The second sequel of the popular Guild Wars multiplayer online RPG by ArenaNet has been released less than two weeks ago, and player accounts are already being heavily targeted by what seems to be a dedicated account hijacking campaign coming from China.
“Hackers have lists of email addresses and passwords stolen from other games and web sites, and collected through spyware, and are systematically testing Guild Wars 2 looking for matching accounts,” warns ArenaNet.
“To the thousands of people who received emails stating, ‘the email address for your Guild Wars account has been changed,’ and are not even our customers, we sincerely apologize for the spam. Please be aware that your email address is on a list of account credentials that hackers have apparently stolen from other games and web sites and are systematically scanning,” they added.
The company has instituted some temporary and some permanent changes in order to prevent account hijacking.
Among them are limiting account name changes in order to foil attackers using their own accounts to determine which email addresses are available, disabling the “reset password” option for now (“Please contact customer support if you forgot your password.”), and sending out occasional emails to customers whose email addresses are being tested by hackers in order to inform them of the hacking attempts.
The company has so far received around 11,000 support requests related to hacked accounts, and is likely to receive more as time goes by, so all customers are advised to change their passwords now to a long and unique one for Guild Wars 2 that they never before used for any other game or website.