Blue Tracker
World of Warcraft Blue Posts
Diablo II: Resurrected Blue Posts
Diablo III Blue Posts
Hearthstone Blue Posts
Overwatch Blue Posts
Heroes of the Storm Blue Posts
Diablo IV Blue Posts
BlizzCon Blue Posts
Warcraft Rumble Blue Posts

CAUTION: Heartbleed bug scams expected

Forum Avatar
Brother Grimm.5176
#1 - April 16, 2014, 8:23 a.m.
Blizzard Post

I’ve seen several alerts from security experts that due to the high profile media coverage of the recent Heartbleed bug, email phishing and other scams to gain users personal information is bound to escalate (blaming HEARTBLEED as the reason for the contact).

Everyone should be aware that GW2 servers were NEVER vulnerable to the bug (no OpenSSL code used at GW2 login sites). Any emails or other notifications you may receive claiming to be from ANet about needing to change your password or log in to a linked server should be viewed the EXTREME caution and likely ignored and deleted. I cannot say for sure if this is the case for NCSoft servers.

Note that it IS possible that other sites or services WILL contact you about the legitimate need for security changes but I don’t see any reason that Anet would (since Devs have confirmed they were never vulnerable). As a side note, I would warn against clicking any links inside other security warning emails as well. If you get an email from somewhere you do buisness, open your browser and go the site as you normally do and search at the site for any information on Heartbleed or needs to change security information from there.

Just a heads up to the community.

Forum Avatar
Gaile Gray
#2 - April 16, 2014, 10:58 a.m.
Blizzard Post

Thanks, Brother Grimm. It’s important to keep in mind that if you get an e-mail from us — or allegedly from us — we’re happy to answer questions about it. Remember, too, that aside from contact initiated by you (like authentication authorization, e-mail change, etc.) we will not ask you to click a link to “verify your account” or “check your status” or do any of the other things that would-be phishers want you to do to gain access to your account.

I got an e-mail today from a social media site. They said they were not affected by the Heartbleed bug, but that they wanted me to change my password anyway. There is no way in heck I am going to click their link, even if they foolishly did send me that e-mail. I will go to their site and change my password on my own, NOT through a provided link.

And that’s what Guild Wars 2 players should do. If you need any assistance, you generate a ticket for us to respond to, and we will help you, based on that contact. That way you’re not getting weird, maybe-nefarious “Hey, here’s how to secure your account” mails with live links that lead to Grenth-knows-where!