Trending Games | The Crew | Elder Scrolls Online | Lichdom: Battlemage | ArcheAge

  Network:  FPSguru RTSguru
Login:  Password:   Remember?  
Show Quick Gamelist Jump to Random Game
Members:2,844,767 Users Online:0
Games:732  Posts:6,221,875
Recent forum postsRSS
Active threads
Cloud view
List all forums
General Forums
Developers Corner General Discussion
Popular Game Forums
Click a status to find game forum
Game Forums
Click a letter to find game forum
A-C
2029 Online 2112: Revolution 2Moons 4Story 8BitMMO 9 Dragons A Mystical Land A Tale in the Desert III A3 ACE Online ARGO Online Aberoth Absolute Force Online Absolute Terror Achaea Adellion Aerrevan Aetolia, the Midnight Age Age of Armor Age of Conan Age of Empires Online Age of Mourning Age of Wulin Age of Wushu Aida Arenas Aika Aion Albion Online Alganon All Points Bulletin (APB) Allods Online Altis Gates Amazing World Anarchy Online Ancients of Fasaria Andromeda 5 Angels Online Anime Trumps Anmynor Anno Online Applo Arcane Hearts Arcane Legends ArchLord ArcheAge Archeblade Archlord X Asda 2 Asda Story Ashen Empires Asheron's Call Asheron's Call 2 Astera Online Astonia III Astro Empires Astro Lords: Oort CLoud Asura Force Atlantica Online Atriarch Aura Kingdom Aurora Blade Auto Assault Avatar Star Battle Dawn Battle Dawn Galaxies Battle for Graxia Battle of 3 Kingdoms Battle of the Immortals Battlecruiser Online Battlestar Galactica Online Battlestar Reloaded Beyond Protocol Black Aftermath Black Desert Black Gold Black Prophecy Black Prophecy Tactics: Nexus Conflict Blacklight Retribution Blade & Soul Blade Hunter Blade Wars Blazing Throne Bless Blitz 1941 Blood and Jade Bloodlines Champions Bounty Bay Online Brain Storm Brawl Busters. Brick-Force Bright Shadow Bullet Run Business Tycoon Online CTRacer Cabal Online Caesary Call of Camelot Call of Gods Call of Thrones Camelot Unchained Canaan Online Cardmon Hero Cartoon Universe CasinoRPG Castle Empire Castlot Celtic Heroes Champions Online Champions of Regnum Chaos Online Chrono Tales Citadel of Sorcery CitiesXL Citizen Zero City of Decay City of Heroes City of Steam City of Transformers City of Villains Civilization Online Clan Lord Clash of Clans Cloud Nine Club Penguin Colony of War Command & Conquer: Tiberium Alliances Company of Heroes Online Conquer Online Conquer Online 3 Continent of the Ninth (C9) Core Blaze Core Exiles Corum Online Craft of Gods Crimecraft Crimelife 2 Cronous Crota II Crusaders of Solaris Cultures Online Cyber Monster 2 Céiron Wars
D-F
D&D Online DC Universe DK Online DOTA DOTA 2 DUST 514 DV8: Exile Dalethaan Dance Groove Online Dark Age of Camelot Dark Ages Dark Legends Dark Orbit Dark Relic: Prelude Dark Solstice Dark and Light DarkEden Online DarkSpace Darkblood Online Darkest Dungeon Darkfall Darkfall: Unholy Wars Darkwind: War on Wheels Das Tal Dawn of Fantasy Dawntide DayZ Dead Earth Dead Frontier Deco Online Deepworld Defiance Deicide Online Dekaron Demons at the Horizon Desert Operations Destiny Diablo 3 Diamonin Digimon Battle Dino Storm Disciple Divergence Divina Divine Souls Dofus Dominus Online Dragon Ball Online Dragon Born Online Dragon Crusade Dragon Empires Dragon Eternity Dragon Nest Dragon Oath Dragon Pals Dragon Raja Dragon's Call Dragon's Call II Dragon's Prophet DragonSky DragonSoul Dragona Dragonica Dragons and Titans Dream of Mirror Online Dreamland Online Dreamlords: The Reawakening Drift City Duels Dungeon Blitz Dungeon Fighter Online Dungeon Overlord Dungeon Party Dungeon Rampage Dungeon Runners Dynastica Dynasty Warriors Online Dynasty of the Magi EIN (Epicus Incognitus) EVE Online Earth Eternal Earth and Beyond Earthrise Eclipse War Ecol Tactics Online Eden Eternal Edge of Space Einherjar - The Viking's Blood Elder Scrolls Online Eldevin Elf Online Elite: Dangerous Embers of Caerus Emil Chronicle Online Empire Empire & State Empire Craft Empire Universe 3 EmpireQuest Empires of Galldon End of Nations Endless Ages Endless Blue Moon Online Endless Online Entropia Universe EpicDuel Erebus: Travia Reborn Eredan Eternal Blade Eternal Lands Eternal Saga Ether Fields Ether Saga Online Eudemons Online EuroGangster EverEmber Online EverQuest Next EverQuest Online Adventures Evernight Everquest Everquest II Evony Exarch Exorace F.E.A.R. Online Face of Mankind Fairyland Online Fall of Rome Fallen Earth Fallen Sword Fallout Online Family Guy Online Fantage Fantasy Earth Zero Fantasy Realm Online Fantasy Tales Online Fantasy Worlds: Rhynn Faunasphere Faxion Online Ferentus Ferion Fiesta Online Final Fantasy XI Final Fantasy XIV: A Realm Reborn Firefall Fists of Fu Florensia Flyff Football Manager Live Football Superstars Force of Arms Forge Forsaken World Fortnite Fortuna Forum for Discussion of Everlight Freaky Creatures Free Realms Freesky Online Freeworld Fung Wan Online Furcadia Fury Fusion Fall
