PVP:Yes | Distribution:Download,Retail | Retail Price:$19.99 | Pay Type:Subscription
Desktop Client | System Req:
| ESRB:T
World of Warcraft News - Hacked!
Posted by Suzie Ford on Nov 15, 2010 | 209 comments in our forums
MMORPG.com's Industry Relations Manager Garrett Fuller recently had his World of Warcraft account hacked shortly after taking a break from the game for awhile. In his Hacked column, Garrett talks about the process for account redemption and how much better companies, including Blizzard, have gotten at shutting down the hackers. Check it out, then let us know about your experiences on the forums.
So I download the Patch for Cataclysm coming up and basically don’t log in for a few weeks after. I just hit the wall with Warcraft again in the beginning of the summer and decided to take a few months off before the expansion. So after a break I log in to check out the new talent system and run around a bit with some free time. Well, the Name and Password are incorrect comes up. Ugh, I thought, please don’t be a hack. After many attempts I realize there is no getting in. So I decide to follow the step by step process that Blizzard has set up.
Read more of Garrett Fuller's Hacked!.
Yeah my battle.net acount got hacked as well as my WOW account, went thru the online petition but only got the battle.net account back, after that got an authenicator so this would not happen again.
I stopped playing in 2008 and late 2009 I got hacked and had some odd emails verifying this.
I got my battle.net account back without any real trouble, but the punks deleted all the characters from my horde pvp server. I got my top 3 back and some gear I think (I've not logged in to verify) but it bummed me pretty good.
I had a very similar (pleasant considering the circumstances) experience, minus the horrible wait on the phone. I just used the ticket option and email and it was all cleared up (though my gear had random stats on it when it was restored). All was restored and I have been using the mobile authenticator since. Not a problem, though many a phake email from looser scammers. I send them all to the blizzard hacks department.
Glad things were resolved for you in such a good way and maybe someone from Blizzard will actually read this and change their waiting song/recording....
Getting hacked at this point doesn't even affect you anymore other than inhibiting you from playing for like a day on the character whos gear got sold or deleted. It takes like 10 minutes on the phone with a blizzard support person to get your account back, and transferred to a different email assuming you know your secret question and secret answer or have the key from the original wow still handy. GM's have gotten faster with getting your gear back too, taking less than a day usually now.
Good friend of mine got hacked as well (zero-day Flash exploit back in 2008) and had a similar experience. Long wait on phone, but friendly enough and got his access back quickly and restored all of his important stuff within a week (which was very good considering the massive number of people hacked during that episode). He actually got a few more minor items about a month later. I don't think they restored absolutely everything (he had a good number of alts), but he got all his mains and their gear back as well as the bank stuff the hackers stole.
Good story. Problem is most peoples getting hacked expect to have their account restore within an hour. It's not that easy, when you have have 11 millions subs.
It is amazing how I've had a WoW account for years, 5 years of 4+ EQ1 accounts, 2 Eve accounts for 6 years, LOTRO for as long as it's been around, WW2 Online since 2001, etc.... never been hacked.
Of course, I don't download addons and I don't tell people my account name or password ever (not even roommates). Now, I am getting fake blizzard spam mail for the first time for the past couple of months, but they're all obviously bogus, and it makes me sad people fall for them. I get a lot of facebook spam too, but since I'm not on facebook, that makes them pretty easy to spot as fake lol.
Last but not least, players can and will be solicited by would be hackers and gold farmers in game as well! In game communications, such as player to player private messaging and in game mail, allow attackers to get their website information to the player in a very up front and personal way. Attackers have also been known to impersonate a Blizzard employee, requesting account information from the player in order to “save” their “compromised” account information. At this point, you may be asking:
Yeah, they do a pretty good job, especially compared to the nonexistent support in some other games; though I had a much worse experience myself, that wasn't because of the customer reps though...
I got hacked at the time when authenticators first became popular for WoW (early Wotlk) and the hackers ironically added an authenticator to my account in order to prevent me from accessing it...
At the time, these things weren't even available in Europe and the customer reps were kind of oblivious as to what should be done to solve this problem...
It took weeks to remove the thing from my account in the end...
" On-Screen keyboards are also an excellent way to type in passwords and other sensitive information if you feel you may have a keylogger on your machine. In Windows, you can press the Windows Key + U in order to bring up your On-Screen keyboard. In Vista and Windows 7, you can also simply type “on screen keyboard” in the Search field of your Start window.
I think that is the longest comment I have ever seen.
Ditto.
tnx for the info. i'll check my account with WOW right away...:)
Glad it went well for you.
I am one of those for which the experience was so bad I quit playing any Blizzard game for good. I had the long phone wait, got my account restored, was re-hacked, called Blizzard security, replaced my computer (old one died anyway) so no addons, keyloggers, etc..., changed by bnet login, put my password on a random generator and added an autheticator, got Blizzard security to confirm the changes were all good . . . got re-hacked again. Quit Blizzard games.
I understand my circumstances are rare, but for me it was too much hacking and seems to be someone inside Blizzard either using the account, letting one of their friends use it or sold it because I dealt with Blizzard's security service multiple times to make the account as secure as possible and it still got "hacked".
Actually a few thousand accounts got leaked by ... oh wait... this is Blizzard and not NCSoft. Nevermind then, carry on.
Sometimes it doesn't matter how often you keep changing your password, downloading addons or cleaning your PC: Without an authenticator you're bound to get hacked sooner or later. I clean my PC with four different anti-spyware/virus programs at least once in a week, always watch out for where I'm surfing and downloading from and haven't downloaded any addons since DBM which was about a year ago. There might be a keylogger here somewhere, but then it certainly is quite a sly one.
My account got hacked about one month ago. I was visiting my family, and on monday morning my friend called and asked was it really I who was online as I wasn't replying to him and kept running between Honor Hold and Ramparts. After a brief heart attack I got to my sisters PC and tried to login to my battle.net account. Turned out I couldn't. The hacker had added an authenticator to my account, so no go with that. I submitted a ticked through Blizzard's webform and an hour later had my account succesfully banned. I think it took about four days for them to remove the wrong authenticator and change my email address, and about an hour to get all my stolen money/stuff back. I suppose that I could've handled it all with a single phone call, but I wasn't in hurry (and not feeling confident enough with my spoken english) so I handled the whole situation vie emails.
Recently I saw this quite interesting interview with a gold seller at youtube where the guy stated that gold farmers actually get majority of their logins and password by hacking the game forums and such, not individual PC's. The seller seemed quite a nice guy actually, he even had a method in mind that would reduce the amount of hackings by about 90%: Password should be changed once every month and never into something you've used even once before. He had many other interesting things to say also but that was what surprised me the most.
One, have not heard of one account with an authenticator being hacked. Banks use those devices and never had a problem getting hacked when I worked for one. So that is a sure fire way to prevent getting hacked.
Had a different problem, had not played since they changed logins to a battlenet account and I obviously could not log into my account so I had to call them to get my account transfered to my battlenet account, took about 5 calls to get through and about a 40 minute wait. I also had a bad key for my expansion pack, but they would not do anything about that even though whoever was using it had obviously stolen it. Had to return the package to the store and get another.
I got hacked too, and Blizzard did a good job of helping me get it back and got most my stuff back. They said they could only give me a certain amount of stuff back ( for some reason ) I guess because I have so many dang characters.
To start things off, im a network admin so i know how to setup firewalls, antivirus and antispyware programs.
Ive been hacked 5 times now. The last time was 3!! weeks after getting my account back after the 4th hack.
Everytime ive been hacked ive completely formatted my hdd and reinstalled everything. im 99.9% sure the problem isnt on my side. Ive had about 20 other mmo's where ive never been hacked, among others LOTRO SW:G Warhammer online, Conan, EVE online, guildwars.
Its gone so far with wow hacks that almost everyone i know has been hacked at least once. (and most of my freinds have been playing wow since the game came out).
BTW hardware authenticators seem just one more way for blizz to make money. NO OTHER game that i know of needs a peice of hardware to make it more secure.
After the 5th hack i finally gave up.
The worst security problem i got related to games in my life was with NCsoft and Aion and with Blizzard and Wow.
Aion i played like few months and the fishing email beging to kicks in. I just cacnceled the subsciption the same month and never will ever buy any other products from them whatever they will be. It was very well known at this time that their email listing was hacked yet the always denyed it. To be honest i always had the feeling this company had strange affair with the gold seller affair, and i stand firm behind this now. I dont know if their listing got sold or robed but something happened for sur, and something very smelly. I will never trade with internet company that have internal security problems, even if it is just a game.
Few month later i tryed Wow, just because i had to try it one day, since i play mmo since the early Uo lunch, and wow is "WOW". I knew it wasn't a game for me, and it really isn't, so i didn't even baught the first month, it was just the try it stuff, and didn't even last more than few days. Since then the email i used for this test is still spammed with phishing or real Wow account security sector sending me email about the fact my account is hacked (i mean like twice a weeks for month now lol), to be honest i don't give a shit since i never payed and will never. Not only because of the game, but i don't want my mails spammed with crap all my life time, so thank you guys, byebye.
Just to be clear i never ever got any phishing email attempt but from those 2 companies in 20 years of mmo gaming. So guys i hope you'll take this as a lesson to learn something. And i play almost every day of those 20years, f2p, p2p anyking you could dream of i tryed it... Yet the only security holes i got was from you, the 2 biggest companies ever??? I mean should i repeat it twice to make it clear?
Coincidence?... come on, i'm 40 years old now.
Some pieces of advice....
1) Use Firefox with the NoScript Add-On installed when browsing. This prevents websites from running potentialy harmfull scripts on your machine. It will break alot of sites "functionality", you can choose to allow those sites to run scripts in your browser on a one on one basis...as you trust them....and I would generaly only allow temporary permissions. Run no other add ons in any of your browsers (or game clients). Period.
2) Never ever install any file sharing or P2P applications on your machine. In general avoid "widgets" as well.
3) Install a personal firewall with a default rule of DENY ALL IN & DENY ALL OUT and poke. Unless you are running a server, no traffic coming INBOUND is legitimate. Outbound traffic MAY be legitimate, but you want to only allow that traffic on a case by case basis for connections that you KNOW you are making on purpose. That way, even if you do get infected... you are preventing the malware from dialing home.
4) Avoid IM, period.
5) Set your e-mail client to read e-mail in PLAIN TEXT only. That way you can see the addresses of the places a link tries to take you....make sure those domains are legitimate ones. In general, never click a link in an e-mail that you aren't SURE you generated by some action YOU TOOK. Your best bet is to avoid links and type in the URLs to your sites manualy (or access them from favorates entries). If a site is telling you there is some problem with your account in an e-mail, DO NOT click a link provided in that e-mail. Goto that site the normal way you always get there yourself... chances are the e-mail was a bogus phishing attempt.
6) Avoid fishy sites....especialy any site that deals with gold selling, you are just asking to be hacked.
7) Use a strong password ....something at least 8 characters long with both letters and numbers, upper case letters and puncuation marks if possible. Alot of people are hacked simply because they use easy to guess passwords.
8) Use different passwords for different sites. It's probably too hard to remember a unique password for every different site you access...but having like 4 that you use works. Designate 1 garbage password to use with sites you don't trust that much.... and 1 one that you only use for sites that are truely important and you know have strong security (like your bank), etc. In general, don't use your super sensitive password for gaming sites. Even though their security is better then most end users....it's generaly not all that hot....and there is some risk of them getting hacked and loosing your acct credentials.... you DON'T want to entrust them with the same password that you use for banking, etc.
9) Don't give out your password to ANYONE. No legitimate company well EVER ask you for your password over the phone. They may ask your permission to change/reset your password for you...but they'll NEVER ask you what your password was. Companies that care about your security won't even give thier employees the ability to lookup users passwords, only change them.
