|
Title: My WoW-account's been compromised Post by: Xuri on December 28, 2009, 09:26:52 AM Yay, I'm now in the exclusive group of people who've had their World of Warcraft account hacked.
Woke up to messages from friends about my main caracter botting for hours in Storm Peaks. Changed my password, logged in, found higher-level alts cleared of all items that could be sold, plus cash. Main character had bags cleared out, some stuff in bank missing, half resto gear gone, cash gone. Guild bank lost all of the 115 (gasp) gold it contained. Very strange, this. I've never shared my account details with anyone. I've got up-to-date Windows XP, anti-virus and anti-malware programs, neither of which find anything after extensive searches. No suspicious programs running in hidden startup registry keys, no mysterious processes running. No Internet Explorer being used for anything. I've logged on once, maybe twice in the last three weeks - and the last time was more than half a week ago just to check on some friends. No e-mails from Blizzard about account/mail/password changes until the one I got after changing the account-password. Don't have the password written down anywhere, got no e-mails lying around with the account details, no post-it notes attached to my computer screen. Good thing I've half stopped playing already, or this would've sucked a lot more than it currently does. Title: Re: My WoW-account's been compromised Post by: Signe on December 28, 2009, 09:57:41 AM Won't they give you your stuff back? :?
Title: Re: My WoW-account's been compromised Post by: Xuri on December 28, 2009, 10:03:54 AM I've opened a GM ticket, but no reply yet, and no idea how long I have to wait until I actually get a reply.
"Wait time currently unavailable" Title: Re: My WoW-account's been compromised Post by: Jayce on December 28, 2009, 10:15:57 AM Without exception I've seen that they return everything stolen in a hacking situation. I'm increasingly curious to know how these are done. Most people who get hacked, it seems, can't figure out how it happened and their security habits seem pretty good.
Do you have an authenticator? You have to be on battle.net by now, so that's a given. No possibility you were phished? Could it be brute force? Was your password simple or complex? Do you have your b.net email address anywhere on the intarwebs remotely associated to WoW? Have you logged on to your account/account management at someone else's machine which might not have the meticulous security that yours does? Title: Re: My WoW-account's been compromised Post by: Xuri on December 28, 2009, 10:28:24 AM Yeah I'm pretty stumped as to how this happened.
I don't have an authenticator. I'm on battle.net, yes. No chance whatsoever that I got phished, though brute force is a possibility - the password wasn't all that long (8 chars, 1 number, the rest letters). The b.net email address is the same I use for pretty much everything else. I've been a slacker where that is concerned, I guess. Have not logged on to my account on any other computers in, say.. half a year. Title: Re: My WoW-account's been compromised Post by: Ingmar on December 28, 2009, 10:54:21 AM Do you use the same password for other sites, etc? Always possible you signed up for something somewhere that doesn't take good care of your info.
Title: Re: My WoW-account's been compromised Post by: Sheepherder on December 28, 2009, 11:05:10 AM Have not logged on to my account on any other computers in, say.. half a year. Hackers will sit on a password if the account is active. Title: Re: My WoW-account's been compromised Post by: Morat20 on December 28, 2009, 11:20:31 AM Do you use the same password for other sites, etc? Always possible you signed up for something somewhere that doesn't take good care of your info. We're pretty sure my wife got hers hacked because she used the same name/password combo on a guild website. All they had to do was hack someone's poorly installed forum software. DEFUNCT guild forums, in fact.If you reported it within a few weeks of it getting hacked, they should be able to get you most of your stuff back, taking perhaps a week all told. My wife had hers fixed in about 72 hours, although since it had been hacked a year prior and botted for three months before it got banned for gold-selling, she only got her account restored. They didn't have data on her items, and whatnot. Title: Re: My WoW-account's been compromised Post by: Cadaverine on December 28, 2009, 11:45:30 AM It'll likely take a bit to get your stuff restored, as they're pretty busy these days. My account was compromised about 2 - 3 weeks ago, and so far I've gotten one of my four characters restored. I sent a follow up email to see what's going on with the other three, so hopefully I get them back within the next day or two, but I'm not holding my breath.
Title: Re: My WoW-account's been compromised Post by: Morfiend on December 28, 2009, 12:05:03 PM Without exception I've seen that they return everything stolen in a hacking situation. Just a little FYI on this, they will return everything except guilds. Which is a major pain in the ass. My friend had his account hacked. He downloaded a mod that had a keylogger in it. The famers disbanded two guilds that where controlled by his account, and both had all the bank slots purchased. Blizzard returned everything except the guild bank slots. Which is a bitch. Title: Re: My WoW-account's been compromised Post by: Rasix on December 28, 2009, 12:10:40 PM Well, this had convinced me to stick an authenticator on my account. My account also has a unique password.
I imagine I'll be hacked waiting for Cataclysm. :awesome_for_real: Title: Re: My WoW-account's been compromised Post by: Xuri on December 28, 2009, 12:42:52 PM Guess I'll be getting one of those authenticators myself if this thread turns out to have a happy ending, and if not - well - it's not like I'm actually playing the game anyway, just waiting, as Rasix says, for Cataclysm. I find that I stop playing a while before every expansion after having depleted all the soloable/light-weight group content, then start back up to do all the new and improved "COLLECT 10 ANIMAL TUSKS PRONTO!"-quests when the expansions hit.
Title: Re: My WoW-account's been compromised Post by: Jayce on December 28, 2009, 01:18:09 PM Well, this had convinced me to stick an authenticator on my account. My account also has a unique password. I imagine I'll be hacked waiting for Cataclysm. :awesome_for_real: I'm right there with you. We might have to consolidate all these threads... Incidentally, if you have an authenticator, you can still get phished. There is a story on wow.com about someone that had it happen to them. So I guess I'm saying... don't get phished... ok? :oh_i_see: Title: Re: My WoW-account's been compromised Post by: Merusk on December 28, 2009, 03:45:46 PM How on earth do you get phished with the authenticator? Give out the login to someone?
Ed: this thread also inspired me to go and change my password again, and the e-mail my acct is linked to. Unfortunatly B.net seems to be down as you can't login to account management right now. At first I paniced and thought "Oh shit I've been hacked, too." But I'm able to get into the game and the password recovery system sent the e-mail to my correct address.. :awesome_for_real: Title: Re: My WoW-account's been compromised Post by: Chorulle on December 28, 2009, 03:52:11 PM Was going to do the same thing and noticed I couldn't log into b.net either. Just bounces you back to the login page with no indication of an error or anything else, but can get into the game just fine so it's not just you.
Title: Re: My WoW-account's been compromised Post by: Trippy on December 28, 2009, 04:22:34 PM How on earth do you get phished with the authenticator? Give out the login to someone? I haven't bothered to read about the specific WoW authenticator hack but in general these things are vulnerable to "man in the middle" attacks. Essentially the user is tricked into entering the time-based authentication token into a program the attacker controls which passes that info to the attacker and then the attacker can enter that value into the real program. This is easy to do if you can trick the user into installing a keylogger trojan, for example.The authenticator will protect you from people trying to brute force-guess your password but there are lots of malware out there, especially in Asia, that are specifically designed to capture game login information, and token-based two-factor authentication doesn't protect you in those situations. Title: Re: My WoW-account's been compromised Post by: Fordel on December 28, 2009, 06:30:58 PM The best defense is simply to never stop playing!
Title: Re: My WoW-account's been compromised Post by: Ubvman on December 31, 2009, 02:17:26 AM ... The authenticator will protect you from people trying to brute force-guess your password but there are lots of malware out there, especially in Asia, that are specifically designed to capture game login information, and token-based two-factor authentication doesn't protect you in those situations. If someone had the expertise and ability to break the authenticators and hack into the system, they wouldn't be going after dinky WoW accounts. They'd be hacking into banks and stock broker accounts that uses the same things. Title: Re: My WoW-account's been compromised Post by: Merusk on December 31, 2009, 03:28:24 AM Hacking Banks: International Police and FBI are right on you in a sophisticated and hardcore way.
Hacking WOW accounts: Blizzard might ban your ISP proxy and notify the FBI who might look into it in a cursory way. Meanwhile you're fencing your "not-really-stolen-in-any-country-because-they're-virtual" goods for real cash, don't run into a host of shit and are still making a lot of money. Thanks for the info, Trippy. Title: Re: My WoW-account's been compromised Post by: bhodi on January 01, 2010, 10:36:34 AM FBI doesn't get involved unless it's a large amount of money. This isn't large. They don't generally get involved in bank transactions either, unless it's over $20k I believe. Wire transfers aren't even tracked below that amount. Pretty much because everyone, including US interests, launder money that way.
While technically two factor auth is vulnerable to man in the middle, realistically it's not, especially in this circumstance - they'd have to capture your one-use key and the immediately log in as you.. and then would immediately get booted out when you log in over top of them as your first time "didn't go through" for some reason. They can't save the key and use it later since it's sequential - your next log in invalidates the key they just snooped from you. Of course that's all irrelevant, since they are looking for low hanging fruit - they send a trojan hidden in a flash ad at wowmoviesdotcom, collect hundreds of passwords, and then when they get a gold order, they just go down the list, log into the ones they can get into, liquidate what they can, and transfer the money over. There is no realistic way of getting into an account that has a token generator except by stealing the token (unlikely) or cracking the generator (unlikely in the extreme). Also, once they actually log into the account, the clock is ticking for them - the amount of time they can use the account is generally measured in hours. That's why they save up the lists of accounts until they need them (and why hacks happen weeks or even months after the actual incident). The most common methods for getting passwords are from password reuse from fan/video sites, kiosk/internet cafes, auto-installed trojans (generally flash), and exe files downloaded and run as wow addons. Edit: What twisted literary reason are you supposed to put periods inside parenths in a sentence? Yeah, fuck it (this.) See how dumb that looks? Title: Re: My WoW-account's been compromised Post by: Trippy on January 01, 2010, 12:41:51 PM While technically two factor auth is vulnerable to man in the middle, realistically it's not, especially in this circumstance - they'd have to capture your one-use key and the immediately log in as you.. and then would immediately get booted out when you log in over top of them as your first time "didn't go through" for some reason. They can't save the key and use it later since it's sequential - your next log in invalidates the key they just snooped from you. It's not that hard. The same keylogger that's being used to capture the account information and authentication token is used to prevent the user's input from passing through properly to the application. I.e. their input never gets passed to the system.Title: Re: My WoW-account's been compromised Post by: Jayce on January 01, 2010, 01:14:10 PM The article I was thinking of was this one (http://www.wow.com/2009/06/06/an-interview-with-a-scammer/). The relevant quote:
Quote ... Do you have a way to get around the Authenticator? Actually yes. For the very FIRST login, I can get around it. So I have to change the password then or make a quick clean sweep of the account. Ah, how do you do it? Just enter the Authenticator code they put into my site. You get phished, the guy (or more likely, his script so it all happens fast) is watching real time, he logs in before the number expires, changes the password (so you can't log in over him), then does a clean sweep. But he also says that low hanging fruit is where it's at. At the time he had hacked 50 accounts, no authenticators yet. Title: Re: My WoW-account's been compromised Post by: Rasix on January 06, 2010, 11:20:07 AM Just got an obvious phishing email. Ohh, I changed my password did I? No, I don't think I did, and I'm not going to click your link.
Title: Re: My WoW-account's been compromised Post by: Xuri on January 06, 2010, 12:09:36 PM Oh. Uhm. Yeah, status update: Blizzard "unhacked" my account yesterday and restored all lost items and gold, on all affected characters. So.. yay. Now I can happily go back to idling until Cataclysm arrives. :P
Title: Re: My WoW-account's been compromised Post by: Kageh on January 11, 2010, 01:30:10 PM How on earth do you get phished with the authenticator? Give out the login to someone? I haven't bothered to read about the specific WoW authenticator hack but in general these things are vulnerable to "man in the middle" attacks. Essentially the user is tricked into entering the time-based authentication token into a program the attacker controls which passes that info to the attacker and then the attacker can enter that value into the real program. This is easy to do if you can trick the user into installing a keylogger trojan, for example.The authenticator will protect you from people trying to brute force-guess your password but there are lots of malware out there, especially in Asia, that are specifically designed to capture game login information, and token-based two-factor authentication doesn't protect you in those situations. Been thinking about that scenario actually as about how vulnerable the WoW mechanism is to man-in-the-middle attacks too, but I think it wouldn't really work well with WoW because you can only log in once onto an account. Re-trying your login and successfully logging in right after your first attempt would kick the attacker out, and the intercepted tokens are worthless once used. Blizzard used to allow token re-use within the 30 second window, but they changed that with 3.1 or 3.2. Title: Re: My WoW-account's been compromised Post by: bhodi on January 11, 2010, 02:48:52 PM Been thinking about that scenario actually as about how vulnerable the WoW mechanism is to man-in-the-middle attacks too, but I think it wouldn't really work well with WoW because you can only log in once onto an account. Re-trying your login and successfully logging in right after your first attempt would kick the attacker out, and the intercepted tokens are worthless once used. Blizzard used to allow token re-use within the 30 second window, but they changed that with 3.1 or 3.2. You get phished, the guy (or more likely, his script so it all happens fast) is watching real time, he logs in before the number expires, changes the password (so you can't log in over him), then does a clean sweep. Title: Re: My WoW-account's been compromised Post by: Kageh on January 11, 2010, 03:25:38 PM Been thinking about that scenario actually as about how vulnerable the WoW mechanism is to man-in-the-middle attacks too, but I think it wouldn't really work well with WoW because you can only log in once onto an account. Re-trying your login and successfully logging in right after your first attempt would kick the attacker out, and the intercepted tokens are worthless once used. Blizzard used to allow token re-use within the 30 second window, but they changed that with 3.1 or 3.2. You get phished, the guy (or more likely, his script so it all happens fast) is watching real time, he logs in before the number expires, changes the password (so you can't log in over him), then does a clean sweep. They would require at least a second token though, because the first one you provide them with expires when used. So they can either use it to change your password (still only possible on the web site, or?) or to log in into the game. After which they would have to phish you for a second somehow. I remember this discussion going back and forth when people found out the token was re-usable in the 30-second window - probably the reason why Blizzard changed that. Even back before that, assuming he would have anything fully scripted for changing password on the wow account management front end, considering he had 30 seconds at best (which he didn't have even then, best case were 30 seconds minus the time it took the authenticator user to read and type his 6/8 digits in) to navigate through a series of http requests/replies and wait for the server to process the password change request, it seems like a pretty slim opening. When reading the original post, I was thinking about intercepting the client-server communication when the user logs in. I overlooked the web pages detail, it is probably a lot easier if you can trick him into inputting his credentials in something that looks like the account web page, where he can just be scared off with an "Unavailable" error or something like that. Title: Re: My WoW-account's been compromised Post by: Trippy on January 11, 2010, 03:27:14 PM I mentioned this somewhere else but if you are already trapping keyboard events to steal passwords it's trivial to "corrupt" the data being sent to the actual applications. I.e. you would "lock" the user out of their account after capturing the user information and authenticator code by changing the authenticator code that is sent to WoW to some bogus value. Then you have all the time in the world to change their account information without worrying about being kicked out because the user logged in after you.
Title: Re: My WoW-account's been compromised Post by: Sheepherder on January 11, 2010, 06:56:18 PM I mentioned this somewhere else but if you are already trapping keyboard events to steal passwords it's trivial to "corrupt" the data being sent to the actual applications. You mean to say that hiding a keyboard driver inside the kernel allows you to modify both keyboard input and output? That's crazy talk! Title: Re: My WoW-account's been compromised Post by: bhodi on January 11, 2010, 09:50:49 PM All this, of course, is way more trouble than it's worth on an individual basis. What we're talking about here is targeted compromise rather than a shotgun approach.
Title: Re: My WoW-account's been compromised Post by: Sheepherder on January 11, 2010, 10:29:07 PM Except keylogging is the shotgun approach, and fucking with the output of the keyboard would require almost no extra effort. Go yell at Kageh for bringing up motherfucking Blue Pill in the other thread if you need to vent at a crazy person.
Title: Re: My WoW-account's been compromised Post by: Numtini on January 12, 2010, 05:05:33 AM Quote I mentioned this somewhere else but if you are already trapping keyboard events to steal passwords it's trivial to "corrupt" the data being sent to the actual applications. I.e. you would "lock" the user out of their account after capturing the user information and authenticator code by changing the authenticator code that is sent to WoW to some bogus value. Then you have all the time in the world to change their account information without worrying about being kicked out because the user logged in after you. You'd have to do that in real time. It's not enough to cache the token and keep the user out, you then have to log in within what? 30 seconds? Operators are standing by? I don't think there's a market for that. Which does bring up a nasty thought. Will this increase bot farming and other things like that to make up for items stolen from accounts? Title: Re: My WoW-account's been compromised Post by: Sheepherder on January 12, 2010, 06:42:00 AM You'd have to do that in real time. It's not enough to cache the token and keep the user out, you then have to log in within what? 30 seconds? Operators are standing by? I don't think there's a market for that. Yes, exactly that. I used to fuck with this one farmbot in Winterspring for giggles until the person tending the bot herd would get pissed and try and gank me. (It had the capacity to defend itself in pvp, but when in combat it would move one step at a time to preserve maximum range, so you could whack it with anything hostile and train it back across the zone into the Everlook guards) Title: Re: My WoW-account's been compromised Post by: Jayce on January 13, 2010, 03:28:01 PM Can you delink the authenticator once you're in account management? Their script could login there (using your authenicator), delink you, change your password, then login to the game.
