Trending Games | Guild Wars 2 | World of Warcraft | ArcheAge | Shards

  Network:  FPSguru RTSguru
Login:  Password:   Remember?  
Show Quick Gamelist Jump to Random Game
Members:2,905,513 Users Online:0
Games:757  Posts:6,294,773
Recent forum postsRSS
Active threads
Cloud view
List all forums
General Forums
Developers Corner General Discussion
Popular Game Forums
Click a status to find game forum
Game Forums
Click a letter to find game forum
A-C
2029 Online 2112: Revolution 2Moons 4Story 8BitMMO 9 Dragons A Mystical Land A Tale in the Desert III A3 ACE Online ARGO Online Aberoth Absolute Force Online Absolute Terror Achaea Adellion Aerrevan Aetolia, the Midnight Age Age of Armor Age of Conan Age of Empires Online Age of Mourning Age of Wulin Age of Wushu Aida Arenas Aika Aion Albion Online Alganon All Points Bulletin (APB) Allods Online Altis Gates Amazing World Anarchy Online Ancients of Fasaria Andromeda 5 Angels Online Angry Birds Epic Anime Ninja Anime Pirates Anime Trumps Anmynor Anno Online Applo Arcane Hearts Arcane Legends ArchLord ArcheAge Archeblade Archlord X Ascend: Hand of Kul Asda 2 Asda Story Ashen Empires Asheron's Call Asheron's Call 2 Astera Online Astonia III Astro Empires Astro Lords: Oort CLoud Asura Force Atlantica Online Atriarch Aura Kingdom Aurora Blade Auto Assault Avatar Star Battle Dawn Battle Dawn Galaxies Battle for Graxia Battle of 3 Kingdoms Battle of the Immortals Battlecruiser Online Battlestar Galactica Online Battlestar Reloaded Beyond Protocol Black Aftermath Black Desert Black Gold Black Prophecy Black Prophecy Tactics: Nexus Conflict Blacklight Retribution Blade & Soul Blade Hunter Blade Wars Blazing Throne Bless Blitz 1941 Blood and Jade Bloodlines Champions Boot Hill Heroes Borderlands 2 Borderlands: The Pre-Sequel Bound by Flame Bounty Bay Online Brain Storm Bravada Bravely Default Bravely Second Brawl Busters. Brick-Force Bright Shadow Bullet Run Business Tycoon Online CTRacer Cabal Online Caesary Call of Camelot Call of Gods Call of Thrones Camelot Unchained Canaan Online Cardmon Hero Cartoon Universe CasinoRPG Cast & Conquer Castle Empire Castlot Celtic Heroes Champions Online Champions of Regnum Chaos Online Child of Light Chrono Tales Citadel of Sorcery CitiesXL Citizen Zero City of Decay City of Heroes City of Steam City of Transformers City of Villains Civilization Online Clan Lord Clash of Clans Cloud Nine Club Penguin Colony of War Command & Conquer: Tiberium Alliances Company of Heroes Online Conquer Online Conquer Online 3 Continent of the Ninth (C9) Core Blaze Core Exiles Corum Online Craft of Gods Crimecraft Crimelife 2 Cronous Crota II Crusaders of Solaris Cultures Online Cyber Monster 2 Cyberpunk 2077 Céiron Wars
D-F
D&D Online DC Universe DK Online DOTA DOTA 2 DUST 514 DV8: Exile Dalethaan Dance Groove Online Dark Age of Camelot Dark Ages Dark Legends Dark Orbit Dark Relic: Prelude Dark Solstice Dark Souls 2 Dark and Light DarkEden Online DarkSpace Darkblood Online Darkest Dungeon Darkfall Darkfall: Unholy Wars Darkwind: War on Wheels Das Tal Dawn of Fantasy Dawntide DayZ Dead Earth Dead Frontier Dead Island Dead Island 2 Dead Island: Riptide Deco Online Deep Down Deepworld Defiance Deicide Online Dekaron Demons at the Horizon Desert Operations Destiny Diablo 3 Diamonin Digimon Battle Dino Storm Disciple Divergence Divina Divine Souls Divinity: Original Sin Dofus Dominus Online Dragon Age: Inquisition Dragon Ball Online Dragon Born Online Dragon Crusade Dragon Empires Dragon Eternity Dragon Fin Soup Dragon Nest Dragon Oath Dragon Pals Dragon Raja Dragon's Call Dragon's Call II Dragon's Prophet DragonSky DragonSoul Dragona Dragonica Dragons and Titans Drakengard 3 Dream of Mirror Online Dreamland Online Dreamlords: The Reawakening Drift City Duels Dungeon Blitz Dungeon Fighter Online Dungeon Overlord Dungeon Party Dungeon Rampage Dungeon Runners Dungeon of the Endless Dynastica Dynasty Warriors Online Dynasty of the Magi EIN (Epicus Incognitus) EVE Online Earth Eternal Earth and Beyond Earthrise Eclipse War Ecol Tactics Online Eden Eternal Edge of Space Einherjar - The Viking's Blood Elder Scrolls Online Eldevin Elf Online Elite: Dangerous Embers of Caerus Emil Chronicle Online Empire Empire & State Empire Craft Empire Universe 3 EmpireQuest Empires of Galldon End of Nations Endless Ages Endless Blue Moon Online Endless Online Entropia Universe EpicDuel Erebus: Travia Reborn Eredan Eternal Blade Eternal Lands Eternal Saga Ether Fields Ether Saga Online Eudemons Online EuroGangster EverEmber Online EverQuest Next EverQuest Online Adventures Evernight Everquest Everquest II Evony Exarch Exorace F.E.A.R. Online Face of Mankind Fairyland Online Fall of Rome Fallen Earth Fallen Sword Fallout 4 Fallout Online Family Guy Online Fantage Fantasy Earth Zero Fantasy Realm Online Fantasy Tales Online Fantasy Worlds: Rhynn Faunasphere Faxion Online Fearless Fantasy Ferentus Ferion Fiesta Online Final Fantasy Type-0 HD Final Fantasy XI Final Fantasy XIV Final Fantasy XIV: A Realm Reborn Firefall Fists of Fu Florensia Flyff Football Manager Live Football Superstars Force of Arms Forge Forsaken Uprising Forsaken World Fortnite Fortuna Forum for Discussion of Everlight Freaky Creatures Free Realms Freesky Online Freeworld Fung Wan Online Furcadia Fury Fusion Fall