10) For any site that allows it, DO NOT use your e-mail as your username and don't use the same nickname/forum name/screen name as your login user name. Having some-ones username is 50% of the puzzle of breaking thier account.....don't make the hackers job easier for them by giving that piece of the puzzle away for free.
Following the above won't make you bullet-proof....but it should avoid about 99% of the common traps people fall into.
Actually, in regards to accounts with authenticators being hacked, a number of incidents happened a bit early this year. http://www.tomshardware.com/news/blizzard-warcraft-authenticator-hack,9821.html
Now you've heard about it... :-)
WOW hackers are idiots. Who else would use highly valued IT skills to illegally hack into accounts for a business that probably pays them hourly or blue collar wages? It's stupid; like a Computer programmer shoplifting a pack of cold cuts in a thrift store.
Folks with the tech and ingenuity to hack can make a boatload more money day-trading stocks online. Pays better and completely legal.
Therefore...
The FIRST STUPID AWARD FOR THE 21ST CENTURY goes to.....
(drum roll)
WOW hackers.
I never have trouble when informing Blizzard my account was hacked. I just get annoyed at how often it happens.
Sorry, I don't see how this is worth an article.
Some guys account got hacked. So? Happens constantly to people. Yes, it's annoying. Still, it's their fault, since it was a security problem on their side.
He got his account back, his equipment was gone, and that didn't take long. Soooooo? Does that article give us any new information about anything? No. Any creative points of view? A review of something? Fresh ideas? Interesting screenshots or videos to look at?
Nah. It's just some guy describing something that happens constantly. If I'd describe how I'd go to the bakery and buy some bread, that would be more worth of an article, because it's as mundane as getting your wow account hacked, but it's not as often talked about.
Sorry if I sound negative, but that really is not worth a read.
The thing is most of the time they blame the end-user (ie us) for allowing our accounts to be hacked, but as someone pointed out it could have easily been from their end as well, the GMs may have limited control over our accounts, but the people on the phone, techies, coders, etc have near on full access to them, all it takes is one disguntered employee to copy the data, leave the company and it's payday for them, or even a laptop left on a train/stolen from home/work, Blizzard would never admit it's their end, nor would any company with personal data being handled, these things only get found out from outside sources (ie the press).
In Blizzard's case it's worrying because if it was something simple like the addons, we would know about it stright away, either the community or Blizzard would have accounced it clearly and promtely, it's just the volume of accounts been hacked since the new battlenet was put in place and with people with just SC2 reported being hacked a while back, user data has to have been leaked/stolen from somewhere, may not be from Blizzard persay could have been a 3rd party and/or site, but this is looking less and less likely to be 'user error'. TBH it would be far better if sites/games quit using our email as a login - it's far too easy to crack
Mine was hacked during a hiatus from the game. I engage in p2p file sharing So I suspect it was via this method with one of the many thousands files I download that he was able to access my password. However with relation to the promptness that blizzard dealt with the issue, doing so without me evening knowing my account had been hacked. I cannot help but suspect it was a security breach via there patch client that caused the information leak. Since they do request you to open ports. They have however done an excellent job to conceal this from the media. Or perhaps even an internal violation from members of there own staff.
But yes I am happy in the manner of which they dealt with the issue, even if my main account is now in Swedish!!!
Just curious, Garrett, do you use any add-ons or the WoW client only?
Authenticator vs a trojan, useless
Authenticator vs phishing, good, still not 100%, but 99%.
At least you have a core hound.
My guess is there are simply some security holes in battlenet that Blizzard is well aware of. With that said, I'm sure they're bringing in quite a bit of cash with their authenticator program, so I'm not sure they're too concerned with fixing the problem.
I got hacked last year. It was during the weekend so I couldn't call Blizz. I instead sent them an email during the afternoon and the next morning my account was reset and all my items and toons were restored.
Well I didn't have this problem until the switch from a user name to email addresses.
I got got battle.net phished.
Add ons had nothing to do with it, just cuz I wasn't even active for a year. They probably saw a forum post I had, saw my email addy which was the same (remedied that) and used a program to phish my random password.
It's as easy as that sadly.
Very true...and the core hound probably has the best animation routines out of all the in-game pets... :-)
i got hacked last winter. took 3 days total through email to get my account restored with more gold and items on my toons than i had before the hack plus free game time. no phone in needed.
my account got hacked a couple months ago or whatever after being wowfree for almost 2 years. got everything back i guess, haven't check because my account is basically in limbo until i finish the restoration process. it's funny to receive scam emails trying to get me to finish the process.
With regards to a 45 minute wait on the phone, here's a tip to ensure that the queue isn't so long.
Get straight to the point and don't keep the operator on the line with needless chatter about something other than your issue, such as talking about D3, or how long you had to wait etc etc.
I would imagine that the whole process may result in ppl being dealt with alot quicker, without ppl hogging the operators time with idle chit chat.
My experience with getting my account hacked was a bad one. Took weeks to get it back, had to fax forms, emails back and forth. tryied calling customer service multiple days and never was able to get through. phones were so busy, blizzard only had a recording that said "queues are completely full, call back later" type of message.
So...now I run with both PW and authenticator, friends run with both, and anyone I help get started I make sure has both set up, if possible.
I also saw a good idea of giving blizzard a special email address that they only have..
finally any email from blizzard, may not be from blizzard, spoofing occurs so you may see xyz at blizzard dot com and that may map in the mime encoding of the email to some server else where (not blizzards). So be leary of email....
my 2 cents anyway...
Have to agree, i have not been on WOW for over a year,and i have bought a new computer that has never had WOW loaded on it,or any other Blizzard (battlenet) game, my son got Starcraft 2, and gave me a limited time use account, to activate it i had to add my battle net account, did not enter it anywhere else i entered it just for Starcratf 2, not more then 2 hours later i started getting Phishing E-mails for my battlenet account, if there are no holes how did the Phishers get it so fast? when the account was for a Blizzard game?
Its just a conspiracy so Blizzard can sell over-priced authenticators to 12 million people and rake in even more $$$.
A) good luck prosecuting an account hacker for stealing items that companies do not want to put a value on.
B) What makes you think the hackers are the wage slaves and not getting a cut of the profits or running everything themselves?
Actually, I felt the same way when I first read the article. Didn't seem to be all that newsworthy, given that it happens to hundreds, if not thousands of people every week. Having a WoW account hacked is hardly something to get all worked up about. Then again, the fact that it's happened to somebody in the computer entertainment industry means that they have a chance to make people aware that this is happening, and that nobody is safe.
I'm glad the article was written, assuming it accomplishes the following:
1. People who read it and weren't aware of how prevalent WoW account hacking is take steps to prevent it from happening to them.
2. Somebody at Blizzard who checks the MMORPG.com web site mentions to their boss that they saw an article about WoW accounts being hacked.
Now, if only we can get it picked up by some major media, so we can finally get Blizzard to actually do something about it. Other than trying to sell us an authenticator, that is.
Getting your account back is the easy part. Getting all your gear and accumulated goodies squared away, across a dozen characters on three different servers, is more of a hassle. If you had your own guild bank, that's more trips to the mailbox to retrieve your recovered items. If you had access to a shared guild bank, have a good time returning everything that was stolen from your friends while your account was being ransacked.
There's nothing to recovering your account. The nightmare is trying to get the mess sorted out once you're back in. That's something they don't have a quick fix for.
Funny enough, when it happened to me, it was a few weeks after I'd taken a hiatus from the game too. It was supposed to be a temporary break but became a permanent one after the incident. It was the final nail in the WoW coffin for me.
I basically had the same experience as you, except with only waiting 20mins on the phone. It actually made me respect Blizzard a whole lot more because back in 2005 my account was hacked as well and I waited 2+ hrs for a representative.
You shouldn't get relieved if you have authenticator. It might be safer but it shouldn't give you the feeling that "Hey, I can now have whatever trojan i can". There is still man-in-the-middle attacks. If you cba to read the above and can't understand it, basically the trojan tricks you like you talked with WoW Login server but instead it sends your login and authenticator information to the hacker. If the hacker is online and sees this, he can easily log in to battle.net, disable your authenticator and change your password. I think recently Blizzard also found a solution for this which is to ask another authenticator code for both cancelling authenticator and/or changing password. I am not sure though, but still be careful what you download and have at least a basic antivirus like Microsoft SE.
battlenet.com send me in many times emails with warning about my acount and hacking
Not the type of report I thought I was going to read, thank you for wasting my time and making me yawn more than your 45 min wait. Here I thought WoW's News page got hacked from the email I recieved about this. I could careless about your experience, I've had plently before, good and bad, i don't need to tell the whole word, it was so pleasant this time after the 45 mins... damn guy, your life that boring?
A lot of comments here. Getting hacked was the last nail in the coffin for me playing WoW again. I got *most* of my stuff back but not all of it. I lost some important things that took a lot of grind to get. While it was fun to get those things, I wouldn't do it a second time. Worse than that, I lost all my gold and mats. I had farmed up a lot of thorium, enchanted clothes, gems, etc. All of it was gone and not replaceable since I hadn't played for a few months and they didn't have records of those things.
I just didn't want to go back and grind all that stuff up again. There are other games out there waiting to be ground ^^
Even though I don't really want to play WoW anymore, it just feels like being violated for sure. It sucks to put all those hours into a hobby and have it ruined like that. It left a sick feeling in the pit of my stomach and I never want to see a WoW loading screen again or hear the music from the game.
Only 45min? You got lucky. Try 2 hours.. They do a good job though, but the wait is just horrible..
I keep getting emails without the noreply in front.....Not that I care.......I havent played in years and could care less if they hacked it...All my information has changed soooooo........no biggie
I wonder if he name dropped to the blizz CS...
bet he did
Keyloggers can be embedded in anything.. JAVA, FLASH, and a host of other multimedia plug-ins can be used to extract information from your PC. Just be glad you have not been targetted yet, because once you've been violated, it will make you kinda paranoid about everything on your pc..
I've been hacked three times over 5 years. First time took forever to get my account back and then took forever to get my stuff back. I was so happy to have everything back I didn't care. I thought they were lost for good my alter egos. The last 2 times things went a little faster but those actually happened just days apart. I've never had to go through and make the phone call thankfully. When everything was restored I had all my enchants and everything on my gear even though they warned me that probably wouldn't happen. After that last bout of fighting off the forces of gold farming I got the authenticator. This was when they first came out and I've never had a problem since. I've always been happy with wow's customer support. I've had issues in other games where things get lost or taken and they just tell you to be smarter about it next time. Wow fixes it. For all the whining and groaning people do about Blizz they do care about their customers.
I would be much more impressed if Blizzard gave out the authenticators with the new ex-pac or any physical copy of the game. As it stands now I hear, <INSERT HACKED STORY HERE> ...and then I bought an authenticator.
I had a good experience with Blizzard when my account was hacked, had went almost 4yrs.... not one problem during that time and then one day I get signed out the game and goto log back in and then bam it won't accept the password.
I was lucky because from that moment on I was fighting the hacker and making it tough for him to stay logged in because I reset the password, but then he reset it and then I changed the email but because of how Blizz does and it was delayed he was able to get a password and keep me out.
Blizz restored my account and more than took care of my toons they some how sent me my items and gold back in the mail, but sent me twice the ammount back even my gold.
The phone support and the rep I talked to was nice and very good, as was the people I talked with ingame and the emails I got. They followed up and even weeks later emailed and asked how things was going.
I got an authenticator after that and sleep good at night knowing because of it my account is safe.
just my .02 ;)
I've been hacked for MapleStory once, and Nexon did nothing to help it. In fact, only people who complained about their account with Nexon Cash on it got help. I've had a problem with Guild Wars before about an email from the Taiwanese Guild Wars saying I needed to reset my password (I confirmed the email's sender, too). They helped me reset my password on the same day and everything went smoothly.
