Jump to content
  • Sign Up

Cant access account on GW1


Hadi.3167

Recommended Posts

I've recently installed gw1 and i forgot my password. It's not the same as Gw2 account email and password. I know im suppose to submit a ticket.. I've done that. My concern is that the pages were not updated and it says... This page does not exist. I've done this multiple times. So i want to bring it to attention of community and hopefully the Devs if they see this post. Should just make password resetting much easier and link emails for both gw2 and gw1. Btw it brings you here : https://help.guildwars.com/hc if you dont believe me; when trying to reset password.

Link to comment
Share on other sites

@Sazukikrah.5036 said:

@Tanner Blackfeather.6509 said:If the accounts are linked they account name and password
is
the same - your gw1 login is changed to your gw2 credentials upon linking.

Hey yea i figured it out, it kept asking for one name of character on account, so i just put that in and it worked. Thanks for that. I looked over that part.

The GW1 credential requirement of typing in a character name is interesting:

  • It has definitely protected GW1 accounts of people with compromised email, but...
  • A lot of returning players seem not to remember the names of any of their characters, so it also locks legit players out
Link to comment
Share on other sites

@Illconceived Was Na.9781 said:

@Tanner Blackfeather.6509 said:If the accounts are linked they account name and password
is
the same - your gw1 login is changed to your gw2 credentials upon linking.

Hey yea i figured it out, it kept asking for one name of character on account, so i just put that in and it worked. Thanks for that. I looked over that part.

The GW1 credential requirement of typing in a character name is interesting:
  • It has definitely protected GW1 accounts of people with compromised email, but...
  • A lot of returning players seem not to remember the names of any of their characters, so it also locks legit players out

Every secure measure of gw1 was a fail. My gw1 account was hacked years ago. I did everything that could have secured the account and still it got hacked. After years i finnaly heard that gail grays gw1 account was hacked as well. And it was a social hacking. They just sent a support ticket and give them the email and an ingame name. And password was sent to them. Finally after the linking everything was really secured.

ANd if u want to know how they social hacked my acc. Cause ingame everyone could see ur e-mail adress and ur ingame name. ANd i am really happy that her acc got hacked. Cause we never would have known for real how so many gw1 accs could have been hacked, if it was not for this one accident. They just told us it was our fault that our accs got hacked.

Link to comment
Share on other sites

@"Dragon.3120" said:Every secure measure of gw1 was a fail.No, that's inaccurate.

My gw1 account was hacked years ago. I did everything that could have secured the account and still it got hacked.I'm very sorry that happened. That doesn't meant that ANet's protections were inadequate.

After years i finnaly heard that gail grays gw1 account was hacked as well. And it was a social hacking. They just sent a support ticket and give them the email and an ingame name. And password was sent to them. Finally after the linking everything was really secured.A hacker claimed to have taken over Gaile Gray's account and all they said was they provided the name of some characters. At a minimum, they would have had to verify other details. According to Mike O'Brien (see below), the hacker tried to give sparse details and was denied repeatedly. And kept trying, finally finding an agent who would ignore the procedures. That's a human problem, a training one — as long as ANet is willing to help people recover forgotten passwords, and as long as that process requires a judgment call by someone, it's possible for the correct process to get bypassed.

That doesn't mean the protections were inadequate; it means a particular agent was convinced not the follow them.It's still bad, it's still tragic for those affected. It's just not the same as saying "every ...measure was a fail."

ANd if u want to know how they social hacked my acc. Cause ingame everyone could see ur e-mail adress and ur ingame name.No, no one in GW1 can see your email address. Even the hacker to whom you refer didn't claim that.


Official statement:

Last night a hacker socially engineered one of our CS agents to gain control of Gaile’s account, and accessed GW1 using it. Gaile of course has two-factor auth on her account, and despite the social engineering, the two-factor auth worked and protected her, so the hacker had no access to her forum or GW2 accounts. Only GW1 pre-dates our 2FA/SMS system.

To socially engineer the CS agent, the hacker provided a variety of personal details about Gaile. But we don’t accept personal details as primary proof of account ownership. We require things like verifying billing info, two-factor auth, access to the account’s primary phone number, or access to its primary IP address in cases where IP address ownership is clearly established. When we can’t verify, we decline access, knowing that incorrectly declining is an unfortunate but better outcome than incorrectly granting access. These are all established and documented policies. We have a great team of customer support agents who follow these policies, and the hacker tried a bunch of times and found one agent who didn’t.