Also, some of these are professional gold farmers, but I'm getting the idea that some of the (especially phishing) attacks are script kiddies running a nickel and dime business knocking off individual accounts manually to resell to the big gold sellers. Flash exploiting requires more infrastructure that is probably the mark of a pro. Title: Re: My WoW-account's been compromised Post by: Trippy on January 13, 2010, 03:35:01 PM Quote I mentioned this somewhere else but if you are already trapping keyboard events to steal passwords it's trivial to "corrupt" the data being sent to the actual applications. I.e. you would "lock" the user out of their account after capturing the user information and authenticator code by changing the authenticator code that is sent to WoW to some bogus value. Then you have all the time in the world to change their account information without worrying about being kicked out because the user logged in after you. You'd have to do that in real time. It's not enough to cache the token and keep the user out, you then have to log in within what? 30 seconds? Operators are standing by? I don't think there's a market for that. Title: Re: My WoW-account's been compromised Post by: Ingmar on January 13, 2010, 03:35:19 PM Never mind, I'm wrong, I was thinking of the armory login. Title: Re: My WoW-account's been compromised Post by: Kageh on January 14, 2010, 02:10:01 AM Can you delink the authenticator once you're in account management? Their script could login there (using your authenicator), delink you, change your password, then login to the game. Yes, but unlinking requires two consecutive (unused) tokens from the currently active authenticator. I did that when switching from the physical authenticator to the iPhone version, because you can't have both. Title: Re: My WoW-account's been compromised Post by: Koyasha on March 13, 2010, 11:01:33 AM Odd story here. Somehow someone got the account names and passwords for all three of my old WoW accounts, all of which have been inactive since at least last year. Last night I get an email on my G1, telling me my passwords have been changed. I find that very odd, come home and check, and sure enough, my accounts have been merged with a battle.net account (something I never did, since I stopped playing before that became mandatory). However, most curiously, the email is missing when I check it on my computer. Can't find it on my phone again, either. So is every single email in my gmail box related to 'blizzard' or 'warcraft'. All of them gone. But...gmail's recent activity data shows no unusual ip addresses having accessed the account. All recent accesses have been from either my computer, or my phone.
Whoever it is apparently pays for one of my accounts, and plays some - I've even got a few new pieces of loot, according to the armory, and another friend that still plays tells me they were running dungeons. I fire off a couple emails to blizzard and this morning I call them, and they quickly set things right - even for the account that was actually an old friend's account, which she gave to me years ago when she quit playing. Now I'm reinstalling wow to make sure everything is right. One amusing thing is that they didn't pay by game card or by paying for one month then immediately cancelling - as far as I can tell, my account will recur billing to their credit card next month, unless they call their credit card provider and tell them to deny payment. However what most baffles and concerns me is how my account was compromised in the first place. Since I haven't played WoW since last year, I can't see myself being keylogged. And the blizzard/warcraft emails missing from my gmail are very odd. I've changed most passwords I can think of, but I have no clue how anyone got them in the first place. Title: Re: My WoW-account's been compromised Post by: Rasix on March 13, 2010, 12:49:13 PM That is really odd.
I've been getting a ton of phishing emails and even in-gaming phishing attempts. Someone really wants my account. Heh. Title: Re: My WoW-account's been compromised Post by: Sheepherder on March 13, 2010, 02:09:20 PM However, most curiously, the email is missing when I check it on my computer. Can't find it on my phone again, either. So is every single email in my gmail box related to 'blizzard' or 'warcraft'. All of them gone. But...gmail's recent activity data shows no unusual ip addresses having accessed the account. All recent accesses have been from either my computer, or my phone. Is your computer / phone zombied? Title: Re: My WoW-account's been compromised Post by: Kail on March 13, 2010, 02:13:45 PM Since I haven't played WoW since last year, I can't see myself being keylogged. And the blizzard/warcraft emails missing from my gmail are very odd. I've changed most passwords I can think of, but I have no clue how anyone got them in the first place. I'd assume your e-mail is compromised. If I had to guess, I'd say someone cracked your e-mail account, maybe found an old e-mail with the login in it, sent in a "oops, I forgot my password, please e-mail it to me" request, and then changed your stuff. Though I don't know why it wouldn't show that in your e-mail's recent activity log... That's highly worrying. Hope it works out for you! Title: Re: My WoW-account's been compromised Post by: Koyasha on March 13, 2010, 02:54:16 PM Is your computer / phone zombied? I'd assume your e-mail is compromised. If I had to guess, I'd say someone cracked your e-mail account, maybe found an old e-mail with the login in it, sent in a "oops, I forgot my password, please e-mail it to me" request, and then changed your stuff. Though I don't know why it wouldn't show that in your e-mail's recent activity log... That's highly worrying. Hope it works out for you! That's pretty much what I suspect, so I've changed passwords on most things, but it does still concern me in general. However, since getting the account back I've had no further oddities, so hopefully it's resolved for good. Although I might decide to do a clean hard drive wipe just to make sure I catch anything that none of my scans have found.Title: Re: My WoW-account's been compromised Post by: Lantyssa on March 13, 2010, 03:00:39 PM Don't think so. Not certain, but after antivirus and malware scans I'm turning up empty. The access times on that log also corresponded correctly with when I accessed gmail. New anti-virus, or pre-existing. If those are compromised, they'll give you false negatives. Try malwarebytes if it's not one of your regulars.What e-mail did they merge accounts to? One of their own or yours? If yours, then they almost definitely have access to either your phone or computer. Title: Re: My WoW-account's been compromised Post by: Koyasha on March 13, 2010, 03:05:08 PM Thanks for the suggestions, I'll try that one. And not my b.net account, and the guy I talked to on the phone couldn't give me any other details basically.
Title: Re: My WoW-account's been compromised Post by: Oban on March 13, 2010, 03:31:47 PM Have you installed any interesting applications on your Android phone?
Title: Re: My WoW-account's been compromised Post by: Koyasha on March 13, 2010, 03:37:38 PM Nope, nothing that seemed questionable at all. Not even anything that's rated below 3 stars. And I haven't made any changes to it recently, either.
Title: Re: My WoW-account's been compromised Post by: Xanthippe on March 16, 2010, 09:02:24 AM This probably isn't the place for this, but I'll forge ahead anyway.
I've noticed lately mining nodes disappearing from under me. Apparently there's some invisible speed hack/underground hack or something that farmers are using to mine from beneath (at least that's what googling turns up). Yesterday I reported some guy for that but noticed he was still on in the same zone for hours, while my ticket sat with no response. The guy was a level 80 with honor gear, so possibly a stolen account or just a dumbass. At any rate, is this a common thing? I've just started gathering again, after a year of nothing but buying mats off the AH. Title: Re: My WoW-account's been compromised Post by: Nebu on March 16, 2010, 09:08:32 AM At any rate, is this a common thing? I've just started gathering again, after a year of nothing but buying mats off the AH. I've noted this in a thread or two as well. It is common, particularly in Shalozar. Blizzard seems to be working on it. Use your log to see who is doing it and report them. Title: Re: My WoW-account's been compromised Post by: Fordel on March 16, 2010, 11:02:30 AM It's been happening for years now. Just report them.
Blizzard doesn't ban them right away, but rather collects information on them to find the source destination then breaks the whole operation. It's like a drug bust! Title: Re: My WoW-account's been compromised Post by: sickrubik on March 16, 2010, 11:11:47 AM When will Blizzard's failed war on criminalizing Frost Lotus end?
Title: Re: My WoW-account's been compromised Post by: Lantyssa on March 16, 2010, 01:36:23 PM They don't criminalize Frost Lotus, they criminalize the gathering there-of.
Title: Re: My WoW-account's been compromised Post by: Sheepherder on March 16, 2010, 11:13:07 PM I remember before TBC there was this huge official forum salty tears of rage fest over Blizzard banning something like a few thousand accounts in one shot.
Title: Re: My WoW-account's been compromised Post by: Xanthippe on March 17, 2010, 11:18:38 AM The guy I reported a few days ago is still on, and has been, same zone, every time I've checked. My ticket is still open.
Title: Re: My WoW-account's been compromised Post by: bhodi on March 17, 2010, 11:25:37 AM The guy I reported a few days ago is still on, and has been, same zone, every time I've checked. My ticket is still open. Often, they will track the person and who he transfers things (and the money gained) to, in order to root out other accounts.Title: Re: My WoW-account's been compromised Post by: Xanthippe on March 17, 2010, 12:07:32 PM It will annoy me if I have some other problem to open a ticket on.
Title: Re: My WoW-account's been compromised Post by: Musashi on March 20, 2010, 10:53:17 AM They probably want to give you a satisfactory reply, but know it will take a few more days to completely root out his terror network.
Title: Re: My WoW-account's been compromised Post by: Xanthippe on March 20, 2010, 04:21:15 PM They gave me the standard 'thanks for reporting but we can't tell you anything else."
I wish they wouldn't use open tickets to remind them to take care of it, or allow more than one open ticket. Title: Re: My WoW-account's been compromised Post by: Musashi on March 20, 2010, 04:34:29 PM Is dude still on?
Title: Re: My WoW-account's been compromised Post by: Xanthippe on March 21, 2010, 09:54:27 AM No, when they responded to my ticket, he was gone. I don't know if he's banned or not. Looking at his armory, he could have had his account stolen and used for bot mining.
And I've noticed the price is saronite has risen and the supply has dropped. I bet one bot miner hacking underground 24/7 could supply a great deal of ore. Title: Re: My WoW-account's been compromised Post by: Evildrider on March 21, 2010, 01:07:01 PM No, when they responded to my ticket, he was gone. I don't know if he's banned or not. Looking at his armory, he could have had his account stolen and used for bot mining. And I've noticed the price is saronite has risen and the supply has dropped. I bet one bot miner hacking underground 24/7 could supply a great deal of ore. Most likely.. some nights when I'm really bored I'll harvest ore for like 3 hours. In that time I can usually get around 600-800 Saronite ore, 40-50 titanium ore, and random gems. Title: Re: My WoW-account's been compromised Post by: Musashi on March 21, 2010, 04:16:25 PM No, when they responded to my ticket, he was gone. I don't know if he's banned or not. Looking at his armory, he could have had his account stolen and used for bot mining. And I've noticed the price is saronite has risen and the supply has dropped. I bet one bot miner hacking underground 24/7 could supply a great deal of ore. Easily. He's either returned to his former owner, in limbo until said owner comes forward, or nuked from orbit. Title: Re: My WoW-account's been compromised Post by: Fordel on March 21, 2010, 06:12:27 PM I hope the Cata expansion box comes with an Authenticator.
Title: Re: My WoW-account's been compromised Post by: Selby on March 21, 2010, 09:58:35 PM I hope the Cata expansion box comes with an Authenticator. Yeah. A guildmate got hacked the other day and was complaining about how they put an authenticator on it. We were all "WTF? You didn't already have one???"Title: Re: My WoW-account's been compromised Post by: Merusk on March 22, 2010, 03:36:35 AM My guild's had 3 in the last month, including one guy who knew the method to get around guild bank tab limits. We keep telling people before raids "buy a damn authenticator" but some simply don't want to listen. Then the GL doesn't want to listen to reason and restrict access to only those who have them. :oh_i_see:
I continue to be a dick and maintain that the folks getting hacked are buying gold or visiting gold-farmer-owned websites. Title: Re: My WoW-account's been compromised Post by: Rasix on March 22, 2010, 07:09:12 AM I continue to be a dick and maintain that the folks getting hacked are buying gold or visiting gold-farmer-owned websites. Or ones dumb enough to click on fake account management emails from phishers. Title: Re: My WoW-account's been compromised Post by: Xuri on March 22, 2010, 07:49:36 AM I did neither of those things and still got hacked, somehow (no trojans, viruses or other backdoors found after the incident or since).
In other news, I got an e-mail yesterday from Aion account management (no mention of NCSoft anywhere in the mail). They claimed someone had made changes to my Aion-account and wanted me to log into a website that included the non-word "accoumt" in its name, to make sure everything was ok. :oh_i_see: Title: Re: My WoW-account's been compromised Post by: Minvaren on March 22, 2010, 08:17:50 AM They also seem to be trying username/password combos found from forum software. I had my ebay account hacked once via this method, but my email and Paypal accounts had different passwords - saved me a whole lotta grief there.
I also got a tell in-game yesterday from some d00d saying that my account would be disabled immediately if I didn't go to blizz-wow-update.com/giveusyourpassword.html or something like that. As if the gold spammers weren't enough... Title: Re: My WoW-account's been compromised Post by: Ingmar on March 22, 2010, 11:32:45 AM My guild's had 3 in the last month, including one guy who knew the method to get around guild bank tab limits. We keep telling people before raids "buy a damn authenticator" but some simply don't want to listen. Then the GL doesn't want to listen to reason and restrict access to only those who have them. :oh_i_see: I continue to be a dick and maintain that the folks getting hacked are buying gold or visiting gold-farmer-owned websites. If it happens to us again I will be putting that rule in place, they're on their last strike. Title: Re: My WoW-account's been compromised Post by: SurfD on March 22, 2010, 03:14:08 PM My guild's had 3 in the last month, including one guy who knew the method to get around guild bank tab limits. Hmm? Is this something that gets you more bank tabs then you should have? or lets you access tabs you shouldnt be able to?Title: Re: My WoW-account's been compromised Post by: Ingmar on March 22, 2010, 03:34:04 PM My guild's had 3 in the last month, including one guy who knew the method to get around guild bank tab limits. Hmm? Is this something that gets you more bank tabs then you should have? or lets you access tabs you shouldnt be able to?Neither, it lets you take more things out of a given tab in a given day than the permissions for your rank allow. Title: Re: My WoW-account's been compromised Post by: Merusk on March 22, 2010, 03:36:09 PM I did neither of those things and still got hacked, somehow (no trojans, viruses or other backdoors found after the incident or since). Been to wowhead or thottbot? Guess what, you've been to gold-farmer-owned websites. Most of the aggregate info sites are. There's hinky UI mod sites out there, too. (Yet another reason not to add them out the yin-yang) AND I'd heard that the Curse Client or db was hacked some time in the past. This is big money, so they're not going to be JUST hanging around waiting on the low-hanging-fruit of stupid people and account phishing. Neither, it lets you take more things out of a given tab in a given day than the permissions for your rank allow. This. I don't know the how, only that there's a way to do it and it's becoming more widely known. Title: Re: My WoW-account's been compromised Post by: Jayce on March 23, 2010, 06:47:46 PM I also got a tell in-game yesterday from some d00d saying that my account would be disabled immediately if I didn't go to blizz-wow-update.com/giveusyourpassword.html or something like that. As if the gold spammers weren't enough... I get a little charge out of telling the random tells who say "Hey, got a moment?" then hit me up to buy gold. I let them make their pitch then slap them with the "report spam" button. I guess I'm easily entertained. Title: Re: My WoW-account's been compromised Post by: brellium on March 25, 2010, 05:00:29 PM I wouldn't be suprised if it's something like a "pop up" installer.
They reskin the pop-up so if you click on the [ x ] button it actually installs their software, I got hit with that sometime back by one of those "infected computer" pop-ups (yeah, that ended up with the os getting reinstalled). I'm seriously considering using my VM portal to surf the internet and to nuke the user profile on occassion. (and then log on secure websites with a second VM portal) Title: Re: My WoW-account's been compromised Post by: Jayce on April 16, 2010, 06:58:45 PM Just found a keylogger on my wife's laptop which I sometimes login to WoW with. I expect that if I hadn't had an authenticator attached, I might be posting in this thread to say I'd been hacked, but I appear to be good.
I changed my password anyway, after running Windows Defender full scan twice and rebooting to see if any new trojans got launched. Title: Re: My WoW-account's been compromised Post by: Cheddar on April 28, 2010, 05:54:34 AM My account was closed due to exploitive behavior. Whats odd to me is I have not subbed to WoW since October of last year, and did not receive any emails noting my account was reactivated. :uhrr:
Title: Re: My WoW-account's been compromised Post by: Rendakor on April 28, 2010, 10:27:31 AM Can you still log into the account? If so, check the payment history. Also, were your WoW and email passwords the same? Its possible the account was compromised and they just deleted the emails after reactivating it.
Title: Re: My WoW-account's been compromised Post by: raydeen on April 28, 2010, 11:48:12 AM If my account ever got hacked the hackers would probably just shake their heads in pity and walk away. :uhrr:
Title: Re: My WoW-account's been compromised Post by: Cheddar on April 28, 2010, 08:07:11 PM Can you still log into the account? If so, check the payment history. Also, were your WoW and email passwords the same? Its possible the account was compromised and they just deleted the emails after reactivating it. Cannot log into the account - its definitely shut down. Yes, I was a retard and had both the same. It is possible they had deleted the activation emails etc etc. I dunno, I hope Blizzard support gets back to me with more info soon. I am curious how it all got compromised. I dunno, its just very odd. Title: Re: My WoW-account's been compromised Post by: Koyasha on April 30, 2010, 04:25:00 AM Sounds exactly like me, except I was lucky and caught the emails as they came in, so I managed to deal with it immediately.
Title: Re: My WoW-account's been compromised Post by: Hawkbit on April 30, 2010, 11:04:42 AM My PlayNC account was just compromised for "payment fraud". All the games on that account are shutdown till I hear from them. Sad part is that I haven't logged into a PlayNC game in over a year, but last week I got into my master account to download Guild Wars just fine. Now it's shut down.
Already did a logger/virus scan, nothing. Very odd. I don't buy gold, either. Title: Re: My WoW-account's been compromised Post by: Cheddar on May 01, 2010, 06:12:12 PM My account was restored. I am tempted to resub just to see what was done with it. I am actually impressed at how fast they responded (I expected 0 reply from customer service). All in all very strange.
Title: Re: My WoW-account's been compromised Post by: Ozzu on May 01, 2010, 11:49:47 PM Sounds a bit like my experience a few months ago. The only thing that they did was taking mining to 300 on my hunter, mine a ton of thorium, and make me about 1k gold in one day. So, I came back with a mining gain and some money once my account was restored. I count it as payment for the inconvenience of it all.
