Sections

Thousands of Guild Wars 2 passwords hacked

Update: Stolen passwords and email addresses used to access unspecified accounts

Update

An NCsoft representative has a been in touch to clarify the 11,000 figure, which according to the company relates to "hacked and blocking issues".

Original story

ArenaNet has warned Guild Wars 2 players that hackers are using stolen email addresses and passwords from other sites to try and access their accounts.

On Sunday September 2 NC Soft said, via the official Guild Wars 2 wiki, that it had received "approximately 8500 new support tickets related to hacked accounts and other blocking issues" and by Monday September 3 had "helped 2574 players with hacked accounts". Latest updates to the wiki have not included updates to those numbers.

"If you don't want your account hacked, don't use the same email address and password for Guild Wars 2 that you've used for another game or web site," ArenaNet wrote on the wiki, as reported by ArsTechnica

"Hackers have big lists of email addresses and passwords that they've harvested from malware and from security vulnerabilities in other games and web sites, and they're systematically testing Guild Wars 2 looking for matching accounts."

One of the sites accessed by hackers was a Guild Wars fan site.

Related stories

Game industry coming around on story - Hoyer

ArenaNet narrative head says growing budgets have publishers understanding the need to get players invested

By Brendan Sinclair

Subscription-free Guild Wars 2 coming to China

"Guild Wars 2 China will be synchronised with the worldwide version of the game"

By Rachel Weber

Latest comments (8)

Kingman Cheng Illustrator and Animator 4 years ago
Oh dear me, I heard about this in the weekend. Just as I was considering a purchase (and finding out they're still not making licences). This makes me consider creating an email just for online gaming. At least we got Torchlight 2 coming up soon.
0Sign inorRegisterto rate and reply
Dirk van Wijk Student - Computer Science (Master) 4 years ago
This looks similar to all the Diablo 3 hacked accounts. Although, in that case everyone blamed Blizzard for that.
Maybe they shouldn't force you to use an e-mail adress as login account.
1Sign inorRegisterto rate and reply
They did have 5-6 years to figure something out though...
0Sign inorRegisterto rate and reply
Show all comments (8)
Kingman Cheng Illustrator and Animator 4 years ago
Chee, I might actually complete Skyrim by then.
0Sign inorRegisterto rate and reply
This isn't really similar to the D3/battle.net hacking at all, because ArenaNet's servers haven't actually been compromised. It seems like the hackers have stolen information from various fansites/forums and used those details to log into people's accounts, because for some people the concept of 'unique passwords' is apparently just too taxing.

It would certainly help if login names weren't email addresses but the problem is people reusing their passwords, not really a failure on ANet's part.
1Sign inorRegisterto rate and reply
Nicholas Pantazis Senior Editor, VGChartz Ltd4 years ago
This isn't even a little bit ArenaNet's fault... No one is getting in through security vulnerabilities on their end. And yes, it's good practice to have a separate, more secure, password for online games. This is especially true of MMOs (and Diablo and LoL), which are a HUGE target of hacking, due to the incredible wealth that can be obtained in selling accounts.

Edited 1 times. Last edit by Nicholas Pantazis on 10th September 2012 4:53pm

1Sign inorRegisterto rate and reply
Sam Maxted Journalist / Community / Support 4 years ago
This looks similar to all the Diablo 3 hacked accounts. Although, in that case everyone blamed Blizzard for that.
Maybe they shouldn't force you to use an e-mail adress as login account.
I said this was a bad idea when it was done for the original Guild Wars and couldn't understand when Blizzard changed WoW's login names to email addresses. It's an unnecessary vulnerability that can be easily eliminated, and yet it seems that convenience keeps trumping common sense in this area.

If someone has your email address, they have your login name - and vice versa - making it easier for both to become compromised. Hacking groups must have thought it was Christmas when email addresses started replacing other login names...

Edited 2 times. Last edit by Sam Maxted on 10th September 2012 6:26pm

0Sign inorRegisterto rate and reply
Dirk van Wijk Student - Computer Science (Master) 4 years ago
This isn't really similar to the D3/battle.net hacking at all, because ArenaNet's servers haven't actually been compromised. It seems like the hackers have stolen information from various fansites/forums and used those details to log into people's accounts, because for some people the concept of 'unique passwords' is apparently just too taxing.

It would certainly help if login names weren't email addresses but the problem is people reusing their passwords, not really a failure on ANet's part.
Ah my bad, I forgot their servers also got compromised yes. Before that happened, lots of accounts also got hacked already, though.

Edited 1 times. Last edit by Dirk van Wijk on 11th September 2012 3:08pm

0Sign inorRegisterto rate and reply

Sign in to contribute

Need an account? Register now.