G-L
GalaXseeds Galactic Command Online Game of Thrones: Seven Kingdoms Gameglobe Gate To Heavens Gates of Andaron Gatheryn Gauntlet Gekkeiju Online Ghost Online Ghost Recon Online Gladiatus Glitch Global Agenda Global Soccer Gloria Victis Glory of Gods GoGoRacer Goal Line Blitz Gods and Heroes GodsWar Online Golemizer Golf Star GoonZu Online Graal Kingdoms Granado Espada Online Grand Chase Grand Fantasia Grepolis Grimlands Guild Wars Guild Wars 2 Guild Wars Factions Guild Wars Nightfall H1Z1 Habbo Hotel Hailan Rising HaloSphere2 Haven & Hearth Hawken Heart Forth Alicia Hearthstone: Heroes of Warcraft Helbreath Hellgate Hellgate: London Hello Kitty Online Hero Online Hero Zero Hero's Journey Hero: 108 Online HeroSmash Heroes & Generals Heroes & Legends: Conquerors of Kolhar Heroes in the Sky Heroes of Atlan Heroes of Bestia Heroes of Gaia Heroes of Might and Magic Online Heroes of Thessalonica Heroes of Three Kingdoms Heroes of the Storm Hex Holic Online Hostile Space Hunter Blade Huxley Icewind Dale: Enhanced Edition Illutia Illyriad Immortals USA Imperator Imperian Inferno Legend Infestation: Survivor Stories Infinite Crisis Infinity Infinity Iris Online Iron Grip: Marauders Irth Worlds Island Forge Islands of War Istaria: Chronicles of the Gifted Jade Dynasty Jagged Alliance Online Juggernaut Jumpgate Jumpgate Evolution KAL Online Kakele Online Kaos War Karos Online Kartuga Kicks Online King of Kings 3 Kingdom Heroes Kingdom Under Fire II Kingdom of Drakkar Kingory Kings Era Kings and Legends Kings of the Realm KingsRoad Kitsu Saga Kiwarriors Knight Age Knight Online Knights of Dream City Kothuria Kung Foo! Kunlun Online Kyn L.A.W. LEGO Universe La Tale Land of Chaos Online Landmark Lands of Hope: Redemption LastChaos League of Angels League of Legends - Clash of Fates Legend of Edda: Vengeance Legend of Golden Plume Legend of Grimrock 2 Legend of Katha Legend of Mir 2 Legend of Mir 3 Legendary Champions Lego Minifigures Online Lichdom: Battlemage Life is Feudal Light of Nova Lime Odyssey Line of Defense Lineage Lineage Eternal: Twilight Resistance Lineage II Linkrealms Loong Online Lord of the Rings Online Lords Online Lords of the Fallen Lost Saga Lucent Heart Lunia Lusternia: Age of Ascension Luvinia World
M-Q
MU Online Mabinogi Maestia: Rise of Keledus MagiKnights Magic Barrage Magic World Online Manga Fighter MapleStory Martial Heroes Marvel Heroes Marvel Super Hero Squad Online Marvel: Avengers Alliance Mass Effect 4 MechWarrior Online Megaten Meridian 59 : Evolution Merlin MetalMercs Metaplace Metin 2 MicroVolts Middle-earth: Shadow of Mordor Midkemia Online Might & Magic Heroes: Kingdoms Might & Magic X: Legacy MilMo Minecraft Mini Fighter Minions of Mirth Ministry of War Monato Esprit Monkey King Online Monkey Quest Monster & Me Monster Madness Online MonsterMMORPG Moonlight Online: Tales of Eternal Blood Moonrise Mordavia Mortal Online Mourning My Lands Myst Online: URU Live Myth Angels Online Myth War Myth War 2 Mythborne Mytheon Mythic Saga Mythos N.E.O Online NIDA Online Nadirim Naviage: The Power of Capital Navy Field Need for Speed World Nemexia Neo's Land NeoSteam Neocron Nether Neverwinter Nexus: The Kingdom Of The Winds NinjaTrick NosTale Novus Aeterno Oberin Odin Quest Odyssey RPG Ogre Island Omerta 3 Online Boxing Manager Onverse Oort Online Order & Chaos Online Order of Magic Original Blood Origins Return Origins of Malu Orion's Belt Otherland Forums OverSoul Overkings Overwatch Oz Online Oz World Pandora Saga Pantheon: Rise of the Fallen Panzar Parabellum Parallel Kingdom Parfait Station Path of Exile Pathfinder Online Perfect World Perpetuum Online Persona V Phantasy Star Online 2 Phantasy Star Universe Phoenix Dynasty Online Phylon Pi Story Picaroon Pillars of Eternity Pirate Galaxy Pirate Storm Pirate101 PirateKing Online Pirates of the Burning Sea Pirates of the Caribbean Online Pixie Hollow Planeshift Planet Arkadia Planet Calypso PlanetSide 2 Planetside Planets³ Playboy Manager Pocket Legends Pockie Ninja Pockie Pirates Pockie Saints Pokémon X and Y PoxNora Prime World Prime: Battle for Dominus Priston Tale Priston Tale II Prius Online Prodigy Project Blackout Project Gorgon Project Powder Project Titan Forums Project Wiki Project Zomboid Puzzle Pirates Quest for Infamy Quickhit Football