Title: Re: My WoW-account's been compromised Post by: Trippy on May 07, 2010, 08:37:29 PM mmorpg.com is giving out users' email addresses to WoW account phishers.
Got a WoW acccount phishing email sent to an email address I've only used once on mmorpg.com (I think it was to signup for a beta or something). If you have an account on that site I'd strongly recommend you change your email to something that isn't shared by anything important. Title: Re: My WoW-account's been compromised Post by: Tannhauser on May 08, 2010, 06:26:30 AM My WoW account was frozen last night for 'exploitative behavior'. I haven't logged in in months. Guess I need to contact CS, I want that account for Cats.
Title: Re: My WoW-account's been compromised Post by: Cheddar on May 08, 2010, 06:47:08 AM Interesting. So I checked payment history; I was signed up for the 10 day free trial for the Lich King expansion on 4/20, account suspended on 4/21. What is odd is I had done the trial last year. So either they offered it again (and my account was compromised) or there was an internal error at Blizzard.
Most likely my account was compromised, but it still bothers me I had no emails from them. Even if the people who compromised my account had deleted the emails my Android phone should have retained a copy and warned me I had an email. This never happened. Title: Re: My WoW-account's been compromised Post by: Selby on May 08, 2010, 09:01:30 AM My guild has had a rash of people getting hacked, some of whom are less than active. We're not sure why, but no one who has an authenticator has been hacked yet and I've joked that if someone gets hacked, they need to be /gkicked and prove they got an authenticator to get back in.
Title: Re: My WoW-account's been compromised Post by: Koyasha on May 08, 2010, 09:55:56 AM Interesting. So I checked payment history; I was signed up for the 10 day free trial for the Lich King expansion on 4/20, account suspended on 4/21. What is odd is I had done the trial last year. So either they offered it again (and my account was compromised) or there was an internal error at Blizzard. The emails I got disappeared even off my phone. Mine, at least, doesn't seem to save a local copy at all, if it's set to automatically synchronize, though your model may have different options available (mine's a G1).Most likely my account was compromised, but it still bothers me I had no emails from them. Even if the people who compromised my account had deleted the emails my Android phone should have retained a copy and warned me I had an email. This never happened. Title: Re: My WoW-account's been compromised Post by: Ozzu on May 08, 2010, 09:04:00 PM Interesting. So I checked payment history; I was signed up for the 10 day free trial for the Lich King expansion on 4/20, account suspended on 4/21. What is odd is I had done the trial last year. So either they offered it again (and my account was compromised) or there was an internal error at Blizzard. Most likely my account was compromised, but it still bothers me I had no emails from them. Even if the people who compromised my account had deleted the emails my Android phone should have retained a copy and warned me I had an email. This never happened. This is exactly what happened in my case. However, I did get the emails later in the day and immediately reset the password. I had already done the Lich King trial a couple of times before, so it looks like every few months they let you do it again. Within a few hours of me resetting my password and getting my account back, it was suspended for "exploiting the economy". Title: Re: My WoW-account's been compromised Post by: Mattemeo on May 20, 2010, 11:07:23 AM Recieved an email titled 'World of Warcraft Account Management' from Blizzard Entertainment (WoWAccountAdmin@blizzard.com) claiming that my account is being sold or traded on the 15th of May. Strange to relate, I didn't immediately follow the link provided to 'verify' as I've had a good few blatantly obvious phishing attempts from scammers attempting to get at my CoX/NCSoft accounts (no earthly clue how or why that's started) in the last month or so.
I can access my battle.net account and manage WoW just fine from there, so it doesn't appear to be suspended in any way - though my subscription runs out in 3 days anyway. So what's the deal? Full transcript of the email follows in spoiler form: (hyperlinks disabled by me) No graphics were included in the email, and it seems pretty legitimate, but considering I've been largely unable to play since my GPU died and nothing appears to have changed superficially when I view my Armory details, I'm a bit non-plussed. Title: Re: My WoW-account's been compromised Post by: Cyrrex on May 20, 2010, 11:17:39 AM Your first assumption should probably be that the mail you received is a complete pile of bullshit. I wonder what percentage of email claiming to come from Blizzard regarding password or account issues actually comes from Blizzard? Probably something less than 1/3000th of a percent.
Title: Re: My WoW-account's been compromised Post by: proudft on May 20, 2010, 12:04:52 PM I am going to take a wild guess that when you hover over the http://blizzardblahblahblah links they actually go to somewhere else.
Title: Re: My WoW-account's been compromised Post by: fuser on May 20, 2010, 12:07:04 PM Recieved an email titled 'World of Warcraft Account Management' from Blizzard Entertainment (WoWAccountAdmin@blizzard.com) claiming that my account is being sold or traded on the 15th of May. Strange to relate, I didn't immediately follow the link provided to 'verify' as I've had a good few blatantly obvious phishing attempts from scammers attempting to get at my CoX/NCSoft accounts (no earthly clue how or why that's started) in the last month or so. Generally a quick look at the email header will tell you if its a phishing attack or not. A quick scan of all my archived email shows legitimate email traffic is sourced from: Quote Received: from uw1-admin-smtp12.wowadmin.net (smtp12.us.worldofwarcraft.com [12.129.242.48]) Received: from outbound.blizzard.com (outbound.blizzard.com [198.74.38.108]) Title: Re: My WoW-account's been compromised Post by: Mattemeo on May 20, 2010, 12:24:13 PM I am going to take a wild guess that when you hover over the http://blizzardblahblahblah links they actually go to somewhere else. Hadn't thought of that, but primarily because my first thought on getting the email was 'haha no'. Turns out the hover-over reveals the verification hyperlink actually wants to send me to a slightly more suspect 'h**p://www.worldofwarcraft-accountadmins-login.com/whatever.xml' and clearly not battle.net. Nice try, no cigar. Cheers for the advice, guys! :drill: Title: Re: My WoW-account's been compromised Post by: Lantyssa on May 20, 2010, 01:36:37 PM Granted I haven't been around much lately, but I think if one of your characters logged in and it wasn't you, we'd know.
Title: Re: My WoW-account's been compromised Post by: Dren on May 25, 2010, 06:36:54 AM The first clue is that Blizzard would never trade or sell your account themselves. If they had knowledge of said trade or sale, they would block it, not make sure you log in and say it is "ok" or "stop this now!" That email message doesn't make sense to begin with.
I've noticed a rise in in-game tells trying to phish me too. Thanks to Blizzard for the "Report Spam" tool. The best message I received that even had me thinking twice was, "You have received a rare mount. Please log into blah blah to receive it." It was simple and cooresponded to my own knowledge that I should be getting a mount soon from the "recruit-a-friend" program. It was spelled correctly and used proper English. I thought it was a good attempt anyway right up to the point where I knew they would just send the mount in in-game mail to my chars. Title: Re: My WoW-account's been compromised Post by: Fordel on May 25, 2010, 12:45:07 PM The first clue is that Blizzard would never trade or sell your account themselves. If they had knowledge of said trade or sale, they would block it, not make sure you log in and say it is "ok" or "stop this now!" That email message doesn't make sense to begin with. I've noticed a rise in in-game tells trying to phish me too. Thanks to Blizzard for the "Report Spam" tool. The best message I received that even had me thinking twice was, "You have received a rare mount. Please log into blah blah to receive it." It was simple and cooresponded to my own knowledge that I should be getting a mount soon from the "recruit-a-friend" program. It was spelled correctly and used proper English. I thought it was a good attempt anyway right up to the point where I knew they would just send the mount in in-game mail to my chars. In game communication is the easiest to verify, Blizzard always has the actual Blizzard logo in their names/mails in game. Title: Re: My WoW-account's been compromised Post by: Tannhauser on May 25, 2010, 04:29:50 PM I was cleaned out and Blizz restored all of my gold and items. I still don't know how they got me, I haven't played WoW since Dec.
Many thanks Blizz. Title: Re: My WoW-account's been compromised Post by: Righ on May 25, 2010, 04:53:56 PM This is clearly a false flag operation by Blizzard to get inactive players interested in their accounts again.
Title: Re: My WoW-account's been compromised Post by: Lantyssa on May 25, 2010, 06:26:41 PM I'm beginning to wonder if they let people input incorrect passwords all day. Vu got hacked and we haven't been able to find anything on our end.
Title: Re: My WoW-account's been compromised Post by: Fordel on May 25, 2010, 06:46:23 PM I'm beginning to wonder if they let people input incorrect passwords all day. Vu got hacked and we haven't been able to find anything on our end. They do. Specifically, the Forums don't have a login attempt limiter and you can apparently just power through combos easily enough with whatever technique/software you know. WoW passwords are not case sensitive either. Title: Re: My WoW-account's been compromised Post by: Mosesandstick on May 25, 2010, 06:50:13 PM I don't know when, but my account got compromised and I played a loooooong time ago. To stop myself from re-subbing I put my password as long, pure, gibberish. Still got broken.
Title: Re: My WoW-account's been compromised Post by: Lantyssa on May 25, 2010, 09:01:34 PM Specifically, the Forums don't have a login attempt limiter and you can apparently just power through combos easily enough with whatever technique/software you know. Seriously!? No friggin' wonder everyone and their dog gets hacked.WoW passwords are not case sensitive either. That's... :facepalm: Title: Re: My WoW-account's been compromised Post by: Rasix on May 26, 2010, 09:52:05 AM I'm getting a brand new type of phishing scam I haven't seen before: a Cataclysm beta invite that just asks me to confirm my opt in. First time I've seen this one.
Still getting two phishing emails a day trying to gank my WoW account and I haven't been playing for a few months. Title: Re: My WoW-account's been compromised Post by: Cyrrex on May 26, 2010, 10:51:52 AM I get one or two a day despite not having played for about 18 months. Anybody who hacks my account would be terribly disappointed with what they found anyway. I'm probably the worst WoW player ever, in that I don't have much of either money or interesting loot.
Title: Re: My WoW-account's been compromised Post by: Dtrain on May 26, 2010, 12:32:55 PM I wonder how much of their CS resources are devoted to cleaning up stolen accounts. From what I understand, they do a pretty thorough job of sorting out a compromised user.
Title: Re: My WoW-account's been compromised Post by: Sheepherder on May 26, 2010, 02:20:08 PM The ability to log the IP of the connecting computer combined with the fact that the breach will usually only occur in-game after the account's payment has lapsed for a short period will tell them exactly when the breach occurred.
Title: Re: My WoW-account's been compromised Post by: raydeen on May 31, 2010, 07:28:33 AM Well, my account got hacked. Last Saturday night as a matter of fact. I'm bad with checking emails so I never saw the 'Notice of Password Reset' email come in. I went to log in yesterday and my password wouldn't work. Tried several times as sometimes i type too fast and miss a letter or digit. Nada. So I go to the WoW page and do a password reset. I log in, reset the password, type in my name and the answer to my secret question, reset the pass, log into the game and find some rogue level 1's and some of my toons missing. Fortunately, my main didn't get touched but one of my other 'mains' did get deleted. I'm hoping to get her back as she had the Spirit of Competition pet which frankly was a big deal for me. I emailed Blizz and am waiting for a response. After spending several hours seething and killing a few hundred Alliance fuckers (it was an Alliance fucker who hacked my account so they all had to die because of it), I got to thinking...If the hacker was able to get in and change my password (I'm thinking it was just a very weak password - I don't run addons, only run it from my personal machines and as far as I can tell have clean systems), how would they have known my secret question/answer? If they did somehow figure it out, why would they leave it the way it was? Something's fishy here. I'm thinking maybe Blizz got hacked and not necessarily me. In any event, I'm getting one of those activators now. I always figured I was safe. Guess not.
Title: Re: My WoW-account's been compromised Post by: Merusk on May 31, 2010, 07:33:30 AM Secret questions are always fail because they're often easy to guess. Particularly if they know the person even a little bit. I detest that they've become such a commonplace form of 'security.' But when combined with Blizzards "e-mails ad IDs are a GOOD idea" and "try all you want we won't stop you" brute-forcing, it's stupidly easy to 'hack' accounts. If you don't have an authenticator you're just asking for it at this point.
Title: Re: My WoW-account's been compromised Post by: raydeen on May 31, 2010, 08:53:34 AM Well, the activator is ordered. Although I gotta say, my secret answer would've been bloody hard to guess even with a dictionary attack. Not a word that I would think anyone would stumble upon. Oh well.
Title: Re: My WoW-account's been compromised Post by: Lantyssa on May 31, 2010, 11:37:20 AM If he knew the original password he wouldn't need the secret question, would he? You needed it because of a reset. The e-mail is probably generic for any kind of password change.
Title: Re: My WoW-account's been compromised Post by: sickrubik on June 01, 2010, 07:49:08 AM Yeah, you don't need the secret question to change the password, only for the reset.
Title: Re: My WoW-account's been compromised Post by: Dren on June 01, 2010, 11:02:24 AM Specifically, the Forums don't have a login attempt limiter and you can apparently just power through combos easily enough with whatever technique/software you know. Seriously!? No friggin' wonder everyone and their dog gets hacked.WoW passwords are not case sensitive either. That's... :facepalm: This has to be what's happening widespread. I've never logged into the forums. Is it directly tied to my account and to whether I went there and started logging in or posting? They'd have to have my username/battlenet email first though right? Have the authenticator anyway, but I never really thought about the forums... That's insane. Title: Re: My WoW-account's been compromised Post by: Lantyssa on June 01, 2010, 12:46:20 PM The forums use the same login. An e-mail is easy to get or guess. If there is no IP lockout, then it's really easy to brute force a password for a list of valid e-mails.
Title: Re: My WoW-account's been compromised Post by: Merusk on June 01, 2010, 04:42:51 PM If you count anyone who's ever signed up for a Curse account (hello Curse "one click update" client!), Wow-head account or many, MANY guild sites they've got a big, long list of valid e-mails. The percentage of people who use different e-mails for everything is really, really damn low.
Title: Re: My WoW-account's been compromised Post by: Righ on June 01, 2010, 04:52:33 PM Specifically, the Forums don't have a login attempt limiter and you can apparently just power through combos easily enough with whatever technique/software you know. That probably explains a few of the crashes of the login server over the years. After all, who hasn't written an overly aggressive attack script and then shared it with all their friends for hacker kudos? It's practically a rite of passage in those circles. Title: Re: My WoW-account's been compromised Post by: brellium on June 02, 2010, 10:40:49 PM Quote from: spam Greetings! Nice email with all the hidden urls, quite amusing as I deleted all of my charecters prior to quiting.Recently, the problem of account invasion is getting worse and worse which cause enormous players’equipments and virtual currency stolen. This severely damages the benefits of mass players, also causes our company lose a lot of customers. Our company has to adopt some measures to safeguard our common benefits in order to strengthen the safety of mass players'accounts, and firmly resist the account to be stolen again.Through our company's research and investigation to xxx customers,we will make the following decisions: we launch a package of updated code strengthen system and dynamic code protection card which can effectively prevent the accounts invaded. We will send this package of code protection system to players free of charge. Please open this connection: http://www.worldofwarcraft.com/secure If your account passes the check successfully, we will send this package of dynamic code protection card to you in the form of e-mail. In 3 days after you receiving the e-mail, if you don't submit your information, we have right to freeze your account, every player is obligated to protect the safety of the account. You must work together with us to be determined to crack down all the behaviors of destroying games. If you had already authenticator your account, please disregard this automatic notification. Regards, The World of Warcraft Support Team Blizzard Entertainment http://www.blizzard.com/support/wowindex/ Title: Re: My WoW-account's been compromised Post by: Koyasha on June 02, 2010, 11:36:12 PM I don't understand why these people can't seem to write something that doesn't give itself away with obvious language screwups. Is it just because so many people are stupid enough to fall for it even when it's blatantly obvious? It's as though they intentionally leave the broken english callsign.
Title: Re: My WoW-account's been compromised Post by: Fordel on June 02, 2010, 11:47:58 PM I don't understand why these people can't seem to write something that doesn't give itself away with obvious language screwups. Is it just because so many people are stupid enough to fall for it even when it's blatantly obvious? It's as though they intentionally leave the broken english callsign. Yup. Title: Re: My WoW-account's been compromised Post by: Rendakor on June 03, 2010, 08:45:26 AM Another factor is that these phishers and spammers are probably not native English speakers.
Title: Re: My WoW-account's been compromised Post by: brellium on June 03, 2010, 10:18:13 AM Quote from: spam Greetings, This one was actually better, it actually got me to visit battle.net to check my account in a different ie tab (I deleted by authenticator off my ipod, so I couldn't log in). Only later did I notice there was an hidden url.Your World of Warcraft account may be involved in a trade. Trading/Selling World of Warcraft virtual property is against Blizzard's End User License Agreement. If your account is found violating Terms of Use, it can, and will be suspended / closed / or terminated. In order to keep this from occurring, you should immediately verify that you are the original owner of the account. Click on the link below to verify your Battle.net account: http://battle.net/account/management/ For more information, click here for answers to Frequently Asked Questions or to contact the Blizzard Billing Account Services team. Regards, The Battle.net Account Team Online Privacy Policy I enjoy the fact I seem to get these after I quit WoW, and coincedentally deleted my charecters (which means there's no way to check my inactivity). Title: Re: My WoW-account's been compromised Post by: Ingmar on June 03, 2010, 10:59:22 AM I got a very well done one:
Quote Hello ian, This is an automated notification regarding your Battle.net account. Some or all of your contact information was recently modified through Battle.net Account Management. If you recently made changes to your account information, please disregard this automatic notification. You can log in to Account Management at the following link to review your account settings: http://www.battle.net/account If you cannot sign into Account Management using the link above, or if unauthorized changes continue to occur, click here for answers to Frequently Asked Questions or contact the Blizzard Billing & Account Services team. Account security is solely the responsibility of the account holder. Please be advised that in the event of a compromised account, Blizzard representatives will typically lock the account. In these cases the Account Administration team will require faxed receipt of ID materials before releasing the account for play. Regards, The Battle.net Support Team Blizzard Entertainment Online Privacy Policy Other than not capitalizing my name it is pretty much free of typographical errors or obvious bad grammar. All the links (you can't see them all here) in it were legit too except for the battle.net/account one and the 'click here' one. Sadly they sent it to an address that isn't associated with a battle.net account. :-P Title: Re: My WoW-account's been compromised Post by: Paelos on June 03, 2010, 11:08:15 AM I'm amazed that I never get any of this shit. Are you people signing up for things or something?
