Feedback talk:Gaile Gray/Support Issues

From Guild Wars Wiki

Paws to Ponder: Support IssuesThe first place to seek assistance with matters of a support nature is through our Support System. If after you've worked with Support you feel you require additional assistance, you may post here and I will do my best to help you. Please note that questions, reports, and appeals should first be directed to Support. Please provide your Support Incident/Ticket Number with your comments here so I have a good point of reference. Thanks! ~ Gaile

Contents 1 How Do I Contact Support? 2 Account Thefts 3 New Phishing Email 4 Erroneous Fraud Blocks: 1 Nov 2009 4.1 Update: 2 November 2009 4.2 Update: 4 November 2009 4.3 Update: 4 November 2009 (Part 2) 4.4 Update: 6 November 2009 5 Recent Bans and Account Hacks 6 Possible Fansite Security Breach 7 NCsoft master account reset [Incident: 091106-003431]‏ 8 Epidemic Account Breaches? 9 Question reguarding new policy 10 Screen resolution issues 11 Something strange just happened 12 botnetz 13 responce time 14 Account banned 15 Support Issue: Disconnects after 19 Nov Build 15.1 Update: 10:15 PM Pacific--19 November 15.2 Update: 10:43 PM Pacific--19 November 16 Hacked Accounts: Research Continues

[edit] How Do I Contact Support? Just click support to start filing a Support Ticket. For the fastest possible service in issues that involve your game or NCsoft Master Account, consider providing as much information from this list as you can: Your name Your game account name(s) Your address Your telephone number Your birth date Your access keys (a scan of the key would be super helpful) The last four digits of the credit card(s) that you used for NCsoft Store or Guild Wars In-Game Store purchases The air-speed velocity of an unburdened swallow. European please. (Ok, we really don't need that last bit. :D ) If you still have access to the email account that you used as your game user name, please submit the ticket or send the email using that account. And while the team doesn't require all this info, the more you send from the above list, the more easily the team can address the issue you're writing about. All information is kept confidential. We offer telephone support for billing/account and technical support issues only. We do not offer telephone support for game support issues, bug reports, in-game incident reports, gameplay issues, general inquiries, etc. Contact our Billing/Account or Technical Support Teams as follows: 1-512-225-6359 Mon through Friday Noon until 5:00 PM, Central time (-5 GMT) If you are unable to submit a support ticket, you may email Support at the following (exact) address: Support@GuildWars.com. Warning: Please do not give out personal information, such as account names or passwords, on this page.

Support Issues Current Support Issues Support FAQs Contacting Support New: Account Security Death Counts Xunlai Tournament House Support Issue Archives Botwatch Archives by Topic Chit Chat & Miscellany Wiki Topics Community & Website Game Related Topics Product Information Misplaced Articles, Etc. Special Pages Updated April 1st Journal/Blog Mementos 3rd Year Mini Guesses 4th Year Mini Guesses Tonic Guesses Bug Reports Suggestions

[edit] Account Thefts

We're seeing an increase in accounts getting stolen by RMTs (Real-Money Traders). With the help of some of the victims, we've traced a number of these incidents to a keylogger that is used in several MMOs to steal account information. Now, people are picking up this keylogger not just through downloading a third-party program -- the normal way people get the malicious program -- but even by simply visiting a website that hosts, say, a Flash ad that also serves up the keylogger.

If your account is stolen, please get in touch with our support team right away. The team will research the situation and, whenever possible, restore the account to you. They will encourage you to update your virus program, run a complete virus scan, and then change your account password. Think about it: if the keylogger is on your computer and you don't get rid of it, even if you reset your password the RMT will simply take over your account again. (We see it happen every day. :( ) Also consider adding a good spyware protection program.

Now, here's a major takeaway after your account has been restored to you: Before you reset your password or get onto your account, update your virus and spyware protection, run a thorough scan with both programs to find and remove any keyloggers on your system, and then reset your password.

Incidentally, if you get any sort of warning when you visit a website, I'd recommend you leave the site and immediately run a complete virus and spyware scan.

Let me know if I can answer any questions about this. -- Gaile 23:37, 3 September 2009 (UTC)

Gaile, I would like to suggest something to combat this problem. I have seen another game that uses an on-screen keyboard to enter the login information. This is also becoming more common with online banking. A keylogger would not be able to trace any keystrokes, since the information is entered with a mouse. Currently I use the default on-screen keyboard that comes with Windows to log into Guild Wars, as I am now in Ukraine and I've noticed that my anti-virus and malware protection programs are working overtime compared to when I was in the U.S., popping up with threats every time I use removable storage devices (like USB drives) that have been in contact with other machines. If the on-screen keyboard was built into the GW login page, it would make it much easier to use, and more people would use it and protect themselves from keyloggers. Please, consider this and let me know what you think. Rose Of Kali 08:30, 21 September 2009 (UTC)

Hi Rose. That's funny. I just hosted the Support Team leads at ArenaNet last week, and we took the suggestion of a "soft" keyboard to several people on the team. We discussed this quite a bit, and I think there was a lot of interest in looking into that possibility for Guild Wars (and Guild Wars 2) along with a few other security measures that are also under discussion. So be assured this is something we'll consider for the future. -- Gaile 01:47, 24 September 2009 (UTC)

Great! :D Rose Of Kali 10:15, 24 September 2009 (UTC)

(Reset indent) I've posted an update on account thefts. Since the conversation in this thread is older, I put the update in chronological order, so at the bottom of the page (for now). Find the update here -- Gaile 04:07, 21 November 2009 (UTC)

[edit] New Phishing Email

I wanted to let you know there's a new phisher in town. This person is sending an email that purports to come from ArenaNet saying that the recipient has been noted trying to sell a GW account and that he must provide proof of ownership (via this handy email, of course) in order to avoid the account being terminated. And of course the email asks for all sorts of sensitive information, including email address, password, secret questions and answers, even the Guild Wars Access Keys!

This email is bogus. We would never send such an email, as you know. In addition, the sender is not writing through an @ncsoft.com or @arena.net address; he is using an @games.com address. We have no addresses through that site; we send all our official emails through either @arena.net or @ncsoft.com email accounts. If you receive this phishing email, please ignore it. If another player happens to ask you about such an email, kindly point them in the direction of this post. Thanks. -- Gaile 19:42, 29 September 2009 (UTC)

[edit] Erroneous Fraud Blocks: 1 Nov 2009

On Sunday, November 1st, a few Guild Wars accounts were erroneously blocked for payment fraud even though their purchases were entirely legitimate. It is necessary for the company to be very careful about fraud because it is a significant issue these days, but the Support Team discovered this morning that, unfortunately, a few innocent folks got caught in the net yesterday, and for that we apologize.

The Support Team is aware of this situation and is actually shifting personnel to deal with the issue. They will be responding to tickets as quickly as they can. Reinstatement takes a bit of time because each key must be adjusted manually (and some accounts have many keys), so please be patient while the team strives to remedy the situation. If your account was affected and you have not been reinstated by tomorrow evening (Tuesday, November 3rd) please feel free to post your Support Incident Number here and I will look into the matter for you. Again, we extend our sincere apologies for this mix-up! -- Gaile 19:51, 2 November 2009 (UTC)

[edit] Update: 2 November 2009

Those players who were involved in this specific incident will be happy to know that their patience and understanding will have a reward. Those of you who attempted to make a purchase and were erroneously blocked for "fraud" will find that the purchase price will be credited back to the you, and the item or items that you attempted to purchase will be given to you with our compliments. :) -- Gaile 01:12, 3 November 2009 (UTC)

D: Can I have a block next time? –Jette 01:14, 3 November 2009 (UTC)

Sure, my pleas... I mean, nope, sorry. :D -- Gaile 03:42, 3 November 2009 (UTC)

Sweet! That is a relief!Im duanuys the same user who wrote about the fruad block most recent help thread :DD

im still waiting hers my incident number 091102-002362 i cant even edit my support questionbecause my NCSoft account is also blocked Mr Corpser 22:36, 3 November 2009 (UTC)

Gaile im still waiting pls look into it pls incident number 091102-002362 Mr Corpser 17:25, 4 November 2009 (UTC)

@Mr Corpser -- According to your forum posts (and the ticket, which I just checked) you were back in the game yesterday afternoon. If that is not the case, please update your ticket so that the team knows that you are still blocked. -- Gaile 21:49, 6 November 2009 (UTC)

Hi, my ticket number is 091111-001964..is been 8 days and i never got reply back yet, so if u can help it would be appreciated,thx.Lady ed=D

Did you attempt to make a purchase the weekend of October 31st? -- Gaile 02:27, 21 November 2009 (UTC)

no i didnt, dont even have credit card =(,when i try to log in it said i was ban for payment fraud.Lady ed

Well, I see that you most recently updated on 17 November with a serial code. I am afraid this one did "fall through the cracks" as the saying goes. I will ping the team lead (a really nice guy) and I'm sure he'll get this looked at on Monday! -- Gaile 04:46, 21 November 2009 (UTC)

TY very much, u rock, =D.lady ed

[edit] Update: 4 November 2009

Unfortunately, I'm not able to review individual tickets yet. I have sent for an update on the expected turn-around time on this issue and will post as soon as I know more. At this point, please hold tight and don't post a follow-up here (or via fan forum PMs or emails to me) until I find out when folks should expect to hear back from the team. Thank you. -- Gaile 20:23, 4 November 2009 (UTC)

[edit] Update: 4 November 2009 (Part 2)

I spoke with the lead of the Billing Team, and he told me that they are making progress on the account restorations, but it will take more time to get everyone back into the game. Team members are working overtime this evening, and the hope is that they will have everyone who wrote on Sunday, Monday, and Tuesday cleared up by tonight (US time). They still have an expanded number of people working on this matter, so we hope to get new reports turned around very quickly now.

