Guild Wars 2 hack impacts 11,000 accounts
A breached Guild Wars 2 fan site is one of various sources of passwords being used by hackers to gain access to game accounts, according to ArenaNet.
It may be time to gird your loins and beef up your passwords again, as yet another online game's security has been compromised. Guild Wars 2 has received more than 11,000 support requests for hacking, but it appears that the game itself wasn't targeted. Rather, ne'er-do-wells gained passwords from other sources like fan sites, and matched them to Guild Wars 2 accounts.
While it may seem obvious for some users, the attack was apparently enough to flood ArenaNet with reports of hacked accounts. Ars Technica reports that the company received about 8,500 such e-mails over the weekend, and then roughly another 2,500 on Monday alone.
The company said that one particular fan site that recently came under attack was a source of the passwords, but it's "just one of many apparent breaches of other games and web sites that hackers have been collecting email addresses and passwords from." One user in Europe reported 10 e-mails about someone trying to access his account from China. He says the verification procedures in place have rendered those attempts unsuccessful.
"If you don't want your account hacked, don't use the same email address and password for Guild Wars 2 that you've used for another game or web site," said a statement from ArenaNet. "Hackers have big lists of email addresses and passwords that they've harvested from malware and from security vulnerabilities in other games and web sites, and they're systematically testing Guild Wars 2 looking for matching accounts." They advise using long, randomly generated, unique passwords. Which, really, is just a good idea in general.
-
Shacknews
replySteve Watts posted a new article, Guild Wars 2 hack impacts 11,000 accounts.
A breached Guild Wars 2 fan site is one of various sources of passwords being used by hackers to gain access to game accounts, according to ArenaNet.-
Yeah that headline was not misleading at all! Gave me a damn heart attack.
-
Yeah no doubt. I almost went and changed my password before reading the story.
-
You cant rent GW2.
-
-
Nothing to see here, just people being security stupid.
-
Phew, good thing I didn't bother registering for any GW fan sites. -.-'
-
Not only that but you had to be dopey enough to use the same email and password as the game on these sites. 11k people are apparently dumb enough to do that.
-
-
-
if you use the same password for everything... you deserve to get hacked... COMEON PEOPLE !!!! IF YOU CANT REMEMBER MULTIPLE PASSWORDS YOU SHOULDNT BE PLAYING MMOS !!
-
-
-
-
[deleted]
-
-
-
-
-
use a password manager
-
-
-
some people (like myself) are lazy
-
-
Yep. Bite the bullet with a password manager. I went and changed my passwords on well over a hundred website accounts to get set up with 1Password... it takes a while, I just did it gradually over time, but it feels good to finally get all that mess under control.
-
-
-
is that like "rape rape" or just "rape"?
-
[deleted]
-
[deleted]
-
Have a complex password that you change the first 4-5 characters of for each site.
shackxxxxx123
googlxxxxx123
guildxxxxx123
-
Actually, passwords like:
"Hyperspeed Tableware"
"Massive Disaster"
"Terrible Password" (lol)
and so on, are pretty secure AND easy to remember.
-
-
-
Ouch
-
-
You can just send it to me.
-
-
These people also must not have verified their email. After verifying my email, anytime someone tries to login to my account from a different IP it must be verified first.
-
-
haha yes that very well could be the case.
-
-
-
Yes, as far as I know it was broken for everyone for about a week. It works fine now however.
-
-
I've logged into my GW2 account from 4 IP addresses at this point. One IP is my home, so that one is clear. One IP logged in just fine initially, then required authentication the 2nd day. The other 2 IPs have worked perfectly fine with no authentication.
I would definitely not rely on this for security.-
I can't say I have had the same problem. I only logged into one computer prior to verifying my email. After verifying my email it required my authentication. I logged in from one other IP which also required verification. I also let me friend log into my account to download the client so it would be ready when his copy came in the mail and he also need to be verified.
-
-
-
PSA: How to create a better password than random characters. http://xkcd.com/936/
-