Title: Re: My WoW-account's been compromised Post by: Ingmar on June 03, 2010, 11:26:26 AM I get like 2000 spam messages a day, but I am sort of a special case as things like "netadmin@mycompanyname" go through my filter.
Title: Re: My WoW-account's been compromised Post by: Rasix on June 03, 2010, 12:03:08 PM I'm amazed that I never get any of this shit. Are you people signing up for things or something? I imagine it's one of the couple WoW guild hosting sites I've signed up for in the past. I really need to set up a gmail account for this kind of crap. I get on average 2 WoW phishing emails a day, but none of them make it out of the spam box. Title: Re: My WoW-account's been compromised Post by: Xanthippe on June 03, 2010, 12:34:57 PM I just looked at my spam folder, because I never see any of this crap - although real email from Blizzard comes through.
It was chockful of these phishes. They are getting better, although some not. This one's my favorite: Quote Olá, diego This is greetings from the World of Warcraft in preparation for accession to the World of Warcraft: The disaster of the beta test, come on! Azeroth world turmoil coming, and you certainly do not want to be forgotten in the cold winds of Northrend , unable to enjoy the pleasant sun Corzine on the island. To ensure the participation of the application to the candidate in order to verify your identity, please visit the following [totallyfakeurl] From World of Warcraft account information for all the other games you are interested click series. Since your participation. you will get a large disaster closed beta Blizzard Entertainment Gift Pack for eligibility. Features such as mount / weapon. Thank you for your participation in the Blizzard team will continue to bring great catastrophe the most informative piece of information fast information. Only Account Administration will be able to assist with account retrieval issues. Thank you for your time and attention to this matter, and your continued interest in World of Warcraft. Blizzard Entertainment Inc Account Administration Team P.O. Box 18979, Irvine, CA 92623 Blizzard Entertainmen 2010.5.15 Sincerely, Account Administration And I'm not even named diego. It's like put through the google translator or something. Title: Re: My WoW-account's been compromised Post by: Paelos on June 03, 2010, 01:38:58 PM "You will get a large disaster..." "The disaster of the beta test, come on!" :why_so_serious:
Title: Re: My WoW-account's been compromised Post by: Mattemeo on June 03, 2010, 01:54:59 PM I think I've just received the non-Engrish version of Xanth's latest phishing email example...
Quote world of warcraft: Cataclysm Beta Test Invitation! Get those opt-ins ready for the World of Warcraft: Cataclysm closed beta! The sundering of Azeroth is nigh, and you don’t want to be left out in the cold of Northrend when you could be enjoying the sun-drenched beaches on the goblin isle of Kezan. To ensure you’re opted-in and eligible as a potential candidate, you’ll need a World of Warcraft license attached to your Battle.net account, have your current system specifications uploaded to the Battle.net Beta Profile Settings page, and have expressed interest through the franchise-specific check boxes. Get the Installer - Log in to your Battle.net account: http://haha.no ** IMPORTANT ** To avoid graphical bugs and other technical issues, please ensure your video card drivers are up-to-date. Enjoy the game! ?2010 Blizzard Entertainment, Inc. They didn't even try to entice me with free mounts and weapons! I feel somewhat slighted. Title: Re: My WoW-account's been compromised Post by: MrHat on June 03, 2010, 03:59:53 PM Just got an email from WoWaccounts saying that my account has been banned for exploiting.
I haven't even played it in over a year... Title: Re: My WoW-account's been compromised Post by: Rendakor on June 04, 2010, 12:13:26 PM One of my officers just got hacked. Again. And robbed the guild bank completely: Primordials, stacks of Eternals, Epic Gems, etc, all gone. I've had guildies hacked before, but they were members who only had access to 3 stack withdraws per day and the GM's restored that to us; last time this particular guy got hacked was a while ago, before we had a guild bank. Hopefully we'll get it all back, or at least most of it.
Title: Re: My WoW-account's been compromised Post by: Ingmar on June 04, 2010, 12:21:42 PM We've had our vault hacked 4 times now, and the restores sometimes take a while but they're never missing anything important.
After the last time we instituted a new 'you need to have an authenticator to be an officer or do more than 5 stacks/day' policy. We already had an officers-only page for the really valuable stuff, added after hack #2 or 3. Hopefully this will now put the issue to bed permanently. Title: Re: My WoW-account's been compromised Post by: Merusk on June 04, 2010, 03:22:09 PM There's a hack for the stacks/ day. I don't know if it's been patched or not, but we had someone clear out several tabs that were limited to 1/day. So we've now got a policy that you need an authenticator to get bank access AT ALL. No pet show, no bank.
Title: Re: My WoW-account's been compromised Post by: Fordel on June 04, 2010, 04:10:55 PM Well half our guild leadership secretly wants our vault to be cleared out, since it's usually full of shit like glass vials and level 5 healing potions. :why_so_serious:
Title: Re: My WoW-account's been compromised Post by: Rendakor on June 04, 2010, 06:55:46 PM Yea I'm afraid I'm going to have to make a new "Officer Who Gets Hacked" rank with no Guild Bank access for my two officers with poor password security.
Title: Re: My WoW-account's been compromised Post by: lesion on June 05, 2010, 11:03:03 AM This thread makes me want to pee myself a little. I'd like to think made-up words with numbers are good enough to not need an authenticator, and my account can still be used for ancient youth-restoring ritual sacrifice.
Anyone know if the hacks are limited to phishing and brute force? If so I think I'll spend that five bucks on ice cream, or meat. Then hubris will take me like a bearded man on a deserted island. Title: Re: My WoW-account's been compromised Post by: Sheepherder on June 05, 2010, 02:12:25 PM Anyone know if the hacks are limited to phishing and brute force? If so I think I'll spend that five bucks on ice cream, or meat. Then hubris will take me like a bearded man on a deserted island. Blizzard and hackers know. Neither will tell. But: 1. The authenticator doesn't protect you if the server or hash function is compromised, you would see a metric shitton of hacked authenticator accounts if the hacker could generate valid keys at will. 2. Compromising secure servers is risky and manpower intensive compared to phishing and brute force. 3. There proliferation of phishing attacks in the wild is a good indicator. Title: Re: My WoW-account's been compromised Post by: Dren on June 07, 2010, 01:21:24 PM Out of the people I know that got hacked and the individuals that post here that have been hacked, I'm pretty confident they weren't phished. It seems much more reasonable to me that their username was found somehow and used the password found through programs blasting the server until it worked.
That also explains why they continue to have issues with hacking even after getting everything fixed including wiping harddrives, etc. The username was found, worked, and had good stuff! Why not wait a few months and do it again? The username is now your email address. Not tough to figure that one out anymore. Until Blizzard makes it harder for hackers to blast the server with password attempts, I don't see any other deterrent than the Authenticator. Hell, Blizzard should just report how many failed attempts were made since the last successful login when you log on. I'm pretty sure if you saw 611,543 attempts made, you'll take some action. Make the forums a separate system with a different password perhaps. Leaving that wide open is just stupid. Title: Re: My WoW-account's been compromised Post by: Sheepherder on June 07, 2010, 03:24:23 PM I'm pretty sure if you saw 611,543 attempts made, you'll take some action. Which wouldn't do anything, because changing your password at that point doesn't actually prevent them from throwing shit to see if it sticks. Plus, a 6 digit random alphanumeric password will have been cracked roughly by ~58 475 attempts. But both facts are irrelevant, because phishing, trojans, and dictionary attacks hitting as wide a number of people as possible is a far more likely approach. Title: Re: My WoW-account's been compromised Post by: Zephyr on June 07, 2010, 04:00:41 PM Out of the people I know that got hacked and the individuals that post here that have been hacked, I'm pretty confident they weren't phished. It seems much more reasonable to me that their username was found somehow and used the password found through programs blasting the server until it worked. That also explains why they continue to have issues with hacking even after getting everything fixed including wiping harddrives, etc. The username was found, worked, and had good stuff! Why not wait a few months and do it again? The username is now your email address. Not tough to figure that one out anymore. Until Blizzard makes it harder for hackers to blast the server with password attempts, I don't see any other deterrent than the Authenticator. Hell, Blizzard should just report how many failed attempts were made since the last successful login when you log on. I'm pretty sure if you saw 611,543 attempts made, you'll take some action. Make the forums a separate system with a different password perhaps. Leaving that wide open is just stupid. Can it be brute forced? I had some network problems a few weeks ago where I kept getting knocked off at the character screen. I panicked thinking that I may have been hacked and forgot to get a new authentication key each time I tried logging in. I made about 4-5 login attempts before getting an error that my account was locked and I needed to contact billing support by phone to unlock it. Title: Re: My WoW-account's been compromised Post by: Mosesandstick on June 07, 2010, 05:08:07 PM I want to side on brute forced. As I said earlier I changed my password to gibberish and never touched WoW again and my account still got hacked. And I don't think I would've had any WoW-related trojans, but I can't remember as it was a long time ago.
Title: Re: My WoW-account's been compromised Post by: raydeen on June 07, 2010, 05:17:33 PM Anyone checked the WoW tech support forums recently? It's almost entirely hacked accounts threads, most of which are requests to have the authenticator removed. Seems the hackers are buying authenticators, hacking the accounts and then applying the authenticator so that no matter what, you're not getting into your game any time soon.
I went back through the older posts and it seems like this really started in earnest about 2 months ago and has just grown exponentially since. I was getting impatient as it's been a week and still no response from Blizzard but after seeing the raft of support requests and horror stories, I'm pretty sure I'm in for quite a bit of a wait. It would seem I'm near the end of a very long queue that's only getting longer. Edit: Got my authenticator today but I'm seriously considering writing a Python script to generate stupidly long random character strings and changing my password on a daily basis using whatever it spits out. Title: Re: My WoW-account's been compromised Post by: Lantyssa on June 07, 2010, 05:39:44 PM I do believe I predicted forcing everyone to use the e-mail address would not solve the hack attempts and would increase the problems associated with them.
Some people thought I was crazy back then. Given recent events, I would like to add to my original comments: "I told you so. Phhhbbt!" :-P Title: Re: My WoW-account's been compromised Post by: Merusk on June 07, 2010, 05:41:00 PM Tee hee.
Title: Re: My WoW-account's been compromised Post by: Fordel on June 07, 2010, 06:21:18 PM Anyone checked the WoW tech support forums recently? It's almost entirely hacked accounts threads, most of which are requests to have the authenticator removed. Seems the hackers are buying authenticators, hacking the accounts and then applying the authenticator so that no matter what, you're not getting into your game any time soon. You can download Authenticators tied to phones for free and you can have the computer you're on pretend its a phone to run said phone Authenticator. Title: Re: My WoW-account's been compromised Post by: raydeen on June 07, 2010, 07:14:03 PM Anyone checked the WoW tech support forums recently? It's almost entirely hacked accounts threads, most of which are requests to have the authenticator removed. Seems the hackers are buying authenticators, hacking the accounts and then applying the authenticator so that no matter what, you're not getting into your game any time soon. You can download Authenticators tied to phones for free and you can have the computer you're on pretend its a phone to run said phone Authenticator. Oh holy shit. I don't know why I don't just cancel these games and go back to playing the early TES games. At least then I and only I was my own worst enemy. Title: Re: My WoW-account's been compromised Post by: Paelos on June 07, 2010, 07:19:43 PM Well there goes the chance of me bothering with the authenticator.
Hey Blizzard, why don't you just make my username my SSN? What could go wrong? Title: Re: My WoW-account's been compromised Post by: pants on June 07, 2010, 07:26:37 PM Anyone checked the WoW tech support forums recently? It's almost entirely hacked accounts threads, most of which are requests to have the authenticator removed. Seems the hackers are buying authenticators, hacking the accounts and then applying the authenticator so that no matter what, you're not getting into your game any time soon. You can download Authenticators tied to phones for free and you can have the computer you're on pretend its a phone to run said phone Authenticator. My google-fu must be weak. I've tried to do this without any success - running an Android emulator didn't work particularly well - do you know where someone has done this? Title: Re: My WoW-account's been compromised Post by: Fordel on June 07, 2010, 07:34:46 PM Just put a Authenticator on your own account and you've defeated 99% of these account thefts. One Authenticator can cover all your Blizzard accounts/games even.
Pants - I can't even find the damn thing now myself, but I'm positive it exists! Title: Re: My WoW-account's been compromised Post by: raydeen on June 07, 2010, 08:40:03 PM Well there goes the chance of me bothering with the authenticator. Hey Blizzard, why don't you just make my username my SSN? What could go wrong? I think the meaning was that the hackers aren't actually buying authenticators but are running the software versions (through emulation or off of a smartphone) and thus locking people out of their own accounts. I'm assuming that once you've attached an authenticator to your account, it's much harder for them to gain access. Although I'm rather surprised. I assumed the authenticator was a USB dongle akin to the dongle keys that used to be used for high-end graphics software. I was kinda perplexed when I found it was just a little keygen that somehow generates keys on the fly based on the serial number of the device. A little less secure than what I was hoping for, but then I suppose something could be written to infect the launcher to bypass the authenticator check if it was hardware related. It's not like those old dongle keys were really all that effective in deterring piracy. Edit: We need biometric security devices. I've always wanted something that would do a fancy retinal scan like in the movies. 'Course then someone would just cut out my eye. Title: Re: My WoW-account's been compromised Post by: Sheepherder on June 07, 2010, 10:25:46 PM I was kinda perplexed when I found it was just a little keygen that somehow generates keys on the fly based on the serial number of the device. A little less secure than what I was hoping for, but then I suppose something could be written to infect the launcher to bypass the authenticator check if it was hardware related. The authenticator that Blizzard uses supports DES, Triple DES, and AES encryption (http://en.wikipedia.org/wiki/Block_cipher_security_summary#Common_block_ciphers). My guess is that they use a version of AES, but even with DES you would need to be running a $10 000 custom machine for two days to brute force one password for that little fucking $6.50 fob. Title: Re: My WoW-account's been compromised Post by: Fordel on June 08, 2010, 01:31:34 AM While on the subject: http://www.mmo-champion.com/news-2/beta-contest-flash-vulnerability-curse-google-scam/
Lord knows how many people fall for the Google Add trick. Title: Re: My WoW-account's been compromised Post by: Simond on June 08, 2010, 05:32:38 AM Blizzard really should just bump the box price of Cataclysm up $5 and throw a 'free' authenticator into every box.
Title: Re: My WoW-account's been compromised Post by: Dren on June 08, 2010, 06:54:16 AM I'm pretty sure if you saw 611,543 attempts made, you'll take some action. Which wouldn't do anything, because changing your password at that point doesn't actually prevent them from throwing shit to see if it sticks. My point was that you would then change your username/email and password once you knew you were a target. Or just get an authenticator and ignore the fact that somebody is hopelessly throwing passwords at your account. Title: Re: My WoW-account's been compromised Post by: Cyrrex on June 08, 2010, 07:33:29 AM I think when your MMO requires the same level of security as a corporate bank account, it might be time to move on.
Title: Re: My WoW-account's been compromised Post by: Sheepherder on June 08, 2010, 08:29:58 AM I do believe I predicted forcing everyone to use the e-mail address would not solve the hack attempts and would increase the problems associated with them. Some people thought I was crazy back then. Given recent events, I would like to add to my original comments: "I told you so. Phhhbbt!" :-P Haven't been hacked yet. And no phishing email in my junk folder. You guy are just doing it wrong. Title: Re: My WoW-account's been compromised Post by: Kageru on June 08, 2010, 09:04:28 AM We've had a string of hacks and the most recent one (yesterday) gave us a demonstration of the ability to ignore bank withdrawal limits. I've ordered an authenticator but paying 20$ to get it mailed bites. So shipping one in cataclysm has my support. If the forums really allow unlimited log-in attempts with no cool-down that's near being an accessory, especially now they've made account name eminently discoverable. Title: Re: My WoW-account's been compromised Post by: Dren on June 08, 2010, 12:59:35 PM I do believe I predicted forcing everyone to use the e-mail address would not solve the hack attempts and would increase the problems associated with them. Some people thought I was crazy back then. Given recent events, I would like to add to my original comments: "I told you so. Phhhbbt!" :-P Haven't been hacked yet. And no phishing email in my junk folder. You guy are just doing it wrong. Keeping an email account only for the use of your WoW account and absolutely nothing else would probably prevent all issues outside of trojans and keyloggers. I'd imagine many people screw up at some point and put that email address into a list of emails that have a very high probably of being WoW players either current or past. Once a hacker grabs that list, most of the work is done for them. Just go down the list and blast each one with password combinations until you get a hit. If you don't get a hit, you can still spam them with phishing until you catch a sucker. Lantysaa is just saying the probability of people screwing up and getting their email on a list is higher now. I happen to agree. Title: Re: My WoW-account's been compromised Post by: Selby on June 08, 2010, 04:40:36 PM Keeping an email account only for the use of your WoW account and absolutely nothing else would probably prevent all issues outside of trojans and keyloggers. I do this. My forum email address I've used since 1998 randomly started getting WoW spam a few days ago (like 1-2) yet my WoW account is on a completely different email address that never gets spammed.Title: Re: My WoW-account's been compromised Post by: brellium on June 08, 2010, 09:59:17 PM We've had a string of hacks and the most recent one (yesterday) gave us a demonstration of the ability to ignore bank withdrawal limits. I've ordered an authenticator but paying 20$ to get it mailed bites. So shipping one in cataclysm has my support. If the forums really allow unlimited log-in attempts with no cool-down that's near being an accessory, especially now they've made account name eminently discoverable. Title: Re: My WoW-account's been compromised Post by: Azazel on June 08, 2010, 10:33:19 PM I haven't played in well over a year now, but now and then consider going back for awhile. One of the things that really puts me off is the whole "battle.net email id" bullshit. I don't want to use my fucking email address for my login. Jebus.
