esyllt
Firenewt
SWTOR Aim to Misbehave
Posts: 15
|
Post by esyllt on Aug 29, 2012 7:44:20 GMT -5
Just as a heads up... I've already gotten two emails that are VERY good copies of the password change request emails. The only difference is where they link to/from. (Guildwars.com)
So... do not click the link to change your password if you didn't request it! I almost fell into that trap. (Hey, its early in the morning! Give me a break! ). Only being too lazy to change saved me... then I got suspicious and checked the domain..
|
|
Aberrant
Ragewalker
Core 03/2003 DAoC Founding Member Former Councilor
twitter : Jabberant
Posts: 3,585
Steam ID: Jabberant
Origin ID: Aberrant
BattleTag: Jabberant#1268
Xbox GamerTag: Jabberant
PSN ID: Aberrant
Game Center: Aberrant
Minecraft: Jabberant
|
Post by Aberrant on Aug 29, 2012 8:18:34 GMT -5
Thanks for the heads up. I JUST got one of these.
|
|
|
Post by Ghlore "MacInnes" on Aug 29, 2012 9:02:42 GMT -5
Same, hackers work quick now a days! My link is account.guildwars2.com though.
|
|
|
Post by pandalishus on Aug 29, 2012 11:30:41 GMT -5
It's worth noting, however, that not all of these e-mails are fakes. This is one area where I defintely don't feel like I'm safe in ANet's hands. Here's the e-mail I got out of nowhere a two days ago: See how everything is guildwars2.com? No fake links, etc. People are actively hitting ANet's password reset feature. That means we can't just assume that the password reset e-mail we got was a scam. It might be a legitimate attempt to hack our account. My suggestion (at least for the time being) would be to create an e-mail account that you use for *nothing* other than GW2. This will make it impossible for hackers to use the password reset (unless ANet themselves are hacked or you use an e-mail address that can be socially engineered). Sign up for a free G-Mail account here, and pick something somewhat obscure.
|
|
Maeve
Rampager
Posts: 2,389
|
Post by Maeve on Aug 29, 2012 13:36:51 GMT -5
I think I saw that there was a GW2 type website set up out of China that's soul purpose was to collect email addresses. Back when I got sick of WoW phishing attempts and after my Aion account was hacked (fucking Aion) leading to my NC master account being put on hold, I chose an obscure email provider and made different accounts for different games. It has worked like a charm thus far. *crosses fingers* On a bit of a side note, if you have not read this story, do so: www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all/ Kind of scared me. And to get back on my old soap box, I am soooo sick of having to worry so much about protecting my game accounts. It's worse than protecting my financial/personal info. These gaming companies need to step up their security and maybe band together to go after all these hackers overseas. Not sure what legal recourse they have when so many are international. Frustrating.
|
|
|
Post by trapsinger on Aug 29, 2012 14:07:46 GMT -5
Maybe their system sent that email in error? They just posted this on facebook:
If you received a password reset email and you did not request it, please delete that email. Do not click on the link in the message.
We are investigating the issue.
Thank you.
|
|
|
Post by pandalishus on Aug 30, 2012 2:03:43 GMT -5
Hard to say. I'm still don't feel safe just yet w/ ANet, but that's a part of MMOs in general these days. Won't be long before two-stage verification will be common I'd imagine.
|
|
|
Post by Lanir on Aug 30, 2012 7:17:06 GMT -5
I am actually surprised they do not have an authenticator yet. They put a lot of effort into making a good game that they tested rigorously, but have not provided additional security out the gate. It is a must now a days to have this option available at launch.
|
|
Slurm
Nightwalker
Wimmy Wam Wam Wazzle!
Posts: 5,065
|
Post by Slurm on Aug 30, 2012 8:04:58 GMT -5
I dislike authenticators with a passion. I loathe the idea of having to use a seperate device to secure a video game. BUT, with as hard as it seems gold farmers are attacking Guild Wars 2, I would welcome one. I agree with the sentiment that I don't feel totally safe right now.
Edit:
This was posted by the ArenaNet reddit account:
Account security - We're seeing an uptick in reports of account theft and attempted account theft. We believe hackers are using databases of email addresses and passwords stolen from other games and web sites, and pre-existing trojan horses, to search for matching Guild Wars 2 accounts which they attempt to compromise. To prevent this, we have temporarily disabled the "reset password" feature, and we're working to bring email authentication online. To protect yourself, please ensure that you use a unique password for Guild Wars 2 that you don't use for any other game, email account, forum or web account.
Email authentication - Email authentication is a feature that notifies you if someone tries to log into your account from a location you've never logged in from before. Thus, even if someone guesses your game password, he can't log in unless he also guesses your email account password. You can make email authentication even more secure by using an email provider that supports two-factor authentication, such as Google or Yahoo, and taking advantage of that. We're currently preparing email authentication and intend to deploy it in a phased rollout, starting on Thursday, August 30.
|
|
|
Post by Rer on Aug 31, 2012 3:01:48 GMT -5
A login attempt from the following location is currently awaiting your authorization. Address: 110.124.162.179 City: Beijing Region: 22 Country: CN For security purposes, we alert you each time your account is accessed from an unrecognized location. To authenticate this login attempt, please click the link below: FUUUUUUUUUUUUUUUUUUUUUUUUUCK ME
|
|
Vejuz
Harpy Archer
Not all who Wander are Lost
Posts: 1,296
|
Post by Vejuz on Aug 31, 2012 9:08:30 GMT -5
Address: 180.248.155.55 City: Banjarmasin Region: 12 Country: ID
For security purposes, we alert you each time your account is accessed from an unrecognized location. To authenticate this login attempt, please click the link below:
FUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU-!
Luckily, my gmail is protected by 2-factor authentication, so I can keep these fuckers out of my account until Anet grants my password reset.
|
|
|
Post by Rer on Aug 31, 2012 9:20:31 GMT -5
I did a password reset and it seemed to have gone through. :<
Also thanks for the reminder, just put 2 step veri on my gmail
|
|
|
Post by pandalishus on Aug 31, 2012 11:23:27 GMT -5
Two-factor is good, but the best thing you can do is to actually create a brand-new, GW2-only e-mail, and then use that. Those attempts are a sign that your e-mail is known, so a new one that never gets used anywhere else will make you effectively invisible.
|
|
Slurm
Nightwalker
Wimmy Wam Wam Wazzle!
Posts: 5,065
|
Post by Slurm on Aug 31, 2012 11:33:15 GMT -5
Two-factor is good, but the best thing you can do is to actually create a brand-new, GW2-only e-mail, and then use that. Those attempts are a sign that your e-mail is known, so a new one that never gets used anywhere else will make you effectively invisible. I've actually been considering doing this. Plus Rer, you could get a new email address! Maybe something without "Aion" in it. 8O
|
|
|
Post by Scarybooster on Aug 31, 2012 14:28:42 GMT -5
I got an email today. I did not click the link at all no matter if it was real or not. I went to my browser and typed in GW2 website. I changed my password to some ridiculously long complex password. I plan on changing email addresses as soon as I get back home and create on called Fuckyouguildwars2asshatthieves@gmail.com
|
|