Close
Are you sure? Are you sure you want to report this comment? I understand, report it. Cancel

Thousands of Guild Wars 2 passwords hacked

Thousands of Guild Wars 2 passwords hacked

Mon 10 Sep 2012 7:34am GMT / 3:34am EDT / 12:34am PDT
Online

Update: Stolen passwords and email addresses used to access unspecified accounts

Update

An NCsoft representative has a been in touch to clarify the 11,000 figure, which according to the company relates to "hacked and blocking issues".

Original story

ArenaNet has warned Guild Wars 2 players that hackers are using stolen email addresses and passwords from other sites to try and access their accounts.

On Sunday September 2 NC Soft said, via the official Guild Wars 2 wiki, that it had received "approximately 8500 new support tickets related to hacked accounts and other blocking issues" and by Monday September 3 had "helped 2574 players with hacked accounts". Latest updates to the wiki have not included updates to those numbers.

"If you don't want your account hacked, don't use the same email address and password for Guild Wars 2 that you've used for another game or web site," ArenaNet wrote on the wiki, as reported by ArsTechnica

"Hackers have big lists of email addresses and passwords that they've harvested from malware and from security vulnerabilities in other games and web sites, and they're systematically testing Guild Wars 2 looking for matching accounts."

One of the sites accessed by hackers was a Guild Wars fan site.

9 Comments

Kingman Cheng
Illustrator and Animator

952 180 0.2
Oh dear me, I heard about this in the weekend. Just as I was considering a purchase (and finding out they're still not making licences). This makes me consider creating an email just for online gaming. At least we got Torchlight 2 coming up soon.

Posted:2 years ago

#1

Dirk van Wijk
Student - Computer Science (Master)

29 13 0.4
This looks similar to all the Diablo 3 hacked accounts. Although, in that case everyone blamed Blizzard for that.
Maybe they shouldn't force you to use an e-mail adress as login account.

Posted:2 years ago

#2
They did have 5-6 years to figure something out though...

Posted:2 years ago

#3

Kingman Cheng
Illustrator and Animator

952 180 0.2
Chee, I might actually complete Skyrim by then.

Posted:2 years ago

#4

Jessica Hyland
Character Artist

278 1,060 3.8
This isn't really similar to the D3/battle.net hacking at all, because ArenaNet's servers haven't actually been compromised. It seems like the hackers have stolen information from various fansites/forums and used those details to log into people's accounts, because for some people the concept of 'unique passwords' is apparently just too taxing.

It would certainly help if login names weren't email addresses but the problem is people reusing their passwords, not really a failure on ANet's part.

Posted:2 years ago

#5

Nicholas Pantazis
Senior Editor

1,020 1,467 1.4
This isn't even a little bit ArenaNet's fault... No one is getting in through security vulnerabilities on their end. And yes, it's good practice to have a separate, more secure, password for online games. This is especially true of MMOs (and Diablo and LoL), which are a HUGE target of hacking, due to the incredible wealth that can be obtained in selling accounts.

Edited 1 times. Last edit by Nicholas Pantazis on 10th September 2012 4:53pm

Posted:2 years ago

#6

Sam Maxted
Journalist / Community / Support

155 65 0.4
This looks similar to all the Diablo 3 hacked accounts. Although, in that case everyone blamed Blizzard for that.
Maybe they shouldn't force you to use an e-mail adress as login account.
I said this was a bad idea when it was done for the original Guild Wars and couldn't understand when Blizzard changed WoW's login names to email addresses. It's an unnecessary vulnerability that can be easily eliminated, and yet it seems that convenience keeps trumping common sense in this area.

If someone has your email address, they have your login name - and vice versa - making it easier for both to become compromised. Hacking groups must have thought it was Christmas when email addresses started replacing other login names...

Edited 2 times. Last edit by Sam Maxted on 10th September 2012 6:26pm

Posted:2 years ago

#7

Andreas Gschwari
Senior Games Designer

558 607 1.1
Now the 7 emails i got last week about resetting my guild wars account password make sense. despite me not having a guild wars 2 account.

Posted:2 years ago

#8

Dirk van Wijk
Student - Computer Science (Master)

29 13 0.4
This isn't really similar to the D3/battle.net hacking at all, because ArenaNet's servers haven't actually been compromised. It seems like the hackers have stolen information from various fansites/forums and used those details to log into people's accounts, because for some people the concept of 'unique passwords' is apparently just too taxing.

It would certainly help if login names weren't email addresses but the problem is people reusing their passwords, not really a failure on ANet's part.
Ah my bad, I forgot their servers also got compromised yes. Before that happened, lots of accounts also got hacked already, though.

Edited 1 times. Last edit by Dirk van Wijk on 11th September 2012 3:08pm

Posted:2 years ago

#9

Login or register to post

Take part in the GamesIndustry community

Register now