Please do not make a phone call if you have already submitted a ticket. Please do not submit a duplicate ticket. Please do know that you are in the system, and you will be helped as quickly as possible. Here is one of Gaile's Lame Analogies (tm): Mom's cooking dinner, making good progress. But the kids keep calling her into their room to ask "Is dinner ready yet?" Every time they do that, cooking stops, and the dinner is further delayed. (See I told you it was lame. :) ) The point is, a phone call will not move you up in the queue, but it will take team members away from the ticket they are dealing with -- maybe yours! :) -- and that's not going to help anyone. So please, contact support once, and let them do their work.

I will post another update as I have more information. If a few of you end up not getting sorted after I've been told we have an "All Clear," you can count on me helping with those individuals cases. (But not just yet, please.) Thanks again for your patience. -- Gaile 03:36, 5 November 2009 (UTC)

[edit] Update: 6 November 2009

As of this hour, there are only 10 tickets in the queue for the erroneous "fraud" issues, so we are not only seeing the light at the end of the tunnel, we can feel the warmth coming off the lightbulb. :)

One note: I saw a forum thread where someone said his or her ticket was escalated because of a phone call. We do accept follow-ups, and we will look for and attend to tickets that have been misfiled (rare) or haven't gotten attention. But please know that we don't let phone calls override the queues, that someone calling in won't be able to queue-jump for faster service. If you've called before, or if you've filed a ticket, have confidence that you'll be helped as quickly as possible. (And feel free to update your ticket if you haven't heard in a few days.)

I wanted to share that we will be making some substantial changes to the way that Support resolves tickets of this kind. The reason for the delays in this and other reinstatement cases has been that each access key on each account has required replacement. As you can imagine, some people have a lot of keys on their accounts ( *raises hand* ) and that means each reinstatement takes time, what with disabling keys, adding keys, and maintaining proper records.

I proposed a way to change the process on Monday, and everyone was on board for making that change. I'm going to work with a couple of folks to see how we can expedite the new system. In addition, the agents have been retrained in the process of fraud reviews, and that will reduce the chance of this sort of incident happening.

So in a nutshell:

• We are working to reduce the chances of an erroneous fraud block. It is necessary for us to keep security high, because there are several hundred fraudulent attempts a day and we must maintain security against those. But we'll do our best to take care to not affect legitimate players.
• We will be moving to a process that more quickly resolves such issues, so in the unlikely event someone is accidentally marked for fraud, we'll be able to reinstate the account more quickly.

Please let me know if you have any questions or concerns. -- Gaile 21:35, 6 November 2009 (UTC)

[edit] Recent Bans and Account Hacks

The recent influx of bans and account hacks

→ moved from Feedback_talk:Gaile_Gray

Hi, Gaile. I know you and support are already aware of all of these issues; however, I think it's now gotten to a point that the players need to be made aware of this. A good example of how wide spread this is can be seen by going to this GWGuru thread. Inde had sooo many people on his forums getting hacked and banned, that finally they just combined the majority of them into one giant, super thread. And that's just one forum. I've been looking at others and these issues seem to be everywhere. Many people sincerely believe that they were hacked through the NCSoft website and if that's true, it could be really "bad for business" so to speak.
Is there anyway you or support could check into the security of NCSoft's website and if there are issues, notify the players? I really hate to see players hacked just for buying something from NCSoft especially after the onslaught of accidental perma-bans. Karate Jesus 16:50, 4 November 2009 (UTC)

I've already taken the first step and warned my guild from purchases at the moment, only a few more million players to go. Tidas 16:53, 4 November 2009 (UTC)

I've warned people too, but that's not enough. Support needs to step in. Also, I would like to add that on the Aion forums, there seem to be many of the same issues. Obviously, the bans happened to both communities, but now I've noticed a large increase in the number of hacked threads on Aion fansites and many of them seem to think it was due to their NCSoft account's lack of security. Karate Jesus 16:56, 4 November 2009 (UTC)

I have been actively discussing the stolen/hacked account issue with devs inside ArenaNet and with a number of NCsoft team members, as well. We have many teams involved -- programmers, network team members, security team members, etc. -- so you can be sure this situation is being given a great deal of focus and attention.

While I cannot and would not say flat out that "It's not (something or other)" because we don't have enough information yet to make that statement, I can tell you that we carefully spot-checked a few accounts last evening, and at least one of them was not tied to a NCsoft Master Account. The hacked account was a straight Guild Wars account with no association whatever with the NCsoft site. So theorizing that there is a breach or a window of hacking opportunity on that site -- and that such a weakness is resulting in stolen accounts -- seems inaccurate, given the facts in front of us.

In my opinion, it would be an error to combine posts about accidental blocks for fraud and posts about stolen accounts. They are entirely different situations, and should be discussed separately, as they are being handled differently. I've already informed you as much as I am able about the fraud issue just above. (See this conversation, please.) And as I said, stolen accounts are a very different case. Both situations are being reviewed and both are being addressed as quickly as possible.

Everyone who gets an in-game message saying his or her account is blocked should contact support. If your account was hacked, you will most likely receive a message when you try to log into the game that says the account has been terminated. This is for your own protection, an attempt to prevent the RMT thief from stripping the account or using it to advertise gold sales. (Of course we cannot guarantee that the account will remain intact; the items may already have been harvested. But we lock down the account as quickly as possible in your best interests and will unlock it when you contact Support.) When writing, provide the error message that you received so that the team can quickly align your issue -- hacked account or erroneous "fraud" ban.

Please let me know if you have further questions and I will help as much as I am able to do so. Thanks for reading this and please feel free to share this with others, as you see fit. -- Gaile 19:57, 4 November 2009 (UTC)

I want to point out that the forum has two separate threads on the ongoing issues of account theft and accounts accidentally marked for "fraud." That will help keep the conversations topical and of more value to the individuals who are affected. -- Gaile 20:27, 4 November 2009 (UTC)

Gaile I think the security just has to go up on both sides.Just make sure its not as easy to make a bot try every F'en possible password.Lilondra 07:43, 5 November 2009 (UTC)

Interesting piece of trivia for you: If a bot tried a different password every second, it would take 278 years for it to break a truly secure password. Just FYI. :) -- Gaile 08:13, 5 November 2009 (UTC)

Another interesting piece of trivia: Most people don't use complex passwords, even though they should. Regardless of how secure an individual's password is, it's bad form for a company to know about and continue to allow bots to repeatedly perform failed log-ins in an attempt to brute force passwords from its customers. Just FYI ;) 65.207.54.194 17:31, 5 November 2009 (UTC)

And perhaps you missed this post that I made on that very subject?

"I have been exchanging emails with a number of team members in two different states. One concern I took to the team was about not having "time outs" or other means of preventing brute forcing of passwords on the NCsoft site. Here is part of the answer that I received: "The account management secure site does indeed have velocity checks in place to prevent the brute forcing of master accounts. If too many attempts are made within a given period of time, the user will be temporarily blocked from making any further efforts to login. In addition, there are velocity checks on the action of attempting to change the passwords themselves." (See above for the original post.) -- Gaile 19:32, 5 November 2009 (UTC)

I'm not inclined to support user stupidity at any rate, but a dictionary attack could still get in with relative ease with a paced rate, assuming they check the most popular password terms first. Not to mention, I didn't see anything about the game client in there. I think you said something about increased login delay in the client, but I can't recall where. 74.50.104.2 20:58, 5 November 2009 (UTC)

I am informed that both Guild Wars and the NCsoft Master Account system has these safeguards. -- Gaile 21:14, 5 November 2009 (UTC)

I keep asking Arenanet to implement an authentication method like the authenticator Blizzard has. Recently my brother received an email from Blizzard involving disabling his WOW account permanently due to gold selling. My brother didn't play the game for over a year. No authenticator sollution in place, and see what happened. So implement an authenitcator sollution, we are willing to pay for it, so why not do it. The business case is propably positive and all NCSoft games could take benefit out of it. Lower support cost, due to lesser support tickets. With a fee of i.e. 10 dollar for an authenticator, and a player base of milions across all ncsoft games willing to buy it, it's almost certain it will pay back. Now days with all the security issues in windows and all those different software you can't rely anymore on the carefullness of the consumer. The technology is to complex for that. So please take addition meassures so we can take our responsibility and buy it. Don't be a moa putting his head in the sand. Didis 12:06, 7 November 2009 (UTC)

Who are these "we" that all agree to pay 10 dollars for a little jumbled picture? O_o A "soft" keyboard for password entry is much easier to do, screws up keyloggers, and makes it a pain for brute force type attacks if it's moved around on the screen a little bit every time (making it harder to map its position on the screen for pre-programmed mouse clicks). Rose Of Kali 13:33, 7 November 2009 (UTC)

Key loggers and brute force....are two seperate security concerns. You have the client side and server side. Users have their own responsability to have taken security meassures in place to detect and clean the client side and not using third party programs in relation with the guild wars client. Anet on the server side has the responsabilty to have security meassures in place to detect brute force attacks on the website, authentication method between the gw-client and the server side of the gw-worldinfrastruture. You 're right i write in name of "we", and should phrase I. Would love to see a poll somewhere to investigate the want for such way of authenticating for the ncsoft master account and guild wars client-server authentication. Indeed building a virtual keyboard in the login screen, changing of position in time, should be a great way to answer the thread of keyloggers. Nevertheless, an authenticator, solves this also and adds the functionality that you are you and not some criminal organisation. you know how an authenticator works? I refer again to my brother, long time not logging in, never used thirth party tools, and still being hacked...an authenticator would save his achievements. To refer to the privacy statement on the guild wars website: Your privacy is important to ArenaNet and NCsoft. Maintaining the trust of our users is key to the success of our business, and this Privacy Policy is intended to make you feel as comfortable as possible visiting our website and playing ArenaNet games. I am not conformtable right know with all those hacks, risks etc...i would like to see more assurance. I even want to pay for it. 4,5 years down the drain by some individual with criminal intends, i would not like to think about it. Resume, Kali i believe you and i want the same and that is more assurance, how is all to Arenanet to decide. As a security specialist in the Netherlands i urg Anet to take additional meassures to give more comfort to consumers so privacy related information on the ncsoft website and players achievements in Guild wars are more protected. Didis 14:20, 7 November 2009 (UTC)

(ri) I though an authenticator was the jumbled numbers and letters that you have to type back in, and only a human can supposedly correctly decipher them. It appears that I'm wrong from your last comment. Mind explaining a bit what it is? Rose Of Kali 18:17, 7 November 2009 (UTC)

Captcha is the right word for the jumbled numbers and letters; authenticator(with regards to the context Didis used it in) seems to be a security certificate, which NCsoft already have(certified by Thawte). Pika Fan 18:27, 7 November 2009 (UTC)

Maybe this gives some inside of what i mean: http://us.blizzard.com/store/details.xml?id=1100000622

Protect your World of Warcraft account with industry leading account security - introducing the Blizzard Authenticator! The Blizzard Authenticator is designed as a supplemental authentication method for your World of Warcraft account, giving you the security of Two-Factor authentication. Each time you log in using the Blizzard Authenticator you are provided with a unique, one-time use password to use in addition to your regular password. Log in with both and you can rest easy knowing that your account is now even more secure from malicious attacks such as keyloggers and trojans.