G-L
GalaXseeds Galactic Command Online Game of Thrones: Seven Kingdoms Gameglobe Gate To Heavens Gates of Andaron Gatheryn Gauntlet Gekkeiju Online Ghost Online Ghost Recon Online Gladiatus Glitch Global Agenda Global Soccer Gloria Victis Glory of Gods GoGoRacer Goal Line Blitz Gods and Heroes GodsWar Online Golemizer Golf Star GoonZu Online Graal Kingdoms Granado Espada Online Grand Chase Grand Fantasia Grepolis Grimlands Guild Wars Guild Wars 2 Guild Wars Factions Guild Wars Nightfall H1Z1 Habbo Hotel Hailan Rising HaloSphere2 Haven & Hearth Hawken Hearthstone: Heroes of Warcraft Helbreath Hellgate Hellgate: London Hello Kitty Online Hero Online Hero Zero Hero's Journey Hero: 108 Online HeroSmash Heroes & Generals Heroes in the Sky Heroes of Bestia Heroes of Gaia Heroes of Might and Magic Online Heroes of Thessalonica Heroes of Three Kingdoms Heroes of the Storm Hex Holic Online Hostile Space Hunter Blade Huxley Illutia Illyriad Immortals USA Imperator Imperian Inferno Legend Infestation: Survivor Stories Infinite Crisis Infinity Infinity Iris Online Iron Grip: Marauders Irth Worlds Island Forge Islands of War Istaria: Chronicles of the Gifted Jade Dynasty Jagged Alliance Online Juggernaut Jumpgate Jumpgate Evolution KAL Online Kakele Online Kaos War Karos Online Kartuga Kicks Online King of Kings 3 Kingdom Heroes Kingdom Under Fire II Kingdom of Drakkar Kingory Kings and Legends Kings of the Realm KingsRoad Kitsu Saga Kiwarriors Knight Age Knight Online Knights of Dream City Kothuria Kung Foo! Kunlun Online L.A.W. LEGO Universe La Tale Land of Chaos Online Landmark Lands of Hope: Phoenix Edition LastChaos League of Angels League of Legends - Clash of Fates Legend of Edda: Vengeance Legend of Golden Plume Legend of Katha Legend of Mir 2 Legend of Mir 3 Legendary Champions Lego Minifigures Online Life is Feudal Light of Nova Lime Odyssey Line of Defense Lineage Lineage Eternal: Twilight Resistance Lineage II Linkrealms Loong Online Lord of the Rings Online Lords Online Lost Saga Lucent Heart Lunia Lusternia: Age of Ascension Luvinia World
M-Q
MU Online Mabinogi Maestia: Rise of Keledus MagiKnights Magic Barrage Magic World Online Manga Fighter MapleStory Martial Heroes Marvel Heroes Marvel Super Hero Squad Online Marvel: Avengers Alliance MechWarrior Online Megaten Meridian 59 : Evolution Merlin MetalMercs Metaplace Metin 2 MicroVolts Midkemia Online Might & Magic Heroes: Kingdoms MilMo Minecraft Mini Fighter Minions of Mirth Ministry of War Monato Esprit Monkey King Online Monkey Quest Monster & Me Monster Madness Online MonsterMMORPG Moonlight Online: Tales of Eternal Blood Mordavia Mortal Online Mourning My Lands Myst Online: URU Live Myth Angels Online Myth War Myth War 2 Mytheon Mythic Saga Mythos N.E.O Online NIDA Online Nadirim Naviage: The Power of Capital Navy Field Need for Speed World Nemexia Neo's Land NeoSteam Neocron Nether Neverwinter Nexus: The Kingdom Of The Winds NinjaTrick NosTale Novus Aeterno Oberin Odin Quest Odyssey RPG Ogre Island Omerta 3 Online Boxing Manager Onverse Order & Chaos Online Order of Magic Original Blood Origins Return Origins of Malu Orion's Belt Otherland Forums OverSoul Overkings Oz Online Oz World Pandora Saga Pantheon: Rise of the Fallen Panzar Parabellum Parallel Kingdom Parfait Station Path of Exile Pathfinder Online Perfect World Perpetuum Online Phantasy Star Online 2 Phantasy Star Universe Phoenix Dynasty Online Phylon Pi Story Picaroon Pirate Galaxy Pirate Storm Pirate101 PirateKing Online Pirates of the Burning Sea Pirates of the Caribbean Online Pixie Hollow Planeshift Planet Arkadia Planet Calypso PlanetSide 2 Planetside Planets³ Playboy Manager Pocket Legends Pockie Ninja Pockie Pirates Pockie Saints PoxNora Prime World Prime: Battle for Dominus Priston Tale Priston Tale II Prius Online Project Blackout Project Powder Project Titan Forums Project Wiki Puzzle Pirates Quickhit Football