You can get hacked with authenticator as well. Though it is more difficult. Essentially the keylogger sends your password and authenticator code to the hacker while at the same time killing your connection to wow. They then have seconds to input your info. It happens. It's also rare.
Never once been hacked. I know people who have but I never have.
Keep in mind that these things and not limited to wow. An authenticator may offer protection for wow but if you can get a keylogger so easily you can get hacked anywhere. Your usernames and passwords for any site or service are also being reported back to the hacker. Even if blizzard returns all your stuff, even if you have an authenticator, you may still have a keylogger and it may be stealing your other info.
There is no substitute for common sense. And you know the stupid stuff you do online that got you that keylogger in the first place.
My account got hacked too. THe INACTIVE account, believe it or not. I wonder how the hackers use inactive account. I guess they pay for it and just use as mule or farmer. I cared less, but I did have some money so I bet they used it for their evil purposes. Since account is inactive for years I didnt bother to try to call Blizzard again. First time waited for 30 minutes and decided that its not worth it. I don't play the game anyway. So let them hack it.
best best is to change password each month and use lasstpass
I wonder why a lot of inactive accounts get hacked? I mean I can play a game forever with the same password and no hacks. If my accout becomes inactive for a while - there is a huge chance that it will get hacked. I had 2 inactive accounts hacked. And never any of the active ones. I wonder if that has anything to do with games' database itself. Oh and WoW has thousands of gold farmers if not hundreds of thousands. I think half of Korea and China use WoW to make $$$ :lol:.
When I got hacked, the gold farmer used my paladin for farm ore. I got my account back before they could send the ore over to their account. I ended up getting 8k gold worth of saronite/titanium, so my experience with getting hacked wasn't too bad, lol. Never got my arena points refunded though...had to wait an extra week to get my loots. :[
I had my 2nd account hacked awhile back. Had a lvl 14 hunter on it. That was it. No gold, nothing on it.
I called Blizzard about six months ago after recieving "Thank you for your recent purchase of Celestial Steed" whatever thingy. Needless to say I hadn't played WoW in almost two years so I was curious.
Called them, waited about 30 minutes (during an early afternoon hour) and finally got a guy. He was EXTREMELY helpful and told me no, I wasn't hacked my account was still pristine. The email was from goldbotfishers looking for suckers to click on their links. I even had trouble remembering the toon's name but I got one of them and told him particulars about it, then backed it up with personal info (that hadn't changed).
I must say after playing tons of MMOs, the Blizzard people really should be proud of their customer service people. Courteous, fast and cheerful through I can't imagine all kinds of irate customers who have to wait through the automation.
I realized they must have lines like that due to the sheer amount of customers they have and not some barebones CSMs so it made sense that it would be a long wait.
There was a long forum debate a while back that cataclysm should have authenicators with it.They have put in a new system in the guild rank where you can set the rank "must have authenticator".
There is a new free (and better in my opinion) security system at battlenet
http://us.blizzard.com/support/article.xml?locale=en_US&articleId=35806&pageNumber=1&searchQuery=phone+call+authentication+when+unusual+login
Basically when an unusual login happens on your account (like multiple wrong passwords, an ip you do not usually login from ... etc) happens a phone number pops up on screen. You must call that number from a preselected phone, enter a pin and a code displayed on the screen to login. Nothing happens if you login from your normal ip and you pw is correct. I really think accounts beieng hacked costs blizz lots more than they take in with authenticators, and that they want them to stop as much as we do. Cust Service folks don't work for free.
edit for spelling (some prolly still wrong)
I get constant emails that my account info has been changed, the emails look legit, well they are for all intesive purposes, they are identicle to real ones. I emailed Blizzard about it but have yet to hear back, , but the emails are pissing me off.
There literally is nothing to suggest they are not from Blizzard, all the link when you hover over them are real Blizzard pages, just don't know if that's where they actually take you.
The emails are pissing me off tho - i asked them if it's some kinda of hard advertising just to get me to go to the site since the expansion is comming, lol.
I can log into the battlenet web page just fine, so i don't know.
Yeah, when I got hacked, it's actually getting intouch with someone is hardest part, but once you do getting everything restored just flies. Now I use one those ID Authenticator and I report any of those people selling gold. Because that was what they used my account for as well as selling everything in our guild bank...needless to say I was not on top of the happy list in my guild for awhile even though everything was replaced ...DOOOOOH!!! :-(. Oh well live and learn ;-).
Hi Everyone,
To answer the add on question. Yes. I used Quest tracker back when it was needed. Deadly Boss mods, Healbot (shaman), Recount. and eventualy gearscore.
I think I avoided all of the others.
After seeing a couple posts about using the Windows Virtual Keyboard, I want to add a few warnings about using this.
It MIGHT thwart a few keyloggers, but not many. Most keyloggers work by listening for Windows events. For you non-programmers and techie types, these are the things that allow Windows to wait for your input before doing anything. Any time you press a key, let up on a key, click or move the mouse, etc. generates an event. The Virtual Keyboard works by sending the keypress events just as if you pressed the key on the actual keyboard. The only virtual keyboards that work to avoid keyloggers are ones with randomly located keys and/or screen locations built into the program.
It makes me sad to read this. What an evil world we live in that people do such things. There is so much scam, robbery and harrasment in the internet these days, that sometimes I wonder if it's worth all it.
I myself was recently robbed €600,- by someone who managed to steal my credit card info online. I am still fighting over it, no matter if I am going to see that money ever again.
What a sad world. *sigh* :(
I think the icing on the cake for me was when the Hacker, though a 3rd party, asked for the ebonweave gloves It had left on my main :-)
odd, when my gf's account got hacked (while inactvie for months), bliz said I had to get something notarized and snail mailed to them. they never said once that I could call to get it restored.
lol, that's crazy
I think they're pretending that accounts are getting hacked, and they randomly choose which accounts that should under-go the "hacked" status. That way you'd be apt to buying the authenticator.
I call shenanigans!
I am having almost the exact same problems you has , I have been away from WOW for a year & decided to come back for the expansion when I tried to log into my battle.net account it said wrong password , at the time I didnt think much of it as I play Many many MMO's So i went thru the password retrival using my email & secret question & reset the password alls good ?
Well not exactly as when i went to reactivate my accounts I got a message that there suppended due to supicious activity so Now i am in the process of sending emails trying to get this resolved X fingers
wow, wear your tinfoil hat much? Blizzard sells authenticators at cost (they are like $6.50). If you have an iPhone, or other smartphone you can DL the authenticator for your phone for Free (if it costs that's your carrier not blizzard).
BTW you can't write an addon that acts like a keylogger. The Addons exist in their own protected bubble in the WoW client while running. The Addon cannot pass data either into or out of an addon while the client if running. An addon is allowed to save a file to your character's data folder and to the generic folder that holds addon info. Blizzard added those limits into addons to prevent them from being used as malware.
If you have picked up a keylogger from an addon, it's because you downloaded the addon's archive from someplace other than Curse gaming, Wow Interface or WowUI.com all three of those sites check their addons for Virus load, and also make sure that what you DL is a .zip and not a .exe self extracting archive or installer. The latter are programs that run and that can be or act like trojan horses.
You can avoid a ton of malware by simply running Firefox and using adBlock. Adblock blocks all of those banner ads and other advertising crap that litter most websites. Many companies that sell those banners are less than diligent about making sure that ad headers don't contain malware. I know of more than one site that has had problems with ads that had malware payloads.
Also to the person who believes that hacks only happen on WoW. Think again. I know of people who have gotten hacked for all of their items and IG money on EQmac. That's a single server with a very small population, with accounts that can't even be transfered to other EQ servers. Hacks happen in every game. It's just a small enough problem with your run of the mill small population game.
WoW's population on all servers is so large that even a small percentage of people getting hacked is a huge money drain for blizzard. So it made sense for them to offer something like an authenticator. It saves them tons of money which is why authenticators went from $20 when they were introduced to $6.50 today (or free if you have a phone that can run the mobile authenticator prog).
The only thing that seems strange here, is that the majority of the hacks do not occur until after the account is deactive and no longer in use. Which means the hacker has to hack the system (username and PW, not blizzard), reactivate the account then put an authenticator on it all to get the stuff off it.
Seems a fair bit of cost (the monthly fee+ authenticator) to hack an old account. Just seems weird to me this didn't start until after the battle.net situation.
Here is the best way to never get key logged.
Make a notepad document, type out your password in there and save it to your desktop. Every time you log into the game, just copy & paste your password. Add a authenticator on top of that and you should never worry about having your account broken into.
i wish people had other things to do in their lives except doing crap like this
Yeah, that CAN happen, but as soon as you log on again, it boots them. So they have about 30 seconds or less?
I think a big problem is, most casual computer users see that email "FROM BLIZZARD" about changes to their account, account suspected of being hacked, yadda yadda. 99% of the time it's not a real email.
If at ANY point you are concerned about your account, type in battle.net in your browser yourself, and then log in. That's so simple. But so many people lack common sense that I guess that is hard.
I'm sure someone has posted this already,
but just incase 4th line in you spelled better with a g.
I do not know if you ment to do that but just thought i would throw that out there.
;D
Lukain,
Call them. You may be on the phone for a while, but it is worth it.
I am in australia might be an expensive call..unless there is a aussie number I can call? I am currently on my 5th email & its looking like I will get my accounts but who know what they will be like when I do get em they may not have any characters I did have 5-6 characters maxed out & raid equiped .
My account was recently locked even though I haven't played in years. Damn hackers somehow got my info, and I guess used it to farm gold. It's takes a dirtbag to do something like this, but I pity their means of income, if anyone even purchases from them.
i got hacked twice. im a douche for answering the email to verify my battle.net account....twice. but got all me gear back both times within a week. im still a douche though lol
NEVER click a link that appears in an email. Even if that person is someone you trust. If you MUST put your machine in danger and click an email link, then first in your email client (or even webmail site) find the "Show headers" or better yet "Show Source". Look at the "Return address", if that is anything other than a blizzard.com address then the email is bogus. On all of the WoW related phishing email, the ones that are not legit have some hotmail.com or other nonblizzard address. When I did finally get some real wow email (I race changed a character recently), I checked it and it had a blizzard.com return address.
Remember, NEVER EVER click a link that appears in the email. Always go to the site's homepage linked in the email and find the destination yourself. That's the safest way. I guess the links from MMORPG.com are legit, but it wouldn't be too hard to spoof those addresses to go to a phishing site or one that would DL malware.
Funny to see how MMORPG.com staff doesn't stick to their own rulses.
AFIAK there's a special trheat for "My account has been compromised". Then why is staff allowed to make a seperate post about it..? It's not that I do care extra about the compromised accounts of MMORPG.com staff members...
It seems this happens a lot! I had this experience, had to change my battle.net account to a different email and the old one still gets about 3 phishing emails a day. Blizzard got off to a slow start in fixing things but then really bent over backwards to get things right. My hacker had transferred some toons and I didn't want to pay to put them back and Blizz finally came through. Even though I was a hater, they won me over.... and that's hard to do.
Ah yes,phone number is not free from our country and it charges like for international call,so spending 45minutes on the line cost you more than purchasing 2 new wow boxes
And when i got hacked one day,they banned me for one month for "investgating",si i took 1 year break from wow.
Spambox in my mail is 90% filled with wow related fakemails,and when i bought digital copy of wotlk expansion from their official reseller,it came without free month,so i ended paying way more for it,with their reply that its perfectly ok,and they dont provide digital copy with free gametime.