R-S
R2 Online RAN Online RF Online ROSE Online Rage of 3 Kingdoms Ragnarok Online Ragnarok Online II RaiderZ Rail Nation Rakion Rappelz RappelzSEA Ravenmarch Realm Fighter Realm of Sierra Realm of the Mad God Realm of the Titans Realms Online Rebel Galaxy Reclamation Red Stone Red War: Edem's Curse Regnum Online Remnant Knights Renaissance Repulse Requiem: Memento Mori Rift RiotZone Rise Rise of Dragonian Era Rise of Empire Rise of the Tycoon Risen 3: Titan Lords Rising of King Risk Your Life Rivality Rockfree Rohan: Blood Feud Role Play Worlds Roll n Rock Roma Victor Romadoria Rosh Online Roto X Rubies of Eventide Ruin Online Rumble Fighter Runes of Magic Runescape Rust Rusty Hearts Ryzom S4 League SAGA SD Gundam Capsule Fighter Online SMITE SUN Sacred 3 Sagramore Salem SaySayGirls Scarlet Blade Scions of Fate Seal Online: Evolution Second Chance Heroes Second Life Secret of the Solstice Seed Serenia Fantasy Seven Seas Saga Seven Souls Online Sevencore Shadow Realms Shadow of Legend Shadowbane Shadowgate Shadowrun Online Shaiya Shards Online Shattered Galaxy Sho Online Shot Online Shroud of the Avatar SideQuest Siege on Stars Sigonyth: Desert Eternity Silkroad Online Skyblade Skyforge SmashMuck Champions Smoo Online Soldier Front Soul Master Soul Order Online Soul of Guardian South Park: The Stick of Truth Space Heroes Universe Sparta: War of Empires Spellcasters Sphere Spiral Knights Spirit Tales Splash Fighters Squad Wars Star Citizen Star Conflict Star Sonata 2 Star Stable Star Supremacy Star Trek Online Star Trek: Infinite Space Star Wars Galaxies Star Wars: Clone Wars Adventures Star Wars: The Old Republic StarQuest Online Starbound Stargate Worlds Starlight Story Starpires State of Decay SteelWar Online Stone Age 2 Stormfall: Age of War Stormthrone Storybricks Stronghold Kingdoms Styx: Master of Shadows Sudden Attack Supremacy 1914 Supreme Destiny Sword Girls Sword of Destiny: Rise of Aions SwordX Swords of Heavens Swordsman
T-Z
TERA TS Online TUG Tabula Rasa Tactica Online Tales Runner Tales of Fantasy Tales of Pirates Tales of Pirates II Tales of Solaris Talisman Online Tamer Saga Tank Ace Tantra Online Tatsumaki: Land at War Terra Militaris TerraWorld Online Terraria Thang Online The 4th Coming The Agency The Aurora World The Banner Saga The Black Watchmen The Chronicle The Chronicles of Spellborn The Crew The Division The Epic Might The Hammers End The Incredible Adventures of Van Helsing The Incredible Adventures of Van Helsing 2 The Legend of Ares The Lost Titans The Matrix Online The Mighty Quest for Epic Loot The Missing Ink The Mummy Online The Myth of Soma The Pride of Taern The Realm Online The Repopulation The Secret World The Sims Online The Strategems The West The Witcher 3: Wild Hunt Theralon There Therian Saga Thrones of Chaos Tibia Tibia Micro Edition Tiger Knight Titan Siege Titans of Time Toontown Online Top Speed Topia Online Torchlight Torment: Tides of Numenera Total Domination Transformers Universe Transistor Transverse Traveller AR Travia Online Travian Triad Wars Trials of Ascension Tribal Hero Tribal Wars Tribes Universe Trickster Online Trove Troy Online True Fantasy Live Online Turf Battles Twelve Sky Twelve Sky 2 Twilight War Tynon U.B. Funkeys UFO Online URDEAD Online Ultima Forever: Quest for the Avatar Ultima Online Ultima X: Odyssey Ultimate Naruto Ultimate Soccer Boss Uncharted Waters Online Undercover 2: Merc Wars Underlight Unification Wars Universe Online Utopia Valkyrie Sky Vampire Lord Online Vanguard: Saga of Heroes Vanquish Space Vector City Racers Vendetta Online Victory - Age of Racing Vindictus Virtonomics Vis Gladius Visions of Zosimos VoidExpanse Voyage Century Online W.E.L.L. Online WAR (Warhammer Online) WAR2 Glory WYD Global Wakfu War Thunder War of 2012 War of Angels War of Legends War of Mercenaries War of Thrones War of the Immortals WarFlow Waren Story Warflare Wargame1942 Warhammer 40,000: Eternal Crusade Warhammer 40K: Dark Millennium Online Warhammer Online: Wrath of Heroes Warkeepers Warrior Epic Wartune Wasteland 2 WebLords Wild West Online WildStar Wind of Luck WindSlayer 2 Wings of Destiny Wish Wizard101 Wizardry Online Wizards and Champions Wonder King Wonderland Online World Golf Tour World of Battles World of Darkness World of Heroes World of Kung Fu World of Pirates World of Speed World of Tanks World of Tanks Generals World of Warcraft World of Warplanes World of Warriors World of Warships World of the Living Dead WorldAlpha Wurm Online Xenoblade Chronicles: X Xenocell Xiah Xsyon Xulu YS Online Yitien ZU Online Zentia Zero Online Zero Online: The Andromeda Crisis Zodiac Online Zombies Ate My Pizza eRepublik