R-S
R2 Online RAN Online RF Online ROSE Online Rage of 3 Kingdoms Ragnarok Online Ragnarok Online II RaiderZ Rakion Rappelz RappelzSEA Ravenmarch Realm Fighter Realm of the Mad God Realm of the Titans Realms Online Reclamation Red Stone Red War: Edem's Curse Regnum Online Remnant Knights Renaissance Repulse Requiem: Memento Mori Rift RiotZone Rise Rise of Dragonian Era Rise of Empire Rise of the Tycoon Rising of King Risk Your Life Rivality Rockfree Rohan: Blood Feud Role Play Worlds Roll n Rock Roma Victor Romadoria Rosh Online Roto X Rubies of Eventide Ruin Online Rumble Fighter Runes of Magic Runescape Rust Rusty Hearts Ryzom S4 League SAGA SD Gundam Capsule Fighter Online SMITE SUN Sagramore Salem SaySayGirls Scarlet Blade Scions of Fate Seal Online: Evolution Second Life Secret of the Solstice Seed Serenia Fantasy Seven Seas Saga Seven Souls Online Sevencore Shadow of Legend Shadowbane Shadowrun Online Shaiya Shards Online Shattered Galaxy Sho Online Shot Online Shroud of the Avatar SideQuest Siege on Stars Sigonyth: Desert Eternity Silkroad Online Skyblade Skyforge SmashMuck Champions Smoo Online Soldier Front Soul Master Soul Order Online Soul of Guardian Space Heroes Universe Sparta: War of Empires Spellcasters Sphere Spiral Knights Spirit Tales Splash Fighters Squad Wars Star Citizen Star Sonata 2 Star Stable Star Supremacy Star Trek Online Star Trek: Infinite Space Star Wars Galaxies Star Wars: Clone Wars Adventures Star Wars: The Old Republic StarQuest Online Stargate Worlds Starlight Story Starpires State of Decay SteelWar Online Stone Age 2 Stormfall: Age of War Storybricks Stronghold Kingdoms Sudden Attack Supremacy 1914 Supreme Destiny Sword Girls Sword of Destiny: Rise of Aions SwordX Swords of Heavens Swordsman
T-Z
TERA TS Online Tabula Rasa Tactica Online Tales Runner Tales of Fantasy Tales of Pirates Tales of Pirates II Tales of Solaris Talisman Online Tamer Saga Tank Ace Tantra Online Tatsumaki: Land at War Terra Militaris TerraWorld Online Thang Online The 4th Coming The Agency The Aurora World The Black Watchmen The Chronicle The Chronicles of Spellborn The Crew The Division The Hammers End The Legend of Ares The Lost Titans The Matrix Online The Mighty Quest for Epic Loot The Missing Ink The Mummy Online The Myth of Soma The Pride of Taern The Realm Online The Repopulation The Secret World The Sims Online The Strategems The West Theralon There Therian Saga Thrones of Chaos Tibia Tibia Micro Edition Tiger Knight Titan Siege Titans of Time Toontown Online Top Speed Topia Online Torchlight Total Domination Transformers Universe Traveller AR Travia Online Travian Trials of Ascension Tribal Hero Tribal Wars Tribes Universe Trickster Online Trove Troy Online True Fantasy Live Online Turf Battles Twelve Sky Twelve Sky 2 Twilight War Tynon U.B. Funkeys UFO Online URDEAD Online Ultima Forever: Quest for the Avatar Ultima Online Ultima X: Odyssey Ultimate Naruto Ultimate Soccer Boss Uncharted Waters Online Undercover 2: Merc Wars Underlight Unification Wars Universe Online Utopia Valkyrie Sky Vampire Lord Online Vanguard: Saga of Heroes Vanquish Space Vector City Racers Vendetta Online Victory - Age of Racing Vindictus Virtonomics Vis Gladius Visions of Zosimos VoidExpanse Voyage Century Online W.E.L.L. Online WAR (Warhammer Online) WAR2 Glory WYD Global Wakfu War Thunder War of 2012 War of Angels War of Legends War of Mercenaries War of Thrones War of the Immortals WarFlow Waren Story Wargame1942 Warhammer 40,000: Eternal Crusade Warhammer 40K: Dark Millennium Online Warhammer Online: Wrath of Heroes Warkeepers Warrior Epic Wartune WebLords Wild West Online WildStar Wind of Luck WindSlayer 2 Wings of Destiny Wish Wizard101 Wizardry Online Wizards and Champions Wonder King Wonderland Online World Golf Tour World of Battles World of Darkness World of Heroes World of Kung Fu World of Pirates World of Speed World of Tanks World of Tanks Generals World of Warcraft World of Warplanes World of Warships World of the Living Dead WorldAlpha Wurm Online Xenocell Xiah Xsyon Xulu YS Online Yitien ZU Online Zentia Zero Online Zero Online: The Andromeda Crisis Zodiac Online Zombies Ate My Pizza eRepublik

