• Congrats to the hacker to ransacked my account and stole everything of value.

    It's very clear that it was done through GW legacy as well. Ironically the attack happened hours after I posted this thread.

    With virtually all ded minis except the big 3 (panda, kana, IG)

    All tonics except Reindeer

    All Q9 BDS, Froggies, CC and every insc item still worth something

    In there that should be able to get you enough EUR to buy your life something significant.

    Thanks for the 10 years Guild Wars, I guess I'll stop at 9 out 10 GWAMMs after all. Time to move on from this game. #FunsOverHellios

  • I doubt it was done through this page but another reason why to use different passwords/emails on sites. Could be your email/pw leaked somewhere else or like most who get hacked download free scripts and deny(also source doesnt mean stuff cant be hidden^^)

    • Official Post

    We haven't had any database breach as far as I'm aware (and I should be).

    The information stored in our database is also encrypted (I've gone ahead and double-checked the source code) is being encrypted with bcrypt and is double salted.

    If you know anything about cryptography, that's extremely strong encryption and non-reversible (and since it's salted, rainbow tables are out of the question).

    Even if you got access to our database, you'd still need to crack the passwords and because of the strong encryption that's going to take you several hundreds of years - ofcourse, if you have a weak password or reuse passwords, you're going to have a bad time.

    Check yourself on https://haveibeenpwned.com - this will show you if your password has been leaked in different hacks. If you've used the same password on one of these sites, it's likely that the hacker has succeeded in getting the information from there. From what I can see, your e-mail is listed and the password you used on that site has been leaked (in MD5, takes only a few minutes to hack this, and it might have been unsalted which makes it take only seconds).

    Long story short: you probably got hacked elsewhere and the hackers used your password + email to log in.

    For the same reason, Guild Wars Legacy has disabled the public showing of character names - in fact, we no longer store these (since our transfer to a new forum software) to make it harder for people to get to your character names, making it tad bit harder to get logged in on the accounts of other people.

    Always use a unique password for Guild Wars that you use only for Guild Wars and nowhere else - and make sure that it is strong.

    I regret that your account got hacked, but I can say, with certainty, that it was not Guild Wars Legacy that was the reason you got hacked.

    - Kevin

    Hi there! I'm the Guild Wars Legacy admin, feel free to contact me if you've got issues.

    :ass: Inquisitor Karinda :der: Sunspear Elke :mes:Librarian Amber

    obey.jpg

  • I honestly thought I was going to come onto this thread and it was just going to say:

    you played yourself

    sorry to hear about your account though. I would be devastated if my account got hacked. Albeit all my stuff is customized really so pretty worthless xD

  • I have been hacked before.i can say that it could be someone that knows you in game or you displaying your ign somewhere. Once with that... If they figure out your email. With those two .. easy probably to figure out password. Especially, like Kevin said... reused a lot.

    Anet now has a system that can alert your phone to an in game login...

    :heart: By the light of the fire and the sparkle of the stars, you came to realize the meaning of true love. - Lori B. :rit:

  • I have been hacked before.i can say that it could be someone that knows you in game or you displaying your ign somewhere. Once with that... If they figure out your email. With those two .. easy probably to figure out password. Especially, like Kevin said... reused a lot.

    Anet now has a system that can alert your phone to an in game login...

    Or Anet will circumvent that system and just change your email address entirely and give your whole account away and then say "tough sht" when you contact them.

  • Or Anet will circumvent that system and just change your email address entirely and give your whole account away and then say "tough sht" when you contact them.

    It is hard to confirm what they ask for anymore. But I guess with me being such a public face in the community from TM and GvG, people had an easy time tracking down my IRL info.