Guild Wars 2 Accounts Compromised by Password Attack - Gaming Illustrated

Guild Wars 2

Officials of the popular MMORPG Guild Wars 2, which was released less than two weeks ago, have made it known that over 11,000 game accounts have been compromised, due in part to credentials stolen from an unknown Guild Wars 2 fan site. The site has no official affiliation with Guild Wars 2.

Guild Wars 2 sends players automated e-mails when login attempts from new locations are logged, and through these e-mails thousands of players have received notifications of unauthorized login attempts. The IP addresses of the hackers seems to suggest that the password attack is based in China, which should not exactly come as a surprise to those familiar with past account security breaches. Over 8,500 support requests regarding unauthorized account access had been submitted between August 31 and September 2, with another 2,574 requests submitted on September 3, marking the largest surge in support requests in Guild Wars 2's  rather brief history.

One important detail to note about this security breach is that the Guild Wars 2 databases themselves were not directly accessed. Players who never registered for a Guild Wars 2 fan site are not in danger from this recent password attack. Among those who did register for the particular Guild Wars 2 fan site in question, however, many used the same password for both their Guild Wars 2 account and the fan site. This allowed hackers (who, as you recall, got a hold of the Guild Wars 2 fan site's account credentials) to input correct Guild Wars 2 login names and passwords of thousands of players.

Guild Wars 2 requires players to confirm login attempts from new locations via e-mail, a technique known as two factor authentication because it requires two separate sources to confirm a login attempt. However, most players fortunately did not have their Guild Wars 2 accounts accessed by an unauthorized users. The only way that the hackers would have been able to access Guild Wars 2 accounts with stolen credentials is if players used the same password for their Guild Wars 2 accounts, the Guild Wars 2 fan site, and their e-mail, in which case they deserve to have their account hacked. In all seriousness, though, using the same password for multiple games and websites is one of the most dangerous online habits, as it takes just one security breach for hackers to have login credentials for all of your accounts.

ArenaNet, the developer of Guild Wars 2, has done a commendable job of letting players know about the attacks (unlike a certain PlayStation 3 manufacturer) and warning players not to use the same passwords that they use on other accounts.

It's worth repeating that the Guild Wars database servers were not hacked, and only those who used the same password for their Guild Wars 2 account and an as of yet unidentified Guild Wars 2 fan site were in danger of having their accounts hacked. While the majority of Guild Wars 2 players were fortunate enough not to have their accounts stolen, this latest password attack should serve as a reminder not to reuse the same password across multiple online accounts.