MMORPG.com Discussion Forums

World of Warcraft

World of Warcraft 

General Discussion  » Hacked characters?

2 Pages 1 2 » Search
23 posts found
  AzurePrower

Novice Member

Joined: 3/18/07
Posts: 1530

Ahh yes, "Hypers." The people who praise and hate every MMORPG... We've dismissed that claim.

 
OP  8/04/12 1:20:39 AM#1

Alright. Just having a strange issue here whilst checking back on characters in World of Warcraft.


I've of course have left my characters inactive since the start of 2011 and they're showing the inactive not found page.


How ever, I checked a friend who has quit with me at around the same. They're characters are showing up. Showing activity for 2012 with their gear missing and one character even apparently transferred to another realm.


I had my friend log onto their account. Sure enough, they're able to get in. They check their world of warcraft account page and their subscription status. Sure enough, it was frozen and has been inactive since early 2011.


Friend also has full access to the e-mail their account is connected to and received no e-mail about a realm transfer or any thing.


So how is this possible?

  Dragohr

Novice Member

Joined: 12/08/04
Posts: 50

8/04/12 1:24:08 AM#2
Why are you posting this here? Noone will be able to answer anything as the details you gave are so vague and the information is restricted to account managers from blizzard. Go to blizzard support for help.
  Aori

Hard Core Member

Joined: 1/28/06
Posts: 1786

8/04/12 1:27:53 AM#3

If the character was transfered to another realm then he woulda been notified if the email is still attached. People can't just hack your account and move your character to another realm on whim without paying for it heh.

Either way sounds like he got his password jacked and his gear stolen.. hes also obviously in denial and is lying about not getting notification emails for changing realms.

Authenticators are great for people who can't keep their passwords safe.

  miguksaram

Hard Core Member

Joined: 4/29/03
Posts: 827

8/04/12 1:34:11 AM#4
PW tip for the mentally impaired.  Diagnol strokes downward starting at the numerical keys with the occassional shift key in conjunction works wonders against most would-be hackers.  Just sayin!
  AzurePrower

Novice Member

Joined: 3/18/07
Posts: 1530

Ahh yes, "Hypers." The people who praise and hate every MMORPG... We've dismissed that claim.

 
OP  8/04/12 1:46:55 AM#5

Still doesn't explain if their game time expired in 2011. How can an account be accessed?

Seems like accounts getting hacked in WoW is too much of a common thing. No other game has such wide-spread account hacking. Even with authenticators. There's only so many times you can blame it on the player.

  armodeus

Apprentice Member

Joined: 2/22/11
Posts: 19

8/04/12 2:10:38 AM#6

The same just happened to me, My Account was inactive since january 2011.

Yesterday I activated my account using the rez scroll with the 7 free days.  My surprise when I discovered my characters naked, with empty bags and no gold at all.

So HOW is this possible? looks like the new "modus operandi"  is Hacking inactive accounts?