It also ends the discussion of awareness of gamers to safeguard there assets by Arenanet. There is also a software mobile authenticator sollution. What Is a Battle.net Mobile Authenticator?

The Battle.net Mobile Authenticator is an optional tool that offers World of Warcraft players an additional layer of security to help prevent unauthorized account access. The Authenticator application itself is a small program that you install and access on your cell phone or mobile device. Didis 18:44, 7 November 2009 (UTC)

Interesting note of trivia: as long as people are capable of giving out their passwords, they will be tricked into doing so. The best password is one you don't know. –Jette 21:06, 7 November 2009 (UTC)

Why don't we just skip to the future and use iris scanners or DNA fingerprinting? Ow and for Belgians they could maybe put the Electronic identity cards they have to good use.

Anyway that authenticator seems nice and I would pay for it. Qaletaqa Hania 12:08, 8 November 2009 (UTC)

On a personal note -- just as a player -- I like the idea of an authenticator. But I wonder -- in a game that does not have a monthly fee, will people think that buying an authenticator is, I don't know, some evil scheme to *gasp!* make money? We have a surprising number of players who resent any sort of additional purchase. I actually had one tell me that all expansions and all new games should be free because back in 2005, he bought the original game. Never mind the cost of development, the funding of updates, the need to pay for continued support, or even the price of bandwidth, server space, etc., to allow people to play when they want, for as long as they desire. Somehow, selling Fractions was "evil." :)

So just in a casual question, how do you think such an item would be perceived? -- Gaile 21:42, 8 November 2009 (UTC)

Well, to continue the WoW analogy, they have a monthly subscription fee in addition to wanting you to pay for the authenticator and expansions... Not to mention payed server transfers, class changes, probably character name changes. So I think GW 1ups WoW in that department. — Poki#3 (talk) 21:51, 8 November 2009 (UTC)

@Gaile: Yes it might seem as an evil scheme to many, or even most players. But if it's optional they can still choose if they want that extra piece of security. Anyway if people think it's an evil scheme, let them. Blizzard has an evil scheme and are selling there soul by selling minipets for 10$ a piece. I think giving the option of that bit of extra security is not an evil scheme but shows that you care about the player. The "buy Aion to get Aion wings in GW" is a more evil scheme then this.

Most people playing games or either to young to understand or have no idea what it costs to develop a game, the funding of updates, the price of bandwidth, server space, etc...

To be honest I think Anet is running "low on cash" and are to busy with GW2 that implementing this would cost more then they would like to pay for it, because if not enough people buy it then it would have been a waste of time and money, wich is normal because it's business. A survey could help answering it and see if it's worth doeing it, compare the data of that survey with the time support spends on helping people get their "hacked" account back and compare the costs or something like that.

Have a good day. Qaletaqa Hania 08:49, 9 November 2009 (UTC)

Personally, I'm fairly sure that a Guild Wars authenticator would be received better than, say, paid character face customization. Plenty of people are already buying name changes, face changes, sex changes, and storage panes from the in-game store - an optional extra layer of security would probably be welcomed, and sell well. Did you ask the same questions when the decision to add all the current microtransaction items was going around the office, Gaile? Of course there will be people who think it's just a ploy to make more cash, but it's not like plenty of people don't already think that about the plethora of goodies already offered; none of which, I might add, would be as solid of a purchase as this one. -Faer 07:04, 14 November 2009 (UTC)

You could also look at it from another side. All these new purchaseable upgrades from April were something that nobody had to buy, and they didn't really add anything special to your account. You could get extra storage packs in-game to compensate for purchasing the panes, remake a char if you don't like it, etc. - you didn't have to buy any of it. OTOH, making a security feature purchaseable can be viewed very differently, many people will feel like they have to buy it because it's actually important. This will make these people feel forced to pay more money without getting any actual game content. I think this would look bad for ANet, but that's just me. Rose Of Kali 23:20, 14 November 2009 (UTC)

I think making accounts nearly impossible to compromise would look good, even if it did require players to drop 5-10 bucks on the token. Better than the current system of accounts being hacked, temporarily closed, and nobody ever knowing what exactly happened because all they ever hear is "stop downloading keyloggers" from support. A lot of people feel like they have to buy a security suite for their computer, and are forced to do so without getting any extra power or use out of their PC, but that doesn't mean ESET looks bad because they sell security to people. -Faer 19:01, 16 November 2009 (UTC)

It's one thing to buy protection for your entire PC, and another to pay the same for limited extra protection for a single game client. Rose Of Kali 02:27, 17 November 2009 (UTC)

My point is that authenticators have shown to be useful tools defending against account thefts, and given the state of the issue at this point, they would be an excellent way to help end the problem. Nothing good is going to come of the current "it's not my fault, it's yours" way of handling the issue. I'd love a free auth key solution, but the chance of that happening is slim given that simple things that have been asked for since the game hit the shelves are costing players $10-15 a pop. Best we can hope for is something in the $5-10 range, or for somebody to man up and fix the problem that is causing authenticators to be needed in the first place. -Faer 00:16, 20 November 2009 (UTC)

First, what "simple things" are you talking about, and how can you know if they're simple? Name changes, face changes, hairstylists? Not simple. And please, if you're suggesting that we fulfill the wishes and desires for these not-so-simple things without cost, you're living in a fantasy world. Today we rolled out new content, without cost. Halloween saw the addition of new quests, without cost. Each holiday event sees new content, again without costs. Updates? Skill balances? Monthly tournaments? Contests? Yours, all with no charge. Consider: Our game does not charge a monthly fee, and we're offering some things that certain games, with a monthly fee, offer at a greater cost! Come on, be fair! :)

Secondly, we can't "man up" to something that, despite hundreds and hundreds of hours of research, we cannot establish is "ours" to own. Right now, if we say "It's not us" it's because we can say that with hand on heart, as truth. If we say, "At this point, all evidence - and believe me, we're looking! -- says that the source of the problem is external to the game," then obviously that is what we believe... in fact, that is what everything supports. And if we learn differently, we'll say it. Right now, I don't think there's "manning up" to be done. Fansites say their security is sound. We've looked internally and can't identify a breach. I guess it'll be while before someone can flash their XY chromosome. :D -- Gaile 01:02, 21 November 2009 (UTC)

[edit] Possible Fansite Security Breach

We learned today that one of the trading sites associated with Guild Wars may have experienced a security breach and its account database (including user names and passwords) may be in the hands of hackers. So far we have identified more than 20 Guild Wars account that appear to have been accessed by unauthorized individuals who may have been involved in the fansite's database breach.

Our security recommendations have never been more timely, particularly those that suggest that you always use a unique password for every single account that you own.

We have closed the game accounts of those involved in the account thefts. We will be watchful for further episodes. And we will be contacting the fansite owner to continue gathering information related to this incident. -- Gaile 21:48, 9 November 2009 (UTC)

Is it possible to say the name of the site? Not for slanderous purposes, but so that players who use the site can know and change passwords if needed (mine are all different, but just saying). Karate Jesus 21:52, 9 November 2009 (UTC)

Well, the biggest is Guru Auctions I assume. But they haven't posted anything about it on the forum. Obie Quiet 22:01, 9 November 2009 (UTC)

Hi KJ. I knew that question would arise. I've talked to the Community Team and at this point, they would rather we not mention a site name because we have not had a chance to interface with the site, or to gather all the info we need to confirm the matter with 100% certainty. Perhaps the site's name will be mentioned once we have more details, but at this point, anyone using the same password on any site -- fansite, forum site, trading site, social networking site, email site, whatever -- should change passwords so that each one is different. It shouldn't take a breach for all of us Internet users to keep security in the forefront of our minds, but this thread may alert a few more people to this very real issue and may help a few more folks increase their security. -- Gaile 22:05, 9 November 2009 (UTC)

I would hope Inde would post right away if Guru was involved.--*Yasmin Parvaneh* 22:07, 9 November 2009 (UTC)

Knowing which site would be good, or if anyone's learnt if any of the trading sites have owned up to this situation would be nice. Not telling us is kinda stupid, just makes me regret signing up to the out-of-game stuff... so, why didn't you guys have an in-game auction house/market place again? ~~000.00.00.00~~ 22:20, 9 November 2009 (UTC)

Something about how information about items is stored and transferred between client and server made it unreasonably pain-in-the-ass-ish to create an in-game auction house for GW1. This question is about as old as GW itself, and unfortunately has been negatively answered somewhere I can't remember. Rose Of Kali 01:47, 10 November 2009 (UTC)