MMORPG.com Discussion Forums

World of Warcraft

World of Warcraft 

General Discussion  » Wow, hacked again w/ authenticator

5 Pages « 1 2 3 4 5 » Search
95 posts found
  User Deleted
7/25/10 8:41:58 PM#61

There is a bitter irony at work here. The Faithful cannot accept the truth from their peers, but whole-heartedly believe in the wholesomeness of a Mega-Corporation.

 

*Hint*

Corporations are ran by people. And those who believe that a Superduper$5gazilliondollar secure data base cannot be compromised (especially from the inside) are well... naively optomistic at best.

 

Go ahead... the koolaid's great!

 

I never clicked on any email link, nor have I ever visited any phishing / questionable sites. I found out that my account was compromised by trying to login and not being able to get past the authenticator. Futher, I dont surf porn, really dont even use email. The sites I visit are this one, the official forums, MSN, Amazon, Gamestop, Walmart.

 

And I'm the only one who used this pc, which btw only has WoW and the Pre-download of SC2. I believe the people who say that they have never been hacked, and don't have any malware on their pc's. Problem is, they don't seem to believe me.

  faefrost

Advanced Member

Joined: 1/01/06
Posts: 199

7/25/10 9:52:26 PM#62
Originally posted by Luthor_X

There is a bitter irony at work here. The Faithful cannot accept the truth from their peers, but whole-heartedly believe in the wholesomeness of a Mega-Corporation.

 

*Hint*

Corporations are ran by people. And those who believe that a Superduper$5gazilliondollar secure data base cannot be compromised (especially from the inside) are well... naively optomistic at best.

 

Go ahead... the koolaid's great!

 

I never clicked on any email link, nor have I ever visited any phishing / questionable sites. I found out that my account was compromised by trying to login and not being able to get past the authenticator. Futher, I dont surf porn, really dont even use email. The sites I visit are this one, the official forums, MSN, Amazon, Gamestop, Walmart.

 

And I'm the only one who used this pc, which btw only has WoW and the Pre-download of SC2. I believe the people who say that they have never been hacked, and don't have any malware on their pc's. Problem is, they don't seem to believe me.

The "faithful" are not saying that the database cannot be compromised. But the professionals are saying that the vector of compromise that the conspiracy nuts are looking for is so far out there as to be next door to impossible. Yes the database can be compromised. Certain info can be compromised fairly easily. Your e-mail address. Your billing address, even your CC number. But because of how these things work it would be all but impossible for a Blizzard employee to compromise your password via the database. Doing so would pretty much require the ability to forensically dissect the database. While not impossible bordering on the insanely difficult and not something that commercial gold sellers (which is who the account hackers are)will have the resources, wherewithal and frankly even the need to do. 

Plus lets not forget the risk reward structure. Going after this stuff from Blizzard either through direct compromise or via human engineering has massive legal risks. if someone is stealing info direct from Blizzard they will face the direct response of heavyhanded lawyers and law enforcement. Blizzard has often proven they are not shy about calling the FBI. And hacking a commercial data service (which is what Blizzard is) carries heavy jail time, and alot of countries will extradite for. 

Whereas attacking the user end point is relatively easy, has a much greater success rate for the effort required (as high as 30% simply using automated systems such as trojans, automated phishing, malware and botnets) and almost no legal risk. No Law enforcement will care if Edna Puddlebee had her computer infected with a virus or her WoW level 80 Paladin stripped. They just don't care. There is no chance of arrest or civil liability from attacking the individual end user. None! Zip nada!

I am not saying that I have any particular trust in Blizzard or there security. I am saying as an IT and Security professional that if Blizzard was the source of a human compromise, it simply would not be account passwords. The employee or contractor or whatever would be selling off personal info such as Credit Cards and billing addresses. That's the information they could get to and get in a bulk form. The account info would quite simply be too hard to get through Blizzard and too easy to get through the end users. Security compromise, at least as a commercial endeavor on the scales that we are talking about here,  will always follow the path of least resistance that offers the greatest reward with the lowest effort or risk. And I hate to break it to everyone. But you all reading this... you are that path or least resistance. 

The bitter irony here is that doubters and detractors cannot believe actual facts or data when presented by those with actual real world experience and expertise in this sort of thing and instead insist on believing unfounded and illogical conspiracy theories built on rumor, innuendo and spurious internet claims with no actual fact or evidence. 

  grapevine

Apprentice Member

Joined: 12/17/04
Posts: 1943

7/25/10 10:04:30 PM#63

It looks like a cascade of a scam e-mail.