Fortunately I do not care since I dont plan going back to wow. But that is disgusting and unfortunate.

 

  AzurePrower

Novice Member

Joined: 3/18/07
Posts: 1530

Ahh yes, "Hypers." The people who praise and hate every MMORPG... We've dismissed that claim.

 
OP  8/04/12 2:10:49 AM#7

 


Originally posted by Magnetia
Hacking old accounts is a much better way to steal. People tend to notice when hacking active accounts.

 

[mod edit]


 

Their account was frozen and last paid game time was march 2011. So... Doesn't make any sense.

If it was a 3 day pass or a paid month. It would list the expired date.


I used a 3 day pass last on my account and it lists its expired date instead of my actual subscription months before it. So doubt the date would go unlisted.

  Aori

Hard Core Member

Joined: 1/28/06
Posts: 1786

8/04/12 2:12:15 AM#8
oh here we go, making up stories. The account had to have been active to be stripped, sorry people aren't sneaking into the backdoor of blizzard stealing your epics.
  AzurePrower

Novice Member

Joined: 3/18/07
Posts: 1530

Ahh yes, "Hypers." The people who praise and hate every MMORPG... We've dismissed that claim.

 
OP  8/04/12 2:14:04 AM#9


Originally posted by Aori
oh here we go, making up stories. The account had to have been active to be stripped, sorry people aren't sneaking into the backdoor of blizzard stealing your epics.

I could get them to screen shot it if you like. There's really no point to make up stories.

  User Deleted
8/06/12 1:55:44 AM#10

A long time ago in EverQuest (I can’t remember if it was the original or EQ2) a real controversy erupted in the forums that reminds me of your story. I wish I had links but in a nutshell, SOE had corrupt GM staff members that used inactive account characters to farm gold and sell it to players.They would get characters moved around to where ever needed. They went further and hacked into “choice target players and guilds” for cleaning them out and got caught for that but the damage was done.  

 

I am not saying that is what happened here. But, “If” you are sure there is no mistake in your assertion, then see if your pals can contact Blizzard through web support channels or phone with the details and ask them about what has happened. They can get to the bottom of it and find out...

  faxnadu

Novice Member

Joined: 3/28/08
Posts: 953

8/06/12 2:00:10 AM#11
there no really point of asking this from here, contact blizzard customer support via phone and you get your answers.
  delete5230

Elite Member

Joined: 8/15/07
Posts: 2525

8/06/12 4:54:29 AM#12

Last time I played was about three months ago.  20 days in I could not take this lifeless, too easy game anymore. I cancled my account with 10 days left.

The next morning, My Yahoo account was hacked ( an account I had for five years ). I decided to check my WoW game ( after all 10 days left ). Sure enuff, Hacked and could not log on........To make a long story short.....They got into all my stuff, not just WoW.

WoW is just a nasty game, I called Blizzard, told them to shut everything off for good......I'm done with this crap !!!

  User Deleted
8/07/12 9:19:06 AM#13
Originally posted by Crazy_Stick

A long time ago in EverQuest (I can’t remember if it was the original or EQ2) a real controversy erupted in the forums that reminds me of your story. I wish I had links but in a nutshell, SOE had corrupt GM staff members that used inactive account characters to farm gold and sell it to players.They would get characters moved around to where ever needed. They went further and hacked into “choice target players and guilds” for cleaning them out and got caught for that but the damage was done.  

 

I am not saying that is what happened here. But, “If” you are sure there is no mistake in your assertion, then see if your pals can contact Blizzard through web support channels or phone with the details and ask them about what has happened. They can get to the bottom of it and find out...

 

They also added a NPC/Banker to the bottom of befallen that'd dupe gold.

 

 

  SirBalin

Warmonger

Joined: 11/22/06
Posts: 1050

8/07/12 9:20:16 AM#14
I"ve actually never seen a company that has more accounts hacked than Blilzzard...its nuts.

Incognito
www.incognito-gaming.us
"You're either with us or against us"

  hot-hustler

Apprentice Member

Joined: 8/25/12
Posts: 3

8/25/12 7:14:19 PM#15

Just to add a little something to this thread...

Blizz will never publicly admit that their security protocols have been completely breached and/or bypassed. It would be disasterous for business. The few times they have actually spoken publicly about breaches, they still will not divulge or admit the depth of the vulnerabilities.

I am an IT security specialist (and pretty damn good at what I do... ;)) and the first rule of data security is that there is no such thing as 100% secure. Any and every security protocol, especially any client/server based protocols, can be breached. It's just the nature of the client/server software architecture. Blizzard is most definitely no exception to this rule and being such a large target, I assure you they have been breached in ways you wouldn't believe...

