Guild Wars Guru Security Notice - Page 2 - Guild Wars Forums

Darcy · Jan 23, 2010, 11:49 PM // 23:49

Luckily, my GW account ID is an obsolete address from before I belonged to guru. Thanks for the info. Good luck with your fight.

Inde · Jan 23, 2010, 11:52 PM // 23:52

Quote:

Originally Posted by Riot Narita

Really? I would have thought there were much easier places to break into, to get email addresses just for spam.

My suspicion is they were after email addresses for GW- or Guru-specific phishing attempts...

...Or email addresses to attempt direct GW login (use forum name for the character name, and try the top 100 most common passwords as per the "RockYou" thread... they might get lucky, and it seems they are getting desperate enough to try anything)

My thanks to the Guru staff for their responsible attitude and reaction to this.

As we stated we can't know the reason for the hack. Any speculation you have is the same as ours. I can tell you that valid emails are not easily obtained, and fetch quite a price. I would never attempt to downplay this incident, but I believe we have honestly and openly given the best information we can.

shoyon456 · Jan 24, 2010, 12:00 AM // 00:00

Well, I already get spam on my main email, not associated with ANY gaming. Apparently my Aion and WoW accounts are repeatedly being hacked and in danger of being perma banned.

I changed both guru accounts to a 3rd email long ago, and my passwords for Guru1 and 2 are unique to guru and other sites I don't care much about.

That being said, guru has responsive/open staffing.

mlandry · Jan 24, 2010, 12:06 AM // 00:06

I get at least 4 emails for WoW phising scams every week even though I've only ever had a trial account for that game when it was released. I started getting some for Aion recently even though I don't even have that game.

I doubt it's going to be much different for GW. I've already had my account stolen once because of NCSoft's incompetent website security, thinking I was safe using the same pass there as ingame, and I've learned from my errors and have no passwords that match anywhere anymore.

Martin Alvito · Jan 24, 2010, 12:21 AM // 00:21

As always, you (the admins) handled this like professionals.

I'm sure everyone appreciates both your forthrightness and your effort here.

Dima The Killa · Jan 24, 2010, 12:23 AM // 00:23

i used to have all my important passwords be the same. email, gw, steam, and ncsoft. but i have even differentiated those when the ncsoft hing happened. but no way am i going to have same pass on important stuff as id o on forums lol.

o and if i do use the same email on here as my gw account what risk is that to my gw account? i cant think of any since there is no way they can figure out my pass. i don't see any reason to fret if they have the username and pass for guru because they can't really do anything useful with that info. but i am wondering if just having my gw email could be a prob.

Smarty · Jan 24, 2010, 12:27 AM // 00:27

Thanks JR et al, very clear and open message to the community there, much appreciated.

JR · Jan 24, 2010, 12:30 AM // 00:30

Quote:

Originally Posted by Dima The Killa

o and if i do use the same email on here as my gw account what risk is that to my gw account? i cant think of any since there is no way they can figure out my pass. i don't see any reason to fret if they have the username and pass for guru because they can't really do anything useful with that info. but i am wondering if just having my gw email could be a prob.

I'd agree with your assessment that there isn't much risk if you only use that password for your Guru account. Sure they might have the account email, but they still need to guess the password AND match it with a character name.

Keep in mind they can access your game account through your NCSoft Master Account too, and they can get to that through an email account. So really you need to make sure nothing is using that compromised password.

Thargor · Jan 24, 2010, 12:31 AM // 00:31

Thanks for the heads up on the issue guys.

In response to all those asking about if their forum and gw account info is the same... ARE YOU SERIOUS?
How many times has this subject been drug through the forums?
Learn to read, read the forums, read security related stuff on the web.
If anyone gets their account hacked because of this i dare say it is their own fault for being ignorant.

Bob Slydell · Jan 24, 2010, 12:54 AM // 00:54

Thanks for the heads up.

Death By An Arrow · Jan 24, 2010, 12:57 AM // 00:57

Alright, thanks for clearing that up... mod who answered my question

Another Q:

I realized my GW email is diff than this one, cause my GW email was the email i used way before i ever joined guru. Im still gunna change my password, but since they dont have the current email linked to my account, im safe..er right?

Im not used to hacks and such, living in a small town and what not

JR · Jan 24, 2010, 12:59 AM // 00:59

Quote:

Originally Posted by Death By An Arrow

Another Q:

I realized my GW email is diff than this one, cause my GW email was the email i used way before i ever joined guru. Im still gunna change my password, but since they dont have the current email linked to my account, im safe..er right?

Im not used to hacks and such, living in a small town and what not

Your Guild Wars account is fairly safe, yes, though it's a lot easier to find out an email address than it is to find out a password. I'd definitely get the password changed as soon as possible.

Once you've done that, you will be fine, provided you have changed that password for any account that used it.

Sir Skullcrasher · Jan 24, 2010, 01:22 AM // 01:22

thanks for the heads up Guru Mods!

To be honest.. who ever is stealing information on a game that is 4.. (FOUR) years old is freaking... smart as hell! lol

Either way, I'm changing everything here on guru and on gw just in case!

Tortoise · Jan 24, 2010, 01:34 AM // 01:34

I tend to use 1 password for all the non-important internet stuff I sign up with (forums and such) and just went and changed most of those. The important stuff all has unique passes.

In any case, thanks for the heads-up and your honesty in the matter. It is much appreciated.

Goddess Of Defense · Jan 24, 2010, 02:06 AM // 02:06

As for the mystery to how they got from one forum, to the next. Guildwarsguru, and guildwars2guru are on the same server; which made it very easy. This flaw is good financially but bad in security. you didn't see this coming, therefore nobody is at blame, it's just that's the reason they got in easily.

Inde · Jan 24, 2010, 02:16 AM // 02:16

Goddess, we do not believe they had root access to our server so this wouldn't explain what happened as simplistic as you put it. Our security was in place on every website and database housed there. A company usually wouldn't purchase separate servers just to run each individual website they have so yes, financially it makes sense for us to put multiple websites on the same server.

Good thought though!

Sookie · Jan 24, 2010, 02:40 AM // 02:40

With all the hacking going on, I created an email address just for guru and the "other" fansite a week ago. This new email address is in no way related to my GW account...just for the two fansites. Hopefully this was enough of a precaution.

Alesa · Jan 24, 2010, 02:59 AM // 02:59

Thanks so much for letting us know so quickly. Top notch you guys.

glacialphoenix · Jan 24, 2010, 03:12 AM // 03:12

Thanks for the headsup.

jonnieboi05 · Jan 24, 2010, 03:36 AM // 03:36

Thank you for the head's up. I am not too concerned, my GW account's email is completely private and no one in this world has except me (it's not registered or anything. It's just an email I used to create the account and never logged into it since then).