We want to protect all accounts as much as we want to protect our own. Some of you were particularly concerned about the impact to the game of hacking a GM account. You should know that we don’t give GM accounts or any accounts the ability to cheat progress, synthesize items, or manipulate the game’s economy. We play the game the same way you play the game. The hacker was able to use Gaile’s GM access to manipulate guild trims, but mostly he handed out Gaile’s personal items that she had collected from years of playing GW1.

We take your account security seriously and will continue to do everything we can to ensure that our support team consistently applies this security policy and prioritizes protecting you from account hackers.

Link to comment
Share on other sites

@Illconceived Was Na.9781 said:

@"Dragon.3120" said:Every secure measure of gw1 was a fail.No, that's inaccurate.

My gw1 account was hacked years ago. I did everything that could have secured the account and still it got hacked.I'm very sorry that happened. That doesn't meant that ANet's protections were inadequate.

After years i finnaly heard that gail grays gw1 account was hacked as well. And it was a social hacking. They just sent a support ticket and give them the email and an ingame name. And password was sent to them. Finally after the linking everything was really secured.A hacker claimed to have taken over Gaile Gray's account and all they said was they provided the name of some characters. At a minimum, they would have had to verify other details. According to Mike O'Brien (see below), the hacker tried to give sparse details and was denied repeatedly. And kept trying, finally finding an agent who would ignore the procedures. That's a human problem, a training one — as long as ANet is willing to help people recover forgotten passwords, and as long as that process requires a judgment call by someone, it's possible for the correct process to get bypassed.

That doesn't mean the protections were inadequate; it means a particular agent was convinced not the follow them.It's still bad, it's still tragic for those affected. It's just not the same as saying "every ...measure was a fail."

ANd if u want to know how they social hacked my acc. Cause ingame everyone could see ur e-mail adress and ur ingame name.No, no one in GW1 can see your email address. Even the hacker to whom you refer didn't claim that.

:

Last night a hacker socially engineered one of our CS agents to gain control of Gaile’s account, and accessed GW1 using it. Gaile of course has two-factor auth on her account, and despite the social engineering, the two-factor auth worked and protected her, so the hacker had no access to her forum or GW2 accounts. Only GW1 pre-dates our 2FA/SMS system.

To socially engineer the CS agent, the hacker provided a variety of personal details about Gaile. But we don’t accept personal details as primary proof of account ownership. We require things like verifying billing info, two-factor auth, access to the account’s primary phone number, or access to its primary IP address in cases where IP address ownership is clearly established. When we can’t verify, we decline access, knowing that incorrectly declining is an unfortunate but better outcome than incorrectly granting access. These are all established and documented policies. We have a great team of customer support agents who follow these policies, and the hacker tried a bunch of times and found one agent who didn’t.

We want to protect all accounts as much as we want to protect our own. Some of you were particularly concerned about the impact to the game of hacking a GM account. You should know that we don’t give GM accounts or any accounts the ability to cheat progress, synthesize items, or manipulate the game’s economy. We play the game the same way you play the game. The hacker was able to use Gaile’s GM access to manipulate guild trims, but mostly he handed out Gaile’s personal items that she had collected from years of playing GW1.

We take your account security seriously and will continue to do everything we can to ensure that our support team consistently applies this security policy and prioritizes protecting you from account hackers.

I am talking about facts. U are talking about PR of ANET.

Link to comment
Share on other sites

@Dragon.3120 said:I am talking about facts.You wrote about your perception of your personal experience. I've looked at the hacker's claims and I can't find anywhere they said that they obtained the information from inside the game. They said that they socially engineered (i.e. manipulated through words) specific people on the support staff.

U are talking about PR of ANET.Well, sure, I quoted the public statement of ANet's boss of bosses. And sure, he's going to put the best spin on things. I am generally skeptical of claims by any corporation. However, in this case, the statements are plausible (human beings are always the weakest link in security) and since that time, the specific type of issue hasn't had a recurrence.

Again, I'm very sorry that you had to go through such an experience.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...