Accounts can (and have been) accessed, and used by completely bypassing the authentication and validation systems. Accounts that are inactive, not having "time" on them, are able to be logged in and played, transfered, you name it. "Hackers" are using premium account services (paid services) freely on these accounts and blizzard still maintains the position that it has never happened... haha that's cute. Try posting up about this in the official blizzard forums and see the respone you get. These are responses from blizzard representatives that have no idea how the WoW architecture even functions, let alone the securing of it. They are not qualified to even be answering questions regarding these types of breaches.

While Blizzard does go to great lengths to protect their users, aswell as themselves, there is only so much they can do. The nature and effectivelness of these attacks suggests blizzard has been victim to side-channel attacks against their datastores. And for neutralize the threat that would have been created by successful side-channel attacks, would require an enormous amount of work restructuring and resuring their data from the ground up. They avoided upgrading the rendering engine this long because of the workload it would impose, and that's just a rewrite of the rendering framework... haha. It's much easier to deny responsibility than the restructure the entire datastore infrastructure...

Anyway, the point is, yes you are correct in assuming that your account can be accessed in these manners and don't count on any acceptance of responsibility from the blizzard. And keep in mind, it isn't just World of Warcraft that this is happening in...

Food for thought.

BOOM!

  Shadoed

Advanced Member

Joined: 10/03/03
Posts: 1484

8/26/12 3:59:43 PM#16
Originally posted by hot-hustler

Just to add a little something to this thread...

Blizz will never publicly admit that their security protocols have been completely breached and/or bypassed. It would be disasterous for business. The few times they have actually spoken publicly about breaches, they still will not divulge or admit the depth of the vulnerabilities.

I am an IT security specialist (and pretty damn good at what I do... ;)) and the first rule of data security is that there is no such thing as 100% secure. Any and every security protocol, especially any client/server based protocols, can be breached. It's just the nature of the client/server software architecture. Blizzard is most definitely no exception to this rule and being such a large target, I assure you they have been breached in ways you wouldn't believe...

Accounts can (and have been) accessed, and used by completely bypassing the authentication and validation systems. Accounts that are inactive, not having "time" on them, are able to be logged in and played, transfered, you name it. "Hackers" are using premium account services (paid services) freely on these accounts and blizzard still maintains the position that it has never happened... haha that's cute. Try posting up about this in the official blizzard forums and see the respone you get. These are responses from blizzard representatives that have no idea how the WoW architecture even functions, let alone the securing of it. They are not qualified to even be answering questions regarding these types of breaches.

While Blizzard does go to great lengths to protect their users, aswell as themselves, there is only so much they can do. The nature and effectivelness of these attacks suggests blizzard has been victim to side-channel attacks against their datastores. And for neutralize the threat that would have been created by successful side-channel attacks, would require an enormous amount of work restructuring and resuring their data from the ground up. They avoided upgrading the rendering engine this long because of the workload it would impose, and that's just a rewrite of the rendering framework... haha. It's much easier to deny responsibility than the restructure the entire datastore infrastructure...

Anyway, the point is, yes you are correct in assuming that your account can be accessed in these manners and don't count on any acceptance of responsibility from the blizzard. And keep in mind, it isn't just World of Warcraft that this is happening in...

Food for thought.

The worst sceptic pandering and scaremongering post i have read in a long, long time! You of course have information to back up the accusations that Blizzard are just creating a huge cover up to hide the 'fact' that accounts are breached and used on a regular basis?!? I'll take your word that you do what you do and you are good at it, but at the same time i am pretty sure that Activision/Blizzard don't just have an 65 year old bloke sitting in a chair just making sure that the lights don't blink red to show a security breach.

As an IT Security specialist you will know all too well that the worst threat to any users security is the user themselves and that will always be the number 1 cause of security issues. Blizzard admitted to a security breach only a couple of weeks ago, made it very public, let everyone know how deep the breach went and suggested resolutions but i am yet to see in all this time and the numerous posts about accounts being hacked any solid evidence that there is a security conspiracy going on within Blizzard. In a relatively large guild for over four years now only three people have ever been hacked (one guy twice) and all three were down to keyloggers found on their machines when checked properly and as well as that we have had many people leave for extended periods (having babies, work commitmnents, university etc) and all have come back with no issues on their accounts. Not a definative sample of the playerbase by a long chalk, but having been in a large raid guild in Vanilla and another before the one i am in now i would have expected to meet at least one person that had, had this problem, but never have.