So my experience is exact opposite
Got hacked once myself. In my case, I got an email notice about "unauthorized access" and found my password had been changed. I went through the process of getting the account back only to find someone had put an authenticator on it, too. Fortunately, it was pretty simple to get that removed. I downloaded the authenticator app for my iPhone and set it to my account.
The account had been inactive for 6 months. I have no clue how someone could have gotten into it. I have script blockers on my browser and don't download strange programs from sites I don't trust, and scan the hell out of the ones I download from sites I do trust. A couple months after getting my account back, I get another email from Blizzard. Apparently the people who hacked it had also payed for a month...then reversed the charge. Now Blizzard says I owe for that month before I can reopen my account. I was gonna come back to try the expansion, but I suppose Blizzard can go screw themselves now...
I still don't understand how so many people are being hacked. Use a secure password unique to WoW. Use an email address unique to WoW. Only login to Blizzard websites using a bookmark. Don't play on other people's computers. Use a minority web browser (and install noscript or the like) and email client. Apply updates immediately.
I'm also tempted to say get a Mac or run WoW in Linux using WINE or Crossover. But that would just invite trolling... ;-) Still, I run WinXP too and it's not _that_ hard to secure.
Just how are people constantly getting hacked? How is this still happening? I'm baffled.
Never got hacked in over 5 years on any of my two wow accounts. By how people complains getting hacked often I think i should have gotten hacked atleast five times in that period.
i believe quite many got foolen by the sneaky armory what looked excatly like the original but stole your login and password.
best way to defend so far is to buy the blizzard key generator.
cheers
There are a thousand ways of being hacked, not just keyloggers. My account was hacked months after I had stopped playing and canceled the account. I didn't even have the game installed anymore. It was a typical mass attack against many accounts at once (my brother's account, also canceled, was stolen at exactly the same time, but luckily only his login information was changed - nothing was taken or deleted from his characters.)
Neither of us recieved any notice of what was going on. I just decided to log into my battle.net account one day and noticed my account was active. Whoever re-enabled my account also used the refer-a-friend feature to start another account, and paid for 30 days gametime on that account - which enabled my own account for 30 days. I told my brother about it, and he checked his account and found that his login credentials had been changed, but no other activity had taken place.
The account restoration process was simple. There is an automated account recovery process and I had everything back to normal within a couple of hours of realizing my account had been stolen. Of course, this still requires a GM to hit the switch so to speak, but that's really the only wait time.
And to all who believe the authenticator is some kind of impenetrable black magic device, it isn't. It helps of course, but it is NOT total immunity to having your account hacked. Again, there are many ways - both more effective and easier than keylogging - to steal accounts, including ways of bypassing the authenticator altogether. These methods will not be made public or acknowledged of course, at least not by Blizzard.
P.S. - Blizzard let me keep the refer-a-friend gametime reward the attacker applied to my account, which let me play for free for 30 days, as well as the several thousand gold worth of items he farmed with my characters. Hopefully the person also pays for another 30 days so I can get the mount as well... ;-)
I was hacked just over a week ago, I haven't played in almost a year. A friend rang me to tell me my character was online and put in a ticket on my behalf. I went to Battle.net and started the process from there. Within half an hour or so the account was locked down and my character was offline, the hackers had had access to my acount for about two days. Being in Australia and with time differences I wrote Blizz a email and waited for a response.
At this point my account was locked down, and even though I had changed passwords and email addresses I still needed to contact them again. Rather than play email tag I called. I'm a night-owl so I had no issue waiting up till 1-2 am to make the call. It was all handled very quickly and I had my account back and access to WoW immediately after the call. Three of my characters were restored before I logged on to check the damage, and only one other needed restoration, this was handled very quickly too.
Now even though I don't intend to return to WoW I ordered the authenticator, to avoid any issues in the future if I do happen to play again. The authenticator arrived in 7 business days, the postage was a little pricey but there are other options if you don't want to spend the money on a physical authenticator.
My account getting hacked was my own fault, I had it attached to a not-very-secure email, my email was hacked and then my account.
My hot-tips for when you get hacked.
If you have a real-life friend in-game, get them to issue a ticket.
Follow the steps on the Blizz site for retrieving your account and call them asap.
When you get your account back, it is very possible it was activated on a stolen credit card, this does not mean you have a free month! The card owner will do a charge back and you will then be liable for the charges if you play it more than a few hours to get your characters sorted out.
If you are in Australia the number to call is 1800041378, I have skype, the call cost me nothing.
Be polite, the customer service people are not responsible for your account getting hacked, don't take it out on them.
None of that matters. As I said in my previous post, there are many other ways to hack accounts, including en masse. Man-in-the-middle attacks, vulnerabilities in Blizzard's or other companies networks, etc. -- your account can be stolen in a thousand ways that require minimal or even no participation on your part at all.
Credit card account lists (by the thousands) are sold on underground markets, for example. How do you think these lists are obtained? Why would Blizzard or any other company not be susceptible to the same methods used against banks? Of course, they would be as tight-lipped about vulnerabilities or breaches as the banks are though.
Bottom line: nobody is perfect, including Blizzard, and always putting the blame on the user for having their account stolen is ignorant.
Well I have not played wow since oh about 2008. I get at least one email from blizzard about once a week stating that my account has been locked, after somebody other side of the world tried to brute force my account. I also use to get several emails trying to fish my account out with offers of free cataclysm, to the ones saying your account has been changed.
So what I did was change my email address from one that I don't have registered with mmorpg. Guess what In the past 3 weeks not one email from blizzard, not only that no more of those fake emails either trying to get me to give them my wow account. Coincidence, I think not.
There sure seams to be a lot of it going on. I had a friend a couple of weeks back who reported when he logged in he was stripped down to his underwear. They did not change his password or anything. They logged in and stripped down all his toons. The took all his gear sold, it and sold what they could, and got into the guild bank from what I understood.
I've never been hacked.
Never type your password.
1) Make a txt file with a list of about 100+ passwords JGHJ123kjh98 type of mess.
2) Copy paste your password into the login. Ctrl C (copy), CtrlV (paste).
Works for me. Simple and done in a flash. Works for most games out there.
Do yourself a favor and top that off by adding their dial-in service. It is only a matter of time before the authenticators get jailbroke and then they won't be useful anymore. Until Blizzard takes the massive step of blocking access to the EU and US servers from Asian IPs, we'll be vulnerable to thieves that Blizzard can't prosecute. I'm all for them being able to play, on their own servers, but I don't the good of blocking them on our servers outweighs the bad PR of blocking them. They don't respect the game. Blizzard knows this needs to be done.
This is a common fallacy, with this method the password is stored in the clip board and still easily retrieved.
You know what? I do that stuff. I'm not an internet idiot. I'm a Network Management student. I still got hacked somehow. Gold selling makes big bucks. Stealing accounts is a highly effective way of getting gold fast to sell. They've got some clever people working for them...
Yeah, just read that. I guess I'm just a luck SOB then. I guess it helps that I scan my system often, keep it upto date, and stay off the questionable sites more than my method of password usage.
Blizzard has done a lot to improve customer service, and your own experience in how fast you got your account back and the stories of others that are similar is evidence of how far it has come. Blizzard has issued the Authenticator for a price that is incredibly low in the security field - unless you live somewhere in the world where you can't get one, I don't have much sympathy for you if your account gets hacked (empathy, yes, sympathy, no). Don't want to spend 45 minutes on the phone trying to get your account back? Get an Authenticator and attach it to your account(s).
If 45 minutes is average, I agree in this day and age that's too long, but on the other hand I've spent a lot longer than that on the phone waiting for service from other companies and I personally wouldn't have thought much about it. I like being able to connect with service people through an online chat method - especially since I have a second computer beside me most of the time - but just leaving the phone on speaker while I do whatever works well for me.
;)
Well, due to the extremely high rate of being "hacked" for Blizzard's battle.net, they've become experts at undoing the damage done by the malificent individuals involved. I wouldn't be surprised if they actually have a chapter in their employee handbook that details exactly how to view what an account had in total on X time on Y day, with all the characters listed.
All a "hacker" has to do to get into your account is buy a list of emails from a gaming site or blizzard themselves, and then either send phishing emails or simply bruteforce their way in.
My experience is a little different than yours. I used just e-mail... and overall, after getting my account and all my items restored it took about two weeks. Because I was not subbed during that time period, I feel I was treated very rudely about it, like because I was not a current paying customer that my account security was not their problem. Then, since the hacker still had some time left on the account, I signed in and fixed everything, re-equipping gear, cleaning out the bank, vendoring junk items I forgot what they did, etc. Well, this raised a red flag, they shut down my account once more, and now won't let me back in until I pay them the $15 for that 10 minutes.
I purchased an authenticator because they told me that if it happened again, they would turn turn their heads and ignore it.
Sorry Blizz.... you lost a solid customer and now I will tell whoever wants to hear it my awful experience.
I don't understand why people don't just spend the 6 bucks and get an authenticator, or get it for free if you have iphone/droid. Yea, it's still possible to get hacked with one but the odds are extremely low. As others have mentioned, the only way this happens if they are keylogging you at that moment in time and then log in almost immedietely. Even then, the keylogger has to hope that the authenticator key was keyed in when it was first generated (I think the number changes 30-45 seconds). I didn't know it knocked you out if someone else tries to log in while you are already logged in though.
Also if someone is wondering if there is a way to get the authenticator removed from a hacker, it's pretty much like pulling teeth. You have to call Blizzard CS and actually provide the original serial number of the disks.
I would be interested in hearing Blizzard's side of this tale. Although I've had my differences with Blizzard (I think Wrath was pretty bad), their customer service has always been first rate when my friends and myself have had to deal with them (once you get beyond the phone wait time).
My friend's account was hacked during the 2008 Flash exploits, and his treatment was first rate despite the massive numbers Blizzard was dealing with at the time (it was the first time I saw warnings of hacking show up on the WoW splash screen)...and when my wife's authenticator failed when we recently resubbed, they were very friendly as well and even called back at an appointed time at one point.
I'm guessing to get such a stern message from Blizzard, there is a bit more to the story than has been presented.
I have never been hacked and I have played the game for almost 5 years total since launch.
I have an authenticator. Best $6 I ever spent on a game. And I do not miss it - spent more than $6 on breakfast this morning.
I have an e-mail address dedicated to WOW and only WOW. NEVER any spam.
I have another e-mail address I use to register at 3rd party and add-on websites. All the spam goes here.....interesting huh?
I use very limited addons and when I do use them I install them manually and review the folders once I install them.
My password is non-sensical and cannot be found anywhere. It contains multiple characters.
My wife has played the game for 2 years and never been hacked either.
I played off and on for 6 years before I got hacked. Don't get too cocky just because it hasn't happened *YET*.
Allyou need to keep from getting hacked is a lot of what has been mentioned. Have an e-mail that is ONLY for your battlenet account,never use the battlenet e-mail for anything but battlenet, get an authenticator, never give passwords, don't visit sites that look even slightly weird, don't buy gold and when using addons only get them from a reputible place such as Curse. Been playing for 3 years and have not had a problem. Also never answer to emails or click on links in them. Go straight to the battlenet site for any logins. And NEVER go to any sites that your are directed to while in game by a tell, they are allways phishers. Anytime it is blizz sending a tell they will not tell you to log in to anything and their names will ALWAYS be in blue.
My work PC is guarded to the max due to where I work and what I do. My home PC just recently got MSE as a virus scanner. My first virus scanner in 20 years of PC using (beyond a couple free trials for norton/mcafee that were soon removed because they caused more problems than they solved). No viruses. No trojans. The worst was some adware back in the day before the big advertisers paid attention to the ads they were hosting.
Aside from not sharing files/downloading crap, surfing in the "bad" areas of the internet, I just follow one simple rule: never click on anything that I didn't expect to see. All those stupid pop up "your computer is infected! please click ok and go to our site to download Virus Stomper 2011 now!" scams just make me laugh (and annoy me since I blast them with task manager instead of clicking the "close" button which isn't a close button).
