Guild Wars 2 Hacked Players Dispute ArenaNet Claims

Guild Wars 2

Guild Wars 2

Guild Wars 2 is the new popular no-monthly fee MMORPG released by Arena.net that had received top marks from reviewers and games alike in recent weeks. On September 10th however, we reported that Guild Wars 2 accounts had been compromised by a widespread password attack. It had been confirmed that over 11,000 accounts had been compromised with credentials stolen. It had been purported by multiple outlets (and reported here) that the accounts had been pilfered from an unknown Guild Wars 2 fansite, a story that not many people are believing at this point.

When Gaming Illustrated ran the Guild Wars 2 story that accounts had been hacked, we received a ton of feedback from our readers about their experiences. Thankfully, several of these readers agreed to share their in-depth stories which reiterate the notion that the attack didn’t originate through a fansite at all, but that there might be more implied culpability from other, larger sources than originally though.

Let’s take a look at some of our readers’ testimonies regarding what happened and what potentially cause attacks on their accounts.

From: David R.
The user ID and password that I used for GW2 was unique to the game. I never registered for any fansite with my credentials. Furthermore, ArenaNet forces you to have a unique username due to them attaching a randomly generated 4-digit number to the end of what ever username you choose. My account was hacked on Sunday September 9th. I Sent in a ticket using their automated system which resulted in me receiving a stock email message that directed me to an account recovery page and told me that the ticket was now closed. I put in my credentials and it gave me an error that said contact customer service. So I looked all over the site trying to find a contact number, couldn’t find one. I then resubmitted another ticket with a longer explanation and received the same response, letting me know that no one was actually reading it. So I took to Google to find NCsoft’s number. When I tried to call them it resulted in an endless automated loop. If you do not know someone extension it is impossible to get through to a person. SO I sent an email to the support email, basically stating fix this issue or at least send me a correspondence letting me know it is being worked on, or I will need to go to the BBB and file a complaint. Finally, yesterday I receive another stock email stating that access has been restored, missing items, gold, or characters can not be [restored]. My character had not been deleted but my gold and any intrinsic value items were stripped. I enjoy playing the game, but customer service is something that is lacking. It should also be noted that during this whole debacle I received an advertisement from them asking me to upgrade my copy to a digital deluxe copy on Wednesday.

Our reaction to David R.: He states that his User ID and password were unique to his Guild Wars 2 account so that totally takes out any fansite hacking from consideration. While we understand that it’s very atypical for video game companies to offer technical support via phone, the lack of personal 1:1 communication for this reader was understandably frustrating. Being stripped of gold and items totally sucks and has to be a mental roadblock for future gameplay – what’s to stop this from happening again?

Let’s take a look at another one …

From: Gregg P.
Basically, one morning I simply couldn’t log into the game, it came up with an error stating that my e-mail was not in use or registered to any account. In addition I also have never signed up to any Guild Wars 2 fan sites. I posted my ticket on the 11th of September with the bold title “I’ve BEEN HACKED” , It is now the 14th and still not even a reply to say that they’re even working on it. As for posting my ticket number on the forums as advised, it’s impossible; my e-mail was apparently changed on my account, as a result I can’t even post on the forums considering I can’t log on to even the website. Unfortunately for me, I had or have a level 80 necromancer. And apparently (thanks to some of my guild’s reports over Teamspeak since the incident) my character has been signed in daily and been in areas ranging from World Vs World Vs World, to Cursed Shores.

Our reaction: Good grief. Another reader adamantly denies having signed up for any fan site and clearly has their account compromised. The worst part of this is that the customer service has been *extremely* slow to respond and a full week is downright neglectful.

Let’s take a look at another one …

From: Alex T.
Pretty much I finished playing GW2 one day and hopped off, a few hours later I checked my cellphone and I got an e-mail saying my email address has been changed. I try to log on again and I can’t. Even though my spouse says I’m in game. I try doing all the password reset things and nothing works, as even my ingame name was compromised.

So far it’s been 6 days and other than the automated response I’ve heard nothing from them. I sent them an e-mail with all the info needed in a very neat and clean layout (bullet points and all) so I’m hoping it should speed up the process when they get to me.