 

I received one aswell, saying the account I've not used for over a year had been used for gold selling, frozen, etc.

 

Went to the (official) account page, and checked for recent tranactions, which there wasn't any of.  So nobody had activated it.  I then went to the character transfer option.  All my characters where listed as viable transfers.

 

Then I checked the header of the e-mail, which states: -

 

"X-Originating-IP: [222.69.161.41]
X-Originating-Email: [i_suck_at_this@hotmail.com]
Message-ID:
Received: from rrusg ([222.69.161.41]) by BLU0-SMTP38.blu0.hotmail.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.4675);
     Sat, 24 Jul 2010 13:33:47 -0700
Reply-To:
From: "Blizzard Entertainment"
To:  "

 

The hotmail address aside, performing a nslookup blizzard.com is showing as 12.129.242.30.  222.69.161.41, seems to belong to a non-existent domain.

 

Its seems Blizzard's exchanges are mx1.blizzard.com (12.130.201.11) ; mx2.blizzard.com (12.130.201.10) and mx5.blizzard.com (12.129.251.175).  None of which are within the range of the originating IP. 

  Shadoed

Novice Member

Joined: 10/03/03
Posts: 1484

7/26/10 4:52:42 AM#64


Originally posted by zymurgeist
People, an inactive account can be compromised even if you never log into it. If you use an E-mail address and password to access an unsecure site chances are it will be checked against a battle.net account. If it's the same one you use for WoW you're screwed. Even if Blizzard's security was perfect this would work. Your WoW account needs a unique E-mail address and a secure password that is never used for anything else.  The more garbled looking your E-mail and password is the better.

Everyone seems to be missing the main point of the original post here, the OP isn't just claiming that he/she had an inactive account compromised, they are claiming that they had an authenticator protected inactive account compromised and i am still yet to see any explanation as to how this is possible?

It must be Thursday, i never could get the hang of Thursdays.

  Aconsar

Novice Member

Joined: 7/05/10
Posts: 268

7/26/10 4:57:34 AM#65
Originally posted by jason_webb

 


Originally posted by zymurgeist
People, an inactive account can be compromised even if you never log into it. If you use an E-mail address and password to access an unsecure site chances are it will be checked against a battle.net account. If it's the same one you use for WoW you're screwed. Even if Blizzard's security was perfect this would work. Your WoW account needs a unique E-mail address and a secure password that is never used for anything else.  The more garbled looking your E-mail and password is the better.


 

Everyone seems to be missing the main point of the original post here, the OP isn't just claiming that he/she had an inactive account compromised, they are claiming that they had an authenticator protected inactive account compromised and i am still yet to see any explanation as to how this is possible?

A friend of mine has an authenticator and his account was still compromised.  You tell me how it happened, because he doesn't use add-ons or go to unsafe sites.

  Shadoed

Novice Member

Joined: 10/03/03
Posts: 1484

7/26/10 5:01:39 AM#66


Originally posted by Aconsar
A friend of mine has an authenticator and his account was still compromised.  You tell me how it happened, because he doesn't use add-ons or go to unsafe sites.

If it was an active account then it is possible although still highly improbable, if you go back to the original few posts it is explained there, but again we are talking about an "inactive" authenticator protected account!

It must be Thursday, i never could get the hang of Thursdays.

  Aki_Ross

Novice Member

Joined: 6/22/09
Posts: 168

7/26/10 5:38:30 AM#67

I've been reading a lot of posts on these forums, about accounts been hacked and I'm starting to get the impression that sometimes it's on Blizzard's end, which is very worrying.

  User Deleted
7/26/10 6:02:03 AM#68
Originally posted by miagisan
 
World of Warcraft - Security Warning‏
From: Blizzard Entertainment (donotreply.service@blizzard.com)
Sent: Sat 7/24/10 3:33 PM
To: -----------------

sorry but its the real thing. i know a fishing email and how to spot them. been playing mmos for a very long time. i know the scams. The email header doesnt lie.

I'm sorry, but you're wrong.

  User Deleted
7/26/10 6:18:43 AM#69
Originally posted by maji
Originally posted by Luthor_X

I never clicked on any email link, nor have I ever visited any phishing / questionable sites. I found out that my account was compromised by trying to login and not being able to get past the authenticator. Futher, I dont surf porn, really dont even use email. The sites I visit are this one, the official forums, MSN, Amazon, Gamestop, Walmart.

Well, there's the trick:

What seems more plausible to me? That members of a very large and successful company risk their jobs by selling account data for years and years without ever getting caught?

Or that a member of a community that is known for using levelling services, buying gold, sharing accounts, and beeing attracted to phishing and scam attempts like moths to the light, didn't protect his account the way he should have?

Hmmm.... tough choice... NOT!

The best hint (apart from using common sense) that Blizzard is not selling account data, is the amount of WoW phishing and scam attempts floating around on websites, addons, youtube, mails and whatever. There is so much WoW scam spam floating all over the web, because the WoW players are falling for it over and over and over! If WoW players would pay some attention, or be less greedy or simply use more common sense, then there would be less scam attempts, because they wouldn't be worth it. But as it is, they are worth it, because people will fall for it.

 

Are you implying something?