Flash is my biggest worry. Too much uses it, and Adobe apparently can't code their way out of a wet paper bag.
I *DO* have to fix a lot of other people's PC's who have gotten viruses/trojans/malware. But they all have one thing in common: People who click things they shouldn't. They deny it of course. Much like the people here who think it's blizzard who was hacked, not them (even after a new pc!!!! heh... same habits, same problems, new PC won't solve PEBCAK.)
Get an authenticator or use the smartphone version.
Get a Mac.
Use Firefox with noscript and adblock.
^
This.
This is one of the biggest things that makes me think there is a security issue on Blizzards end. In many cases I have read about it is week(s) after the account goes inactive. I personally know people that have not played WoW for years, never used add-ons, different PW and UN for all sites visited, been around long enough to know not to fall for the phishing emails, and have trash email accounts for each game they play, that have mysteriously had their accounts compromised. Whether it is a compromised data base or an unscrupulous employee we'll never know but having been an online gamer for 15+ years, there are too many coincidences for me to think this is all the fault of the end users.
The other issue is Blizzards switch over to the battle.net login which is less secure than the previous method of logging into the game. LOTRO just switched their forums over to same login as your game login and not surprisingly, compromised acccounts have become more common. It absolutely baffles me why companies switch over to less secure methods like this in this day and age.
I'm not usually one of those conspiracy, tin foil hat types but like I said, there are just too many coincidences for the fault to all lay at the feet of the end users.
Or the hacker could hack the account and monitor the e-mail address assocuated with the account and once the account goes inactive, then hack it. They would have more time to play the account before its reported. A friend's account got hacked and his characters kept appearing in game and doing stuff.
He just got his account back and had achievements and gear that the hacker got for him. Kinda funny.
I might agree with this, but in some instances accounts have been inactive for years....are you suggesting the "hackers" are monitoring accounts for years as well before they take them over? Not a likely scenario IMO, and does more to prove my point of data base corruption or unscrupulous employee during the battle.net conversion.
I don't know why this theory is so hard for people to accept. It's happened before with large banks having their data bases compromised, or unscrupulous employees taking records from work they're not supposed to and losing them. It happens, it happens a lot, but for some reason people think Blizzard is infallible.
Oh I agree it can happen and might have. Heck, we just had a story here in Atlanta where a business dumped hundreds of medical records in a dumpster behind their office! So eay I think it can happen but I do not think its a widespread problem or still ongoing (more like a one time event).
To be honest though, I think a lot of the hacking has to do with non-Blizzard sites that people frequent. Honestly, I would trust Blizzard over addon download sites.
As I have stated before, until i registered at one particular addon website, I did not get a hack e-mail. Now I get several a day. And that is the ONLY thing I use that e-mail for that is WOW related. And I do not download addons from that website anymore either.
Sure it could be Blizzard but I think its another company or companies that got or get hacked regularly and won't confess.
I've never been hacked, though I definantly deserved it more then a lot of people. It makes me think getting hacked is more luck based then anything. I was one of those people that: used my yahoo email for everything...lol, Visited porn sites and all kinds of wow related sites, used a similar password for everything, didn't have an antivirus for a year, used internet explorer, basically did everything you could do wrong except actually hand my information to anyone, or buy gold (I think these people have the highest chance of getting hacked).
Tips to lower hack chance (things I do now):
1. Never run the internet on the Administrative Account.
2. Use seperate wow email.
3. Make sure all passwords: wows, emails, computer internet account, administrator account, are all different and hard to figure out. Change wow password periodically (once a year seems good enough to me). Also change it if you hear about a recent surge of hacks, (ex: flash vulnerability that happened a while ago).
4. Don't touch emails claiming to be blizzard.
5. Have an Antivirus
6. Use Firefox with addblock and noscript.
7. Get an Authenticator.
8. Get the dial up thing.
9. Download addons from well known sites. For curse download manually, the client can be vulnerable sometimes.
I can't stress changing your password enough, usually hackers keep your information for a while before hacking the account.
Agreed.
I think as you have stated it's a combination of everything. End users to an extent, non-Blizzard 3rd party sites, and I think there may have been a compromise at Blizzards end as well. Of course no one will admit to anything, especially Blizzard because that would set them up for serious litigation.
It's easier and cheaper for them to deal with it in the mannor they are rather than face any kind of punitive damage settlement which knowing how things are in the US, would happen.
Blizzard hopefully has learned a lesson as Turbine did with allowing 3rd party add-ons to their games. AC1 allowed 3rd party apps and there were constant cases of people having their accounts compromised. It just allows too much room for error at the end users end and causes a lot of issues for the game over all IMO. As with Turbine, their next big game, LOTRO allows no 3rd party apps at all. It's only one facet of the issue, but an easy enough one to stop that would cut down significantly on the amount of compromised accounts IMO.
Regardless of how it happened, I do feel badly for those that have been compromised. It can't be a good feeling and I have been fortunate enough never to have had it happen.
This is another reason I think it is something at Blizzards end. Too many stories like this. People that have been gaming for years without any issues suddenly have their WoW account, and only their WoW account compromised.
Again, like I said there are too many coincidences for this to lay at the feet of the end users alone.
The main issue one has to deal with in such a situation is the fact that you got hacked in the first place. When such a thing becomes commonplace enough that people shrug it off and call it just another part of the game...? That's when you know there is a problem.
No matter the game, and no matter the company behind it, there should be steps taken to prevent this. First and foremost, you have to wonder; how are they getting the ability to hack your account in the first place? If it is so easy, why hasn't it been even easier to circumvent and negate the process entirely? A corporation has a responsibility to it's players, and it's consumers to ensure a secure and enjoyable experience.
In some cases however, we find that the so-called corporations providing these services would much rather not bother with such things at all, stating it is the user's problem and therefore they should take the requisite steps to halt it from happening. But as to the means, the how, or why, they never say. If this is to be resolved, it should be the corporation who provides the service that is to take the steps required to negate this. An individual can only do so much without being properly informed of the actual ways to stop these so called "Hackers" from getting what they want.
I have played many games before, and many of them primarily that in which would become victim to hacking attempts, if not gold farmers or the like. Each time, I have found the companies send out warning letters, with the requisite "<Insert game here> Representatives will never ask for your personal information/password or username."
But is it really enough? Can the corporations not provide some sort of program in which would allow the player to play the game in relative safety from such things? I suppose we'll never know.
Oh my god, my account of the most popular p2p mmo in the history of the world was hacked, how odd. Seriously why would anyone hack for example EQ2. No one gives a shit about EQ2. There are so many hacked WoW accounts simply becouse there are so many people playing it. Also, oh my god my WoW account which I have not used for months was hacked HOW could this be!!!!! Oh I dont know becouse if someone hacked an account that was active and being used it would lead to the hacking being discoverd in mere hours instead of months.
What people totally fail to realise is that you dont need to enter a WoW phising site or click a WoW phishing link to get hacked in WoW.
Totally had my account hacked and recieved emails about something of the sort. never responded but when i start back up my warrior batter be back to up and running state.
Yeah, because data bases never get compromised or there is never a case of unscrupulous employees where significant money might be involved... *rolls eyes*
Naivety is the scammers best weapon.
You should know better as a writer for this website then to post this crap. I stopped reading at :I got my account hacked".
No one hacked blizzards servers, You were stupid and got keylogged is far more likely. Probably on a site advertising WoW gold. Or maybe you clicked a link on the forums. There are 101 ways dumb people get duped.
But to have any credibility as a game reviewer and say on your own site you got hacked. Come on man really?
Normally i'd brush this off as people being naive or not paying attention. What makes me go Hmm is just after the switch to battle.net this happens. Which everyone knew was going to cause security issues. But then just shortly after Blizz comes along and gives you a patch to correct the problem (the authenticator, which you never needed before the change) so long as you pay for it.
I don't care if it's 20 6 or even 1 dollar. That type of security is on their end. They did something on their end that weaken the security (by changing unique names to emails) then it's on their end to bring the security back up to where its suppose to be. Thats my only issue with the circumstance.
I am not ignorant of this fact. However, I do not see any reason why steps have not been taken aside from the simple "Do not open email by suspicious people, and do not go on sites aside from ones authenticated by blizzard" Kind of runabout.
This sort of thing only seems to perpetuate the ignorance of the players, and make it easier for hackers to get the information that is so desired. There needs to be better preventative measrues taken. And while I am ignorant of -how- specifically they hack the information, I must admit, I have a theory.
A virus which would enter your system, and search for critical files integral to the world of warcraft game. Or, keyloggers. For the first, I would honestly create a folder with a"False" database, and should they attempt to read the files and send the pertinent information back, it would trigger some sort of reciprocating virus in which could trace the ip it was being sent to, and infect said computer, and network.
thats what you gen when playing on the official servers.. you also spent a ton of money on a GAME... i play on private servers and i dont give a damn shit if something goes wrong, cuz i havent invested on it.. same with windows... i dont complain if windows 7 is the same vulnerable to previous versions and its crap, because i havent payed for it either and i have to be grateful that i can use the best, still crappy OS there is for free..
you, payers, should also think about it:
you pay, everything, you get hacked and you dont make a big deal out of it... if i were in your shoes, i'd exterminate a country... just for fun
The account hacking is probably WoW's biggest downfall, such a shame Blizzard are not doing more to prevent these sort of things from happening. I was hacked myself and because it happened like months before, I lost everything. No way I'm I ever coming back to this game again.
Yep, its a real shame indeed. Do you know why the authenticators work so well, even though it is as easy to hijack a login with a trojan as it is to simply keylog the normal account?
Here's why....
Over half of the account compromises are from
1. Email address list selling by Blizzard, Facebook. and many game sites, which then get phished or bruteforced.
2. Former Employees who took a list of email account names with them to sell, and in some cases, use to hack into themselves.
3. Internet security breaches at Blizzard.
4. Current employees stealing info and either selling or using it.
The authenticator works so well because the problem is not on the user's end as often as it is their fault. Any decent hacker can program a virus to shut down the targets WOW login, send the current authenticator code to the maker, and then alert the maker to login and begin the violation of your poor little elfie. It takes a different kind of person to get your login and password without even touching your pc.
Ways to keep your MMO account safe:
1. Never, ever, ever, ever download any addons that are not supplied directly by the maker of the game. Regardless of how safe they usually are, there is always a time when the addon itself will have been hacked by a hacker and a keylogger placed in it.
2. Make an email account that is used for ONLY that game. No other games. No mailing lists. No forums. No nothing. Just. That. Game.
3.Use complex passwords. Do not use the same password more than once. Change the password weekly or even daily.
4. Never access your game or email account at a public place. You never know who could be watching, in person or via a virus.
5. Get an Authenticator if one is offered by the developer. It is the only way to protect your account from being compromised from the developer's end. No major MMO has ever been without its fair share of inside jobs, and Activision, as well as Blizzard, have one of the worst track records when it comes to information leaks.
Yay for sensationalist journalism....not. A pretty misleading title for your article, eh? It must be a slow news day for someone to write something as common as a WoW account getting hacked, regardless of who it happens to.
lol if it wasn't worth the read, it shouldn't have been worth the wasted space of your comment.
The problem has always been players being unsecure with their account information. Blizzard and other companies are working double time trying to educate players, offer them additional security measures and many other things.
A company cannot fix the poor habits of a player. It is the players responsibility to keep their information safe.
This isn't a case of companies not doing enough, because no matter how great their efforts it only takes one stupid action by a player to undo all of their efforts.
TLDR: players are careless with their account information and there is little to nothing companies can do to prevent that.
