if like me you received an email with such a title looking very legit (because apparently it is, I do not know how anet fucked up but they did), breathe and do not hit the link if you did not request it yourself...a lot of people are being hacked at the moment...

here is the link to the discussion on guru

http://www.guildwars2guru.com/topic/56227-beware-do-not-click-password-reset-email-links-from-arenanet/

Oldest phishing trick in the Massively Multiplayer Book.

@Brodehouse said:

Oldest phishing trick in the Massively Multiplayer Book.

apparently this is not phsshing trick, this is the sad part: people report that there is no ASCii trick in the adress of the sender, the sender is indeed Anet...

@Brodehouse said:

Oldest phishing trick in the Massively Multiplayer Book.

apparently this is not phsshing trick, this is the sad part: people report that there is no ASCii trick in the adress of the sender, the sender is indeed Anet...

I got that as well. Just figured someone just entered my email from a big list.

The developers are hacking their own game?

Fuck, I almost clicked the link, thanks for the heads up man.

@emem said:

@announakis said:

@Brodehouse said:

Oldest phishing trick in the Massively Multiplayer Book.

apparently this is not phsshing trick, this is the sad part: people report that there is no ASCii trick in the adress of the sender, the sender is indeed Anet...

Mails like that are never from the developer, it's always a slightly different address...

Here is the email.

@Bucketdeth: Thats....pretty official looking. Most phishing scams try to goad you into clicking the link by being all YOU GOTTA SORT THIS SHIT OUT MAN ELSE WE GONNA DELETE YOUR ACCOUNT. Or some other nonsense. Weird.

I was really close to clicking the link in the mail.

It looks exactly the same as the real change password mail you get from Anet.

@emem said:

@announakis said:

@Brodehouse said:

Oldest phishing trick in the Massively Multiplayer Book.

apparently this is not phsshing trick, this is the sad part: people report that there is no ASCii trick in the adress of the sender, the sender is indeed Anet...

Mails like that are never from the developer, it's always a slightly different address...

Here is the email.

         

When you change your password, you don't get a confirmation email. So these are fake. However, allowing people to change passwords without a confirmation email is not secure at all.

It actually looks exactly like the email you get when you change the password to your NCSoft master account.

@Gantrathor said:

It actually looks exactly like the email you get when you change the password to your NCSoft master account.

Changing the password of your GW2 account on the official website doesn't send out an email (I've done it a few times already). Besides, that email is supposedly from Arenanet, not NCsoft.

@UssjTrunks: I know, I was just pointing out that it looks like the NCSoft master account statement. That's why it's funny, because you don't even need to use an NCSoft account for Guild Wars 2.

Gotten 3 of these so far. Pretty annoying.

Just so you guys know, but these are legit emails. They are not phish attempts, the header info checks out. The hack is a two step process. the password reset is the hacker actually just confirming that you are using a known email(either guessing based on in game character names, or from the recent MMO site hacking spree from china). It practically spits out a yes or a no. it either gives them a glaring error(email not in database), or tells them one has been sent. Once they know an email is live, they then use either pre-gleaned passwords from other MMO sites that were hacked, or then phish the shit out of your email. I can confirm that the hackers do not need access to your email account, and many are in fact losing access to their email accounts after their GW2 accounts, and those same people report that they used the same password across services. Use a clean(new) email, and a new password, and you foil their attempts at a hack/phish. There is also a server side hole, since people are getting hacked eevn without recieving the password reset email. Also, all the IPs that are being reported are from china, go figure.

Why would anyone click the link in a password reset mail you didn't request?

@pekarn said:

Why would anyone click the link in a password reset mail you didn't request?

Especially after it specifically tells you not to in the email.

@Brodehouse said:

Oldest phishing trick in the Massively Multiplayer Book.

Yeah, I received one just this morning. This trick is getting old by the way, bunch of idiots.

And I don't have the game yet also, double idiots :)

I got one of these today, I turned on gmail 2 step verification a few days ago so I am not all that worried. They should have given us some secret questions and answers so that this wouldn't of happened. Also the lack of a Security Token available at launch is a bad decision.