Title: Re: My WoW-account's been compromised Post by: ezrast on June 08, 2010, 10:53:02 PM Blizzard really should just bump the box price of Cataclysm up $5 and throw a 'free' authenticator into every box. No, they should stop being retarded about their account security. Who the fuck implements case-insensitive passwords? If I hadn't just unsubbed I would probably try to get some people on the official forums riled up about that. Too bad I don't care enough.Title: Re: My WoW-account's been compromised Post by: WindupAtheist on June 08, 2010, 11:24:05 PM Email address used for absolutely nothing but WoW.
Firefox with AdBlock, FlashBlock, and NoScript addons. There could be a Flash bug that makes your PC fucking explode and I wouldn't know about it unless it turned up in a Youtube video. Seriously, I read about shit like this and think "There are still people who let Flash run without explicit permission?" Title: Re: My WoW-account's been compromised Post by: Sheepherder on June 08, 2010, 11:37:09 PM Note: most free mail things are capable of forwarding your mail to your everyday inbox via parental controls if nothing else.
Title: Re: My WoW-account's been compromised Post by: Lantyssa on June 09, 2010, 06:43:27 AM Most people are too damn stupid to accomplish even that. Sure the 1% of those of us with a clue can protect ourselves. That doesn't mean Blizzard shouldn't take security seriously, especially since their #1 cost right now is probably paying CSRs to deal with hacks.
Title: Re: My WoW-account's been compromised Post by: Paelos on June 09, 2010, 10:27:35 AM Most people are too damn stupid to accomplish even that. Sure the 1% of those of us with a clue can protect ourselves. That doesn't mean Blizzard shouldn't take security seriously, especially since their #1 cost right now is probably paying CSRs to deal with hacks. Still less money than sending out authenticators to everyone for free, apparently. I think they should just offer people who have played the game for over two years a free one personally. In leiu of that, however, I would expect that the "Collector's edition" of the expansion should include one. Title: Re: My WoW-account's been compromised Post by: Redgiant on June 12, 2010, 02:21:43 PM Don't underestimate the danger of using the same password for different accounts. No keylogging or other fancy hacks needed; just let the power of human nature run its course.
Having an account that uses the same password as a game account is as good as telling them your password. 1. Person buys WoW gold from some site. More people do this than will ever admit to it. 2. They make you create a login and password for their own site. People are lazy and just use the same cryptic-except-to-them-string they use in other places. 3. They know your WoW account name and at least one character on it since the deliver to you in-game. 4. 2+2=4...They try the password you gave for their account, using your WoW login account. Works pretty often. Title: Re: My WoW-account's been compromised Post by: Rasix on June 13, 2010, 03:12:24 PM Just yesterday, the only non-IRL friend of mine in my guild (we're small) was probably hacked. He hadn't been online in months even before I stopped playing. Reappeared, took everything in the bank, and removed all characters but his officer from the guild. My friend that moved to Virginia told me this over the phone as I was picking up food for my son's birthday party. So now the bank is unusable unless a GM can do something.
I may have to reactivate my account to kick his remaining character, transfer guild ownership to my RL friend that's still playing, and see if I can find someone that can get a hold of him (despite him being my only real WoW "friend" I don't have any contact info for him). YAY. :awesome_for_real: Title: Re: My WoW-account's been compromised Post by: Goreschach on June 14, 2010, 10:58:08 AM Blizzard really should just bump the box price of Cataclysm up $5 and throw a 'free' authenticator into every box. No, they should stop being retarded about their account security. Who the fuck implements case-insensitive passwords? If I hadn't just unsubbed I would probably try to get some people on the official forums riled up about that. Too bad I don't care enough.It's funny because you actually think this is the problem. Most of these account hackings are coming from suspect interactive websites and people logging into compromised public computers/networks. Really, the problem wouldn't be very difficult to fix, and Bliz probably just neglects to do it for fear of inconveniencing users and causing them to quit. What they need to do is implement a mandatory tear-away password dongle that's linked to an account during creation. Title: Re: My WoW-account's been compromised Post by: Dren on June 14, 2010, 11:10:58 AM Most of these account hackings are coming from suspect interactive websites and people logging into compromised public computers/networks.... I'm truly not trying to be an ass, but where do you get this information? I'd seriously like to see where they have broken down the incident rate for root cause on hacked accounts. I suspect this is your opinion, but if you have data please share. Title: Re: My WoW-account's been compromised Post by: Sjofn on June 14, 2010, 11:31:17 AM I don't take my security particularly seriously, yet my email (my ONLY email) gets no fake-WoW emails and I never got hacked (although after the fiftieth time someone in my guild did, I got an authenticator because while I was pretty sure I would continue to not be hacked, I didn't want to be THAT PERSON). So I don't think the email login = ZOMG DOOM. There's other shit (like passwords not being case sensitive, wtf) I can see being all rabble rabble about, but the email thing just doesn't strike me as a big damn deal. It's certainly not the only thing I use that wants my email to be my login.
Title: Re: My WoW-account's been compromised Post by: Rasix on June 17, 2010, 10:02:30 AM Follow up:
Quote After review, it has been determined that the above character has gone more than 30 days without logging in to the World of Warcraft. We have received a request from a guild member for a new Guild Master to be appointed to allow for proper guild management and growth. In order to facilitate this, we have demoted the former Guild Master to Officer status. We hope you continue to enjoy your experience in World of Warcraft! It might not be speedy, but they resolved the issue without me having to re-up. Title: Re: My WoW-account's been compromised Post by: Rendakor on June 27, 2010, 07:04:32 AM Fuck my life, my account just got hacked. Woke up and went to log in this morning, "Please type authenticator code". Sent an email to blizzard and am running a virus scan or 3. Gonna call Blizzard CS after work tonight to at least get the fucking Authenticator removed. No email messages saying my password was changed, an authenticator added, etc. Email address had a different password than the WoW account, although I suppose if I hit a keylogger or something it would've picked that up too.
Title: Re: My WoW-account's been compromised Post by: Paelos on June 27, 2010, 07:59:06 AM That sucks. Let us know what kind of turnaround time you have.
Title: Re: My WoW-account's been compromised Post by: Rendakor on June 27, 2010, 04:12:42 PM Just got home from work, no reply to my emails to Blizzard. However, I see that they've transferred one of my toons (my level 72 Warlock :uhrr:) to a new server, and as icing on the cake, my account's been closed for "Exploitative Activity: Abuse of the Economy". Sigh. I'm on hold with customer service now.
I ran MalwareBytes, CounterSpy and Avast and none of them turned up anything on my system. However, I've done stupid things like played on an unsecured Wireless network, logged into my account on the college campus, etc. so I can only assume they've had my password for a while. Of course, this makes me wonder if every time I've gotten a disconnection in the past few months has been an attempt by a hacker to log in. Edit: Just got off the phone. The guy was very helpful; he took the Authenticator off my account and escalated my support emails. I changed my password immediately, and now I can log in, but it still says I'm banned. Supposedly I'll hear back about getting the account reactivated within a few hours. Title: Re: My WoW-account's been compromised Post by: kildorn on June 28, 2010, 08:28:59 AM "Exploitative Activity: Abuse of the Economy"
Sorry to laugh at your shitty experience, but for some reason I find this hilarious, and picture it being said by someone with a monocle reading off an official announcement. Title: Re: My WoW-account's been compromised Post by: Sheepherder on June 28, 2010, 12:50:42 PM Said message gets sent out to every hacked account, as far as I can tell. I'm guessing the GM's don't actually have the option to initiation a ban without an automated message.
Title: Re: My WoW-account's been compromised Post by: raydeen on July 11, 2010, 04:51:05 AM Said message gets sent out to every hacked account, as far as I can tell. I'm guessing the GM's don't actually have the option to initiation a ban without an automated message. I didn't get that particular email when mine was hacked. I seem to have been lucky enough to have been hacked by someone who just wanted to do some quick spamming with some level 1's. Far as I can tell, nothing else went on with any of my characters other than my one toon being deleted (which has since been restored). Title: Re: My WoW-account's been compromised Post by: Paelos on July 11, 2010, 08:47:36 AM I got hacked on Thursday afternoon and had my stuff returned on Saturday afternoon. So I was pretty impressive with the overall turnaround. Also, I think they gave me a few boe's I never had, and some upgrades to my dps stuff for my trouble.
I think I came out ahead in the hack by ~12k gold in net assets. :why_so_serious: Title: Re: My WoW-account's been compromised Post by: WindupAtheist on July 12, 2010, 11:36:47 AM Routine AdAware scan turned up something suspicious. I can think of at least two places it's more likely to have slipped through than from anywhere WoW related but, after giving myself the full multi-program antivirus treatment and finding nothing else, I changed my bnet email and password again.
Title: Re: My WoW-account's been compromised Post by: Abagadro on July 28, 2010, 03:05:52 PM I just received an email from WoWAccountReview@eu.blizzard.com entitled "Character Faction Change Notice." I haven't played WoW since about two months after it came out. Is this a phish or has my account already been hacked? Kinda weird to have this happen the day after I sign up on b.net for SC2.
Title: Re: My WoW-account's been compromised Post by: Ingmar on July 28, 2010, 03:06:52 PM Check the actual header of the message and check the links to see where they actually go (without clicking obviously), you can't put any stock in the From: address.
Title: Re: My WoW-account's been compromised Post by: Musashi on July 28, 2010, 03:58:34 PM There's a shitload of things floating around that can swipe your email. Likely from a friend's contact list or something. It may not be you. But that's phishing mail, for sure. I get literally fifty of them per week after I got hacked.
Title: Re: My WoW-account's been compromised Post by: Azazel on July 30, 2010, 04:16:40 AM I just received an email from WoWAccountReview@eu.blizzard.com entitled "Character Faction Change Notice." I haven't played WoW since about two months after it came out. Is this a phish or has my account already been hacked? Kinda weird to have this happen the day after I sign up on b.net for SC2. I got the same email on the same day. I changed my password and sent a query email to blizz via the official wow website. I was almost 100% sure it was a phishing email since I logged into the WoW site with my wow-login, since I quit before they needed bnet addresses. Title: Re: My WoW-account's been compromised Post by: Paelos on July 30, 2010, 07:23:34 AM I got the same email. I flipped out for a second, then remembered I had an authenticator and this was silly.
Title: Re: My WoW-account's been compromised Post by: WoopeeTuralyon on July 30, 2010, 10:07:34 AM Weird. I've never gotten a fake Blizz email, but I have been hacked!
Title: Re: My WoW-account's been compromised Post by: Mattemeo on August 02, 2010, 12:39:53 PM Here's the latest attempt. Much more convincing but after checking I could happily log into battle.net myself and checking out the support addresses were wrong in the mail it has been discounted.
Quote New Login Account Confirmation 01/08/2010 Blizzard Entertainment Blizzard Entertainment WoWAccountAdmin@blizzard.com From: Blizzard Entertainment (WoWAccountAdmin@blizzard.com) Sent: 01 August 2010 01:38:48 Hello, Blizzard Entertainment recently received a request to change the e-mail address used to log in to the Battle.net account with the username myaddress@hotmail.com. The e-mail address k***@hotmail.com has been specified as the new username for this Battle.net account. An email has been sent to this new address containing a verification link to complete the change. Once the new address has been verified, the e-mail address myaddress@hotmail.com can no longer be used to log in to this Battle.net account or any World of Warcraft accounts merged with this Battle.net account. If you did not initiate this request, please click here to contact the Blizzard Billing & Account Services team immediately. Sincerely, The Battle.net Account Team Online Privacy Policy Title: Re: My WoW-account's been compromised Post by: Paelos on August 02, 2010, 12:48:58 PM I'm getting Starcraft phishing mail now, telling me I've purchased things. Very Very odd.
Title: Re: My WoW-account's been compromised Post by: Morat20 on August 02, 2010, 01:06:01 PM Here's the latest attempt. Much more convincing but after checking I could happily log into battle.net myself and checking out the support addresses were wrong in the mail it has been discounted. I got that one too. Need to remember to warn the wifey. I just logged into Battlenet and checked. Quote New Login Account Confirmation 01/08/2010 Blizzard Entertainment Blizzard Entertainment WoWAccountAdmin@blizzard.com From: Blizzard Entertainment (WoWAccountAdmin@blizzard.com) Sent: 01 August 2010 01:38:48 Hello, Blizzard Entertainment recently received a request to change the e-mail address used to log in to the Battle.net account with the username myaddress@hotmail.com. The e-mail address k***@hotmail.com has been specified as the new username for this Battle.net account. An email has been sent to this new address containing a verification link to complete the change. Once the new address has been verified, the e-mail address myaddress@hotmail.com can no longer be used to log in to this Battle.net account or any World of Warcraft accounts merged with this Battle.net account. If you did not initiate this request, please click here to contact the Blizzard Billing & Account Services team immediately. Sincerely, The Battle.net Account Team Online Privacy Policy I've simply gotten into the habit of never clicking email links, unless they are ones I'm expecting -- and even then, I mouse over it and verify it's to the right place. Title: Re: My WoW-account's been compromised Post by: proudft on August 02, 2010, 02:13:13 PM I server transferred a guy the other day and later the same day got a phishing email about YOUR FACTION TRANSFER IS COMPLETE.
That one alllllmost got me, but hover-link saved the day again. The timing was eerie, though. Better luck next time, haxxors. Title: Re: My WoW-account's been compromised Post by: Merusk on August 02, 2010, 03:32:02 PM My former guild had someone with an authenticator get "hacked" the other day. They deleted his character after selling everything off. I'm willing to bet one of these latest social engineering e-mails was the true culprit, but he's too prideful to ever admit as such. "Naw, it has to have been a common add-on or they're hacking B-net! I don't fall for that stuff."
Title: Re: My WoW-account's been compromised Post by: WoopeeTuralyon on August 02, 2010, 09:20:22 PM I was hacked one time a few years ago, and they deleted all my chars EXCEPT my level 12 rogue, who still had a couple hundred gold on him when I logged on. Weird. And I hadn't clicked any links either... so I guess I was just very unlucky.
Title: Re: My WoW-account's been compromised Post by: Rendakor on August 02, 2010, 09:21:44 PM I'm getting Starcraft phishing mail now, telling me I've purchased things. Very Very odd. I got one of those today too. It strikes me as strange too since I've never gotten any WoW phishing ones. Pretty obvious though, since even the listed links were to us.battle.coderedemption.net/login.html. Title: Re: My WoW-account's been compromised Post by: Mattemeo on August 04, 2010, 08:21:08 PM Ok, the last one was at least competently written and made me need to check things out. Today's attempt is just sad... here's an exerpt from 'WoWAccountEU @ review.blizzard.com' (I don't even play on EU) :
Quote Due to suspicious activity, the Battle.net account myaddress @ hotmail.com has been locked. You logined your account successfully at 11:26:56 on 2010-8-4 from the 175.242.12.5, but our system shows this IP isn't your registered IP. We are concerned about whether your account has been stolen. In order to guarantee the legitimacy of your account, we need you follow these steps: Rest includes some seriously bad, overlong, blatantly phishy clickthrough urls, not even hyperlink-masked. I wouldn't usually have bothered posting an obvious one, but I'm guessing this one was just a shot in the dark. Title: Re: My WoW-account's been compromised Post by: Lt.Dan on August 04, 2010, 09:28:43 PM Some of those phishing attempts are scary clever. After getting a few in the last couple of weeks I've changed my bnet email and login to a new email address created specifically for WoW. Hopefully that stops me falling for "your account has been stolen" or "cataclysm launcher" emails.
Title: Re: My WoW-account's been compromised Post by: Riggswolfe on August 05, 2010, 10:14:10 PM Well, I think I got hacked but got very, very lucky as near as I can tell.
Earlier today I was on my highest level "main". My wife came home and I switched to my druid. I kept getting booted offline and I kept coming back on. The last time it didn't take my password so I changed it and got back on again. Then I got booted again and this time got the "your account has been suspended notification" followed later by an email. I've run Spybot, Malware Byes, am currently running Windows Security Essentials and plan to run AVG after that. None of them have found anything yet. As far as I know my characters didn't get touched unless it was during that 2-3 minutes were my password was changed. Edit: I still haven't found anything. Do any of you guys have any hints? Do you think I have a key logger or was it just a brute force attack on my password? Title: Re: My WoW-account's been compromised Post by: Arthur_Parker on August 06, 2010, 07:50:29 AM How many characters in your old password out of interest?
Title: Re: My WoW-account's been compromised Post by: Dren on August 06, 2010, 08:01:52 AM If you actually changed your password and it still continued to happen, it has to be a keylogger doesn't it? I can't believe brute force would come up with your new password that quickly.
