on a phishing website you are fine..

Some sites can plant a cookie on your computer that key logs your strokes.  Just as bad as giving it to them.

Originally posted by Mothanos

Hmm its the Arenanets faulth now you got hacked ?
Stay away from site's who pose a risk.
Make a good pasword.
Dont click links in email.

Account safe !

Dont blame a company for your own mistakes.

That's how my WoW account never got hacked.  I never clicked anything nor filled in any passwords anywhere.  I don't know that ANet is to blame for this anymore than Blizzard is to blame.