Woke up and I had 6 of them in my box. Lol, fail.

I didn't get one, but it seems something was up with the password reset, because they've shut it down.

http://en.support.guildwars2.com/

Announcements:

• The Guild Wars 2 reset password feature is currently unavailable.

I got this e-mail, and I don't even play Guildwars 2 (yet).

@pekarn said:

Why would anyone click a link in an e-mail you didn't solicit?

Fixed.

well im angry i didnt get a phishing email! am i not special enough for one!? lol

I got one of these e-mails, which is hilarious, because I haven't played GW 1 or 2, and I don't even have an Arenanet account!

Anyways, pro tip:

If you get an e-mail that makes you concerned that an account of yours has been compromised, don't click links in the e-mail, go to the website yourself and navigate to the appropriate page.

Just got an email saying I need to authorise a login. So glad that ANet put that system in.

I got one of these, I also got an Email from Norman Chan:

Hello, I'm Norman Chan Tak-Lam, S.B.S., J.P, Chief Executive, Hong Kong Monetary Authority. I need a confirmation of acceptance to handle a Business worth $47.1M USD with me. Contact me for more info.

@Dagbiker said:

I got one of these, I also got an Email from Norman Chan:

Hello, I'm Norman Chan Tak-Lam, S.B.S., J.P, Chief Executive, Hong Kong Monetary Authority. I need a confirmation of acceptance to handle a Business worth $47.1M USD with me. Contact me for more info.

I'd believe it, now that he's a big star on Mythbusters!

@Dagbiker: You totally hit the jackpot. You need to act on that. 47 million dollars? These opportunities come around once in a life time. Have you contacted him back yet? Is Jamie and or Adam his angel funder?

@chubbysumo said:

Just so you guys know, but these are legit emails. They are not phish attempts, the header info checks out. The hack is a two step process. the password reset is the hacker actually just confirming that you are using a known email(either guessing based on in game character names, or from the recent MMO site hacking spree from china). It practically spits out a yes or a no. it either gives them a glaring error(email not in database), or tells them one has been sent. Once they know an email is live, they then use either pre-gleaned passwords from other MMO sites that were hacked, or then phish the shit out of your email. I can confirm that the hackers do not need access to your email account, and many are in fact losing access to their email accounts after their GW2 accounts, and those same people report that they used the same password across services. Use a clean(new) email, and a new password, and you foil their attempts at a hack/phish. There is also a server side hole, since people are getting hacked eevn without recieving the password reset email. Also, all the IPs that are being reported are from china, go figure.

In spite of this being this guy's first post; he's right.

I got one yesterday as well. Except mine didn't say it was a password change, but rather a change to the e-mail address of my account. Oh, and I also don't have a copy of GW2. I did have GW1 on that address, so I put in a ticket (after typing the address myself, of course), when I discovered I couldn't log in to the website with that address. The site said there was no account with the e-mail address, but it did seem to indicate that GW1 account should have been able to log in. That was a day ago and now after doing a little legwork, and finding the e-mail asking me to click the link to confirm the change of address in my spam folder with the exact same timestamp as the e-mail confirming it's been accepted, I've decided to redownload the GW1 client and see what happens. But I'm at PAX and my hotel has pretty crappy WiFi, so I'll have to check up on it in the morning.

If my account was actually stolen, my guess is there are two points to this hack. First, is that they are using some known list of e-mail addresses and passwords (I had a WoW account hacked three years ago that probably had the same password then as I used the last time I actually played Guild Wars). Second, they are somehow locating the key to confirm the e-mail address without actually accessing the e-mail (or they have mine and aren't showing any other indication of that, but my e-mail is most definitely under a different password than it was then.) The fact that web password changes are down right now seems to feed that theory.

Edit: Guild Wars downloaded to a playable state over night. GW client tells me the e-mail address is not recognized. And since I almost never delete any e-mails ever, I still have the original account activation e-mail from 2004 for my GW1 account. Still no word from ArenaNet.