In regards to how it happened, I highly doubt that my password was compromised by another website as I’m not part of any fan sites at all. And that I have a different password for each and every game (I keep a random 4 letter / 4 number and a symbol password for everything, that I save on one master account) and my e-mail couldn’t have been hacked because gmail requires me to input a verification code from my cellphone to log on my e-mail. So in terms of my password being compromised it could have only happened in 2 ways, or I was hacked, or they were. I’m about 99.9% sure that it wasn’t on my end. I work as a tech for IBM and multiple businesses and security is a bit of a focus for me. And after the account hack I scanned my computer with everything I could and it came out clean.

One thing that did bother me was that the GW2 launcher allows you to change your e-mail on the fly. And I have tried to verify my e-mail multiple times and the link was always broken. I even put in 2 support tickets but never got anything back. So I’m guessing that not having your e-mail verified could have made it easier to get your account hacked.

Oh, also asking for help on the forums or their facebook page only leads to getting bashed by everyone else. People calling you a moron or an idiot and that it’s all my fault and not A-nets fault. And making it really difficult to get any actual help. Don’t get me wrong. I love GW2, the game is amazing and fun. But holy hell are some of the players blind, ignorant and agressive.

But yeah, that’s a bit scattered but it basically summarizes my experience so far… I’ve heard the first response takes on average 8 – 10 days so I guess I still have 2 – 4 more days to wait. Heh.

Also one more thing, if they were using keygens to get passwords (which could have been an option, since I remember reading a couple of posts on their facebook page about a guy getting 1500 e-mails saying he’s attempted to log in from china, but it could be just a guy making up a lie, I’m not sure) but if they were using keygens then it’s a huge security flaw to give someone over 1500 attempts to log in an account.

Our reaction: Here’s a guy that clearly understands the need for password complexity and two-factor authentication, who hasn’t heard a thing from customer support and still is in limbo land. Waiting 8-10 days is just ridiculous from our perspective especially on an issue this visible to the entire industry.

Counter Point: If you run through the official Arena.Net Guild Wars 2 Forums the support team seems slammed with requests and they have a daily update thread for all those suffering from hacked accounts. For those people like Alex T, they have stated: “If your ticket is at least five days old, and if you still need assistance, please post in the Tickets for Review – 5 days and older [merged] thread, which is here at the top of this forum.”

This article isn’t just doom and gloom there and to reiterate, we haven’t done much deep digging with this issue – we’re just trying to give some readers a voice. Alex did follow up with us and two days ago gave us an update:

As of today my account is active again. I was able to get all my character’s back without any issues. Everything in my inventory was sold but my bank and collections was still there. And I had all my inventory bags unlocked and was about 15 levels higher. And had a good 9 gold on me. So I guess the gold farmer wasn’t able to cash in before my account was recovered.

GW2 informed me that any items lost were not able to be replaced and anything he did to my account would be permanent. Considering that he did not advance my story quest I am ok with that. However he did change servers and I am now in a different server than all my friends and I’m unable to return because my old server is full. And the GW2 staff claimed that they can’t switch me back… Other than being on a different server I’m 15 levels higher and all my bank and collections stuff is still there.

From our readers’ perspective (at least those that left us rational reading feedback) they are downright disputing the claim that accounts were compromised because of weak passwords and belonging to a fan site that had been hacked. While the support team at the ArenaNet forums appears to be doing as much as they can, for these three readers there’s not much solace in the effort to date.

As more develops, stay tuned to Gaming Illustrated.

Sean Gibson

Sean Gibson

Executive Editor at Gaming Illustrated
Sean Gibson has been the owner and Executive Editor of Gaming Illustrated for over nine years. He acts not only as a reviewer, previewer and interviewer for the site, but as an inspiring, all-powerful Emperor.
Sean Gibson

@gamingillustrat

http://t.co/PSklmHbhXL (Video Games) - We publish articles on video game news, video game reviews, interviews & previews. PC, Xbox 360, PS3 & Mobile platforms.
Jagged Alliance: Flashback Kickstarter Funded Successfully: The Kickstarter campaign for Jagged Alliance: Flas... http://t.co/A28QMtqZaT - 15 hours ago
Sean Gibson
Sean Gibson

