Real-money trading companies want to sell you gold for cash. To do that, they have to collect the gold, and they have to advertise it. They collect gold by looting it off stolen accounts, and by using stolen accounts for botting. They advertise it by using stolen accounts for spamming.
If people wouldn’t buy gold from these real-money trading companies, the cash incentive to steal accounts would disappear. We’d see almost no account hacking, account looting, organized botting, or spamming ads.
We’ve seen some players theorize that hacked accounts were due to a Guild Wars database breach. We have very strict blocks in place to keep network attacks from reaching our customer databases, and a team constantly monitoring for any signs of intrusion, and we’re confident that there has been no such breach.
This blog post has focused on hackers using stolen credentials to compromise new accounts, because that’s primarily what we’re seeing today. But the more we solve that problem, the more hackers will turn to other tricks, so it’s important for everyone to remain vigilant in other forms of account security.
- Phishing – If an email links you to a site that asks you to type in your password, don’t type in your password. It could be a fake site. Go to the real account management site by typing “account.guildwars2.com”, or use a bookmark.
- Social engineering – If someone claims to work for ArenaNet or NCsoft and asks you for your password, don’t tell them your password. Our customer support team doesn’t need your password.
- Trojan horses and spyware – Don’t download and run software, or open files attached to emails, from a source you aren’t 100% sure about. Malicious software can install a keylogger on your system to record your passwords and transmit them.
- Email security – Keep the email address associated with your Guild Wars 2 account secure, just like you keep your Guild Wars 2 account itself secure. Use a strong, unique password there too, which you’ve never used anywhere else.
We take security very seriously. Perhaps you can tell from this blog post. And of all the things we protect at ArenaNet, we protect our customers’ data most of all.
Companies like Blizzard and Valve presumably also had a commitment to security, yet they ultimately suffered breaches of their account databases. One day will we become such a target that a hack attempt will finally overwhelm our defenses?
We’ve seen a very few cases where hackers purchased gems on accounts after hacking them. This is an uncommon type of attack because we do have in-game restrictions in place to prevent wealth from being transferred off an account in a case like this.
We’ve deployed new restrictions to prevent hackers from using stored credit cards on stolen accounts in this way, and we also now provide users the option to delete stored credit cards.
Of course, if any customer finds that a hacker has created unauthorized charges against his credit card, that player can contact our support team to get the charges refunded.