As someone who has dealt first hand with MMO account security and heard countless excuses from players on how their account got hacked (one even blamed it on their dog), I’m aware of the vast stupidity that exists among MMO players and their accounts. You wouldn’t believe the number of people who let their friends play on their account and then act shocked when all of their gear, money, and even characters are gone. Then, these same people go and sign up for a gold farming website using the same login information as their game account and wonder why their credit card number is being used in China or Eastern Europe to buy copies of the game.
To put it simply, a very large number of MMO players are dumbasses when it comes to protecting their game accounts.
Guild Wars 2 has only been out for about a month, but they’ve already experienced a large “hack” when a big Guild Wars 2 fansite’s database was compromised and those people who used the same login information there and in the game had their accounts broken into. Naturally people blamed ArenaNet for this, when the developer really had nothing to do with it, but in reaction to that incident, the CEO of ArenaNet has posted an account security blog entry that I wish every MMO CEO would have the guts to do.
He doesn’t leave any stone unturned and gives some really good, and blunt, advice to the players that unfortunately most are too ADD to follow as they won’t bother reading such a big wall of text. One interesting thing he mentions regards and Authenticator. He says that they’ve been testing a mobile phone app for a while internally, but have decided to use the Google Authenticator instead.
The post also gives a pretty good insight into how they can see hacks on their side in real-time and how serious the issue is for MMO companies. It’s worth a read.