One non-professional programmer made an auction house for a game that a dedicated team of professional programmers can't. Pika Fan 04:30, 10 November 2009 (UTC)

Give that me, a cookie, cos he earned it if that is the case. Regardless, it would be nice to learn which site has been struck, so I can delete my account/profile with them if I'm with it. ~~000.00.00.00~~ 04:57, 10 November 2009 (UTC)

What are you talking about, Pika? It's one thing to make an auction house on a web site, and another to do it in the GW game client. Rose Of Kali 15:39, 10 November 2009 (UTC)

He's referring to Shard making a persistent auction house for NWN. Great job on his part, but it really has no bearing on why there isn't an auction house in GW.--Pyron Sy 15:41, 10 November 2009 (UTC)

If GW became open-source one day, I am willing to wager my beloved stuffed pikachu that some whoru programmer would be able to come up with an addon for an auction house, or something similar. Pika Fan 17:22, 10 November 2009 (UTC)

I'm willing to wager my beloved blow-up doll that if it didn't require an extensive amount of resources that ANet didn't have, we'd already have an in-game auction house, seeing as they took the time to build the Zaishen Menagerie and an entirely new arena. ··· Danny Pew Pew 21:05, 10 November 2009 (UTC)

Except that we were once told that scaling knockdown durations could not be done. We must accept everything that anet says as the truth I guess.Pika Fan 16:15, 11 November 2009 (UTC)

Except that they hired a new programmer who just happened to come up with an idea of how to modify that mechanic without breaking anything. Bad example, Pika - I expected better from you. ··· Danny Pew Pew 19:06, 11 November 2009 (UTC)

Actually, you just supported my argument "Scaling knockdown durations can't be done" "Anet hired a programmer who knew how to do it without breaking anything" "Auction houses can't be done" "Pretty sure there is someone in the world out there who knows how to do it without breaking anything". See where this is going? Pika Fan 07:54, 12 November 2009 (UTC)

Thanks, Gaile. I had assumed that would be your answer and it's a fair one. I'll warn the people I know and thanks again. Karate Jesus 19:29, 10 November 2009 (UTC)

[edit] NCsoft master account reset [Incident: 091106-003431]‏

Hi Gaile,

Again, thanks for taking the time to speak to me yesterday regarding my account theft. Please review my situation and let me know if there is anything that can be done to salvage some of what I lost. I lost approximately 1,070K plat, 40+ ecto, all the common crafting materials were full, some of the rare materials were almost full, many gems, Minipets including Varesh, Asura, Destroyer, Gray Giant, Rurik, at least 2 sup vigor runes, multiple gold weapons, including gloom shields. I'm sure you're aware of the drill by now. As I've been trolling various GW forums, it appears many older accounts like mine were targeted.

Also, as we discussed, I just have a staggeringly hard time believing GW is the only MMORPG in history that can't resotre accounts. I would like a detailed explanation as to why this is. On a separate note as a suggestion, why not seize all the items and gold of the RMT accounts getting banned and try return it to players? Someone is losing an account which has "stuff" in it. Why not use that "stuff" to reimburse the hacked players. As many other people have noted, I strongly feel there is a large security flaw in the NCSoft master account. In my specific case, my NCSoft master account was hacked which then led to access to my GW game account. I'm fairly confident when I say that unless this lack of security is corrected ... and very soon, many of your oldest and best players will likely not return for GW2, or any other A-net/NCSoft game for that matter. Because of this flaw, I will be forced to get an entirely new e-mail address, change my passwords for ... just about everything in my life now. Thanks for your help. 68.57.86.60 16:42, 12 November 2009 (UTC)

I believe that most of the accounts that are used to hack and transfer money/items or used as bots are just temporary mule that can be banned without much loss. All items and money must then be transfered to another safer one which cannot be banned for the previous cited abuses, and from which they will be sold. This is just a guess btw ^_^ M3G 17:04, 12 November 2009 (UTC)

Quote from Gaile when I asked about this up a bit on the page:

"As far as "splitting the income" from sales, I would say that is nearly impossible. Most account are stolen by RMTs and many are stolen in a single day. It would take an act of Soloman to try to fairly and equitably divvy up the gold from sold items in such a situation, so I do not see that this would be a practical or reasonable outcome to most account thefts. I will consider this further during the work week. -- Gaile 06:55, 8 November 2009 (UTC) "

My thinking, and part of my reason for expanding upon my suggestion posted on the Feedback Portal, is that if those items cannot be returned individually, then how about they be placed in a "pool" accessible by NPC "merchants." A system can then be set up to allow victims of stolen accounts would then be able to retrieve items matching ones that were stolen. HanokOdbrook 17:24, 12 November 2009 (UTC)

And if 50 people lost the same item, who gets it? First come, first served? That hardly seems fair, when someone is hacked during his sleeping hours, and he learns that someone else got the only (insert item name here) available during the time he was eligible for items. And how long would he be eligible to get items from this "merchant?" And how much code would have to be written -- it boggles the mind -- to track that Fred retrieved his Icy Dragon Sword, but Mary bought one to replace the one she lost and therefore isn't eligible to get one from the merchant. Or is she? And to note that Tom got 142 of the ectos he lost and has another 10 coming, where Jenny had 20 coming, but found 5, so still a has 20 coming from the "merchant."

Don't get me wrong -- I like good ideas! But I'm bound to provide some insight into the complexity of their implementation. I see a number of drawbacks to this proposal, but naturally welcome ideas on how such a concept could work, even if it ended up being only as a point of discussion and not something that we could implement. -- Gaile 23:13, 12 November 2009 (UTC)

What is with all the Fred references? Starting to take a liking to me? :P Anyway, it's easy to see that a free for all is not a good idea, but why not allow the devs to allow item creation? It seems simple... you backup your data on a server, your bank guarantees your accounts, the idea behind all that is to give recourse after a security breach... it seems naive to assume nobody will ever get compromised; why not help them when it happens? 76.16.166.146 02:18, 13 November 2009 (UTC) (sorry forgot to login) Fred K 02:18, 13 November 2009 (UTC)

I guess you're just that kind of special guy, Fred. Anyway, I appreciate what you are saying Gaile, and this is one of the reasons why I want to get this dialogue going - so we can figure out how to resolve this issue for GW1, and ensure that measures are already in place to prevent the necessity of this dialogue for GW2. The fact of the matter remains, this type of issue will only worsen as the MMO genre grows, so it's time to get measures in place that will allow for recovery when it does happen.

If we will run into the problems that you mention above, then how about we institute merchants for specific items and use the voucher system that allows for recovery. The normal merchants are coded in such a way that they never run out of inventory. We then should have this for the rare items and one-time-only items (Minis, the three end game reward items, and the very rare drop items like the ID sword and such). Any account that gets hacked needs to initiate a support ticket for investigation. Once Anet determines this was a true hack, that account is issued in some manner, a means to recover those items, and a set amount of gold to enable purchase of necessary materials for armor and weapon re-equiping. Have the vouchers come with an expiration date. The fact that someone may purchase a replacement really shouldn't have a bearing in this scenario, where the merchants would have the unlimited inventory, as that person would be free to purchase said item regardless of a hack or not. HanokOdbrook 13:54, 13 November 2009 (UTC)

Out of curiosity, how is it that accounts are stolen to begin with? Do people really use the same email for Guild Wars as they do for everything else? I mean, it would be great if a dictionary attack wasn't even remotely effective against the game client, but at the same time, what kind of password are you choosing that is so easy for a dictionary attack to discover? I apologize if I sound bitter, but with the number of account hacks that we see every day and the numerous more we certainly don't see, it is no longer an issue of improper security on ANet's part, but a matter of unsafe practices by users. You certainly don't use the year you were born in as your PIN number, or at least I'd desperately hope you didn't, so why would you take less care with anything else? ··· Danny Pew Pew 21:24, 12 November 2009 (UTC)

I need to get into the account-stealing business, because apparently letting people who do not understand basic security farm 1,000+ platinum and a bunch of armbraces for you is way faster than killing smite crawlers. –Jette 23:46, 12 November 2009 (UTC)

Wow. Flame on. Thanks for the support you two. Okay, so to specifically answer the issues brought up. 1. I began playing and set up all my account information 4 years ago when this type of security breach simply didn't exist. 2. Yes, I had been using my e-mail address for everything. 3. No, my password would not easily been broken through a dictionary attack as ... well, my password was not in English. 4. No, give me some credit at least. I do know a few things about password security to recognize the stupidity of birthdays, pin numbers, etc. 5. I haven't actually been farming in ... at least 2 years. I hadn't needed to. I had more than enough money up until Friday to purchase what ever I wanted to and I only tried smite runs a few times. Boring. Until Friday, none of my personal accounts had been hacked or even locked due to hack attempts. Ever. There are however several documented issues as to A-net/NCSoft's security that even a cursory google search will reveal. This needs to get fixed. This is not my fault no matter how much I get flamed. NCSoft's security was broken. Not mine. No keylogger, no virus, no written password, no exchange of passwords to anyone else, No one who has my e-mail information knows enough about me to break my password.

I am concerned that you've blamed the unauthorized access to your account on NCsoft or ArenaNet. That simply is not an appropriate thing to say. Google posts do not necessarily equal fact, although if you wish you can email me the links and I'll be happy to review them. NCsoft has historically been very open about security issues in the past and I believe that NCsoft and ArenaNet would be forthright about any internal vulnerabilities if they were discovered today.

We are reviewing security at every level. We have identified a potential breach via one fansite; we've been told that many others may be at risk. In your personal situation, you may believe (or know) that those vulnerabilities don't relate to your account theft. But since we are still looking into this, it's too early to lay blame anywhere other than with the known issues, and it's highly inappropriate to draw any conclusions, including one that leads you to believe that ArenaNet or NCsoft is responsible for your account's loss.

