So the purpose of this post is to share my experience with a hacking attempt on my account. It’s a positive story (well at least the outcome) so hopefully it will help someone else.
On Saturday morning (9-1-2012) my email started getting ArenaNet notifications for approval of login attempts from non approved locations. This started at 6am and went to about 8:30am in every 3-5 increments.
All of the locations listed on the email were located in different cities in China (CN). Obviously my email box was being hammered.
I had no clue what to do. Obviously my password was compromised (all numeric no pattern 6 digits very weak. Rated as 11mins to crack at 1000 attempts per second.). 2 Digits of entropy with 2 symbols appended would have changed it from 11 minutes to 3.6 centuries. I am a moron with my game accounts.
So I thought what to do, contact Arena Net? It was Saturday early. Write a post to my favorite forum? No idea.
At around 8:30am I changed my password to a alphanumeric combination which changed the entropy attack scenario to 3.6million centuries. The attacks did indeed stop after this, but I have no idea if it was my actions that caused it to stop.
My thoughts are that the password database is compromised and Arena Net either has no idea or they are not releasing the information.
I would suggest everyone change their password immediately.
Some things that I think Arena Net should have somehow been aware of and are definitely flaws in the system.
[ol]
[li]Attempts from China, or other hacker friendly countries should just be ignored for North American players. Frankly this could be done for any country with simple database calls. They are already storing the location of the approved locations.[/li][li] Seeing the amount of emails coming out of the system should have just restricted the location change requests. Seriously my email server was essentially under a DOS attack.[/li][/ol]
I do use Sanebox, so these emails did get filed in a folder for unknown emails but I cannot black hole the arena net emails which is too bad.
The Text of the emails is below:
A login attempt from the following location is currently awaiting your authorization.
Address: 120.71.26.181
City: Qingtao
Region: 02
Country: CN
This location is approximated based on information provided by your Internet Service Provider. If in doubt, deny the request and try again.
For security purposes, we alert you each time your account is accessed from an unrecognized location. To authenticate this login attempt, please click the link below:
https://account.guildwars2.com/allow-login?token=removed&request=removed&ip=120.71.26.181
Need help or have questions about your Guild Wars account? Visit our support site: http://en.support.guildwars2.com/
Thanks!
–The ArenaNet Team
Anyway I hope this email helps my fellow GW2 Players and Guildies
Useful Link: GRC's | Password Haystacks: How Well Hidden is Your Needle?
Calculate your entropy of any password and time to crack in multiple attack scenarios.
Edit: I stand corrected on Arena Net not reacting. Game status updates - Guild Wars 2 Wiki (GW2W)