Guild Wars 2 ArenaNet worst account security EVER.

#1 - Sept. 6, 2012, 7:36 p.m.

Hey;
A guild mate of mine (names will not be named at the moment) has had his account stolen. So i decided to look into it.

To hack an account on guild wars 2
step 1. Login on GuildWars2.com
step 2. Change email + input password
step 3. Press enter

Absoloutely NO confirmation needs to be done to have the email changed and i literally just tested this; confirmation emails are sent but you dont even need to look at them because I just changed my email address and logged straight in on the one i changed it to.

My mate has also proof of purchase and it has taken ANet over 2 days to get back to him about the complete inability to access ANYTHING to do with the account.
(yet to get back to him)

Lesson: Get a super mega hyper amazing password and just hope they dont get it; because if so your DONE.

ANet has ALSO taken down the Reset Password function (which i have also confirmed).

This is completely stupid and needs to be fixed

Sincerely

LordChuckles

GaileGray

#5 - Sept. 6, 2012, 7:55 p.m.

I have news for you: If someone gets your password on any system, there’s a pretty big likelihood you’re going to be in trouble. And that is why we say — often and very loudly — that account security rests with you. Use a strong, unique password for Guild Wars only.

This thread is misleading. Our database has not been hacked. People are not waltzing in and getting players’ credentials. The incursions are coming from external sources, over which we have no control.

More information is available in our recent article about security.