The problem is that the game offers the ability to purchase virtual items with real money, making accounts lucrative targets for cyber-thieves. Goods can be earned for free through simply playing the game, but often players don’t want to spend the time to do so, and are willing to buy them instead. Nefarious types can thus leverage the virtual goods that have been accumulated by the original account holder by selling either the whole account or just the goods to players looking for shortcuts.
This process of gold-selling isn’t officially condoned by Guild Wars developer ArenaNet, which began locking users out of their accounts just days after launch for indulging in the practice.
The hacks appear to be emanating from China, where perpetrators have looked to crack passwords in order to put the compromised accounts up for sale. ArenaNet has been attempting to alert users, sending e-mails whenever a log-in attempt is made. Unfortunately, that’s resulted in user inboxes filling up with automated messages – which of course creates a problem in and of itself. Some users are already raising the spam flag on the policy.
AreaNet is also providing guidance on password selection, which it indicates should be long and unique.
"If you don't want your account hacked, don't use the same email address and password for Guild Wars 2 that you've used for another game or website," the company said. "Hackers have big lists of email addresses and passwords that they've harvested from malware and from security vulnerabilities in other games and websites, and they're systematically testing Guild Wars 2 looking for matching accounts.”
Hackers are targeting game forums and fan websites to steal player data too, including logins and passwords.