Personally i believe posts like the one you have made above are the worst as it makes people believe that it isn't their responsibility when they have their account hacked, somehow it is all down to Blizzard and some sort of conspiracy when in all reality it is a 99.999% (no network is 100% secure ;-)) chance that it is down to something at their own end that has caused the problem.

It must be Thursday, i never could get the hang of Thursdays.

  hot-hustler

Apprentice Member

Joined: 8/25/12
Posts: 3

8/27/12 1:13:05 AM#17

The worst sceptic pandering and scaremongering post i have read in a long, long time! You of course have information to back up the accusations that Blizzard are just creating a huge cover up to hide the 'fact' that accounts are breached and used on a regular basis?!? I'll take your word that you do what you do and you are good at it, but at the same time i am pretty sure that Activision/Blizzard don't just have an 65 year old bloke sitting in a chair just making sure that the lights don't blink red to show a security breach.

As an IT Security specialist you will know all too well that the worst threat to any users security is the user themselves and that will always be the number 1 cause of security issues. Blizzard admitted to a security breach only a couple of weeks ago, made it very public, let everyone know how deep the breach went and suggested resolutions but i am yet to see in all this time and the numerous posts about accounts being hacked any solid evidence that there is a security conspiracy going on within Blizzard. In a relatively large guild for over four years now only three people have ever been hacked (one guy twice) and all three were down to keyloggers found on their machines when checked properly and as well as that we have had many people leave for extended periods (having babies, work commitmnents, university etc) and all have come back with no issues on their accounts. Not a definative sample of the playerbase by a long chalk, but having been in a large raid guild in Vanilla and another before the one i am in now i would have expected to meet at least one person that had, had this problem, but never have.

Personally i believe posts like the one you have made above are the worst as it makes people believe that it isn't their responsibility when they have their account hacked, somehow it is all down to Blizzard and some sort of conspiracy when in all reality it is a 99.999% (no network is 100% secure ;-)) chance that it is down to something at their own end that has caused the problem.

This would be the public announcement by blizzard you are referring to? http://us.blizzard.com/en-us/securityupdate.html

When I mentioned side-channel attacks, this is exactly what I was suggesting. Go figure... lol

The "cryptographically scrambled" passwords they are speaking of would be tough to decrypt although not impossible, and you better believe if an attacker has the ability to get root access to their database servers and specifically target the user account password data, they probably have the means to decrypt it... 

You are absolutely correct in suggesting most security issues are a fault of the user not protecting themselves properly or not being aware of the threats in different scenarios, not just in online games, but everywhere. However this is not the type of attack I am talking about.

I'm suggesting the authentication and validation systems are capable of being completely bypassed. I wouldn't be able to say exactly how attackers are going about this as I'm not aware of blizzards authentication and validation system structuring, but if I had to guess, I'd assume multiple filesystem servers had been breached through one of those "internal network" breaches and had copied internal assemblies and stole memory dumps to figure out where teh vulnerabilities where. Again, just an idea of course.

Do I have information to back up the accusation? Absolutley! lol But not information I think blizzard or my friend would appreciate me divulging. The reason I know this has happened is I witnessed it happening to a friends account that had ceased playing for almost 6 months. I spoke with the GM (out of game) that was managing the support ticket with my friend after examining both his system and his account and determined there was no fault on his part and his account was infact inactive. I had the GM confirm this aswell, the GM assuring that no trial time or credit card disputed time purchases had been applied to the account since his last activity. Yet his characters were clearly online and turning a hefty profit in the Action House business lol. He even recieved a few premium services applied to the account by the attacker including a few server transfers and a few extra characters on the account that most certainly were not created by him. And get this, even though the account clearly had no time on it and hadn't for months (verified by Blizzard representatives), the armory was still showing recent character updates in the recent activity feeds... 

After helping him with his issue I got curious and did some searching around and sure enough, a large amount of other players were reporting the same activity only to be shunned for suggesting that an attacker somehow accessed and used their inactive account.

To answer the question you're probably thinking, yes I did ask the GM if they have had any attacks of the nature I described above, which obviously, he/she was not able to answer (understandably). 

Anyways, yes this can and does happen. It's just the way things work. Anything that can be done on a computer can be undone, or done in multiple alternative ways.

Love hot-hustler xo

BOOM!

  Shadoed

Advanced Member

Joined: 10/03/03
Posts: 1484

8/27/12 10:32:35 AM#18
Originally posted by hot-hustler

I'm suggesting the authentication and validation systems are capable of being completely bypassed. I wouldn't be able to say exactly how attackers are going about this as I'm not aware of blizzards authentication and validation system structuring, but if I had to guess, I'd assume multiple filesystem servers had been breached through one of those "internal network" breaches and had copied internal assemblies and stole memory dumps to figure out where teh vulnerabilities where. Again, just an idea of course.