I sympathize for the loss of your items, I truly do. But I think everyone should be responsible and appropriately accurate about statements of blame. An internal vulnerability has been disproved on every level of investigation we've conducted thus far. -- Gaile 21:14, 13 November 2009 (UTC)

With all due respect, There have been way too many hackings lately, and even going to log onto my NC account I tested the limit of account lockout-wrong password inputs (on my own account) and there is no limit. That (which invites brute force attacks) mixed with the fact that changing the password and changing the GW game password requires no knowledge of the original password(s) makes me very uneasy about the NC Account website and I do not trust it, along with many others. Something needs to be done about it. - Chrisworld 00:48, 14 November 2009 (UTC)

I asked about the prevention of brute-force attacks and was told "Yes, there are velocity checks for both the game and the NCsoft system that prevent brute-force attacks." The checks may be different that what you expect. For instance, the system doesn't refuse you entry after XX tries, or make you wait YY minutes after you've failed a few times. Instead, the system increases the time allowed between tries and that increase may be subtle and unnoticed in casual use. But having been told by the security team that there are such measures, I would like to know what you expected to experience that lead you to flatly state there are no such checks. I can request testing of this by ArenaNet's QA Team, but I will ask their time only after prudent research on my own, because they are incredibly busy right now. Thanks for any information you can give me. -- Gaile 02:31, 14 November 2009 (UTC)

Why not handle it like some of the ones that WOW uses now. I don't remember the name, but its the program that generates a new lockout every 6 seconds. You can use it from your desktop and it runs as an app from a cellphone. Make it almost impossible for an account hack by password generators, or brute force. Then when you sit down to play. Get the generated key and rock on! There are many ways that this can be fixed. Several nice ways. Also backing up the player account info on server. Then investigate and replace once hack has been proved. Blizzard commonly returns hacked players Items and gold, on a regular basis, so saying its that difficult isn't really truth full, its more of we don't wanna fool with it.I can say this for cetain. Many of us with old accounts, will be buying GW2. If we get hacked and lose all of both games, I bet they will lose a lot of people... This issue has been comeing to a head for quite some time. Digital "Virtual" properties are becoming more and more common. So are their thefts. and Large companies have proven time and time again, as a consumer of said properties. You have NO OWNERSHIP rights. If its lost or stolen, they just expact you to purchase it again and again. Xbox live is another prime example where when you are hacked, you are just screwed. They could care less. As digital properties are sold more and more, this is going to lead to major trouble for consumers. The sims and Sims 2 ect is another good example. I created a sims account with EA when the sims 1 came out like almost 10 years ago. at some point I lost and forgot my ea account in fo in that 10 years. now I am denied access to all digital addon properties and items. Forever. Cant register a new account because the serial is already used. EA thought they would be sly with the sims 3 and make it to where you can only play about 1/3 of the game without registering on thier forums with the serial. In 8 years if you wanna play it again and you have lost and or forgotten that password... your out of luck. My brother who was only like 12 when GW came out made his master account with plaync. and somewhere in those 4 or 5 years forgot his logon. and mom threw away the jewel case to prophecies. He has the disks, just not the serial. He also has the serials and boxes and disks of all the expansions. Only missing the prohecies key, and NcSoft still wont give him his account info or reset his account. Even though, he has factions/NF/EOTN, and a few addons, with reciepts, and the original boxes and serials and all. Thats real reasonable. The expansion serials are all associated with the prophecies account seeing as you can add them from the game. But thats still not enough eveidence of ownership. READ: ONLY HAVEING A HARDCOPY(ORIGINAL JEWEL CASE) OF THE PROPHECIES WITH THE SERIAL PRINTED ON IT IS ALL NCSOFT WILL TAKE AS TRUE OWNERSHIP. ALL THE EXPANSIONS SERIALS DONT MAKE A BIT OF DIFFERENCE... They told my brother that any further inquires into the master account associated with those keys will result in a full ban on the entire account. Sounds to me like they are fine with screwing over their players and pursue it actively. The only answer or recourse he has is basically buying a new copy of Prophecies and all the expansions basically 200.00$ worth all over again, and making a new master account. After trying to help him sort it all out I am positive they sit with glee just waiting for the chance to make someone completely buy new copies of everything. There is 0 protection or recourse for any of us as players. If Ncsoft continues on this corse, they wont make it in the long run, their reputation will be to far gone. I hate to see it because I love their games. Remember what I said here, it can happen to you. Hungryarmadillo 05:04, 14 November 2009 (UTC)

I am awfully sorry, Hungryarmadillo, but I just can't read the comments above, it just forms a wall of text. (It's Friday night and I've had a stressful week, so please forgive me my shortcomings.) I suggest you go back and make paragraph breaks, please!

But let me address one thing I did pick out: We do not accept only Prophecies access keys as proof of ownership. That's a policy from two years ago. I've been in my position for 1 year and 7 months, and one of the first things I did when I accepted the Support Liaison position was research current policies and facilitate some significant changes, with the help of Support management and team members. It was awful that the team was saying, "You moved four times and lost your Prophecies Access Key. Too bad you have the other keys, you're out of luck." Such a policy was very user unfriendly, and we do not have such a policy now!

If your brother had difficulties in retrieving an account, I can only conclude it was an account for which ownership was disputed. Perhaps someone else had the Prophecies key (the key with which the account was started) and your brother had subsequent keys, I don't know. But if that were the case, it's impossible to attribute "ownership" because of the conflicting information. If your brother truly was told "We won't help you" under the exact parameters you described, please give me the incident number and I will investigate, for that is not supposed to happen. -- Gaile 05:32, 14 November 2009 (UTC)

I would like to give the info, but unfortunately the last communication from NcSoft, was that any further inquiry into the account would result in a ban of the account. At this point, at least the account is still usable. He just couldn't get his free storage, or purchase any additional features on the account. If it ever gets hacked its just a loss I suppose. If there was some assurance the account wouldn't get banned for further inquiry I would be glad to forward the e-mails and the support number.. But the thought of a complete loss of 200$ worth of game doesn't exactly motivate. Help would be greatly appreciated, but not at a total loss. Hungryarmadillo 04:13, 15 November 2009 (UTC) Additional note, The only dispute of ownership was on Ncsofts part. He wanted to purchase additional stuff from the store but couldnt access the master account because of the lost password. We did provide the keys...to every thing but prophecies. Problem we had is some how his copies and my copies were packed away in a box together. So not knowing which keys went to which account was likely the issue. If you have some way to deal with this I would greatly appreciate assistance, but Im kind of afraid of both accounts being lost. Kind of an odd situation really. We could both provide both sets of information and keys. and I know my master account info. Are the keys for each game listed there? I dont think they are, I think I checked. Hungryarmadillo 04:18, 15 November 2009 (UTC)

Is there an "official Ncsoft email" I can contact you at? or can I send it through official support with your attention to it? we can both send the info and the account keys to you. or whatever you request.I ended up with the keys with me when I left and the boxes. Thanks for your quick response. Maybe I was wrong about what I said. Your statement was more helpful than anything we got in correspondence. Just tell me what you need and where to send it... Thank you again. Hungryarmadillo 04:36, 15 November 2009 (UTC)

In the Toolbox on your left you'll find "E-mail this user". — Poki#3 (talk) 17:51, 15 November 2009 (UTC)

Gaile, I have updated my support ticket with new information. I believe the thief left a customized weapon in my inventory. I understand you work for A-net/NCSoft and have access to information we do not. Likely, it's information you don't want to share due to additional threats to security. To address your concerns from above with my previous posts, try to look at from a player's perspective. Perhaps other unethical peope are setting up A-net/NCSoft as the fall guy for all hacks in general and this most recent epidemic of hacks specifically. However, the responses players are receiving who have paid money to play the game are ... decidedly lacking in any sort of support. In fact support's initial response is to ... blame the player. "Since we know our servers are secure ..." I think you know the rest of the line. There is no help at all from support, they just default to blaming the player and it makes us all very, very angry.

I will say all the evidence so far points to A-net/NCSoft as the security leak and the responses from support don't go to reassure players this is not the case. So, as would anyone, the default response is to blame right back and so far, I feel justifiably so. Essentially, the answer is "sorry you got hacked ... ya well, thanks for your money, we're not going to do anything." I feel this points to an insider at A-net/NCSoft. No one who got hacked cares one little bit for the amount of RMT bans/fraud accounts/whatevers completed in a week, month or year. Why? Because the one that matters didn't get banned ... if in fact that's how players are being ripped off.

Based on my review of the forums of the sheer numbers of players being hacked within the last three weeks, I see estimated losses of 10B in gold and assets. This level of security breach with no compensation to the players who paid for the game is simply not acceptable. The problem is that no matter how much support claims it's not their fault, it is until support/A-net/NCSoft proves otherwise. There appears to be no investigation going on; no attempt to retrieve player items; not even a detailed response of "we looked into your claims and found that ... we tried to do XX, but were unable to locate your stuff due to ... whatever." To my knowledge, A-net/NCSoft has been touting the same line of "oh well, sorry" since the game was released. Four and a half years of the same response? No improvement in security? No player compensation at all? This is what makes us angry and look to blame A-net/NCSoft. BTW, I still haven't heard what sort of investigation of my items/gold is going on. I'm simply trusting that you're looking into it. — The preceding unsigned comment was added by 68.57.86.60 (talk) at 03:51, 16 November 2009 (UTC).

First, 68, is that you who posted? Please sign your post so I know for certain. If not, who posted immediately above? Secondly, can you post your incident number? I incredibly busy, can't find it, and would appreciate that help, if you don't mind.

Now to the gist of what I want to say. What sort of "evidence" do you have that "points to A-net/NCSoft (sic) as the security leak?" Because I have oodles of evidence, and months' worth of research and analysis that does not point to ArenaNet or NCsoft as the responsible party for the breaches. I am not saying "It's not us!" I am not so foolish to say that until I know what is is when it is not us, you see? But I can say that we've had a lot of very fine brains working on this (and then, there's mine, but we won't go there ;) ) and nothing points to a breach or a weakness within the game, the game servers, or the NCsoft network. Honestly, nothing points that way.