Title: Re: My WoW-account's been compromised Post by: Riggswolfe on August 06, 2010, 08:30:58 AM If you actually changed your password and it still continued to happen, it has to be a keylogger doesn't it? I can't believe brute force would come up with your new password that quickly. Except I didn't actually change it. I was stupid and thought I was mistyping it so just reset it thinking I'd locked my account and put it right back to my old password. Yes, I was a moron. I wasn't thinking clearly, it was late and I was in a dungeon and my main thought was "got to get back on NOW". I'm paranoid about changing it now because if there is a keylogger they'll just get the new one anyway. Edit: It is now actually changed. We'll see. The password I changed to isn't the one I was originally planning to use. So far, nothing I have tried has found anything except a trojan called Java/Downloader.P which I can't find any information on and something called Html/Framer.CX which I also haven't had much luck finding anything about. I'm wondering if they're both false positives. Have any of you heard of them? Title: Re: My WoW-account's been compromised Post by: Arthur_Parker on August 06, 2010, 09:00:48 AM http://forums.avg.com/ww-en/avg-free-forum?sec=thread&act=show&id=98273#post_98273
You on latest dat files? Title: Re: My WoW-account's been compromised Post by: Rendakor on August 06, 2010, 09:22:08 AM You running an unsecured wireless network by any chance?
Title: Re: My WoW-account's been compromised Post by: Riggswolfe on August 06, 2010, 09:28:25 AM You running an unsecured wireless network by any chance? Hell no. If people want wireless they need to buy their own damned router. Now, my key could be hacked if someone was determined enough but you know, I doubt I'm important enough for some dude to park in front of my house and hack me and my neighborhood is mostly old people so I doubt any of them even know how to use one of these newfangled computer things. http://forums.avg.com/ww-en/avg-free-forum?sec=thread&act=show&id=98273#post_98273 You on latest dat files? Yes I am. I just updated them today. Thanks for the link. My googlefu is apparently weak today. Title: Re: My WoW-account's been compromised Post by: Morat20 on August 06, 2010, 09:39:45 AM Most common ways to get your password:
1) Phishing/social attacks. 2) You reusing name/password combos that have either been phished before, or hacked. 3) Trojans/keyloggers/the like. Most likely explanation is you typed your ID/password somewhere you shouldn't have -- fake WoW site via phishing for instance. No matter how vigilant you are, sooner or later you'll brain fart and do this with SOMETHING. Second most likely is -- and we're pretty certain this is how my wife had hers compromised -- you used that username-password combo for something like, say, a WoW guild forum, which someone cracked and sold the id/password combos to. The last is you got infected by something that was looking for and logged those things, and sent them off. At least that's the general gist I got from the security courses and classes I've had to take, about how internet security is compromised. I'd just get a token. I've been meaning to get one myself -- we use RSA SecureID at work, and it prevents a lot of crap, and I understand the WoW authenticators work under similiar principles. Title: Re: My WoW-account's been compromised Post by: Riggswolfe on August 06, 2010, 09:46:21 AM Yeah, I've ordered the authenticators and they should be here in a week or two.
Most common ways to get your password: 1) Phishing/social attacks. 2) You reusing name/password combos that have either been phished before, or hacked. 3) Trojans/keyloggers/the like. 1) I haven't even gotten any fake emails or the like. 2) yeah, I probably did this one. I'm bad about that, I won't lie. 3) This is my big worry mostly because it puts stuff besides WOW in danger. It turns out that the framer "virus" AVG found is probably a false positive. That only leaves the java/downloader.p which it removed but I'm trying to find info on. Meanwhile I'm running other AVs and doing the "go overboard and scan the hell out of my comp" routine. Edit: I will be unsuspended around 10pm central tonight. We'll see what I find when that happens. One of my worries is that they put a fake authenticator on my account. We'll see. Title: Re: My WoW-account's been compromised Post by: Morat20 on August 06, 2010, 09:51:58 AM Edit: I will be unsuspended around 10pm central tonight. We'll see what I find when that happens. One of my worries is that they put a fake authenticator on my account. We'll see. They're pretty good about it, customer service wise, fixing stuff like that. Most farmers and hackers simply won't bother with a massive back and forth with customer service if you're disuputing it. It'll help if you tended to use a credit card and not a pre-paid card, though, since it can tie "who is paying for this" to a specific person. Title: Re: My WoW-account's been compromised Post by: Riggswolfe on August 06, 2010, 09:58:00 AM Edit: I will be unsuspended around 10pm central tonight. We'll see what I find when that happens. One of my worries is that they put a fake authenticator on my account. We'll see. They're pretty good about it, customer service wise, fixing stuff like that. Most farmers and hackers simply won't bother with a massive back and forth with customer service if you're disuputing it. It'll help if you tended to use a credit card and not a pre-paid card, though, since it can tie "who is paying for this" to a specific person. I do. I was actually a little worried about that but the Blizzard rep said these guys don't usually mess with your credit card because that brings down alot more heat on them than getting your virtual stuff from a video game. Title: Re: My WoW-account's been compromised Post by: Morat20 on August 06, 2010, 10:05:40 AM I do. I was actually a little worried about that but the Blizzard rep said these guys don't usually mess with your credit card because that brings down alot more heat on them than getting your virtual stuff from a video game. My wife got her account hacked, had it played and used for farming, then the account perma-banned. She didn't notice for a YEAR. It took Blizzard customer service about 4 days to reinstate the account, and they were apologetic that they couldn't get her stuff back.Not that it mattered. She got a free WoTLK upgrade out of it (the farmers had upgraded her account) and had a bank full of farmed materials. She was just upset at someone having moved her main through TBC and WoTLK, so started an alt while slowly relearning her main and going through all the quests. (The farmer hadn't bothered with that). Title: Re: My WoW-account's been compromised Post by: Arthur_Parker on August 06, 2010, 12:39:24 PM That only leaves the java/downloader.p which it removed but I'm trying to find info on. Meanwhile I'm running other AVs and doing the "go overboard and scan the hell out of my comp" routine. This it? http://forums.avg.com/pl-en/avg-free-forum?sec=thread&act=show&id=93653#post_93653 Title: Re: My WoW-account's been compromised Post by: Riggswolfe on August 06, 2010, 01:09:19 PM That only leaves the java/downloader.p which it removed but I'm trying to find info on. Meanwhile I'm running other AVs and doing the "go overboard and scan the hell out of my comp" routine. This it? http://forums.avg.com/pl-en/avg-free-forum?sec=thread&act=show&id=93653#post_93653 It looks like he had the same thing at least though it doesn't say what it was. AVG cleaned it out. I'm just trying to figure out if it was what got my password or if I need to keep looking. I'm running something called Webroot now which is supposed to be pretty good. All it's found so far are various tracking cookies. I think I know where I got it I just want to know if it's gone for real or if it's being missed. Title: Re: My WoW-account's been compromised Post by: Riggswolfe on August 07, 2010, 10:33:59 AM Well, my account unlocked at 9:45pm yesterday. I got in and nothing was missing and obviously no authenticator. So far there has not been anything else suspicious going on. That said, I don't know if they're just waiting or if I really did save myself through password changes and running multiple security programs. They never seemed to find anything major but maybe I got lucky and it was just brute force?
Title: Re: My WoW-account's been compromised Post by: proudft on August 07, 2010, 10:36:41 AM Could be. WoW passwords are apparently non-case specific and have no # of attempts limiter so it is actually fairly feasible for someone to write a custom brute force login thing. Plus they tend to be short, and your email is floating around somewhere already. Take a look at these times if you want to be scared:
http://www.lockdown.co.uk/?pg=combi Then get an authenticator. :oh_i_see: Title: Re: My WoW-account's been compromised Post by: Riggswolfe on August 07, 2010, 01:39:29 PM Then get an authenticator. :oh_i_see: I bought one for my wife and myself. Really, my biggest worry is a key Title: Re: My WoW-account's been compromised Post by: WoopeeTuralyon on August 07, 2010, 07:19:24 PM That's creepy make it go away!
Also, these authenticators ruined my fun of playing friend's accounts. Title: Re: My WoW-account's been compromised Post by: ezrast on August 10, 2010, 05:44:49 PM If you're worried about brute force attacks you're doing it wrong. Even with WoW's relatively short maximum password length and ridiculous case-insensitivity, it's not hard to come up with something that's not going to get brute-forced any time this century. Just use the first 16 characters of a catchy song lyric and replace all the E's with Q's, or something.
Title: Re: My WoW-account's been compromised Post by: brellium on August 11, 2010, 07:40:07 AM The best passwords (and a total pain in the ass) are ones that include ascii charecters. Go ahead brute force that.
Title: Re: My WoW-account's been compromised Post by: Lantyssa on August 11, 2010, 07:55:49 AM To a computer they're all the same. It only matters if their algorithm includes them or not.
Title: Re: My WoW-account's been compromised Post by: Paelos on August 11, 2010, 08:23:21 AM I went without an authenticator for 5 years, then I got one after being hacked once. This, to me, seems to be the only responsible way to deal with a hack beyond preventing it with an authenticator in the first place. However, the shocking amount of people who get hacked and only change their passwords in my guild alliance is staggering. I had a guy get "hacked" 3 times before we finally tossed his ass out of the guild. Once, could happen to anybody. Twice, you're not doing your job to keep better security so get on it now. Three strikes, and you're out.
Title: Re: My WoW-account's been compromised Post by: Morat20 on August 11, 2010, 09:42:39 AM The best passwords (and a total pain in the ass) are ones that include ascii charecters. Go ahead brute force that. I tend to do things like, say, insert a given year (either 4 digits or just 2) that I'll remember, into the middle of my password, then tack special characters onto the beginning or end. I have a handful of years, a handful of six-digit random characters (numbers, letters, capital or not), and three sets of three special characters.Mix and match them. Of course, I work someplace that requires 12-character passwords, with one capital, one special character, and one number -- and changes them every 60 days on a "no reuse" policy of a year. (They check, the fuckers. And their algorithms are good enough to check minor variations, too). That's the system I use for work. For games, I have a slightly different one. Same idea, though. Difficult to force, varied enough that I don't use the same passwords in mulitple places, easy for me to jot down cryptic 'hints' that'll let me remember it without giving anything away. On the other hand, for the RSA SecureID tokens I use for the OTHER half of my work, well...remembering a 4-digit PIN and using a 6-digit paired random number generator is more secure and easier to use. Title: Re: My WoW-account's been compromised Post by: Rendakor on August 11, 2010, 09:43:17 AM I went without an authenticator for 5 years, then I got one after being hacked once. Same here; I assumed I was safe (and still I'm not sure exactly what I did to get hacked) til they got me, then I got an authenticator. Title: Re: My WoW-account's been compromised Post by: Xuri on August 11, 2010, 09:51:17 AM My theory? Blizzard are hacking accounts themselves to force people to get authenticators. :awesome_for_real:
Title: Re: My WoW-account's been compromised Post by: Rendakor on August 11, 2010, 10:07:44 AM At 6 dollars a pop that's bad business. They could just reskin another mount!
Title: Re: My WoW-account's been compromised Post by: Paelos on August 11, 2010, 10:42:09 AM My theory? Blizzard are hacking accounts themselves to force people to get authenticators. :awesome_for_real: Actually the funny thing is that I had that thought when I got hacked. I cancelled my account, and got hacked within about 6 hours. Was it an odd coincidence? Probably yeah, but the timing still gave me pause. Title: Re: My WoW-account's been compromised Post by: Fordel on August 11, 2010, 05:35:25 PM They sell those things at cost if I understand right.
Title: Re: My WoW-account's been compromised Post by: Morat20 on August 11, 2010, 07:00:42 PM They sell those things at cost if I understand right. I would if I was them. I might even sell them at a slight loss. Much harder to hack an authenticator, and each hacked account has to take up expensive customer support time.Title: Re: My WoW-account's been compromised Post by: Ingmar on August 11, 2010, 08:32:08 PM Heck the authenticator app is free.
Title: Re: My WoW-account's been compromised Post by: Fordel on August 11, 2010, 11:32:52 PM I half expect Cata boxes to simply have one inside.
Title: Re: My WoW-account's been compromised Post by: rk47 on August 12, 2010, 07:56:03 AM I usually just put my mom or dad's mobile number. Helps to keep me remembering of family and less likely for ppl I know to get lucky guesses.
Title: Re: My WoW-account's been compromised Post by: sickrubik on August 12, 2010, 08:00:48 AM They sell those things at cost if I understand right. I would if I was them. I might even sell them at a slight loss. Much harder to hack an authenticator, and each hacked account has to take up expensive customer support time.At 6.95, they're barely covering their shipping costs. Title: Re: My WoW-account's been compromised Post by: WindupAtheist on August 12, 2010, 12:19:45 PM The best passwords (and a total pain in the ass) are ones that include ascii charecters. Go ahead brute force that. I tend to do things like, say, insert a given year (either 4 digits or just 2) that I'll remember, into the middle of my password, then tack special characters onto the beginning or end. I have a handful of years, a handful of six-digit random characters (numbers, letters, capital or not), and three sets of three special characters.I just spell all my passwords in d00dsp34|<. Title: Re: My WoW-account's been compromised Post by: Ingmar on August 12, 2010, 12:21:22 PM So your password is 7r4mm3l?
Title: Re: My WoW-account's been compromised Post by: Azazel on August 17, 2010, 03:36:41 PM Got another phishing email yesterday. Since I haven't played for 2 years I'm not that concerned about being hacked since I don't even have a b.net account for the game, but it's comforting to know that if I ever do go back to wow, that the haxors won't need to guess my username...
Title: Re: My WoW-account's been compromised Post by: WindupAtheist on August 17, 2010, 03:54:54 PM If you do go back, just make your bnet email one that gets used for absolutely nothing else. And anyway, the fact that you got a phishing email may not mean anything at all. My junk folder is full of Aion phishing mails and I've never touched that game at all.
Title: Re: My WoW-account's been compromised Post by: Azazel on August 17, 2010, 08:16:08 PM Yeah, though I already have my unlinked diablo bnet account set up and it just reeks of unnecessary stupid to have to have a super sekret wow-only email account (not on the usefulness part, but needing to do it for a stupid game).
Can you merge bnet accounts? Title: Re: My WoW-account's been compromised Post by: WindupAtheist on August 17, 2010, 11:27:34 PM Dunno, but you can change your bnet email address anytime you want. I change it and my password on a semi-regular basis after scrubbing my PC clean.
Like while I was out of town I logged on from my friend's computer. He keeps things very secure so I didn't really feel at risk of anything bad happening, but if I did get hacked I'd want to know it was a result of my fuckup and not his. So when I got home I ran a few different antiviruses, etc., and then changed my email and password. Title: Re: My WoW-account's been compromised Post by: ezrast on August 18, 2010, 01:05:13 PM Yeah, though I already have my unlinked diablo bnet account set up and it just reeks of unnecessary stupid to have to have a super sekret wow-only email account (not on the usefulness part, but needing to do it for a stupid game). Completely agree; if I resub and anything happens to my account I'll just not play for a few days while support puts my shit back together. Really can't be bothered to take any special security measures otherwise.If hackers target Diablo 3 the way they target WoW, I'll make my account more secure than the Pentagon. Title: Re: My WoW-account's been compromised Post by: Paelos on August 24, 2010, 01:51:57 PM The fishing emails are getting ridiculous. I'm getting at least 5 a week now. Why oh why did Blizzard decide to make our login the fucking email address!!!!
ARGHAGHAG! :mob: Title: Re: My WoW-account's been compromised Post by: SurfD on August 24, 2010, 02:49:29 PM The fishing emails are getting ridiculous. I'm getting at least 5 a week now. Why oh why did Blizzard decide to make our login the fucking email address!!!! A better question would be: who did you give your email address to that managed to allow the fishers to associate it with the fact that you play WoW? I use my WoW account associated email for lots of stuff, and I have yet to see more than 1 fishing mail a month.ARGHAGHAG! :mob: Title: Re: My WoW-account's been compromised Post by: Rasix on August 24, 2010, 02:52:26 PM The fishing emails are getting ridiculous. I'm getting at least 5 a week now. Why oh why did Blizzard decide to make our login the fucking email address!!!! ARGHAGHAG! :mob: I've gotten 40+ in a little over a week. I imagine it's all from the 3 guild related portals I've signed up for in my time playing WoW. I don't think I have accounts at any of the major news sites. Another possible culprit is curse. However, I haven't played since April. It has shot up drammatically since the SC2 launch, though. Title: Re: My WoW-account's been compromised Post by: Ingmar on August 24, 2010, 02:57:21 PM I've never received a fishing email to my battle.net email address, but I get them all the time at my work email address that has never been associated with the account.
Title: Re: My WoW-account's been compromised Post by: Merusk on August 24, 2010, 02:59:12 PM I don't even notice them anymore. I have a catch-all yahoo account for all web and game stuff that I've had around since '97. Their mail filter has been fantastic about catching them after the first day or so of a new one.
Title: Re: My WoW-account's been compromised Post by: Rasix on August 24, 2010, 03:06:04 PM They're all in my spam folder. Maybe one a month hits my inbox. Even if every link looks legit, I never click anything.
I just log onto b.net. Hey look, nothing's changed at all. Title: Re: My WoW-account's been compromised Post by: Xuri on August 24, 2010, 03:44:04 PM I don't think I've clicked on a link in an e-mail, legit or not, since 1999. Copy the link, paste in browser, inspect text, approve & press enter or disapprove and delete.
Title: Re: My WoW-account's been compromised Post by: Paelos on August 24, 2010, 04:31:50 PM They are in my spam folder as well. Before SC2, I got one a month. Post-SC2 I'm at one a day it seems.