 

Use caution in  your reply...

  alakram

Novice Member

Joined: 11/02/06
Posts: 2239

7/26/10 6:20:08 AM#70

I never had an account in WoW, the last friday I got an email from blizzard saying my account had password change and if It wasnt me i could still click on a link and recover it, so I thought wooot free account!!!, I clicked the link but I can't figure out the information, guess the guy changing the password is going to keep it.

hehe just joking...

as a serious note i dont know what to think, is amazing the amount of hacked wow accounts he read about everyday in here. In one hand it can be real that so many accounts get hacked and that someone from inside is selling accounts... in the other hand, it can be a lot of people from other games trying to create a false bad reputation about blizzard security so people stop playing wow and they can take part of this market.

-=AlaKraM=-
Don't fight against poverty, fight against greed.
My Lord of the Rings Gallery

  faefrost

Advanced Member

Joined: 1/01/06
Posts: 199

7/26/10 10:41:33 AM#71
Originally posted by jason_webb

 


Originally posted by zymurgeist
People, an inactive account can be compromised even if you never log into it. If you use an E-mail address and password to access an unsecure site chances are it will be checked against a battle.net account. If it's the same one you use for WoW you're screwed. Even if Blizzard's security was perfect this would work. Your WoW account needs a unique E-mail address and a secure password that is never used for anything else.  The more garbled looking your E-mail and password is the better.


 

Everyone seems to be missing the main point of the original post here, the OP isn't just claiming that he/she had an inactive account compromised, they are claiming that they had an authenticator protected inactive account compromised and i am still yet to see any explanation as to how this is possible?

 Look around on Blizzards forums for references to "man in the Middle Attacks". They have publicly addressed them and had a good amount of discussion and posts on them since around February. So they aren't ignoring anything.

 

Authenticators can be defeated using a Man in the Middle Attack. This isn't just Blizzard, this is any security scheme that uses a secure token exchange such as RSA tokens or similar. But the means to compromise such are time consuming, cumbersome, and require precise timing, so the hack has to occur in real time. It's not like the far more productive keyloggers and trojans which sniff and sweep the internet automatically, and whose take can be picked up and used by a gold farmer/seller/scum of the earth months later. A Man in the middle hack only works for about 20 seconds (max) of when you try and log in.

 

Here's how it goes.

 

Step 1 - The users machine gets infected with one of the newer truly nasty real time keyloggers. And before anyone says anything, YES IF YOU HAVE AN AUTHENTICATOR AND YOU WERE HACKED, THIS IS HOW THEY DID IT. YOUR MACHINE IS INFECTED 100% CERTAIN. Just because you have not found it does not mean that it is not there. These newer keyloggers are very very nasty amorphic rootkit virus's. They often attack or replace your systems core keyboard drivers among other things. Just as an example, I had a medical imaging system with a flaky keyboard on my bench last week. I threw every search suite I could at it. AVG, Malware Bytes, Combofix, Kaspersky, Trend, Avast, plus some other very specialized tools. None found anything, or at least found the root infection that was spawning the others. Gmer reported some suspicious system files which were confirmed to be malicious rootkits when they were extracted and sent to antivirus.com . This was on Tuesday and Wednesday with the latest updated version of the most commonly used AV software scanning. Nada. It was very obviously a keylogger, and while I don't know for certain that it was sniffing for WoW information, we know that that is what at least 20% of keyloggers look for. (For the record that infected drive is on its way to Kaspersky to see what they can make of it.)

 

Step 2 - Step 2 is you go to login. The trojan on your system feeds you a fake login screen and you enter your info. At which point it feeds you an "authenticator error" or a "login error" or a "password/username failure" etc. Basically it wants you to keep trying to login so as to keep sending it the current Authenticator number reseting the hackers clock, or even better yet, you get frustrated assume there is a problem with your authenticator and disable it from your account. (for some reason iPhone based authenticators seem particularly susceptible to doing this. They disable it so they can redownload and install a clean version). It's also important to note that an inactive account cannot be compromised in this manner. The process is only possible within 20 to 30 seconds of you attempting to login to Battle.Net via some path.

 

Step 3 - Now as soon as you logon to that fake login box it sends your account name, password and the current # displayed on your authenticator to a waiting live human being hacker. This is what makes this hack rare. It requires the 1 to 1 human being waiting to hack you. It cannot be done via automation. As soon as the waiting hacker recives your info he has less than 20 seconds (often alot less depending on where your authenticator was in its clock cycle when you typed it in) to quickly use his legitimate client to login to your account, disable your authenticator and install his. Once done, if the timings all work out for him (maybe a 1 in 10 chance) he has possesion of your account and can procede with his heinous gold spamming activities.

 

To date Man in the Middle attacks against authenticator hardened accounts remain rare because of the precise timing involved and the need for that man in the middle to be a human agent. But obviously the hacker industry is trying hard to improve this with each cycle. The main purpose of an authenticator is not to guarantee absolute 100% security. It is more akin to a real world car alarm or household alarm system. It is to make your stuff harder to hit, thereby making the attacker more prone to go after the easier target (your neighbor).

  Kost

Newshound

Joined: 1/15/10
Posts: 2024

In omnibus requiem quaesivi, et nusquam inveni nisi in angulo cum libro.

7/26/10 12:16:11 PM#72

Anyone who thought the mail was real, got phished.

For starters, email responses from Blizzard always come from donotreply@blizzard.com, not donotreply.service@blizzard.com. The new phishing emails have their “From” field spoofed to appear as if the source is from a generic address at the blizzard.com domain, which is not the case at all.