I go into these with a completely open mind, and I view the issue with complete lack of bias. No, actually, my bias lies in finding the source of the problem, no matter where it lies. I've personally interviewed a lot of players who have been hacking victims. When I do that, I enter their responses -- which I am sure are honest and forthright -- into an enormous spreadsheet. What you do when analyzing a hacking incident or a security breach is to look for what I call "data intersections" or points the victims have in common. "Do they all belong to XYZ fansite?" No. "Do they all use the XTH?" No. "Are they all NCsoft Store customers?" No. And so it goes. I have not seen anything that leaps out, and a lot of other people have reviewed my reports and nor have they had that "Ah ha!" moment. I wish that we did. Even if we learned the issue was something internal -- that it was "us" -- at least we'd know and that would be best for all of us.

But we don't know. And with all due respect, you don't know either. So please, comments about how we aren't looking deeply into this matter, or how we have your money now and don't care enough to resolve the issue aren't just rude, they're inaccurate and they're unfair to those of us who are working days, nights, and weekends on this issue. They also make no contribution whatever to a subject that we really need to focus on. We do care deeply and we'll continue to care, continue to investigate this, and continue to work on a resolution until we nail down how the hackers are getting account credentials. Once we know that, we'll take whatever steps we can to prevent them from using those credentials. And that, again, will be best for all of us. -- Gaile 04:40, 21 November 2009 (UTC)

I checked the history to confirm that comment was made by "68" and I've helped him sign it. --Silver Edge 05:01, 21 November 2009 (UTC)

Also, I think the incident number you're looking for is in this section's heading. --Silver Edge 05:05, 21 November 2009 (UTC)

Umm. Yes, yes, I knew that, I was just... umm... checking to see if that number was accurate. *snicker* Ok, truth is, it's been a long day, and a very long week and I blew by the subject line. Thanks for your help, Silver. :) -- Gaile 06:13, 21 November 2009 (UTC)

(Reset indent) As was explained in the ticket, the item you found on your account belonged to another player who was also hacked. It is not unusual for the hacker to shift things around as he/she strips the accounts of the victims. An item, and the name of the person to whom it was dedicated, does not necessarily point to the hacker, as it did not in this case.

As also previously stated, we were not able to retrieve your items. We regret that this is the case, but the person who accessed your account is part of an RMT network, and they work very efficiently to strip accounts and hide their ill-gotten goods. A detailed explanation of the reasons that we are unable to return items is supplied on this wiki page and in the Support Issues archive. -- Gaile 06:38, 21 November 2009 (UTC)

[edit] Epidemic Account Breaches?

So Gaile, based on your allusions, as well as a bit of research, I am seeing a huge swath of players who have been affected by recent security breaches (including myself, obviously.) It is my biased opinion that you guys need to open a more significant official channel of communication warning players about this particular breach. We need to know how many are affected, when it started, any patterns indicating the source of the breach. A warning needs to reach those who may have had their information compromised in this same breach but have not yet had their accounts hacked. Depending on the scale, it might even be appropriate for a login announcement warning of the particular nastiness of this current breach. Let me know if I am far off base on my assumptions, I obviously don't know all you guys know. I don't want to unnecessarily incite widespread panic, but perhaps widespread panic is necessary? Fred K 04:33, 13 November 2009 (UTC)

As simply as I can put it: When we have information, we share it. We have frequently run in-game messages on this subject, and I update these pages when there is a new incident or when there are new details on a previous report. We have no idea whose information has been compromised, and therefore we cannot send them some sort of "pre-hack" warning. The reason we don't know future victims is because we do not all the means by which hackers are gaining account credentials. (Obviously, keyloggers, social engineering, insecure external sites all play a partial role.)

We are engaged in internal research and are casting our eye externally, too, because everything so far points to the fact that the breach is external to the game and our network. We do know of the breach of one fansite's database and are working with that site's owner. (A player report led to this discovery, incidentally.) This evening the Community Team contacted all fansite owners or administrators to provide them with information that may help them make their sites more secure. We hope that all fansites will post the information we've shared, and that all players will do what they can to secure or re-secure their accounts. (Forgive me for linking to our Account Security page yet again, but I'll take any means I can to get that info to players!)

Now, please don't think I'm minimizing the concerns you've expressed, or that I've adopted a so-called "company line" that seeks to brush off our responsibilities. I sent an email to Mike O'Brien, the president of ArenaNet, just last night, and also included the Executive Vice President as well. The email keeps them fully apprised of the situation and invites their insights. I've also been in touch with a few dozen people at ArenaNet and NCsoft West in Austin, Brighton, and Seattle. When one of us gets new information, a whole bunch of people get it, too, and we discuss and analyze it. We seek assessments from those who can respond in context -- for example, a network programmer or a security expert. In the end, we've eliminated some possibilities, we've discovered an issue (the fansite breach) that may have a wider impact, and we're continuing to look into this matter because we do, and should, take this matter extremely seriously. Again, when we have more information, we will share it. -- Gaile 02:22, 14 November 2009 (UTC)

We have frequently run in-game messages on this subject, and I update these pages when there is a new incident or when there are new details on a previous report. Um, where? The only report in game regarding security i've seen is the whole, "protect your password/dont buy RMT" message. Note: Even that isnt on the login announcement anymore. This has been a constant issue that people all over wiki have brought up about communication.

If you arent referring to the login screen message, do you mean in game chats? Do i have to be in a certain district to get this info? If so, that information isnt posted either.

Are you referring to fansites that contain this information? If so, is that really the best place to post this information when one of the fansites getting hacked was a major cause of this whole mess?

If it is in game, I'm not sure where all these frequent messages are if I havent seen one outside of looking at the support issue page on this wiki, which alot of people don't even know exists. That login announcement is what people look at. If there's a big Warning! message, the greater part of the community will get the information you are trying to supply. --adrin 06:48, 21 November 2009 (UTC)

There are multiple, specific messages on the log-in screen. They are rotated, and are designed to pertain to certain elements of the overall security issue. If there isn't such a message this week, I agree that there should be and I will ask that we get it into the rotation as soon as possible. I don't know about in-game chats nor fansites. Please feel free to address questions about those forms of communication to the Community Team. And no, the fansite hacking to which you refer was not a "major cause" of the issue. The one that I detailed on these pages turned out to involve only about 30 people, hardly a "major" event, I'm sure you'd agree. (Unless, it goes without saying, you were one of the 30. :( )

I have asked that we change/increase/beef-up our in-game (log-in screen) messaging, but there was concern that putting huge, flashing "WARNING" messages (which I suggested, only half in jest) would cause a major panic. So instead, we offer the existing messages, changing out the wording and rotating the messages themselves in an attempt to increase readership.

This page is something I offer as a courtesy, usually constructed more on my own time (as now) than on company time. If folks don't know about the page, I am not sure how to increase awareness. Perhaps you have suggestions about that. If so, I am more than happy to hear them. -- Gaile 06:58, 21 November 2009 (UTC)

For what it's worth, a number of people won't see the login screen messages for two reasons: (1) a lot of people setup the game to autologin and (2) if the message header is recycled, folks tend to ignore it. That shouldn't stop ANet from continuing to increase the amount of notification through login messages — it's worth keeping in mind those notices won't reach everyone.

I try to keep watch on your pages (as well as Regina's/Linsey's and the main page here); when I see something new, I take time to let my in-game buddies know. So, if & when there's critical news, it might be worth asking wiki readers to pass along a request that folks check the login screen. (Communication is always tough; no matter how good it is, people always want more.)   — Tennessee Ernie Ford (TEF) 09:01, 21 November 2009 (UTC)

[edit] Question reguarding new policy

What about those of us who have made usernames on fansites with our character names? Should we ask the said site for a username change or are we playing russian roulette? Katherinezoltin 04:16, 14 November 2009 (UTC)

Katherine, my suggestion was only an extra measure that some people may wish to take, and it was directed mostly at people with massive wealth or a lot of special, rare items. It's not a primary level of concern, and you should not worry overly much about changing your user name. You notice, I have not changed mine. :) -- Gaile 05:20, 14 November 2009 (UTC)

Thankies Gaile, I was slightly paranoid for a moment is all. ^^" Katherinezoltin 05:43, 14 November 2009 (UTC)

[edit] Screen resolution issues

← moved to Help:Ask a game question

[edit] Something strange just happened

So I was in Pre-Searing - I map traveled to Ascalon City by clicking rapidly maybe 4 times. I was taken to a character selection screen. It had only 4 slots, none of which had a created character. I logged out, logged back in, and had my screen with all my characters. What happened and where did I go? I thought about making a character but seemed like I might mess up my account doing so. This ever happen to anyone? Fred K 21:14, 15 November 2009 (UTC)

I just checked, this is repeatable. Fred K 21:15, 15 November 2009 (UTC)

Not an isolated case. I can do the same thing for kamadan. 98.248.90.248 21:17, 15 November 2009 (UTC)

Have you always been able to, or did I just discover a new bug? I think it has something to do with the four clicks translating into two map travels, which confuses the game in some way. Just my best guess. Fred K 21:21, 15 November 2009 (UTC)

Never tried until i saw this. I tried creating a new character and it just said all the slots were full. 98.248.90.248 21:29, 15 November 2009 (UTC)

Old bug. Also, this is not the place to post such things. — Poki#3 (talk) 21:46, 15 November 2009 (UTC)

Ok my bad, this is the first time I've ever come across something like this. Where to report in the future? Fred K 22:17, 15 November 2009 (UTC)

Feedback:Main. There are pages devoted to bug reports. — Poki#3 (talk) 02:15, 16 November 2009 (UTC)

Thanks, everyone. It's great to get those bugs on the proper pages, and allows me to focus on the support issues instead of doing traffic control. :) -- Gaile 04:41, 21 November 2009 (UTC)