Addons are NOT the problem in WoW. An addon in WoW is a limited LUA script. Basically a complicated macro. Blizzard has never allowed .exe addons for their game. The addon runs within a limited run area in the program. They are not allowed to pass info to the machine during the time that the client is running. Addons can save info to a couple of specific folders that live in your WoW > WTF and no where else. Again Addons only save info to the WTF folder during the shutdown of the client.
Things that can hide keyloggers are programs that you run while Wow Runs (ie programs that autoupload gamedata for sites like Wowhead, guildportal, etc.) If you run things like that at the same time as your wow client you deserve to be hacked.
BTW large numbers of people were being hacked since before the Battlenet change over happened. I had my authenticator for nearly a year prior to the rollout.
Things people do that hose their system security.
1) Using one password for most everything. Even using the same password for all MMOs is dangerous. Company A's employees may be trustworthy, but Company B's employees that work on that Asian Grinder or on that failing american MMO may be less trustworthy. Also, Asian organized crime is anywhere that money can be made. So your info given to that company may be less than secure
2) They use the same passwords and usernames on websites that they have no idea who controls the user info. Also, said websites have lower security than most mmo databases.
Yea I agree, but not that its by their design, just an oppertunity; Rule number #1 in business I say, turn a disadvanage into an advantage......The only 2 qustions to ask is, will it make more money? yes Can you get away with it? yes
WTF is a WTF folder......im scared
The problem comes in the downloading of the app from a compromised source, not the actual app.
You don't know as much as you think you do and that's how this stuff perpetuates.
That makes sense in theory, but in practice blizzard is giving away authenticators for free. No profit to be raked in there. Not to mention the $6.50 for the authenticator includes shipping and most likely makes it a no profit venture at that.
Which do you think blizzard wants more. $15 a month recurring or $1 profit from a fraction of their playerbase while loosing untold number of players and having extreme customer service costs due to related hacking.
It is nonsense to think blizzard wants their customers to get hacked as some are suggesting. It isn't like blizzard is hurting for cash and sustaining/growing their playerbase is the most profitable thing they can do right now. They do not need to resort to greifing their customers in order to maybe make a one time sale for an extra dollar.
YOu will notice a few posts above that I posted just what you said here. That DLing an addon from a source other than one of the "good" ones leads to DLing Malware. Also Addons are NOT apps.
There is a TON of misinformation in this thread mostly from people who don't know what addons are and what they can and cannot do within the Wow Client.
If you want to learn more about what addons are and what they can and cannot do. Visit the World of Warcraft UI and Macros forums Here. don't assume that what you here is true, find out for yourself. Ask the folk there who actually do the LUA scripting what they can and cannot do. http://forums.worldofwarcraft.com/board.html?forumId=11114&sid=1
I have been playing Wow since a month after launch (I spent that first month beating my head against EQ2). I have never been hacked, and I doubt that I ever will. I take reasonable precautions, most people don't even do that and blame others when their machines get compromised.
The conspiracy theorists want to believe that it's all blizzard's fault. That their security is so bad that it allows this stuff. Again I feel the need to point out that they have over a million accounts in North America alone. If there was a rampant problem we would see many many more hacks, enough that there would be a huge deafening outcry. An outcry akin to the one when Blizzard wanted to plaster our Real names all over their forums. What we are seeing is a small fraction of a percentage of the possible accounts that could be hacked. We see here the ones who are aggrieved enough to post. Hell we don't even know if the people who say they were hacked actually were. There is a lot of anti-Blizzard sentiment on this site.
Tasha
PS If I have said something to misinform people in this thread please let me know what and include a link to an authoritative site that backs up your assertions
Welcome to the evergrowing club of hacked individuals from WoW. Of course some jackwagons around here would have you believe it is your fault.
I've been playing online games since back in the NWN aol days, and muds before that. UO as the first MMO. I've played WoW, and I am familiar with how the 3rd party apps interact with the client as well as other 3rd party apps in other games. We were writing scripts for games 10 years before WoW even came out so I know very well what they are and how they work.
3rd party apps is what us old timers call what those in WoW call add ons. Same thing essentially, just a different name. Kinda like guild, clan, kin, allegiance.....you get the idea.
Your mis-information is in the statement that the 3rd party apps don't hide the keyloggers. On the surface you may be right, but it's only half the truth. The danger comes in making a broad statement like that giving naive people the impression they can download a certain 3rd party app without issue. The problem comes about when the file they are downloading for said 3rd party app is infected with a trojan or a keylogger or some other unsavory code. Next thing you know, you're "hacked", or more appropriately....compromised.
You seem very defensive about WoW so let me just be clear I am not trying to beat down the beloved WoW. I played it, it's good at what it tries to do. I have nothing but respect for Blizzard as well, but they have dropped the ball IMO and there are too many coincidences for it all to fall at the feet of the end users. How do you realistically justify someone that has not played or logged into the game for years getting hacked? I know people in the IT field that I have gamed with for years that have never had so much as a hiccup in any of the other myriad of MMO's and games we've played yet they were compromised in WoW. Some don't even use 3rd party apps. It's just too much of a perfect storm of coincidences on a wide scale for me to accept.
There are tonnes of stories out there like that that make one really step back and reconsider what is going on.
The issue is YOU don't seem to understand how an addon in WoW differs from an actual applicaiton aka an independant program that runs beside the client. You don't seem to understand the limitations that blizzard has placed on AddOns.
1) Blizzard addons do not run seporatly from the client program. This allows Blizzard to implement how far the lua scripting can go in modifying the client behavior. In the last 3 years blizzard has added many limits to what addons can do how they get data into and out of the application. It is VERY dangerous for you to assume what an addon in WoW can do based on what one could do in UO, Everquest, MUD of the week etc. Again these are very much like Macros, but with more functionality and flexability by the authors. These run as part of the client and can only get and save data from specific folders in your wow folder. Again they can only move data to your computer while Wow is shutting down. (BTW this is why if you change addon settings and have the client crash that you lose your changes).
2) There are a few WoW Utility Programs that can be dangerous if not monitored(ie from a good firewall) or if dowloaded from anywhere but the mainstream hosting site. So I am clear as to what I am talking about, I am specifically talking about the addon updaters (ie Curse Client and MMOUI minion etc), also Website updaters (ie Guildportal Wow Client, Wowhead Client etc). Those are programs that run at the same time as wow and the Wow Client has no way to control what these do. These are kinds of programs that could be made into trojan Horses or loaded up with keyloggers. For these, I would recommend that a NOOB not use them at all. A more advanced user should DL them from the actual hosting website (ie Curse.com, MMOUI, WoWhead etc), and only run them before or after you start a WoW session. They should not be allowed to run while you play.
I guess you and I are running into a case of semantics. The only things that I call addons are the lua scripts that one places into the WoW>interface>addons folder. Other things that run like exe files I tend to call utilities, programs or apps. It's the latter that people need to be very careful of.
I had received a series of obvious physhing mails and just ignored them. Just a few weeks ago, after about a year away, I decided it might be nice to try out this new expansion. I decided to login and refresh my skills a bit. Tried logging in and was told that my account had been closed "due to suspicious activity". I thought "Great, even ignoring the junk mails I was hacked." Not a major problem but a bit frustrating.
I went through the process of getting my account unlocked, and even most of my stuff back, and was reasonably happy. I was out of the house when I got the series of e-mails telling me I was back in business. Then I got to the last one. I was told that my account had been re-suspended for "suspicious activity". I checked the time stamps on the last two e-mails and received that notice ten minutes after receiving the last "your ok again" e-mail. All that effort and almost a week of frustration shot down in ten minutes, and I was not even home to see it happen.
I have not bothered to try getting it back. Even though it would be nice to run my high level characters in this new world it is not worth the pain. I am still trying to decide if I will just buy a new set of keys and create a whole new account. Right now I am leaning towards just waling away.
If you got hacked it is 100% your fault. When you understand and acknowedlge that, you will be one step towards looking less of an ass
I know exactly how the 3rd party apps work in WoW amd other games for that matter. I have written and toyed with many of them, but yeah, we are definitely running into a case of semantics more than anything.
I know the limitations(of lack there of) of the 3rd party apps, or add-ons as you prefer to call them. My issue is not with the add-on itself but the source from which the add-on is obtained, no matter the type. That is where the issues arise, not with the 3rd party app(add-on) itself. This is where we seem to not be meeting in our discussion.
Sorry that is incorrect. Add-on's do carry trojan programs sometimes. Being oblivious to an actual problem is ok, but when you try spread an opinion that is incorrect in a forum thread that is just wrong.
You should always scan any add-on you download.
Actually TashaG is correct.
Addons are 100% safe. There is nothing they can do that will compromise accout information. There is no code that can be written in them that can call an external program such as a trojan or somehow log account information. Just to be clear, there is nothing a LUA addon can do to hack an account, even if there is a trojan file packed in the zip file you download.
I think you and several others are confusing Viruses/Trojans that are disquised as being addons and offered for download. It may sound like semantics, but there is a huge difference. You can download and unzip all the trojans in the world to your addon folder and they will never do anything. They will just sit there doing nothing. They will not execute when wow loads the addon, because that is not how addons work.
It is only when a user does something other than unzip/extract files to the addon folder that a trojan could possibly do something. Even then it would require the player to run some special installation program, unzip the files to a system directory or something that should be so obvious that it just screams do not do this.
As long as a player only unzips/extracts addons to the addon folder there is nothing that could cause harm. Even suggesting that addons can in some way be the source of problems is spreading misinformation or at the very least being misleading. This is why people fear addons and think the actual code of addons is somehow responsible for their problems and not their own actions. Players need to understand the small, but very important difference in how they could compromise their own account and how hackers might try to trick them into doing something like this.
1) download any addon you want.
2) extract the files into the wow/interface/addon folder.
2a) Do NOT run any install programs, special install instructions, extract files to any other directory.
3) do nothing else and live play without fear of addons being able to do anything malicious.
Follow those simple steps and you will never ever have a problem with addons.
I had a similair experience. I took a break for about a year when I had to drop my internet. When i checked my email during that time I had a message from Blizzard that my password had been changed. I tried to log in a got the message and went through getting my account back. I changed the email address associated with it and added the authenticator. Unfortunately 4 of my toons on my main server had been deleted and I never got them back but at least i got my account back and my main had an extra 500 gold that I didn't have before. To this day I still get phoney emails to the old email address about problems with my account.
Because it was.
PEBCAK's are the source of 99.9999999999999% of the WoW "hacks"...
Anytime you build an idiot proof system, the idiots build a better idiot.
I'm curious, I have a little story too, I gave up WoW a year and a half ago, too much of the same after hitting cap again.
I used the battle.net authenticator before I left . I upgraded to an iPhone 4 and lost the access I previously had, all apps went over but that was it, I didnt really care as I had no interest in playing Wow again. However Aug this year I bought Starcraft 2for the Mac and found that I needed a Battle.net account just to play local games, I wasnt happy.
I tried unsuccessfully to get into my account and in the end setup a new account as support were so slow to respond. I then thought, "hey, I want them all on the same account" and thus begun the painful exercise of removing the authenticator, despite explaining a dozen times that it stopped working when I got my new phone they insisted that I send proof of my identity, "odd, I thought as I never remember giving them proof of my identity in the first place, so what the hell were they going to compare it too?" in the end I had to relent but redacted everything except my name.
Anyway, that was enough it seemed and they removed the authenticator, but now they wouldnt merge the two accounts to get WoW and SC2 on the same account, I despair, I still have 2 accounts.
I thought nothing of it until a friend left a message on my forums (today) asking if I had logged in on my WoW account, I repied " no, why?" seems that somebody had hacked my account flogged gold off 2 characters and items off some characters. A mule had been created but oddly enough had 1g, which is more than my other characters had been left with, apparently they were aware that I had 7 free days available to me and knew that my logon no longer had the authenticator on it. Bloody suspicious if you ask me!!!