Do I have information to back up the accusation? Absolutley! lol But not information I think blizzard or my friend would appreciate me divulging. The reason I know this has happened is I witnessed it happening to a friends account that had ceased playing for almost 6 months. I spoke with the GM (out of game) that was managing the support ticket with my friend after examining both his system and his account and determined there was no fault on his part and his account was infact inactive. I had the GM confirm this aswell, the GM assuring that no trial time or credit card disputed time purchases had been applied to the account since his last activity. Yet his characters were clearly online and turning a hefty profit in the Action House business lol. He even recieved a few premium services applied to the account by the attacker including a few server transfers and a few extra characters on the account that most certainly were not created by him. And get this, even though the account clearly had no time on it and hadn't for months (verified by Blizzard representatives), the armory was still showing recent character updates in the recent activity feeds... 

After helping him with his issue I got curious and did some searching around and sure enough, a large amount of other players were reporting the same activity only to be shunned for suggesting that an attacker somehow accessed and used their inactive account.

To answer the question you're probably thinking, yes I did ask the GM if they have had any attacks of the nature I described above, which obviously, he/she was not able to answer (understandably). 

Anyways, yes this can and does happen. It's just the way things work. Anything that can be done on a computer can be undone, or done in multiple alternative ways.

So i will ask the million dollar question based on the above. If you were so inclined would you lay your career and reputation on the line and take Blizzard to court based on the evidence you believe you have that they are somehow covering up a major continuous (over the last several years if some posts are to be believed) breach of their secure systems that allows persons unknown to access and play inactive characters without having to activate them?

It must be Thursday, i never could get the hang of Thursdays.

  hot-hustler

Apprentice Member

Joined: 8/25/12
Posts: 3

8/27/12 6:14:10 PM#19

So i will ask the million dollar question based on the above. If you were so inclined would you lay your career and reputation on the line and take Blizzard to court based on the evidence you believe you have that they are somehow covering up a major continuous (over the last several years if some posts are to be believed) breach of their secure systems that allows persons unknown to access and play inactive characters without having to activate them?

haha obviously not. 1: There's no legal basis for Blizzard to be sued. What would you sue for? Pain and suffering? Damages? lol.... and 2: It's THEIR system being compromised and the object being compromised has no value to the end user beyond the lisence they purchase for the client software and the gametime they purchase and the sentimental value it may hold. Their disclaimer(s) in the EULA pretty much sum it up. And even if there was a legal basis, what grounds would I have? It wasn't my account.

As for the "conspiracy theory", it's not much of a theory. It's a standard business practice in the software world... scary huh? lol Many IT companies share this practice as it is devastating for business to publicly announce a security breach of something your clients find valuable. If you read the EULA the accounts, characters, etc are ALL property of Blizzard, not the user. This is a clause that benefits many of their needs, including "illegal" real-world economy of in-game items, account selling, etc. You pay for the service, not the property (virtual or not).

I don't think anyone is suggesting this particular type of attack has been happening for years. Rather, it seems that this is a relatively new breed of attack, emerging in 2010 or so.

I'm sure blizzard loves this kind of blind faith from it's users because it is splendid for business, but the backlash is it removes pressure from the company to secure the vulnerablilities in a timely fashion. Whether you choose to be aware of it is up to you.

If you don't have a firm understanding of application and client/server security protocols (google searchers and "armchair programmers" are no exception), then you really aren't capable of making a valid statement in these matters.

xo 

BOOM!

  Shadoed

Advanced Member

Joined: 10/03/03
Posts: 1484

8/28/12 2:30:06 AM#20
Originally posted by hot-hustler

I'm sure blizzard loves this kind of blind faith from it's users because it is splendid for business, but the backlash is it removes pressure from the company to secure the vulnerablilities in a timely fashion. Whether you choose to be aware of it is up to you.

If you don't have a firm understanding of application and client/server security protocols (google searchers and "armchair programmers" are no exception), then you really aren't capable of making a valid statement in these matters. 

The only blind faith i have in anything is the love of my children, other that that i am a pretty straight forward guy who just likes to see a little proof when someone makes a statement about something. Can i prove that it isn't happening, well of course i can't but at the same time i am still to see any solid proof to the contrary other than rumour, conjecture or guess work. As for understanding, with 22 years in the IT industry i have picked up a few bits and pieces along the way but that being said, i always stand to be corrected should a solid nugget of evidence land in my lap.

It must be Thursday, i never could get the hang of Thursdays.

2 Pages 1 2 » Search