[edit] botnetz

Why are bots prohibited? I understand the prohibition of RMTing and all the bad things that happen because of it, but I don't see why I couldn't just get a bot to do work for me if, for example, I decided I wanted to be rich and didn't want to put up with terribad UWSC groups and just do it myself with a bot and 8 accounts. Or smite/600, or what have you. I mean, I totally get prohibiting them in PvP, that's just common sense, but players are basically already allowed to cheat in PvE anyway, and not playing with other people is encouraged. So what gives? Logically speaking, if I have the skills and technical proficiency necessary to create a script to make a bot do something for me, I would need at least the skill necessary to perform that task manually. –Jette 02:56, 17 November 2009 (UTC)

I like this question, and I'm anticipating a response that either A) skirts around the question with distraction tactics B) says bots are bad by fiat, or C) doesn't answer. -- Tha Reckoning 03:10, 17 November 2009 (UTC)

I'd like to wait for Gaile's answer before we start making rants about lololorororororolol anetz is bæd. There might be a legitimate reason, I'd assume it would have something to do with people distributing bots that aren't bots at all, just account-stealing programs, and gullible people who don't demand source code falling for that trap. That's the only reason I could think of. –Jette 03:15, 17 November 2009 (UTC)

I wasn't ranting, I assumed there would be a response at least, surely that's enough to hope for. -- Tha Reckoning 03:16, 17 November 2009 (UTC)

rororororororororororor –Jette 03:17, 17 November 2009 (UTC)

Lol what does that even mean? -- Tha Reckoning 03:25, 17 November 2009 (UTC)

I am not Gaile. However, I'd like to point out a few things:

1. Logical flaw: Just because you have a bot doesn't mean you wrote it. Anet has no way of knowing if you wrote the bot you're using or if you downloaded it from someone else. This also brings me to my next point:
2. Infinite scalability. Once you've written a bot, that means you (and all your friends) can run it on as many accounts as you have, 24/7 (barring technical difficulties). Running 3 accounts simultaneously for 24 hours straight effectively is not a humanly feasible task, regardless of heroes, consumables, or builds-of-the-week.
3. If people were allowed to bot, the line between the proverbial "haves" and the "have-nots" is going to be drawn between people who bot and people who don't, and it's going to get wide fast. Assuming a bot is at all efficient, it will make at least as much money in a given time period as a human player farming the most lucrative farm, thus players would effectively be punished for taking their chars out of bot mode in order to actually play them. Goodbye to any remaining semblance of an economy.
4. Allowing bots means explicitly condoning third-party programs, which quickly becomes a headache for Support, as hordes of the less security-conscious download "super_fast_guild_wars_farmbot_(definitely_not_a_trojan).exe" off whatever the happening P2P network is for the kids these days.
5. It's a game. You're supposed to play it. That's the whole idea. - Tanetris 03:26, 17 November 2009 (UTC)

1. Logical flaw: Just because you have a bot doesn't mean you wrote it. Anet has no way of knowing if you wrote the bot you're using or if you downloaded it from someone else. This also brings me to my next point:

ANet also has no way to know if you ask your little brother to play your second account for you.

2. Infinite scalability. Once you've written a bot, that means you (and all your friends) can run it on as many accounts as you have, 24/7 (barring technical difficulties). Running 3 accounts simultaneously for 24 hours straight effectively is not a humanly feasible task, regardless of heroes, consumables, or builds-of-the-week.

Again: it is if you ask someone else to do it while you're in bed.

3. If people were allowed to bot be invincible, the line between the proverbial "haves" and the "have-nots" is going to be drawn between people who bot speed clear and people who don't, and it's going to get wide fast. Assuming a botfarm is at all efficient, it will make at least as much money in a given time period as a human not invincible player farming the most lucrative farm, thus players would effectively be punished for taking their chars out of bot invincible mode in order to actually play them. Goodbye to any remaining semblance of an economy.

ftfy (fixed that for you).

4. Allowing bots means explicitly condoning third-party programs, which quickly becomes a headache for Support, as hordes of the less security-conscious download "super_fast_guild_wars_farmbot_(definitely_not_a_trojan).exe" off whatever the happening P2P network is for the kids these days.

If I had any vestiges of human empathy left in me, I might care about that. I do not, on both counts.

5. It's a game. You're supposed to play it. That's the whole idea. - Tanetris 03:26, 17 November 2009 (UTC)

But people don't play it as is. They farm it, and virtually nothing else. Letting people use bots would be a slight change at worst.

@Reckoning: Rollo Lowlo –Jette 03:34, 17 November 2009 (UTC)

I thought that henchman name was a joke, wow. -- Tha Reckoning 03:39, 17 November 2009 (UTC)

Going down the list quickly: Having someone else play for you is neither infinitely scalable (limited number of human beings on the planet, if nothing else) nor as reliable as a bot (your little brother may also want to sleep, for example. Or play his own account, or do any number of other things). The line between SFers and non-SFers is nothing compared to the potential line between botters and non-botters. Your empathy doesn't matter, as you aren't in the position to make the rule decision; your not agreeing with it doesn't invalidate the arguement. If someone happens to enjoy farming (hey, different strokes for different folks), then that is playing for them. Else, they're missing the point too. - Tanetris 04:33, 17 November 2009 (UTC)

No offense, Tanetris, but I don't think you quite understand how Guild Wars bots work.

• Given that Guild Wars is not at all client-side, you have zero access to in-client controls. Unlike client-side games, you only have the interface to work with. This makes things considerably more difficult and immediately counters your "infinite-scalability" idea. You can only run as many bots as you have computers, more or less. (There are some more advanced scripting techniques that could theoretically allow you to run bots on multiple GW instances, but the amount of script overlap you have to deal with is literally exponential.)
• Also, given that you have only the interface to work with, you either have to write the bot yourself or move your interface items to the exact pixel locations that the author used.
• Regarding efficiency, writing a bot that could ever be as efficient as a human would require an intense amount of programming. Again, a bot only has the interface to work with.
• ANet could very well allow bots under the same terms they allow MGWML and TexMod to be used.

If I'm wrong about the fact that any potential GW bot must use the interface as its only means of function, I apologize preemptively - I've yet to hear of a Guild Wars bot being written and distributed en masse, so I've always assumed it had to be interface based. (I've also drawn this conclusion from watching bots in JQ and various outposts.) ··· Danny Pew Pew 19:35, 18 November 2009 (UTC)

Unless ANet has intentionally obfuscated signals to prevent bots and other exploits, any bot writer worth a damn would be sending signals directly, rather than working with the interface. Most bots that have been created thus far *do* likely work as you suggest, by ordering the bot to perform tasks at the "human" level; that is, ordering the bot to move the mouse, click, press keys, etc. That's a terrible way to do it, though, for a number of reasons. A good bot would not be programmed to press the 8 key to use holy wrath, for example; it would be programmed to send a signal to the server signifying that the player wanted to use holy wrath (or skill 8, or however those signals are sent). This saves time, memory, etc. It also allows bots to do things "smartly." When I use cheatengine to fly 50,000 feet above the ground, I can click anywhere on the map and it will try to send me to that location. Sometimes it'll take a while, but eventually I'll get there. That rather implies that gw.exe sends a signal that basically reads "move to (Y, X, Z) coordinate" to the server. The player can initiate that signal by clicking somewhere, but clicking is a very variable action -- the signal is not.
Mostly irrelevant, but it makes it possible to use a bot on different accounts without needing to move the interface around. The other problems Danny mentioned are still quite real, though. –Jette 21:28, 18 November 2009 (UTC)

Packet crafting is actually quite tricky and it requires careful inspection and documentation of the clients' packets. I'd argue that that's beyond the talents of even your average programmer given the network aspect. ··· Danny Pew Pew 21:52, 18 November 2009 (UTC)

"Intercepting packets" consists of pulling Joe Kimmes into a van on his way home from work and making him listen to Glen Beck radio broadcasts nonstop until he talks. –Jette 00:32, 19 November 2009 (UTC)

I lol'd at work. ··· Danny Pew Pew 00:39, 19 November 2009 (UTC)

(Reset indent) In short, the game is designed to be played by human beings, not bots. The economy -- always a delicate and critical design factor in a sound game like Guild Wars -- is created with a certain expectation of activity, accomplishment, even ability. Bots aren't human, and don't have a human's real-life constraints. They don't eat, sleep, or take bio breaks. They may not fumble, or fail, where humans have some degree of likelihood that they will do so, from time to time. Therefore, what a real player can gather legitimately may be exceeded, sometimes many times over, by a bot doing the work. Or where a human may tire of doing the same 30-second run to make a few pieces of gold, a bot will do the same run endlessly.

Guild Wars, like most games, is based on a supply-and-demand economy. Automated gold-gathers or ecto-harvesters, or short-runners who do extremely redundant functions on a 24/7 basis, significantly damage the economy for all players, including those who decline to use cheats, exploits, or bots. (And obviously, creating "Bot Wars" was not in the plans, so let's not head down the "everyone's doing it, let it go" path.)