I use a MAC therefore I'm not as prone ( though not complacent) to the same exploits as the majority of people but being in IT I still exercise caution with the net, I use Windows VM's without anything special other than a basic browser and certainly no passwords or cache history, I roll back the VM's after use.
I have now kicked off the recovery of the items that were sold and the cash that was stolen, I have no interest in playing again but damnit, its my gear!!! Passwords were changed instantly and related systems now have new passwords. All my systems have been scanned for viruses/trojans and loggers. Nothing visible. My firewalls on my Macs are pretty good and I have a tight set of rules and dont get suckered into phishing attempts no matter how good they might be, I trust nobody!!.
I would dearly love to know how I got hacked, how did they know the authenticator was removed IN AUG and I had 7 days of free access?? not to mention my username/email and password. I dont use Hotmail I dont store passwords on forums, I use use the Wow forums. It all seemed a bit to convenient, the recovery process automatically started the process to recovery items on my WOW account, how did they know I wasnt simply recovering a lost password?
I'm confused.
Just a quick addition to that above.
I had no email telling me about the free time, and my existing passwords/username still worked.
I have checked to see if the email address on my Battle.net account had been changed and it had not and no password changes had happened.
Feel free to read my latest post (today) and tell me how I got hacked please.
till they actually try and crack some of these hackers that seems only use there keyloggers and trojans for wow purposes. I won't be playing the game again. I got hacked twice in a week, after i did a system format, put on my anti virus straight away did updates and used the touch screen for passwords and that i still got hacked. It's got out of hand and 17/87 active ppl that was in the guild i was in got hacked within a afew months, just goes to show that blizzard isn't taking it seriously and only doing whats needed to keep the peace and not tackling the actual problem.
I'm the first to admit I'm a cynic, I've been around a long time, I've seen a lot of things. I wrote papers on virii 15-20 years ago, so I'm no stranger to their methods and techniques.
This is the first time I have suffered at the hands of a hacker.
I seriously have doubts that I'm 100% to blame, if thats the case then by all means I'll take it on the chin, but for me, it's all a bit to straight forward, as a precaution i've had to change a few accounts and passwords and pretty much rendered that email address useless now.
Perhaps an insider looking at old accounts, perhaps a disgruntled employee, after working in IT for 20+ years I've seen a lot ,but I doubt I've seen it all. Where there is a will, there is a way.
Luckily for most people out there, most "hackers" are nothing more than wannabe's that simply use somebody elses toolkit to do their bidding, they seem to think this gives them some credibility as a hacker/leet geezer.
Cannot praise the authenticators highly enough.
We bought them when they first came out, because a friend of ours had just been hacked at the time. After some time, we took a full year's hiatus from WoW.
When we came back last month, everything in our accounts was safe and sound, thanks (we think) to those little authenticators. Accounts that had lain dormant for that long surely would have been hacked, otherwise.
ya, its called practice heh, theyre up to like a million accounts hacked so far, theyll get around to everyone sooner or later!
Dear Garrett Fuller
stop crying and get your self
authenticator there like 6.50......
I wander how many ppl get one of those phishing emails saying their WoW account was hacked and come running and screaming here to post without actually checking to see if they actually were hacked. Or of course the geniuses that click on those phishing links then get mad at Blizzard.
I've had a few phishing emails doesnt mean I actually go where they say..
If I had a dollar for each time I get stuff from banks I dont use or or countries offering me millions then I'd be a rich man.
Yes there are a lot of phishing emails but many of us dont get suckered in to using them.
I got hacked twice within 4 days about 2 years ago about 6 or 7 months after WOTLK launched before the wow account --> battle.net merge, I have no idea how since I never went to any risque wow sites, only curse dot com for my addons. I'm guessing one of my addons I got from curse was infected with a keylogger and those little buggers are never detected by antivirus software, or at least 95% of the time they aren't. So I got my character restored the first time and everything was gravy.. then like 3 days later it happened again. Boy I sure was pissed. I contacted the blizzard customer service again and they went through the trouble of restoring my character again minus my 13k gold that got stolen.. they couldn't give that back. I asked them to keep my account locked pending email verification that I was ready to use it again so I could do a system wipe. I formatted twice using DOD methods including my master boot record just to play it safe and then reinstalled windows and the game clean, and emailed them to unlock the account with a new password. That apparently did the trick and since then I haven't had any trouble at all out of the hacker fags that took all my shit
I took a 6 month break, and when I came back I was hacked. After the same exact experience as the article writer, had my account was up and running. I was mad until I realized I had gotten the account back right before the farmer had hit up the AH. I then sold all the stuff he had farmed and made 20k gold...good day :) Some farmer is out there crying into his keyboard.
Hell, I get those phsing emails everyday about my account needing verification and that they notice illegal action with my account. Funny thing, my account has been locked for a couple years now.... Sick of all the spam emails though.
You columnists continue to embarass yourself with your lack of knowledge of what a hack is. Keylogging is not a hack. It may have taken years, but you finally got dumb, downloaded something through a javascript, and had your account logged into.
Please, stop embarassing yourself and this site. Your lack of knowledge in just about everything you write about these days is really discrediting what used to be a site for gamers.
But, then again, the gaming community has gone the way of idiocy. So, maybe you are just keeping up with the times...
EDIT: To all those about to say, well it's not impossible. Yes, it is about as close to impossible as it gets. If someone actually hacked blizzards servers, they wouldn't even bother with your WoW account, they would just go straight for your personal and billing information, which is far more valuable.
Because hackers don't want your credit card, they want your WoW account....bwahahahahahahah
got hacked 2x after I installed the Authenticator.
both times I had quit and cancelled the game, and only found out because some RL friends saw me logged in and tried to talk to me.
1 month after I cancelled my accounts got hacked, with authenticator installed, fishy. I quit again in Sept of this yr and they can hack it all they want I am done
too Gauge23
Hacking is the unauthorized use of your computer, software, or anything else related to the issue.
Keylogging is not hacking I agree. Using the information to gain access to something they are not authorized to use IS
they do but they also encourage them too. Almost a year ago, I was hacked as well. And the person(s) responsible used an authenticator to block any attempt I could make to log on to boot said person out of my account (like in the old days). So the only option I had was to call billing - and yea I had a while to wait too (the same day I was hacked quite a few others were attacked in a similar fashion). But the person that helped me once I was connected was v nice and v efficient with their assistance. I was lucky that none of my characters were deleted/server changed/stripped - the most that happened was that my lock was logged out in her pvp gear and had been used to farm mobs in Storm Peaks (they drop greys that can be sold for quite a bit of gold - or at least it was so at the time).
I read not too long ago about the changes Bliz made about account verification (with the phone call stuff - dont remember the actual thread) and was v pleased - I think hackers might think twice from now on
Sorry to hear about your hack and glad you got your acct back safe and sound.
Cyn
I was hacked once, lost all gold of all my characters.
I f ck hackers!
How does it feel to be hacked by me noobs?
My account was compromised during the summer ... after almost a year of inactivity, not having wow installed and never going to the site. Amazing how they managed to get my details.
Anyways,
I checked my armory yesterday ... someone has been playing my account in the summer for 3 weeks. They used up a 7 day free and a month free reward.
In the activity and achievements i saw a few interesting things:
- They killed the baron in stratholme 685 times !! .. How in godsname did they manage to kill him that often :)
- 232 Talon King Ikiss kills ... why ???
- They got me the rivendare orse
- All my gear is still there plus some
- They got me exalted with argent dawn
Was I the victim of the [object Window]great friendly hacker???
This IS the biggie that people need to get through their head though. The addon itself CANNOT contain maliscious code. If however, you download a purported addon that's an EXE file, you're setting yourself up.
The other thing people never mention is Brute Force. Yes, it works. Login servers are constantly being tested by those less savory 'companies'. Routines are setup and thousands, perhaps millions of attempts are made automatically on account names either bought or stolen. Eventually they will hit almost any account that uses a 'standard' 6 letter password.
I'd like to add my own little security tip to this discussion (and after being berated as a complete moron by people at this site a while ago when almost falling for this trap myself).
I've seen four posters in this thread now mention getting "authentic" account hacked emails from Blizzard. Presumably because the email 'sender' info said 'blizzard.com'. And another poster implied that only if the sender info says something other than blizzard.com do you have a phishing email. Well that's not how it works, and these headers can be spoofed. And I'm talking about the detailed mail sender info here too, not just the main 'from' header of an email. YOU'VE GOT TO DO AN IP ADDRESS LOOKUP ON THE SENDER IP TO MAKE SURE IT IS AUTHENTIC.
I've got one of these emails in my delete box right now. And just like always, the detailed sender info says blizzard.com in several different places. But sure enough, an ip lookup on the sender ip address says KOREA. And several people were kind enough to point out to me that Blizzard doesn't send its mail from Korea, heh!
I still get a kick out of the fact that, at least according to the posters on this forum, APPARENTLY, the only people that get hacked are the ones that have not played in at least 3 to 4 months...oh, and the others that get crap talked about them BY the ones that were hacked and have not played in the past 3 to 4 months...
And there are even some people here, that go back as far as a YEAR....
Magic...
I usually play games with 4 friends of mine .... all had long inactive accounts in august and we all were hacked in august.
Was it in august that the 7 days free was rewarded ?
ppl get hacked because they get spam mail and click on the dodgy links, ive never eer paid for wow, just had a trial before and i get them, my wife never plays mmo's and even she gets mailed "on behalf of blizzard",
i only played trials and i get emails supossedly from blizzard saying that im trying to sell my account and stuff and its under investigation..... i just ignore that nonsense, blizzard knows i never suscribed so they dont have to do that... im sure thats some scammers cos i noticed one of the senders didnt say battle.net (it had like 3 T, like batttle) so its fake... i just made a new trial acc and ordered the game and im waiting now...
PS: a good way to avoid accounts getting hack is making an annoying password, mixxing all kind of stuff (numbers, letters, symbols, and make it long... thats harder to get hacked
Sir, you are ridiculously lucky if it only took them 45 minutes to answer the phone. I've never waited under two hours.
Just as a point of interest, I'm getting fake WoW/Blizzard stuff constantly now too, telling me my account password has changed, or that my account was hacked etc.....and I've never, ever, played WoW. I don't live on the same side of the country as I did 13 years ago when I had a Battle.net account for Diablo, nor the same email etc.
simply really. At some point in time, you email was collected, sold, and is not in the hands of spammers.
This.
I am scratching my head wondering how someone like the industry relation's manager (don't they have a god-mode always on when it comes to ALL the internet?) got hacked.
From my knowledge, you cannot get hacked unless you give away your account name and password or download a virus.
I don't think I've ever downloaded a virus (well...without KNOWING it was a virus, lol)
I have had some "close calls" like the first time I opened one of those spoof WoW account emails, but right before entering my info I saw it was not the right website. So I can see how people who do not know to ALWAYS check the url bar could get hacked.
But still... I've never been hacked. But I guess I'm different, having over a decade of online experience- especially when I was sending my friend's cousin trojans and flashing my BIOS at 13 years old...lol...
LoL... at first I wondered "How did they ALL get hacked in the same month?"
Then it occurred to me... 100% guarantee all of you shared the same downloaded add-on, which had a keylogger/trojan attached :P
Probably sent it to one another, lol...
12 million accounts, 11.5 are hacked...nuff said
If I bought an authenticator, I'd be the one crying.
Why someone needs to spend $6.50 for no reason is far beyond even my understanding.
My god I wish I was the genius who invented this "authenticator". I'd be a millionaire selling snake oil to people too dumb to not get phished.
