Close
Report Comment to a Moderator Our Moderators review all comments for abusive and offensive language, and ensure comments are from Verified Users only.
Please report a comment only if you feel it requires our urgent attention.
I understand, report it. Cancel

Thousands of Guild Wars 2 passwords hacked

Thousands of Guild Wars 2 passwords hacked

Mon 10 Sep 2012 7:34am GMT / 3:34am EDT / 12:34am PDT
Online

Update: Stolen passwords and email addresses used to access unspecified accounts

Update

An NCsoft representative has a been in touch to clarify the 11,000 figure, which according to the company relates to "hacked and blocking issues".

Original story

ArenaNet has warned Guild Wars 2 players that hackers are using stolen email addresses and passwords from other sites to try and access their accounts.

On Sunday September 2 NC Soft said, via the official Guild Wars 2 wiki, that it had received "approximately 8500 new support tickets related to hacked accounts and other blocking issues" and by Monday September 3 had "helped 2574 players with hacked accounts". Latest updates to the wiki have not included updates to those numbers.

"If you don't want your account hacked, don't use the same email address and password for Guild Wars 2 that you've used for another game or web site," ArenaNet wrote on the wiki, as reported by ArsTechnica

"Hackers have big lists of email addresses and passwords that they've harvested from malware and from security vulnerabilities in other games and web sites, and they're systematically testing Guild Wars 2 looking for matching accounts."

One of the sites accessed by hackers was a Guild Wars fan site.

8 Comments

Kingman Cheng Illustrator and Animator

954 182 0.2
Oh dear me, I heard about this in the weekend. Just as I was considering a purchase (and finding out they're still not making licences). This makes me consider creating an email just for online gaming. At least we got Torchlight 2 coming up soon.

Posted:2 years ago

#1

Dirk van Wijk Student - Computer Science (Master)

29 13 0.4
This looks similar to all the Diablo 3 hacked accounts. Although, in that case everyone blamed Blizzard for that.
Maybe they shouldn't force you to use an e-mail adress as login account.

Posted:2 years ago

#2
They did have 5-6 years to figure something out though...

Posted:2 years ago

#3

Kingman Cheng Illustrator and Animator

954 182 0.2
Chee, I might actually complete Skyrim by then.

Posted:2 years ago

#4

Jessica Hyland Character Artist

319 1,288 4.0
This isn't really similar to the D3/battle.net hacking at all, because ArenaNet's servers haven't actually been compromised. It seems like the hackers have stolen information from various fansites/forums and used those details to log into people's accounts, because for some people the concept of 'unique passwords' is apparently just too taxing.

It would certainly help if login names weren't email addresses but the problem is people reusing their passwords, not really a failure on ANet's part.

Posted:2 years ago

#5

Nicholas Pantazis Senior Editor, VGChartz Ltd

1,020 1,467 1.4
This isn't even a little bit ArenaNet's fault... No one is getting in through security vulnerabilities on their end. And yes, it's good practice to have a separate, more secure, password for online games. This is especially true of MMOs (and Diablo and LoL), which are a HUGE target of hacking, due to the incredible wealth that can be obtained in selling accounts.

Edited 1 times. Last edit by Nicholas Pantazis on 10th September 2012 4:53pm

Posted:2 years ago

#6

Sam Maxted Journalist / Community / Support

155 65 0.4
This looks similar to all the Diablo 3 hacked accounts. Although, in that case everyone blamed Blizzard for that.
Maybe they shouldn't force you to use an e-mail adress as login account.
I said this was a bad idea when it was done for the original Guild Wars and couldn't understand when Blizzard changed WoW's login names to email addresses. It's an unnecessary vulnerability that can be easily eliminated, and yet it seems that convenience keeps trumping common sense in this area.

If someone has your email address, they have your login name - and vice versa - making it easier for both to become compromised. Hacking groups must have thought it was Christmas when email addresses started replacing other login names...

Edited 2 times. Last edit by Sam Maxted on 10th September 2012 6:26pm

Posted:2 years ago

#7

Dirk van Wijk Student - Computer Science (Master)

29 13 0.4
This isn't really similar to the D3/battle.net hacking at all, because ArenaNet's servers haven't actually been compromised. It seems like the hackers have stolen information from various fansites/forums and used those details to log into people's accounts, because for some people the concept of 'unique passwords' is apparently just too taxing.

It would certainly help if login names weren't email addresses but the problem is people reusing their passwords, not really a failure on ANet's part.
Ah my bad, I forgot their servers also got compromised yes. Before that happened, lots of accounts also got hacked already, though.

Edited 1 times. Last edit by Dirk van Wijk on 11th September 2012 3:08pm

Posted:2 years ago

#8

Login or register to post

Take part in the GamesIndustry community

Register now