Secondly, people should know better by now. I can't believe that after this many years players or ex players still get phished without any trouble. The sad part is that ninety percent of the population blame Blizzard anytime an account gets compromised, when they fault is entirely there own.

Anyone who gets phished, and then claims that it's not the fault of there computer, that it is secure, and that it is all blizzard's fault (or anyone's fault other than there own), is fooling themself.

Take responsibility.

Btw, there is a news article about this very occurence:

http://news.softpedia.com/news/New-World-of-Warcraft-Phishing-Emails-in-Circulation-149000.shtml

  Shadoed

Novice Member

Joined: 10/03/03
Posts: 1484

7/26/10 12:19:03 PM#73


Originally posted by Aki_Ross
I've been reading a lot of posts on these forums, about accounts been hacked and I'm starting to get the impression that sometimes it's on Blizzard's end, which is very worrying.

Having read many of these myself over the months/years i am yet to see even 1 that gives any solid evidence that there is any issue at Blizzards end. There is much speculation, conjecture, accusation and just plain guess work but NOTHING solid!

I missed the OP's small post on the last page saying that this thread was in fact a false alarm as it did turn out to be a phishing attempts as are the vast majority from what i have seen personally (no matter how some completely refuse to accept it) and anyone that uses the internet at all and in the same breath claims that they have never put their machine at risk is seriously deluding themselves. The shear act of connecting your network to the internet and accessing any online content puts your machine at risk no matter how safe you think the content may be or how secure you think you have made your software.

It must be Thursday, i never could get the hang of Thursdays.

  kftaurus

Novice Member

Joined: 7/20/08
Posts: 34

7/26/10 12:32:38 PM#74

Just wanted to add my experience as well. I had been inactive for nearly 6 months with two different accounts, and I decided to resub. Now both my accounts are obviously tied to my battle.net account, I have never had a problem before, I do not go to "fishy" websites as I am very cautious with my computer, I have full internet and virus/adaware/spyware software running, and yet somehow about a day or two after I resubbed I was hacked. They even added an authenticator. Needless to say I was not very happy, I had blizzard deal with it, and reformatted my entire hard drive, just in case. A lot of effort to go through just to make sure it wouldnt happen again. Well about two or three days after jumping through the loops, and changing passwords not only was my account hacked again, but I also received a warning from my email about someone trying to access it from China. Ridiculous! I have cancelled my subscription and do not plan on going back until Blizzard finds a way to take care of this issue, its not like I entirely blame them for everyone getting hacked, dont get me wrong, however, there is no way this could have been an issue on my end. Now, I have been contacted regarding a chargeback on my account as well. Clearly there is something not right, and I refuse to pay the chargeback, it would be crazy to think otherwise. I was looking forward to Diablo 3 and anything else Blizzard throws our way as I am a huge fan of their work, but now to be quite honest I am worried about doing anything involving money on battle.net. Anyways, just my two cents.

Playing:Vanguard, Firefall
Waiting for: TESO

  Aki_Ross

Novice Member

Joined: 6/22/09
Posts: 168

7/26/10 1:23:50 PM#75

I really don't see how people can defend Blizzard. Yes, I would say that at lest half of the accounts been access are down to the player. But then there's a number of people, whom have taking every precaution under the sun and still their account gets broke into. So either it's somebody at Blizzard, whom is not who they appear to be, or Blizzard's own system as been leaking. Either way somebody should be investigating, instead of trying to deny there's no problem.

  Torik

Hard Core Member

Joined: 1/02/09
Posts: 2327

7/26/10 1:48:28 PM#76
Originally posted by Aki_Ross

I really don't see how people can defend Blizzard. Yes, I would say that at lest half of the accounts been access are down to the player. But then there's a number of people, whom have taking every precaution under the sun and still their account gets broke into. So either it's somebody at Blizzard, whom is not who they appear to be, or Blizzard's own system as been leaking. Either way somebody should be investigating, instead of trying to deny there's no problem.

The problem with these discussions is that most of the people making accusations against Blizzard, really do not know what they are talking about and are just repeating stuff they read that does not make much sense.  Heck the OP of his thread even admitted that he was not actually hacked, but was overreacting.

There are real ways in which Blizzard could be compromised but people here instead prefer to discuss conspiracy theories instead of thinking about things logically.

  User Deleted
7/26/10 1:58:17 PM#77
Originally posted by Torik
Originally posted by Aki_Ross

I really don't see how people can defend Blizzard. Yes, I would say that at lest half of the accounts been access are down to the player. But then there's a number of people, whom have taking every precaution under the sun and still their account gets broke into. So either it's somebody at Blizzard, whom is not who they appear to be, or Blizzard's own system as been leaking. Either way somebody should be investigating, instead of trying to deny there's no problem.

The problem with these discussions is that most of the people making accusations against Blizzard, really do not know what they are talking about and are just repeating stuff they read that does not make much sense.  Heck the OP of his thread even admitted that he was not actually hacked, but was overreacting.

There are real ways in which Blizzard could be compromised but people here instead prefer to discuss conspiracy theories instead of thinking about things logically.

Thinking about things logically is how many of us come to the conclusion that something is wrong inside Blizzard. To say that everyone getting hacked is to blame and Blizzard cannot be is what is illogical.  Funny how many report to playing many different MMO's over the years but find their WOW accounts stolen. Saying that these people have somehow suddenly became vulnerable after years of hack free gaming and it is due to their lack of knowlegde on keeping an account safe is very illogical.