As you must be aware, RMTs use bots, and RMTs are a provably negative influence on games on many levels, from ad spamming to economic damage to, perhaps most critical these days, account thefts. For more information, I invite you to read this article. -- Gaile 05:26, 20 November 2009 (UTC)

So, running around cheating, calling other players a niggerfag and selling ectos for double-digit prices is all cool, but stomp one mob of undead with a smite script out of boredom and you're put to death? >_>; Well, I guess I'll let it go, I wubs my new smite crawler <3333 –Jette 15:16, 21 November 2009 (UTC)

I used to be Anet's b**** so to speak, because I tried to see their side. I'm running out of things to defend now. The day has come where I'm with Jette on this one, except I don't have a smite crawler. Rose Of Kali 15:52, 21 November 2009 (UTC)

Could have just said B) Bots are bad by fiat. I'm with Jette too. -- Tha Reckoning 16:04, 21 November 2009 (UTC)

I have no problem with people taking advantage of loopholes in guild wars mechanics (e.g. permaform); such farmers earn their gold by performing an activity that many of us would find horribly boring. In contrast, botting rewards players for doing nothing. If we allow botting, why not simply award every player an extra 1 ecto for every hour of play?   — Tennessee Ernie Ford (TEF) 19:41, 21 November 2009 (UTC)

Right, you have no problem with what makes a game not fun, because that's what a game is supposed to be, boring, mind-numbing and skill-less. Pika Fan 20:02, 21 November 2009 (UTC)

Whoa, your Debate Teacher, Ms. Gaile, is going to have to give someone an "F" for logic and a D- for presentation. ;) We deal with nasty language, cheating, and account thefts every day of the week, every week of the year. We also deal with botting, because the game and the game economy are not designed to accommodate botting. Comments like, "You missed that guy in District 3 of Kamie who said 'pooh pooh' so ergo you suck and ergo I should be allowed to cheat" are, excuse me, lame.

If you find something mind-numbing, don't do it. If certain things are boring, move on to something else. There are millions of areas to explore, missions to do, quests to solve. If you feel you must farm, then farm. But don't automate your greed and then point a finger at the devs and say "You should let me cheat, let me mess over legitimate players with excessive wealth, because I'm greedy and I feel like it." It's silly to say "You didn't nerf a certain skill, therefore I'm entitled to cheat." Say what? That's like telling the cop, "You didn't catch that guy speeding across town, so I get to speed without penalty." The game has rewards. Cheating has penalties. If you want more rewards than you get in normal gameplay, then farm. But it's wrong for someone to say "I want more than normal rewards, I'm going to cheat, and I'm going to bash the developers because they want me to play as intended." -- Gaile 20:32, 21 November 2009 (UTC)

One more thing: Did you /report the people you witnessed using racist language? Do you /report people you see scamming? Do you help other players do so, too? "Better to light a single candle than to curse the darkness." -- Gaile 20:36, 21 November 2009 (UTC)

Excuse me? If you were referring in part or whole to me, I was directly replying to his condoning exploiting loopholes in game mechanics, I have no problem with people thinking bots = bad. In fact, botting IS exploiting loopholes in game mechanics. SF is just the "legal" form of such exploitation. Pika Fan 20:57, 21 November 2009 (UTC)

Nope, PF, not you. (Sorry for the confusion.) In fact, I wasn't really pointing at anyone, just taking a position on the false "logic" of "if you miss this (bad thing), then I can do that (bad thing) and you cannot/should not/are evil to take action against me." I'm not equating racists with botters -- not at all! But I am pointing out that the UA that everyone accepts before playing and the Rules of Conduct that apply to all of us within the game do call out the unacceptable nature of both. And players report both. And Support will take action on both. And that is as it should be. -- Gaile 21:01, 21 November 2009 (UTC)

[edit] responce time

First off I'm not here to complain! I'm just curious what the average response time is of the account support team. Why I want to know? My best guess is my main account got a error 045 you got hacked error on it. So I posted a support ticket, gave the relevant info and am now waiting for them to look at the matter. Support ticket nr: Incident: 091117-000936 if you're curious. I'm not asking for any preferential help or what ever, i got a second acc that i can still play on. I'm just worried about my oldest Character on there. I hope whoever caused the whole 045 error didn't cause any unrepairable dmg to my characters. Items i don't care about those can be replaced, but if they deleted my chars... that would hurt. So basically i just wanna know how long it usually takes for account support to look at a ticket and basically give it back to its rightful owner. Thanks for reading and doing a great job as support liaison. DBZVelena | (Talk page) 20:31, 18 November 2009 (UTC)

Gues the anwser to this question is 48 hours if you follow the above guideline of submitting a support ticket. way to go Account Support! No Chars got lost only items so I'm happy. Got a new goal: farm till i can re-craft a new fow armor set.DBZVelena | (Talk page) 22:19, 18 November 2009 (UTC)

I am glad that you are back on your account. The response time for tickets varies by the numbers the team has in its queue at any given time. You should get an automated response in a minute or two, and a human response (often with a referral to another team member) within a very short time (usually well under one hour, often within 5 or 10 minutes). After that, response time varies from a few hours to a day or two, depending on the exact circumstances within the ticket and the queue for the person to whom it was referred. -- Gaile 06:42, 20 November 2009 (UTC)

[edit] Account banned

Hello, Gaile! I have had my guildwars account for a year long, I didnt get to play it too much because of my job. recently I quit my job so I have some more spare time to play guildwars. I created a nightfall character and it only took me 4~5 days to beat nightfall. throughout the time I didnt trade with anyone, no interaction with anyone, and I didnt beat all the mission within one try. I didnt stay in one map for too long and most certainly didnt use any of the third party programs.

While I was playing just like any other players, I was logged out from the game, when I tried to log back in, it said that I was banned 045 permanently because I was using third party program. Then I went to the plaync web to file a complain and all I got from them was this account will not get resumed. Through the help of Jason Yu, he told me to try to contact you. Could you help me find my account back? Or at least show me if there is any evidence of me using third party program? Thank you very much! truely`` Reference #091103-000089 --The preceding unsigned comment was added by User:Yus2e4 (talk).

Hi. I understand what you have said, and I did look into this and discuss it with the Support Team. After looking at the game logs again, it seems clear that you were playing the game, not botting. We are sorry for the error. Your account is unblocked and you're free to join Guild Wars again. Thank you for your patience while we reviewed this! :) -- Gaile 18:39, 20 November 2009 (UTC)

Gaile, thank you very much! Was finally confirmed that, at this moment I am very excited. Thank you for your help! (=^w^=)

Glad to help. :) -- Gaile 06:21, 21 November 2009 (UTC)

[edit] Support Issue: Disconnects after 19 Nov Build

As of this hours, we are aware that a number of players are experiencing connectivity issues since the new build went up at approximately 8:00 PM Pacific time. (Build Reference here.) The team is working on this matter right now; we hope to have a fix for this very soon. We realize that it is frustrating to have this happen and we're very sorry for the fact that some players are experiencing trouble getting into or staying in the game.

I will post an update on this as information becomes available. -- Gaile 05:38, 20 November 2009 (UTC)

[edit] Update: 10:15 PM Pacific--19 November

Two issues have been identified as the cause of the connectivity issues. The team has already identified one issue and has developed a fix for it. In the meantime, one of our key server programmers is looking into a second issue, and we hope to have a fix for that one very soon as well. We'll roll out the fixes just as soon as they're completed and tested. Quite honestly, that could be a few minutes or a few hours, but please know we're on the case! -- Gaile 06:18, 20 November 2009 (UTC)

[edit] Update: 10:43 PM Pacific--19 November

The team identified both factors that appear to have been causing the connectivity issues and a Live Build is being distributed now. You should see the in-game message by, oh, 11:00 PM Pacific (that is, in about 15 minutes or so). Please quit and rejoin the game so that your files are updated and the problem is solved. Thanks for your understanding while we corrected the issues. -- Gaile 06:45, 20 November 2009 (UTC)

Thank you for taking the time to post the updates.   — Tennessee Ernie Ford (TEF) 07:02, 20 November 2009 (UTC)

Well, thank you for the note, TEF. It gets lonely late at night; glad someone was around to read the news. *lol* -- Gaile 04:43, 21 November 2009 (UTC)

If you are going to stay late most nights and weekends, posting updates on the wiki during your personal time...the least we can do is stay up to read 'em (and spread the Good Word of Gaile to our guildees). Thank you again. :-)   — Tennessee Ernie Ford (TEF) 08:49, 21 November 2009 (UTC)

Yes, thank you Gaile. This is the kind of communication many people have been asking for. It would be fantastic if it could extend to non-critical updates as well (not this degree of detail, but at least some notes on the ongoing process, you know, like shining that distant flashlight in a dark tunnel - Regina's post about the upcoming changes to SF was exactly that). And thank you for the work you do. I hope I'm not just speaking for myself when I say that even with all the moaning and QQing, we do appreciate what you and the team do for the game and for the players. Rose Of Kali 11:44, 21 November 2009 (UTC)

[edit] Hacked Accounts: Research Continues

We've seen comments on this page, on the Guild Wars Wiki in general, and on fan forums that show a rising concern about account thefts. And it's true that the number of hacked accounts has risen somewhat over, say, a year or two ago, even while it's not a major crisis. Security is of paramount importance to us, as we know it is to you. I wanted to give an update on what we've done and what we've learned so far:

• ArenaNet and NCsoft have taken a hard look at both game and network security, and no breaches have been discovered. We've worked independently and collaboratively to research the matter and will continue those efforts into the future.
• We've contacted fansites and let them know of certain database breaches that have taken place on fan forums and trading sites. Certain popular forum programs have security updates several times a year because they are targets for hackers, and as a result they experience security breaches from time to time.
• We've been in continued contact with a fansite that did experience a relatively-minor database breach. The site owner has made visitors aware of the problem and has taken steps to beef up security.
• We've interviewed a few hundred victims of account thefts about security matters, including their participation in external sites, their use of third-party programs including chat software and social media, how they use ArenaNet and NCsoft resources, and more than 30 others points of data.
• Tonight or tomorrow, I will be emailing a small number of players to interview them about a few questions related to security issues. These aren’t hacking victims, this time, but we feel the info they can give us will be invaluable in continuing our analysis of the whole issue. If you get an email that seems to come from me, it probably does. But feel free to ping me via this wiki email address to verify, if you wish to do so. And remember, I will not ask for your account credentials or other confidential information, nor will anyone else from ArenaNet or NCsoft. -- Gaile 04:04, 21 November 2009 (UTC)

Thanks for the update, Gaile. I'm sure most of us here are willing to lend any help that we can. HanokOdbrook 07:31, 21 November 2009 (UTC)