Latest posts by Sean Gibson (see all)

TAGS: , ,
  • Mary

    My Guild Wars 2 account has not been hacked yet… I do belong to GW2 guru. I wouldn’t be supprised if it was hacked. I did have my Guild Wars 1 account hacked when my Aion account was hacked. I could have easily gotten 30 HoM points, but I lost everything before I played EotN. I’m supprised they didn’t implement a recovery system similar to Aion. Which means support lied to me about a recovery system being planned for Guild Wars 2. Not sure if they lied about the plan for Guild Wars 1, but my assumption is they never made one. It’s my understanding that they aren’t doing much for Guild Wars 1 these days.

    My husband is a computer scientist and works with servers and programs in many languages. He says there is no reason they couldn’t give back items. He argued with tech support over it and told them they were lying. He did say they probably had no easy way to do it, but there would be a way for them to access the database to change things. He left the support tech in a bad mood that day.

    The Guild Wars games are truly unique and wonderful to play. But if I lose everything again like I did in Guild Wars 1, I’m done with playing this companies games. It is a shame, because there games are my favorite to play.

  • tom

    My account has been “hacked” twice today. The second time i was still using the password provided to me by them. The first time this happened some gems went missing, not all though witch is unusual (not even 100% sure they did go missing). Yet to get back online to see what has happened this time. Do they honestly believe they can get anyway with this lie when so many of the people playing the game are computer savvy.

    To anyone reading this make sure your password for GW2 is different from all others. Not to protect your GW2 account (because that’s clearly not going to happen) but to protect other more valuable information (email paypal etc)

    Lets hope they are smart enough to fix this up and apologise

    • Chris

      lol It’s Arena Net’s fault that you got hacked… I’ve been in GW1 since launch. I’ve been registered for GW2 since they first started taking pre-orders before beta weekend 1. I use the same password I’ve used for probably almost 7 years on every MMO I’ve ever played.

      The only game I’ve ever been hacked on was World of Warcraft before they came out with authenticators. Still haven’t been hacked on GW2 and didn’t change my password to something silly just to prove a point. Everyone complaining about getting hacked is the same people who lie and say I don’t know why all that ridiculous garbage is posted on my Facebook! I NEVER CLICK THOSE LINKS! Rightttttttt.

      You got suckered. Your own fault not Arena Net’s. Deal with your problems.

      P.S. Learn to use the interwebz

  • MaxSNR

    from a artical i read some time ago ” inside the insider ” it is know that who have access to password and usernames on inside can be selling all these accounts to so called hackers at 11 000 accounts stolen at a price of 55 euro ( example price ) its adds up to over 600 000 Euro… who on inside would not be tempted to sell accounts “” just saying its possiable “” and why not hack ANET’s website where the biggest database of usernames and passwords are again “” just saying “”

  • frustratedGW2player

    My account was also hacked. I am IT professional and very aware of security issues. I do not go to fan sites and my PC is clean.

    They took everything and moved my character to a German server. I just discovered this about an hour ago, as I had not been able to log in for about two weeks due to a very busy schedule.

    This is clearly an Arena.net issue.

    Therefore, it is completely unacceptable that they are not restoring people’s accounts.

    I guess I will be waiting for at least a week before I can play again.

  • Mark

    I love how working in IT or “knowing about security” just automatically make people say it’s not on their end. Quit trying to blame other people and admit that you’ve been compromised.
    Sure, ANet could have handled the situation better, but they are not the cause for your account getting hacked. You are.

  • Matt

    I find it very difficult to these stories. They’re very well written and play towards the “I know computer security” card. However, what people fail to take into account is it doesn’t take a key logger nor a “hack” into a website. To be honest I believe these people hover over a vast trail of forums or other social media sites. I highly doubt that they use just one form of credentials just for Gw2. The fact is their account was compromised and they have no idea why or how. So it is only natural to point fingers and when an option for a reason comes out. When that option doesn’t apply to them, they call err.

    I’m a computer engineer and my account wasn’t “hacked”.

  • Biggus Diccus

    I also believe these details were from an internal source.

    I use a different password for every account for websites and games I use, there is zero interchangeability. Further more I was never registered with any fansites or any sites relating to guild wars 2!