  Daffid011

Old School

Joined: 1/03/04
Posts: 7652

7/26/10 2:01:49 PM#78
Originally posted by Teala

You know, there is more to this than some people wish to believe and I honestly think Blizzard has people on the inside selling account info to gold farming houses to make a little cash on the side.   To many accounts, especially inactive ones get hacked.   Plus, now people with authenticators accounts have been crompomised...and that I would not think is possible.   Some of this hacking is because Blizzard has employees that are making money selling peoples info.

Do you really think blizzard could not spot a trend of a few employees accessing account details and there being a huge spike in those accounts getting hacked?  Just take into account the volume of accounts and the length of time this has been going on.  It isn't like anyone can freely access the account database information. 

 

As for not being able to get hacked with an authenticator, it is very possible.  The specific thread it called a man in the middle attack.   There is no such thing as being safe on the internet.  An authenticator makes it difficult to steal an account, but certainly not impossible.  It does eliminate many forms of attack though. 

 

 

Hacking blizzard servers would be extremely difficult if possible at all.

An inside employee would be easy to discover and ended some time ago. 

Nor would blizzard need to steal accounts to make gold if they wanted to sell it.

The internet is filled with millions of people who are ignorant to how things work and easily deceived.  Why pay some blizzard insider for account information when gold sellers can get is directly from end users for free?  Get account information in a way that blizzard cannot detect.  Get account information from a source that won't get fired and put an end to stealing accounts.  Get them in such huge quantities that they can sit on them for months. 

 

There has been a massive surge in volume and methods hackers are using to try to get users to give up their account information that I just don't understand why anyone finds it questionable that the amount of hacked accounts has increased. 

Just for a bit of perspective.  This site has had infected flash ads download trojans to users.  Google has had several occasions where paid reference links on the top and front of search results directed users to infected sites that spoof blizzard and other popular wow websites, but designed to steal information.   All of the most popular wow websites are now owned by gold selling companies.  Curse, wowhead, thottbot, mmo-champion... all owned at the highest levels by gold selling companies.  How many people do you think have registered their informations and downloaded things from there? 

 

  faefrost

Advanced Member

Joined: 1/01/06
Posts: 199

7/26/10 3:45:07 PM#79
Originally posted by Aki_Ross

I really don't see how people can defend Blizzard. Yes, I would say that at lest half of the accounts been access are down to the player. But then there's a number of people, whom have taking every precaution under the sun and still their account gets broke into. So either it's somebody at Blizzard, whom is not who they appear to be, or Blizzard's own system as been leaking. Either way somebody should be investigating, instead of trying to deny there's no problem.

 Once more for those that missed it. Symantec recently located and mapped an illicit server in china that was recieving keylogger information from trojans and malware, validating the information and providing a clearing house for hackers. They found 3 servers but where only able to map 1 of them to see what was on it. What they saw was user account information for 44 MILLION MMO accounts spread over 18 games including World of Warcraft. In this case this server mainly held info doe asian games and or asian game servers for western games, but it was pretty clear that there are other similar servers dedicated to North America and Europe.

 

So yes there is a tremendous volume of keyloggers out there. They are currently evolving very fast, in many cases faster than the comercial security products can react or update. And they are compromising your information much faster than they used to, In the past it would take several weeks between a keylogger getting your info and a hacker making use of it to steal an account. The current turn around time can now be under 48 hours.

 

Trust me I do do this sort of analysis and consulting in the real world. I don't have any great love of Blizzard nor am I slavishly supporting or defending them. I just don't see a valid attack vector directly against Blizzard that would result in the patern of hackings that we see. A Blizzard employee leaking information is beyond unlikely to be pretty much impossible. As I said above they have outright admitted that the database will not display or provide such information to any employees. The core database software just does not permit it. So at best an employee could only sell a list of e-mail addresses. They could never see or record the passwords. While I do not simply take Blizzards word for it, this is inline with most modern enterprise level server and database suites, so I really see no reason to doubt it. They would have had to go out of their way to deliberately engineer this security hole in. So once again, unlikely.

 

A possible attack vector against Blizzard is their forums, and the fact that they share login information with the game accounts. We have witnessed more than enough various forum security compromises that I can willingly believe this is a possibility. But then the patern of attacks doesn't quite correspond to what would be expected. We would be seeing a much greater volume of hacks (believe it or not, what we see is reasonably small all things considered). And we would pretty quickly see a direct correlation between "do you ever post on the WoW message boards?" to who gets hacked.

 

Some compromise such as a worm or trojan on an internal Blizzard system? Once again not likely. Either it could no more see the information in question than the Blizzard employees (the more likely scenario), or they would be able to see everything.

 

So it brings me back to the most likely, and preferred attack vector, given that these hackings are part of a comercial enterprise, is the use of automated keyloggers and trojans to go after the individual end user systems. And we know that there are some scary powerful tools out there right now to do just that. Those toolsets developed by the peoples Republic of China in order to snoop on Google and GMail. They're in the wild now and being used in much scarier ways. And they seem to be insanely good at avoiding detection.

  Herodes

Novice Member

Joined: 8/12/03
Posts: 1488

Consumer

7/26/10 5:02:42 PM#80

Today I received an E-mail from Codemasters (Lotro etc) about a forums security update. They wrote about how they experienced some attempts to hack their forums in the past days.
Now if the hacking guys were more successful at other forums/websites, this would explain, where they do have all the email addresses from for the phishing mails.

5 Pages « 1 2 3 4 5 » Search