I use the 3 most popular addons (bagnon, gatherer, titanpanel), downloaded from curse, my mates do not use addons at all.
Next to that, we are all IT-nerds and 2 of us are security professionals ... we are the most paranoid people you will ever meet ;)
I do not believe all our accounts were breached.
You know which friends did not get hacked?? ... the ones that did not merge with battle.net yet ...
Same here. Since a couple months I am receiving several WoW account phising emails a day. Some days worse than the others.
It's really easy to spot they are absolute fake. Just hover over the link and you already see a bogus referal link in the bottom of your IE bar.
But the problem here is. That a lot of people seem to be Anti-Microsoft and use other kind of browsers, that don't have this option.
So people don't see it's fake and click the link and don't see the masked referal link... and voila they are screwed.
And most of the time they do not even have to use the site, just clicking the link might already trigger a keylogger install from the website.
I say and keep saying. Use a different browser that actually shows you all this information, without having to click the links.
As same here. I have been playing tons of MMO's the past 8-9 years or so and plenty of other regular online games. And never been hacked! Never.
Cheers
Firefox shows the real url, if you have thunderbird you can see the return-path which will be bla@aol/msn.com instead of blizzard infact firefox warns you from pishing sites, they keep a list, once the url matches you get a warning.
They can't keep that up, because these criminals are using several new url's each day.
They constantly create new url's. Take a good look in these phising emails you get. They seem to be constantly registering new url's each day, to avoid detection.
Seeing as there are an ungodly amount of posts here anyway, I dont imagine many people going this far down to read the following. I have played WoW since '05 never really had a problem with it, in fact, I took a trip to europe recently and went to log onto my char for a moment (the life of a gl isnt always fun) to settle a problem. Well, thats when the message that my account had been locked popped up and to check my email. Upon inspection, blizzard had detected that my account was being accessed from a different country and locked my account to protect it. Going through the emails instructions and unlocking it only took a minute, but it made me feel good to know that these sort of protection measures are in effect.
This is a fascinating thread. I learned a few tricks to securing my account that I didn't know before.
Firstly, I understand the frustration of having your computer & account violated. I've had a few computer invasions over the years and each time it feels like I've been groped. Luckily for me, none of my game accounts been hacked thus far. I am not a techie so I cannot offer any advice.
I started playing subscription MMOs since 2002 (?). With WoW I started in 2006 and play on & off till present day; currently my account is inactive and I think my toons are still clothed. I never got an authenticator but I do use game cards half the time. I hate the new system where your user name is your email. Ever since they changed the system, I got so many phishy emails. I think Blizzard is to blame for a few issues like the new Battle.net log in. Maybe someone is selling our data since many inactive accounts were hacked.
It would suck if I had to make an email for every MMO I decided to play or try out. So many emails & passwords to remember... What I'd like is more MMOs using other OS besides Win & Mac. Maybe we should blame Bill Gates for having a monopoly on the gaming industry. And his OS is #1 target for hackers.
What suprised me the most is that having played multiple MMORPG"s over a 10 year period and never got an account hacked beside WOW and that was within a few days after they switched to battle.net and also the spam mail started then, makes ya wonder if it was leaked by blizzard or their employee's to make extra $$.
Think what you want Daff, I have friends that have had the exact thing you say cannot happen, happen to them. I have seen it first hand.
You have to remember that not all people that have computers are computer savvy. If they'll fall for a fake email, they'll download and execute a malicious file thinking it's an add-on.
It can and does happen amd pretending it can't happen just helps to further propagate the problem.
I just had to comment on this because of a disurbing revelation I recently made.
Here's my story.
I signed up for a WoW 10-day trial a few years ago with a brand new email address. This was before the Battle.net switch over. This email address has never been used for anything but signing up for the WoW 10-day trial.
Well since Cata came out recently I wanted to try the game again to see if anything had changed for the better, so using the same email address, I linked my WoW account to the Battle.net account I created with this email address. About an hour later I received a penis enlargment spam email and I have received 1 or 2 spam emails every day since.
Here's the thing. I have NEVER received spam on that email address before, ever. Only after creating a Battle.net account did these messages start showing up in my mailbox.
I thought that was strange so I created a new email address, new Battle.net account, and the same thing happened.
So either Blizzard's security is breached and there IS someone stealing email addresses and possibly account information as well. Or Blizzard is selling that information to spam companies.
Either possiblity makes me never want to touch another Blizzard game. And I will not until they publicly reveal what is actually going on and show that they have stopped this from happening.
There is no possible way for you describe to have happen. It just isn't possible and for you to suggest it is is just reinforcing false information. LUA addons are 100% safe. You cannot write any malicious code into a wow addon that will steal information.
Sure there are plenty of trojans trying to pass themselves off as real addons, but they are not real addons. Like I said, you can freely extract a billion viruses to you addon folder and they will never ever excute. They will just sit there doing nothing. Windows doesn't just randomly execute programs that are sitting in a folder of the game you play and addons cannot make calls to those types of programs.
Your friends, who you admit are not very savvy, did something else. Perhaps they thought they downloaded a addon, but followed some special instructions, or clicked on an EXE file or any number of other executable file types. Perhaps they used the sweet addon installer that came with the program, but what they didn't do was simply extract an addon to the addon folder and install malicious code that hacked them.
Cool that they are your friends, but non-savvy people don't often understand what or how they did something. They omit important information, because they assume it was safe or just did not understand what they were doing.
Again, LUA addons, 100% safe. Viruses and Trojans pretending to be addons, not safe, but those still require the user to do something wrong.
You must not be familiar with VPN authentication technology. It works. Well. It's an additional layer of security. While the physical authenticator fob from Blizzard is $6.50, the iPhone or Android authentication app is free.
My advice to everyone.
1 pc for uploading/downloading/the web = virus = who cares. (scan then trasfer to data storage pc for viewing/further editing if needed)
1 pc for gaming
1 pc for data storage
use Truecrypt
Use Yahoo.com addy's for Gaming aka gamer1@yahoo.com, gamer2@yahoo.com, etc.
Doesn't solve much but hell it doesn't hurt much either.
Blizzard is letting everyone get hacked; probably selling accounts to hackers for extra cash; then they turn around and tell you that their servers aren't secure, so please send them more money for an authenticator!
That is bullcrap. Blizzard are very scared of getting bad reputation. It is of course possible than one or a few employees would do it private but if a company like Blizzard actually did it and people found out it would mean the end for the entire company, and they are not that dumb.
Most of the hacked accounts are coming from phising messages and keyloggers anyways, not all but most.
Question: Do you sell computers for a living?
3 computers is way too many for an average user. To have a E-SATA harddrive or Icebox with 2 drives in for storages and turn that off when you not use them is a good advice and pretty cheap as well.
Then you should have a good firewall and antivirus as well. And scan your computer on an online scanner every month or so to be sure (http://housecall.trendmicro.com/). And if you are truly paranoid and have a really old computer lying at home (a 386 works) make it into a Linux firewall.
It would hurt me much to use my laptop for downloading and buy another computer for storage. I never got any game hacked. A good firewall/antivirus that is updated helps a lot.
I still think it has more to do with clicking on links in those countless e-mailes (changes in your battlenet account/changes in your password please click on this link!, etc) and just going to sites or downloading things that might have viruses/keyloggers, etc.
I've only been playing these games for 6 years or so and I've yet to be hacked.
I also don't see what the big deal is about that security fob.And I don't believe for one minute that Blizzard is allowing hackers to access accounts. After all, why jeapordize the bogs of money you are going to make from subs and people buying expansions/and downloadable content by allowing some hackers to compromize your integrity and in additon make 6 dollars from those who don't permanently quit.
If lotro or some other company had a security system like that I'd buy "just in case".
I've seen these things used and they work very well. It's an added layer of security for 6 dollars.
And if people are worried, I would go the route of the poster who said have separate computers.
I have one computer for personal business stuff, writing, etc and one for games.
You'd be surprised how cheaply one can get a computer to just do banking and have your tax returns.
Essentially, all the important stuff is usually about accessing acounts online. As long as the second computer can open up a secure internet browser then that's all you need.
yes this post shows the reality how blizzard treats their clients, i got hacked 1 time on wow, and in aion guild wars, conan Warhammer and ltro, 0 times
so go figure what those greedy people from blizzard does with our money!
Square enix has its own authenticator and soe is developing their own. Not to mention that Blizzard gives the authenticator away for FREE on many mobile devices. HUGE PROFITS THERE!!!! Why can't players see how big a problem this is and companies are starting to fight back?
I suppose blizzard is only trying to make more money with their dial in authenticator security service. Tons of revenue to be made having players call into blizzards 800 number.
If someone has been hacked five times then odds are their email account has been hacked and all the hard drive formats in the world will not resolve that problem. The hacker can just periodically reset the players password and instant access to their account... again. I'm sure they will say he changed that too, because someone who knows how to set up the most basic levels of computer security would of course know to crawl across the room inch by inch searching for traps before entering a room, but I digress.
Anyhow, it is much more likely that blizzard or some employee has been secretly selling players account information to hackers for a few extra dollars. Blizzard either can't catch this employee or enjoys the extra $.25 profit from selling a few physical authenticators. I'm certain that makes up for all the lost subscribers and negative image given from all the hacked accounts as well as all the money they have to spend on extra customer support staff to deal with hacked players. Yep, that makes tons of sense. There is no possible way an honest to goodness network admin could have had their email account hacked and be unaware of that being a direct line to hacking their account. Nope, not a chance there.
I think my account has been hacked for the second time in two months. I can't recover my account automatically through the Web site, and I can't even have the pleasure of being in the phone queue. The computer tells me the lines are full and hangs up on me (this has been going on for about two hours now). I really have to get back to my real life ... I sure can't spend all day dialing my phone, and the wait on the Web forms sounds like it could be extensive due to the holidays (I submitted one a few days ago). Sadly, I'm beginning to wonder if it's even worth it at this point. I play games to escape red tape, not bask in it during my free time...
thats an absurd suggestion, especially if the issue lies on the end of the company and not the user. no general user needs 3 pc's. If worried about the sites you go to, it is easier to have a virtual desktop (free version being virtualbox). for data storage, another hard drive is more than enough (again, general user) with an auto backup (FBackup is good free program for this). 3 pc's is a lot of overkill for those uses.
If you care for your intellectual property, you might want 2 isp installed. One for browsing, one for internal communication with selected parties pre defined.
You have proof to suggest that the issue lies with the company and not the user? I also heard patients complaining that their declining health are issues of their family doctors, not their own diet habits and aging.
Make sure your Warcraft UID/password isn't the same as you use on other sites/games. This is the bit of security that gets missed most often. People go through all kinds of elaborate system encryption, isolation, reimaging, etc, all the while using the same U/P combinations all around the internet.
The big mistake people make is assuming that if they change all their passwords to something new(still the same on other sites/games) that they'll be safe. Few hackers will waste time on you as an individual, digging through your keylogs to guess U/P combinations. they tend to get a whole slew of them from hacking into a low sec site where you wouldn't think it a big deal if it got hacked. But if the kind of site itself can determine anything about users' interests, a hacker can find a buyer for that data.
Thus, hack a gaming, or MMO site, you know those users likely have at least one AAA MMO account somewhere. The data is therefore valuable to gold sites.
Lastly, if you've got a smartphone, get the battlenet app for free and install it. I wish LotRO had this option...
That's cuz WoW is King. Gold sellers sell far more gold for it than any other game. No contest.
It's in WoW's best interest to prevent hacking wherever they can. Trust me, between the support in having to restore characters, support in getting your account right-side up, support and maint of FREE smartphone app tools, they are losing money.
Seriously, read my previous post. DO NOT use the same ID/PW combination for Battlenet that you use for other sites/games. That's where they're getting a majority of their victims, I'm sure of it.