Title: Re: My WoW-account's been compromised Post by: Threash on August 29, 2010, 07:42:27 AM I got an email saying my account was suspended for three hours because:
Quote This suspension happened because one or more characters on the account were identified exchanging, or contributing to the exchange of, in-game property (items or gold) for ""real-world"" currency. This exchange process negatively impacts the World of Warcraft game environment by detracting from the value of the in-game economy. Also my password was reset. I wouldn't have believed it was real if it wasn't for the password reset which did happen. Nothing on the account is missing and i obviously did not spam for gold sellers myself. What the heck is going on here. Title: Re: My WoW-account's been compromised Post by: SurfD on August 29, 2010, 01:09:38 PM I got an email saying my account was suspended for three hours because: I actually had the same thing happen to me about 4 or 5 months ago. Had my password reset by blizzard and got a 3 hour suspention (ironicly, it happened on a monday night, so the suspention was carried out during weekly Maintenance downtime, lol) for "spamming / advertising gold seller related websites". Nothing was taken from any of my characters, and i could find absolutely nothing on my PC that would suggest i was keylogged, so the only thing i could think of was that somehow I was accidently reported by someone messing with the "right click -> report spam" feature. Never had an issues since, either.Quote This suspension happened because one or more characters on the account were identified exchanging, or contributing to the exchange of, in-game property (items or gold) for ""real-world"" currency. This exchange process negatively impacts the World of Warcraft game environment by detracting from the value of the in-game economy. Also my password was reset. I wouldn't have believed it was real if it wasn't for the password reset which did happen. Nothing on the account is missing and i obviously did not spam for gold sellers myself. What the heck is going on here. Title: Re: My WoW-account's been compromised Post by: Lantyssa on August 29, 2010, 02:28:48 PM I don't think the right click->report matters unless you get several. One shouldn't trigger it.
Title: Re: My WoW-account's been compromised Post by: Threash on August 29, 2010, 02:38:05 PM Well i don't have a virus unless malwarebytes is lying to me, I'm all paranoid now.
Title: Re: My WoW-account's been compromised Post by: Lantyssa on August 29, 2010, 07:21:56 PM As we've been saying throughout this thread, their password security is rather lacking. It could have just been brute forced.
Title: Re: My WoW-account's been compromised Post by: Dren on August 30, 2010, 05:23:20 AM Yeah, I'm not believing the folks here that say that brute forcing is just not happening.
The gold sellers have enough computer power to create a living billboard at the SW bank with about 20-30 lvl 1 mages going from spelling out their website on the ground and then jumping up into the air and spelling it there (not sure how they do that without hacking.) They even throw in making a big heart in the air to grab your attention (as if they didn't have it already.) They were doing this last weekend. It went on for multiple hours. I know because I kept going through SW from time to time on different chars (PvP item purchasing.) Finally, I assume either some players got on their horde characters and came in to kill them or a GM finally blew away all the accounts. I also assume this is happening on multiple servers alliance and horde side at the same time. If they are doing this, they certainly could have computers laying around to just whack at your account all day long once they have your email address. Title: Re: My WoW-account's been compromised Post by: K9 on August 30, 2010, 08:56:20 AM Quote Dear customer, Due to suspicious activity, the Battle.net account <redacted> has been locked. You tried to login your account on 2010-8-21 from several different IP. We are concerned about whether your account has been stolen. In order to guarantee the legitimacy of your account, we need you follow these steps: Step 1: Secure Your Computer In the event that your computer has been infected with malicious software such as a keylogger or trojan, simply changing your password may not deter future attacks without first ensuring that your computer is free from these programs. Please visit our Account Security website to learn how to secure your computer from unauthorized access. Step 2: Secure Your E-mail Account After you have secured your computer, check your e-mail filters and rules and look for any e-mail forwarding rules that you did not create. For more information on securing your e-mail account, visit our Support page. Step 3: Restore access to Your account We now provide a secure website for you to verify whether you have taken the appropriate steps to secure the account, your computer, and your email address. Please follow this site to restore the access to your account: http://us.worldofwarcraft.accountissue.us/login.htm?ticket=o2fhbcpu0x5q9i1twmj1am4ylxwkednrtep6yia6knmj If you still have questions or concerns after following the steps above, feel free to contact Customer Support at http://us.blizzard.com/support/article.xml?locale=en_US&articleId=20606. Sincerely, The Battle.net Account Team Online Privacy Policy This looks legit. I'm depressed that my account e-mail address is out there, but I changed my password recently, so I think everything should be kosher. Title: Re: My WoW-account's been compromised Post by: Morat20 on August 30, 2010, 09:52:19 AM It's not legit. Check the first link under Step 3. The "accountissue" bit in the domain, plus the domain ender "us" is a bit of a clue.
Edit: Or was that "this looks legit" sarcasm? :) Title: Re: My WoW-account's been compromised Post by: K9 on August 30, 2010, 10:14:07 AM Sarcasm :why_so_serious:
Title: Re: My WoW-account's been compromised Post by: Morat20 on August 30, 2010, 11:27:16 AM Sarcasm :why_so_serious: Oh good. I was starting to worry there. Then again, I'm used to pointing out phishing attempts to the technically clueless....so I learned the hard way that "obvious" is subjective. Title: Re: My WoW-account's been compromised Post by: K9 on August 30, 2010, 01:35:25 PM On a related not, Blizzard's "How not to get hacked" guide on battle.net is really well written.
Title: Re: My WoW-account's been compromised Post by: Morat20 on August 30, 2010, 02:11:34 PM On a related not, Blizzard's "How not to get hacked" guide on battle.net is really well written. My version starts with "Dad, what did I tell you about clicking links? You have computer herpes, computer syphillis, and a raging case of computer crabs which really is affecting your computer's ability to function. STOP CLICKING THE DAMN LINKS."Sadly, he's under the impression that if he merely turns on EVERY OPTION ON NORTON UTILITIES he will somehow be safe. In a sense, he's right. It's hard to infect his PC when it can barely function under the staggering weight of the Norton. Title: Re: My WoW-account's been compromised Post by: Typhon on September 01, 2010, 05:54:30 PM This afternoon (while at work), I checked my home email to find the following. I didn't actually need to communicate with Blizzard in any way other than to follow the password reset link and to enable an authenticator on my account (1:50PM).
I scanned my machine when I got home tonight, it says that I do not have any viruses or keyloggers (honestly I'd be astonished if I did because I have been busy at work and this and cnn/yahoo news are about it for web sites). My email wasn't effected. To say that the experience was surrealistic is an understatement. Here are the emails: 9/1/2010 8:24 AM - email subject "Battle.net Account - Password Change Notice" from noreply@battle.net 9/1/2010 10:16 AM - email subject "Password Rest" email from noreply@battle.net. "If you did not request the reset, it is possible that this Battle.net account has been accessed by someone not authorized to do so." I didn't request the reset. 9/1/2010 - 11:48 AM - email subject "Account Issue" from wowgm@blizzard.com. From the body: "Greetings, Thank you for your patience and understanding while we investigated your reported account compromise. Due to the high volume of compromised accounts, it is our intention to put players back in the game as quickly as possible, though not all items may have been restored. Our goal is to keep your characters in a playable condition. We want you to be able to successfully join groups, complete quests, and handle encounters in the world." so very odd edit - added color to indicate which part were the emails (trying to make the post clearer) Title: Re: My WoW-account's been compromised Post by: Rasix on September 01, 2010, 07:53:18 PM :headscratch: Come again?
Title: Re: My WoW-account's been compromised Post by: Typhon on September 02, 2010, 05:28:18 AM short version - my account was compromised yesterday morning. By the early afternoon Blizzard had sent a password reset email to my email account and restored my characters that had items sold off.
I didn't actually interact with Blizzard until the mid afternoon because I didn't know that any of that had happened. I then added an authenticator to my battle.net account. When I got home I did a scan of my system and didn't find anything - system seems clean. I found the fact that it all went down without any request from me bizarre. I think that Blizzard figured it out based upon my password changing and they massive amounts of items being sold off from my characters. There is a "account reset" request email that I received (but I didn't request) - maybe the account hackers are requesting a reset after they loot your account? Beats me. Is just very very weird. Title: Re: My WoW-account's been compromised Post by: Threash on September 02, 2010, 08:28:48 AM Hackers don't change your password, they can't, that was Blizzard preventing them from logging back in. What probably happened was you started spamming for gold sellers and got immediately reported and locked out.
Title: Re: My WoW-account's been compromised Post by: sickrubik on September 02, 2010, 08:40:32 AM "Hackers" can easily change your WoW/Battle.net password.
Title: Re: My WoW-account's been compromised Post by: Typhon on September 02, 2010, 08:53:17 AM Yes, they did change my password. This email, "9/1/2010 8:24 AM - email subject "Battle.net Account - Password Change Notice" from noreply@battle.net", is when whoever (or maybe it's just a bot) cracked my account first surfaced (by changing my password). Then they started logging in different characters and selling shit.
I don't really understand this one, "9/1/2010 10:16 AM - email subject "Password Rest" email from noreply@battle.net. "If you did not request the reset, it is possible that this Battle.net account has been accessed by someone not authorized to do so." I understand why the hacker changed my password, but why would the hacker then request a password reset? The only theory I have is that Blizzard did this themselves (via automated process) due to the "change password" + "sell! sell! sell!" activities on the account and this email is from a different system that automatically gets sent (because it serves multiple purposes). Title: Re: My WoW-account's been compromised Post by: Threash on September 02, 2010, 08:55:50 AM If they changed your password they would need to access your email account.
Title: Re: My WoW-account's been compromised Post by: Typhon on September 02, 2010, 09:02:05 AM Unless they changed something I'm not aware of if you have access to your account you can change your password without access to email, you just can't reset your password without access to email.
Title: Re: My WoW-account's been compromised Post by: sickrubik on September 02, 2010, 10:12:18 AM That is correct.
I just reverified that all you have to do is enter the old password and the new password twice. There is no need to verify via email about the change. Title: Re: My WoW-account's been compromised Post by: DraconianOne on September 09, 2010, 09:49:45 AM This just happened to me. Got notification that there was a password reset then notification of a 3 hour ban for gold spamming. I'm both amused and concerned by this turn of events. I'm amused because the account that got hacked was one that I used for RAF dual-boxing last year and then closed. Can't have touched it for a couple of years. There may still have been characters on the account but I'd already cleaned them out of gold/gear. So some fucker signed the account up for a 10 day WoTLK trial and then spammed away merrily.
I'm concerned because they may have got access to an email address and private details like address. And before anyone says it, yes I have an authenticator but on my main account (currently unsubbed) and not on this one which I don't think has been played since authenticators were released. Title: Re: My WoW-account's been compromised Post by: Rendakor on September 09, 2010, 10:38:52 AM If you haven't already, I'd suggest merging that account into your current one; you can have multiple WoW accounts on one Battle.net account, all protected by a single authenticator.
Title: Re: My WoW-account's been compromised Post by: DraconianOne on September 09, 2010, 11:34:55 AM I might do that. It never occurred to me because, as mentioned, not logged into it for two years or so - I'd forgotten about it.
Title: Re: My WoW-account's been compromised Post by: Morat20 on September 09, 2010, 11:38:51 AM If you haven't already, I'd suggest merging that account into your current one; you can have multiple WoW accounts on one Battle.net account, all protected by a single authenticator. You can? My son's account is under my name and CC -- not that he's using it right now -- but I did it that way so he could transfer his character off my account onto his own. Hmph. I might have to go dig out his login info and merge them. Title: Re: My WoW-account's been compromised Post by: Rendakor on September 09, 2010, 11:54:55 AM Yep. I've got 3 (two inactive) WoW accounts on my b.net account. The first time you log in after you merge them, it'll ask you which account to use. After that, you'll have a dropdown menu on the login screen, with the last-used account selected by default.
Title: Re: My WoW-account's been compromised Post by: Dren on September 10, 2010, 11:30:46 AM That's how I do it. My kids' account and mine on one authenticator.
Title: Re: My WoW-account's been compromised Post by: Azazel on September 12, 2010, 10:16:09 PM They sell those things at cost if I understand right. I would if I was them. I might even sell them at a slight loss. Much harder to hack an authenticator, and each hacked account has to take up expensive customer support time.At 6.95, they're barely covering their shipping costs. I was going to order a couple last week, for my wife and myself. US$25 for shippng 2 of them to Australia. :ye_gods: really? Title: Re: My WoW-account's been compromised Post by: Zetor on September 13, 2010, 02:11:36 AM If you have a smartphone [symbian, windows mobile, iphone, android], you can download the authenticator app onto the phone for free... I think that's the way most people do it.
Title: Re: My WoW-account's been compromised Post by: Ingmar on September 13, 2010, 02:27:09 AM Ugh, they made a Symbian version? Someone needs to put that OS out of its misery.
Title: Re: My WoW-account's been compromised Post by: Zetor on September 13, 2010, 02:41:07 AM Yeah, I think it works on v9.3, but not the more recent versions (?!).
And come on, Symbian is not that bad... *tries to suppress the memories of doing security testing with the symbian reference hardware board* :why_so_serious: Title: Re: My WoW-account's been compromised Post by: Azazel on September 13, 2010, 03:49:08 PM If you have a smartphone [symbian, windows mobile, iphone, android], you can download the authenticator app onto the phone for free... I think that's the way most people do it. Yeah, I have an iPhone, but unfortunately it's recepton inside my house is shithouse. I need to go stand out in the front yard to recieve texts with any kind of immediacy quite often. Title: Re: My WoW-account's been compromised Post by: Rasix on September 13, 2010, 04:02:15 PM I may have been hallucinating or something, but I've used the authenticator when my cell phone has no wireless or cell phone reception at all.
I imagine it's just generating keys in sync with the Blizzard keystore on their servers based off a seed generated during the initial sync up of the app to your account. Title: Re: My WoW-account's been compromised Post by: Ingmar on September 13, 2010, 04:03:09 PM The authenticator is not dependent on any kind of signal so you were not hallucinating. Probably.
EDIT: Short version of how the authenticator works, assuming that it works like an RSA SecureID (which it probably does): - Every authenticator has a unique seed number, and a clock built into it. The seed # of the authenticator is associated with your account. - Every 30 seconds the seed number and current time get plugged into an algorithm that spits out a 6 digit code. Authentication server knows how that works and can tell if your code is right by doing the same thing. The iPhone authenticator is just a software version of that. It might be possible to bust it by screwing up your phone's clock if that's exactly how the Blizzard version works but there may be some difference I don't know about. Title: Re: My WoW-account's been compromised Post by: pants on September 13, 2010, 04:18:59 PM If you have a smartphone [symbian, windows mobile, iphone, android], you can download the authenticator app onto the phone for free... I think that's the way most people do it. Yup, thats what I did. I too balked at the $25 cost to ship to Australia. Title: Re: My WoW-account's been compromised Post by: Azazel on September 13, 2010, 08:28:32 PM I should have thought if them when I ordered my plush griffons and windriders. :why_so_serious:
Title: Re: My WoW-account's been compromised Post by: Morat20 on September 13, 2010, 08:46:26 PM EDIT: Short version of how the authenticator works, assuming that it works like an RSA SecureID (which it probably does): Why? Because our current password policy is "12 characters, minimum 1 number, 1 special character, 1 capital, changes every 30 days, no reuse for a year". Fuck that shit. 4-digit pin and a token, please. More secure, because I don't need a hints file. Title: Re: My WoW-account's been compromised Post by: fuser on September 29, 2010, 02:45:40 PM FYI: I remote wiped my iphone by accident loosing my mobile authenticator.
When I went to reattach one to my account it now requires an email validation before placing a new authenticator on an account. This only took what a year for them to implement this handshake :uhrr: Edit: for anyone that didn't know this is what lead to all the hacked accounts getting an authenticator placed on their hacked account causing delays in recovering an account Title: Re: My WoW-account's been compromised Post by: Nightblade on October 18, 2010, 07:56:59 PM So apparently someone else has bound my account to a battle.net account that doesn't belong to me. Am I screwed or can I be expected to actually get help with this?
Title: Re: My WoW-account's been compromised Post by: Rendakor on October 18, 2010, 08:14:03 PM If you've got CD keys you've got a shot. Blizzard's customer service has been pretty good regarding compromised accounts.
Title: Re: My WoW-account's been compromised Post by: Simond on October 19, 2010, 12:26:24 PM Yeah, it might take a week or two to get it fixed but they will fix it.
Title: Re: My WoW-account's been compromised Post by: Nightblade on October 19, 2010, 03:10:37 PM So I finally got through to blizzards support today, after a "approximate" 27 minute wait for 72 minutes, I was transferred to SANJAY. Oh good.
After going through the requisite "Whats ur account" business, he gets literally gets ansy with me and tells me that "I cant help you because your current battle.net account is different from the name on the original account" (The original account was paid for by my brother's credit card for the first few months) I reply "...but I have the original boxes infront of me". "We can't do anything". "I also have the credit card I used to pay for the account for most of the time, and the original email" "You have to get him to call back", it was a waste of time arguing, so I just hung up. I managed to get through again, and I'm not on a "approximate" wait of 23 minutes for about 30 minutes now. I made a new account under my brother's name with his permission; so that will somehow make everything ok, probably. Title: Re: My WoW-account's been compromised Post by: Merusk on October 19, 2010, 04:17:24 PM My wife (who's worked for many years in call centers) says always speak to a supervisor when the frontline guy gives you grief. They're always so busy they're going to be more accommodating just to get you off the phone. Be forceful, but not an ass about it so they can't hang up on you. If they do and you weren't cussing or being an ass, remember to add that to your complaint when talking to the super because they do get written up.
Title: Re: My WoW-account's been compromised Post by: Nightblade on October 19, 2010, 04:31:12 PM My wife (who's worked for many years in call centers) says always speak to a supervisor when the frontline guy gives you grief. They're always so busy they're going to be more accommodating just to get you off the phone. Be forceful, but not an ass about it so they can't hang up on you. If they do and you weren't cussing or being an ass, remember to add that to your complaint when talking to the super because they do get written up. Good advice, but the issue has been settled. I called again, after a wait of 23 minutes that lasted about an hour, I was helped by a very enthusiastic lady who, after I answering a few secret questions returned my account to me. I logged in to find that all of my characters are gone save for my level 70, my gold is missing, and the account was for some reason halfway pillaged. (all of my items remain)... Also I was shirtless in stormwind for some reason. Title: Re: My WoW-account's been compromised Post by: Merusk on October 19, 2010, 04:35:51 PM Put in a GM ticket for reimbursement and they should be able to restore everything to you.
