Blue Tracker
World of Warcraft Blue Posts
Diablo II: Resurrected Blue Posts
Diablo III Blue Posts
Hearthstone Blue Posts
Overwatch Blue Posts
Heroes of the Storm Blue Posts
Diablo IV Blue Posts
BlizzCon Blue Posts
Warcraft Rumble Blue Posts

How they got my new *safe* e-mail again?

Forum Avatar
TaintedSilver.8463
#1 - May 16, 2014, 2:48 a.m.
Blizzard Post

Guys, i had my account hacked like a week ago, i wrote to Arena.net, and they changed my login e-mail to a new one. I just made a new one, never used it anywhere else. I was safe for like 3 days, but i start to get password reset e-mails to my new mail, again, but this time they can’t get it, and reset my pass. How they got to know my new address? I’m quite sure it isn’t a malware/virus keylogger, cause with that they could just log in, knowing my pass.

Forum Avatar
Gaile Gray
#13 - May 16, 2014, 1:53 p.m.
Blizzard Post

If your e-mail address is similar, then those unscrupulous people with access to valid e-mail addresses might try variations. In fact, I imagine they have systems that do it automatically.

For example, say your e-mail account is [email protected]. A company might try GamePlayer@[insert every other major e-mail provider here] to see if they get a “hit.”

If the new e-mail address is completely different, I think there’s a small chance that your computer has a keylogger and the thief simply has not accessed the account yet. (I might be overly worried, but that’s my first impression.) On the other hand, why would a would-be thief attempt to reset the password if s/he has a keylogger…?

As for the password reset page, I think I know why it functions as it does. If our reset system said “This account is not recognized. Please try again” that would reveal something, right? That would mean when the would-be thieves saw the “An e-mail has been sent” message only for valid Account Names, they would know that that particular e-mail address is a valid Guild Wars 2 account name. And clearly, that’s information we don’t want to provide them.

So that is why we don’t say “yea” or “nay” to a request, but simply (invisibly) send an e-mail when the account is valid and not send a-mail to an invalid Account Name. In that way, we’re not furnishing any information to would-be thieves.

Forum Avatar
Gaile Gray
#16 - May 16, 2014, 4:37 p.m.
Blizzard Post
Brother Grimm.5176:

~snip~

Overall, I think it’s less about good email provider security than whether or not any websites you ever used that email address at (and possibly the same password) have ever been compromised (and their user DB stolen and sold).

Obviously 2 step authentication on both the email associated with our GW2 account AND the GW2 account itself should lock down your account (but still use unique and strong passwords at every site). Strong means longer than 12 characters (46 character passwords are insane overkill).

Quoted. The advice you give is very valid, and I flagged a section I want to address. Yes, most compromise incidents are through lists shared amongst disreputable people, lists that contain data from hacked sites. Our security is good, but you all know of major sites (publishers, stores, and more) that have had security incidents that exposed personal information. Many accounts are hacked and identities are stolen using that information, not just in GW2, of course, but in a variety of sensitive areas.

Forum Avatar
Gaile Gray
#27 - May 19, 2014, 5:41 p.m.
Blizzard Post
JustTrogdor.7892:

I’m sorry… I have been following this forum the last few weeks and I do wonder if the GW2 email list got compromised.

And by that do you mean the e-mail addresses and the passwords? If that happened, you’d see thousands of posts, not a dozen. The issues is coming from elsewhere, that seems clear.

The reason hacked account posts have risen is we’re behind in restorations, so issues of members who normally would be resolved in hours are extending over a few days, prompting them to post.

Secondly, RMTs are being hard-hit by our anti-RMT measures, and they are taking advantage of more “known password” lists to hack accounts. You might have been using the same credentials for 10 years, but that doesn’t mean those credentials are safe.

Lastly, the best security is a unique password (used nowhere else) and a unique e-mail address (used nowhere else) used as your log-in Account Name.

Having said all that, I still am baffled by TaintedSilver’s situation, and I’ll ask others to see if they have suggestions on how that occurred. But an ArenaNet or GW2 security breach? No, that’s not what happened.

Forum Avatar
Gaile Gray
#29 - May 19, 2014, 6:51 p.m.
Blizzard Post
JustTrogdor.7892:
Gaile Gray.6029:
JustTrogdor.7892:

I’m sorry… I have been following this forum the last few weeks and I do wonder if the GW2 email list got compromised.

Absolutely not. And by that do you mean the e-mail addresses and the passwords?

No I mean I wondered if a GW2 related email list got acquired from somewhere and nothing to do with passwords. There are what, 100’s of millions of email addresses out there? It just seems that for hackers to have a starting point they would need a list otherwise it would be like finding a needle in a 20 square mile haystack.

Anyway I trust it wasn’t on Anet’s end but maybe another 3rd party GW2 related website where people used the same email address to register as they did for their GW2 account. Those hackers had to get a starting point from some place.

Oh I get it, JT! Thanks for explaining. I didn’t want to leave unremarked a comment that might be — as we sometimes see — “I wonder if ArenaNet was compromised.” That’s not the case, but sure, that whole spectre of the “known password” and “known e-mail address” lists is very real, and unfortunately some fansites and other third-party sites related to our game have had incidents, it’s true.

Forum Avatar
Gaile Gray
#41 - May 22, 2014, 3:16 p.m.
Blizzard Post
Blaeys.3102:

The reality of the virtual world we live in is that is extremely easy for someone tenacious to obtain your email address by simply knowing your character name. If you’ve ever registered on a fan site or let someone in the game know your real name, where you live, etc. for instance.

From there, if you refuse to use more advanced security measures like 2-step authentication, you are a fairly easy target. And, if they use keylogger software/hacks, they are going to see your new email information every time you try to recreate it on your computer. At that point, they might as well have hacked your fingers – and none of it had anything to do with Anet.

I learned this myself the hard way a couple of weeks ago. For what it’s worth, Anet was awesome about it – three days to get my account back with almost all of my stuff (lost my first and only precursor because it was still waiting to be picked up on the TP) – and I was happy with that – because I knew it was my fault, not theirs, that I was hacked.

We are basically at war with these hackers, and when you are at war, you dont do things half way. Protect yourselves in every way possible. Use commercially known and accepted antivirus software (and manually scan your computer often), set up 2-step authentication on your email account (then immediately change your email password), use a mobile authenticator, dont repeat passwords between programs/websites/etc, create elaborate and strong nonsense based passwords (and store your passwords somewhere other than on the computer you are using for the game), and dont share personal information with people you dont really know.

I learned to do these things the hard way.

Thank you for sharing. I believe you will have helped others with what you’ve relayed here.