    I have “Clean” computer which I only use for gaming and work, so no key logging or any other malicious activities can occur. I have a laptop I use for everything else which I can access next to my computer, so even if something were to happen there would be no byplay between them.

    I was also online when I was hacked, I spent 30 minutes in a mini game of logout the other person wars. While trying to change my password in the my account settings page which would not work until I was cleaned out.

    There was clearly an internal breach, which Anet are covering up.

  • Matt

    I find it very difficult to believe these stories. They’re very well written and play towards the “I know computer security” card. However, what people fail to take into account is it doesn’t take a key logger, cms website they’re member of to be “hacked”, nor for their “own” personal email to be compromised. Among other ways to gain unlawful access, the fact is their account was compromised in one form or another. They have no idea how. So it’s only natural to point fingers. When an option for reasoning appears behind the fault that does not apply. The person or people call err. My inkling is leaning towards these people who, might, have long trail of hovering over various social media sites or casually browse the internet. As well with being unaware of how browser security plays major role in the health and protection of a computer.

    I’m a computer engineer and my account was not “hacked”.

  • Steve

    I received an email this morning at 0527 am that my request to change my email is approved. Odd thing is, i uninstalled GW2 a bit over 2 weeks ago. Never was a member of any fan sites, and after 7 years of WoW, i know how to protect my account.

    cant login to my account online, or to the support forum. you literally have to just send an email and pray someone looks at it.

    No doubt in my mind this is coming from within Anet.

  • W

    I work in IT, webservers specifically, and it is very possible to be compromised without it being an internal issue. Everyone assumes that their security habits make them 100% immune to being hacked. Is your computer properly configured? Maybe they brute forced their way in through RDP and planted a keylogger. They could have brute forced your login in game (usually not likely but possible). Any program you download could be infected. They could have also hacked your email. Hell, you don’t even need to be hacked, if one of their sysadmins had a weak password, they could use that account to branch out and claim hundreds of passwords. They could have also just called and social engineered the right support person.

    Any of these scenarios, some being far from likely, are more probable than somebody in ANet grabbing your password. For one, companies are required to make a public statement if personal information is compromised.

    Anyone that says they work in IT should already know that nobody is immune to being hacked. There’s always a way into something.

  • Nathan

    My account was hacked on Sept. 5th I got it back Sept. 11th after putting more then enough info in an easy to read format and messaging them. My characters were all fine but my main a lvl 77 thief was in a group with another character bot farming in Queensdale I reported the other character as a bot and left to check my bank.

    Everything was gone 1000 Gems 15 yellow lvl 39 items of different origin I was saving for alts, an every collectible item I had and I had a bunch because I had scavenged every item and had not sold anything. I was not surprised by the items or the gems being gone but what really threw me for a loop was some of the items that were missing were account bound soul bound and not able to be sold like Superior Transmutation Stones and the basic ones a few pieces of Karma Bought gear also missing. I have sent them a message 2 times and both times the messages were closed with no response so I reopened one and am waiting to get my Gems and the other Account Bound items I sent them a message telling them I want everything that was sold or mailed from my account between the date I was hacked to the minute and the date I received my account back returned and all my gems.

    I am wondering why or how the transmutation stones were removed from the account the hacker did not delete any of the other account bound items like the potions that change you into mobs or the boost items all where left alone. Also found some random Mails from a few people I did not ever mail anything to also probably hacked accounts but reported them as well.

    Anet needs to fix peoples accounts and replace what was stolen from us and yes if they tell you it is impossible for them to return stolen or missing items they are lying or they would not be able to track gold sellers or exploiters. You can not ban people telling them they exploited and you have the logs to prove it and then tell others sorry your stuff is gone we don’t have any idea what was stolen because we do not track that type of data sounds to me like they are just trying to take the easy way out. I dare them to tell me they can not or have no way to give me my stuff back.

  • GW2

    I cant believe this, got hacked, all inventory was cleaned…

  • GW2 Plater

    And of course NONE of you have managed to get infected by a keylogger right? Riiiight. Since A-net’s servers weren’t hacked, somehow your login info is being intercepted. That is the only reasonable explanation.