Let’s take a look at some of our readers’ testimonies regarding what happened and what potentially cause attacks on their accounts.
From: David R.
The user ID and password that I used for GW2 was unique to the game. I never registered for any fansite with my credentials. Furthermore, ArenaNet forces you to have a unique username due to them attaching a randomly generated 4-digit number to the end of what ever username you choose. My account was hacked on Sunday September 9th. I Sent in a ticket using their automated system which resulted in me receiving a stock email message that directed me to an account recovery page and told me that the ticket was now closed. I put in my credentials and it gave me an error that said contact customer service. So I looked all over the site trying to find a contact number, couldn’t find one. I then resubmitted another ticket with a longer explanation and received the same response, letting me know that no one was actually reading it. So I took to Google to find NCsoft’s number. When I tried to call them it resulted in an endless automated loop. If you do not know someone extension it is impossible to get through to a person. SO I sent an email to the support email, basically stating fix this issue or at least send me a correspondence letting me know it is being worked on, or I will need to go to the BBB and file a complaint. Finally, yesterday I receive another stock email stating that access has been restored, missing items, gold, or characters can not be [restored]. My character had not been deleted but my gold and any intrinsic value items were stripped. I enjoy playing the game, but customer service is something that is lacking. It should also be noted that during this whole debacle I received an advertisement from them asking me to upgrade my copy to a digital deluxe copy on Wednesday.
Our reaction to David R.: He states that his User ID and password were unique to his Guild Wars 2 account so that totally takes out any fansite hacking from consideration. While we understand that it’s very atypical for video game companies to offer technical support via phone, the lack of personal 1:1 communication for this reader was understandably frustrating. Being stripped of gold and items totally sucks and has to be a mental roadblock for future gameplay – what’s to stop this from happening again?
Let’s take a look at another one …
From: Gregg P.
Basically, one morning I simply couldn’t log into the game, it came up with an error stating that my e-mail was not in use or registered to any account. In addition I also have never signed up to any Guild Wars 2 fan sites. I posted my ticket on the 11th of September with the bold title “I’ve BEEN HACKED” , It is now the 14th and still not even a reply to say that they’re even working on it. As for posting my ticket number on the forums as advised, it’s impossible; my e-mail was apparently changed on my account, as a result I can’t even post on the forums considering I can’t log on to even the website. Unfortunately for me, I had or have a level 80 necromancer. And apparently (thanks to some of my guild’s reports over Teamspeak since the incident) my character has been signed in daily and been in areas ranging from World Vs World Vs World, to Cursed Shores.
Our reaction: Good grief. Another reader adamantly denies having signed up for any fan site and clearly has their account compromised. The worst part of this is that the customer service has been *extremely* slow to respond and a full week is downright neglectful.
Let’s take a look at another one …
From: Alex T.
Pretty much I finished playing GW2 one day and hopped off, a few hours later I checked my cellphone and I got an e-mail saying my email address has been changed. I try to log on again and I can’t. Even though my spouse says I’m in game. I try doing all the password reset things and nothing works, as even my ingame name was compromised.
So far it’s been 6 days and other than the automated response I’ve heard nothing from them. I sent them an e-mail with all the info needed in a very neat and clean layout (bullet points and all) so I’m hoping it should speed up the process when they get to me.
In regards to how it happened, I highly doubt that my password was compromised by another website as I’m not part of any fan sites at all. And that I have a different password for each and every game (I keep a random 4 letter / 4 number and a symbol password for everything, that I save on one master account) and my e-mail couldn’t have been hacked because gmail requires me to input a verification code from my cellphone to log on my e-mail. So in terms of my password being compromised it could have only happened in 2 ways, or I was hacked, or they were. I’m about 99.9% sure that it wasn’t on my end. I work as a tech for IBM and multiple businesses and security is a bit of a focus for me. And after the account hack I scanned my computer with everything I could and it came out clean.
One thing that did bother me was that the GW2 launcher allows you to change your e-mail on the fly. And I have tried to verify my e-mail multiple times and the link was always broken. I even put in 2 support tickets but never got anything back. So I’m guessing that not having your e-mail verified could have made it easier to get your account hacked.
Oh, also asking for help on the forums or their facebook page only leads to getting bashed by everyone else. People calling you a moron or an idiot and that it’s all my fault and not A-nets fault. And making it really difficult to get any actual help. Don’t get me wrong. I love GW2, the game is amazing and fun. But holy hell are some of the players blind, ignorant and agressive.
But yeah, that’s a bit scattered but it basically summarizes my experience so far… I’ve heard the first response takes on average 8 – 10 days so I guess I still have 2 – 4 more days to wait. Heh.
Also one more thing, if they were using keygens to get passwords (which could have been an option, since I remember reading a couple of posts on their facebook page about a guy getting 1500 e-mails saying he’s attempted to log in from china, but it could be just a guy making up a lie, I’m not sure) but if they were using keygens then it’s a huge security flaw to give someone over 1500 attempts to log in an account.
Our reaction: Here’s a guy that clearly understands the need for password complexity and two-factor authentication, who hasn’t heard a thing from customer support and still is in limbo land. Waiting 8-10 days is just ridiculous from our perspective especially on an issue this visible to the entire industry.
Counter Point: If you run through the official Arena.Net Guild Wars 2 Forums the support team seems slammed with requests and they have a daily update thread for all those suffering from hacked accounts. For those people like Alex T, they have stated: “If your ticket is at least five days old, and if you still need assistance, please post in the Tickets for Review – 5 days and older [merged] thread, which is here at the top of this forum.”
This article isn’t just doom and gloom there and to reiterate, we haven’t done much deep digging with this issue – we’re just trying to give some readers a voice. Alex did follow up with us and two days ago gave us an update:
As of today my account is active again. I was able to get all my character’s back without any issues. Everything in my inventory was sold but my bank and collections was still there. And I had all my inventory bags unlocked and was about 15 levels higher. And had a good 9 gold on me. So I guess the gold farmer wasn’t able to cash in before my account was recovered.
GW2 informed me that any items lost were not able to be replaced and anything he did to my account would be permanent. Considering that he did not advance my story quest I am ok with that. However he did change servers and I am now in a different server than all my friends and I’m unable to return because my old server is full. And the GW2 staff claimed that they can’t switch me back… Other than being on a different server I’m 15 levels higher and all my bank and collections stuff is still there.
From our readers’ perspective (at least those that left us rational reading feedback) they are downright disputing the claim that accounts were compromised because of weak passwords and belonging to a fan site that had been hacked. While the support team at the ArenaNet forums appears to be doing as much as they can, for these three readers there’s not much solace in the effort to date.
As more develops, stay tuned to Gaming Illustrated.