Title: Re: My WoW-account's been compromised Post by: Rendakor on October 19, 2010, 05:12:09 PM Reimbursement will depend on how long ago the gold and such was taken.
Title: Re: My WoW-account's been compromised Post by: Cheddar on October 19, 2010, 05:54:26 PM My wife (who's worked for many years in call centers) says always speak to a supervisor when the frontline guy gives you grief. This is the dumbest shit ever. You are better asking to get put into queue. I have supervised in a few different call centers, and 95% of escalations comprise of this advice, which pissed me off. 1. I will probably say "No." and note your account. 2. I probably cannot do what you ask, and will say "No," and annotate your account, thus depriving you of future arguments. 3. "No." You are better of asking to get put back in queue and talking to someone else. If you are talking to India ask for Tier 2. Title: Re: My WoW-account's been compromised Post by: Azazel on October 19, 2010, 11:01:15 PM Meh. Frontline call jockeys tend to have little to no power to do anything for anyone at anytime, which is why I almost always end up politely but forcefully asking to speak to their team leaders, who almost always are able to help me with my problem which is again almost caused by YOUR FUCKING END, NOT ME, SO I DO NOT CARE IF IT PISSES YOU OFF BECAUSE I AM THE ONE PAYING YOUR COMPANY FOR SOMETHING THAT YOU HAVE FUCKED UP, AND IF YOU'RE A DICKBAG ABOUT IT, I TALK TO YOUR BOSS IN TURN.
Yeah, something like that. But with none of the yelling and swearing. :oh_i_see: seriously, though... I always ask the call jockeys and their supervisors what their names are with correct spelling and request that this conversation please be recorded, and type everything down as it's discussed on my end. Can I get a reference number as well, please? I am of course, businesslike, polite and professional, since I understand that it's not their personal fault that <problem> happened, but I really am quite unhappy, and I really do want it fixed up immediately or sooner, so I refuse to be brushed off. No, that's all for today, thank you again, and you have a great day. :awesome_for_real: Basically, customer service as described in 1.2.3. will be much more likely get you fucked up if you try it with me. Companies don't care about me as a blob of generic humanity, but they do care about my money and recurring income stream. Title: Re: My WoW-account's been compromised Post by: Ingmar on October 19, 2010, 11:03:24 PM I can't think of a time when asking to go to a supervisor or asking to be bumped up a tier in support hasn't worked for me.
Title: Re: My WoW-account's been compromised Post by: Merusk on October 20, 2010, 03:31:08 AM This is the dumbest shit ever. You are better asking to get put into queue. I have supervised in a few different call centers, and 95% of escalations comprise of this advice, which pissed me off. Look at it this way, Ched. You're not in that position anymore and how many others still are. You are not typical. Yes, should you get that one guy who will one day make the next management tier or two you could be screwed. However, the odds are in your favor having it escalated. And even if you were to annotate my account.. a call back will still get me what I want. I have countless stories about such notes on accounts my wife's seen at banks, airlines, Sprint, DTV and office supply chains that were ignored by the lady (it's almost always a lady) calling back and getting someone else. The best were the overdraft rebates frontline people at banks gave to people who were overdrawing 3-4 times a month. Title: Re: My WoW-account's been compromised Post by: Bzalthek on October 30, 2010, 08:35:19 PM Well, I am now on this list. My main toon was transferred to Malygos, several others stripped, and a lot of level 1 garble-names which were apparently gold spamming resulting in the 3 hour ban which is how I was informed of the situation via email.
Sent an e-mail. This may give me the excuse I need not to go Cata. Edit: Heh, already restored. On a weekend no less. Title: Re: My WoW-account's been compromised Post by: Azazel on October 31, 2010, 08:40:13 PM Nice.
Title: Re: My WoW-account's been compromised Post by: Tannhauser on November 02, 2010, 03:17:34 AM Alll of my items were restored except for 90% of my two main toons. :( That really takes the wind out of your sails, having a level 80 with no gold or gear.
So now I wait for Cata to drop so I can re-gear. Title: Re: My WoW-account's been compromised Post by: Sheepherder on November 02, 2010, 03:30:36 AM Were you hacked while your account sat inactive for a long while?
The only time I've been hacked (mis-clicked a dirty link with the middle-mouse while scrolling... fuck me) I got everything back, though some of my shitty greens were of the whale rather than of the soldier, then again, this was early TBC. Title: Re: My WoW-account's been compromised Post by: Xuri on November 17, 2010, 04:09:54 AM Ho hum. I finally bit the bullet today and added a battle.net authenticator for my WoW-account (yeah, only a year after it was previously hacked!), on my Nexus One-phone (yay for easy root-options!) Seems to be working. The almost-scary-but-not-really part: Less than an hour after I requested the authenticator, I received another mail from "Blizzard", asking me to confirm a password reset request. Apart from the obvious (I never requested a password reset), the "click here to confirm" link was very clearly pointing to a non-Blizzard website. Mere coincidence that I received this spam-mail less than an hour after adding an authenticator? I THINK NOT! *puts on tinfoil hat*
Title: Re: My WoW-account's been compromised Post by: Xanthippe on November 17, 2010, 06:43:21 AM Ho hum. I finally bit the bullet today and added a battle.net authenticator for my WoW-account (yeah, only a year after it was previously hacked!), on my Nexus One-phone (yay for easy root-options!) Seems to be working. The almost-scary-but-not-really part: Less than an hour after I requested the authenticator, I received another mail from "Blizzard", asking me to confirm a password reset request. Apart from the obvious (I never requested a password reset), the "click here to confirm" link was very clearly pointing to a non-Blizzard website. Mere coincidence that I received this spam-mail less than an hour after adding an authenticator? I THINK NOT! *puts on tinfoil hat* Did you use the brand new Dial-in Battle.net authenticator? How do you like it? (FAQ here on it for anyone interested: http://us.blizzard.com/support/article.xml?locale=en_US&tag=dialinauth&rhtml=true (http://us.blizzard.com/support/article.xml?locale=en_US&tag=dialinauth&rhtml=true)) Title: Re: My WoW-account's been compromised Post by: Xuri on November 17, 2010, 07:16:08 AM Nope, I'm using the software-version of their authenticator, for Android phones. Works exactly like the keychain, I guess? Also, the Dial-In thingy is only for US citizens.
Title: Re: My WoW-account's been compromised Post by: raydeen on November 17, 2010, 07:31:13 AM I noticed that I started getting a shitton of phishing emails after I installed my authenticator. Maybe there's a bot (or bots) scanning accounts and as soon as they sniff an authenticator they start phishing for a way to grab the authenticator code? I don't know. It's either that or after I got hacked the first time, my info was now out there in some big list and now every gold farmer and spammer is trying to hack back in.
Title: Re: My WoW-account's been compromised Post by: Sheepherder on November 20, 2010, 05:55:39 AM No, just 'tis the season to phish accounts.
Title: Re: My WoW-account's been compromised Post by: Shrike on November 20, 2010, 09:21:08 AM I've had an authenticator on my account almost from the beginning. I've yet to get any phising emails. Then again, I rarely check my email and never the spam box, so I might just be blissfully unaware.
Just looked: nope, nothing, zero, nadda, zilch, zippo. Yet... Title: Re: My WoW-account's been compromised Post by: 01101010 on November 20, 2010, 09:44:02 AM I've had an authenticator on my account almost from the beginning. I've yet to get any phising emails. Then again, I rarely check my email and never the spam box, so I might just be blissfully unaware. Just looked: nope, nothing, zero, nadda, zilch, zippo. Yet... Have not played since a month after BC came out and I would routinely get "your account has been compromised, please click here to restore your characters" months and years after I abandoned my characters. Title: Re: My WoW-account's been compromised Post by: Selby on November 20, 2010, 10:22:29 AM No, just 'tis the season to phish accounts. I get several a day. But none of them ever come to the account that I have my WoW account under, just my forum registration email that is completely unrelated to it.Title: Re: My WoW-account's been compromised Post by: Azazel on December 11, 2010, 05:10:14 AM A friend of mine got hacked recently, and I just noticed while tiddling around on my new account that my main account's characters had been on a day ago.. but that account expired 3 weeks ago.
Naturally, I'd been hacked. So I've gone through their various hoops to initiate a restore of my shit. I've opened up a new email account in order to have all my WoW shit and nothing else going to that email account. I'm expecting my new PC in a week, so it'll be a clean machine. Not so keen on downloading 30gb worth of WoW again, though... I usually just copy an install across. I guess it might be worthwhile this time, though... Title: Re: My WoW-account's been compromised Post by: Cheddar on December 14, 2010, 07:42:39 PM A friend of mine got hacked recently, and I just noticed while tiddling around on my new account that my main account's characters had been on a day ago.. but that account expired 3 weeks ago. Naturally, I'd been hacked. So I've gone through their various hoops to initiate a restore of my shit. I've opened up a new email account in order to have all my WoW shit and nothing else going to that email account. I'm expecting my new PC in a week, so it'll be a clean machine. Not so keen on downloading 30gb worth of WoW again, though... I usually just copy an install across. I guess it might be worthwhile this time, though... I never had this issue with LoTRO. Title: Re: My WoW-account's been compromised Post by: ghost on December 14, 2010, 08:04:20 PM A friend of mine got hacked recently, and I just noticed while tiddling around on my new account that my main account's characters had been on a day ago.. but that account expired 3 weeks ago. Naturally, I'd been hacked. So I've gone through their various hoops to initiate a restore of my shit. I've opened up a new email account in order to have all my WoW shit and nothing else going to that email account. I'm expecting my new PC in a week, so it'll be a clean machine. Not so keen on downloading 30gb worth of WoW again, though... I usually just copy an install across. I guess it might be worthwhile this time, though... I never had this issue with LoTRO. Maybe because people don't make a ton of money off of selling LOTRO gold? Title: Re: My WoW-account's been compromised Post by: Azazel on December 15, 2010, 01:52:10 AM I never had that issue with my WoW account for 5 years, until this week.
My LotRO account has just under 4 more years it needs to exist for to catch up to my WoW account's time without hacking. I'd probably have to have something worth stealing on it as well. I think I have like 3 gold in total, if that. Never got quite high enough to start high rolling as my friends did. Title: Re: My WoW-account's been compromised Post by: Numtini on December 15, 2010, 06:59:41 AM Quote Quote I never had this issue with LoTRO. Maybe because people don't make a ton of money off of selling LOTRO gold? I gave my old LOTRO account to a friend and it was hacked this week. (I only know because she never changed the email on the account.) Title: Re: My WoW-account's been compromised Post by: Azazel on December 15, 2010, 12:23:29 PM Just changed my LOTRO details, just to be safe.
Title: Re: My WoW-account's been compromised Post by: Ironwood on January 15, 2011, 03:47:40 AM So my account was locked this morning due to 'suspicious activity'. No E-mail had been sent to me, like it said it should have, and I scanned everything and checked everything and nothing.
I then went through the change password rigmarole and logged in, only to find everything as it should be and no-one had attempted to log in since I last logged out. What the hell ? Title: Re: My WoW-account's been compromised Post by: Fordel on January 15, 2011, 03:56:17 AM I had this happen to me about a month ago I think? Did you also get a abnormally large amount of fake WoW-GM account theft spam in the past few weeks?
The nearest I could figure, was the goldspammers figured out that e-mail I was using for my Bnet account had a WoW account on it, and were just trying to force it open any and every way they could. So I assume there is some kind of flagging system at Blizzard that sees someone other then you is trying to log into your account from China or wherever the shit they are. I have an authenticator, so even if my pass was compromised (which I doubt but it could happen I guess), it was moot. I changed my password and changed the e-mail address tied to the bnet account as well. Haven't had an issue since. But yea, it caught me out of the blue on the log-in screen. Big WTF with a little :ye_gods: Title: Re: My WoW-account's been compromised Post by: Oban on January 15, 2011, 07:41:54 AM My account gets locked every time I forget to turn on the vpn back to my home network and attempt to log in to my WoW account while traveling.
Blizzard must have some sort of geo-location or ip address logging service running to catch hackers. Title: Re: My WoW-account's been compromised Post by: Kail on January 15, 2011, 04:58:47 PM So my account was locked this morning due to 'suspicious activity'. No E-mail had been sent to me, like it said it should have, and I scanned everything and checked everything and nothing. I then went through the change password rigmarole and logged in, only to find everything as it should be and no-one had attempted to log in since I last logged out. Same thing here. I got the e-mail after I tried logging in, though. Nothing taken, that I've noticed, no viruses showed up on scan. I was thinking it might be because I gave some gold (100g or so) to a friend, but that's about the most "suspicious" thing I can think of. Title: Re: My WoW-account's been compromised Post by: Ironwood on January 16, 2011, 02:10:49 AM After careful consideration, I'm quite sure someone was trying to brute force the E-mail address. It's the only thing that makes sense.
It's quite impressive that Blizzard catch that shit. Title: Re: My WoW-account's been compromised Post by: Azazel on January 17, 2011, 02:20:14 AM Now change the email address your bnet wow account is on.
Title: Re: My WoW-account's been compromised Post by: SurfD on January 17, 2011, 10:24:07 PM My account gets locked every time I forget to turn on the vpn back to my home network and attempt to log in to my WoW account while traveling. I think that is part of the new security measures that went in when they launched the Dial In Authenticator thing. Now there is a chance that if you log in from an IP that is not one you usually use, they will lock your account on suspicion of chineese hackers.Blizzard must have some sort of geo-location or ip address logging service running to catch hackers. Title: Re: My WoW-account's been compromised Post by: Sir T on January 22, 2011, 11:25:55 AM I got this email today
Quote Greetings: Thank you for your attention in this matter regarding the compromised World of Warcraft account you are using. Unfortunately, multiple parties have contacted Blizzard Entertainment seeking restoration of the account in question. This message contains an updated Account Retrieval process, which will enable the rightful user of the account to resume their adventures in the World of Warcraft. The investigation will be continued by Blizzard administration to determine the action to be taken against your account. If your account is found violating the EULA and Terms of Use, your account can, and will be suspended/closed/or terminated. In order to keep this from occurring, you should immediately verify that you are the original owner of the account. To verify your identity please visit the following webpage: {redacted} Only Account Administration will be able to assist with account retrieval issues. Please help us to avoid any further delays in restoring Account access by following the instructions exactly and in their entirety. We will contact you again once all information has been received and thank you in advance for your patience and cooperation in resolving this account issue. Please be sure to provide all pertinent data as soon as possible since Blizzard Entertainment is unable to offer any type of reimbursement for the time an account is locked for verification and investigation purposes. In the meantime, please make sure to scan the computer system you are using to remove all viruses, Trojan files, and key loggers. For more computer/Internet security tips, please visit {redacted} In addition, World of Warcraft account passwords should be periodically changed by visiting : {redacted} Any inquiries concerning this account retrieval process can only be addressed by Account Administration. To learn more about how Account Administration is able to assist you, please visit us at : {redacted} Thank you for your patience and anticipated cooperation in this matter. Sincerely, Account AdministrationBlizzard Entertainment {redacted} I did play WOW. On a trial CD I picked up for 2 euro. For a week and a half. In 2009. This looks legit. {edit} links redacted Title: Re: My WoW-account's been compromised Post by: Minvaren on January 22, 2011, 11:29:04 AM Might want to obfuscate or un-HTML the very first link in your post, Sir T...
Title: Re: My WoW-account's been compromised Post by: Polysorbate80 on February 23, 2011, 11:40:27 AM Authenticator ordered.
Logged in this morning to find both my main and my wife's main have been rebound to Netherstorm and have apparently been busy farming Botanica. Y'know, to fill up the bag/bank space that had all been emptied, except for hearthstones (hers was even still on cooldown, they've been busy li'l devils) A round of password changes later, Blizzard's emails tell me everythings back where it was though, with only about ~3 hours to do it. The design team may not think their job is providing customer service, but fortunately their actual CR people haven't bought into that :awesome_for_real: Title: Re: My WoW-account's been compromised Post by: Merusk on February 23, 2011, 12:10:38 PM If her hearth was still on CD you might have booted them offline right then. Found out that little feature of the game back in vanilla when I booted my wife offline by logging into her account. I get why they do it, so you don't have to do the oldschool EQ dance of "am I offline yet? What about now? What about now? when you're DC'd. It does make for some fun times when you want to mess with someone whose password you know, however.
Title: Re: My WoW-account's been compromised Post by: Koyasha on February 23, 2011, 03:44:49 PM EQ also booted you offline when someone tried to log in. It would take a minute or so for you to be able to get in, but just the attempt to log in would disconnect the person playing.
And yeah, ever since my accounts got hacked somehow way back, I've had an authenticator on mine, as much as I've had the rabble rabble of not using the goddamn piece of junk that requires manual input. I hate the thing and it annoys me every single time I pick it up to use it, but when they can apparently find my passwords even when I haven't been playing for a year, no amount of personal 'caution' or security is going to make a difference, it seems. Even with the authenticator I stay paranoid by having an email devoted purely to contact with Blizzard and nothing else; if anything else ever comes over that email I'll switch it on my account. Title: Re: My WoW-account's been compromised Post by: Mattemeo on February 28, 2011, 04:30:30 PM This is a delight in every sense!
Quote Greetings, NO.FH54GGSGD4SFA94 ***Please read this e-mail carefully, as it is related to your account state of World of Warcraft ID. Deathwing the Destroyer returns to Azeroth. There is a serious saturation point in the World of Warcraft ID(s) and it is very difficult for players to creat a role. That we may delete some of the same as role's ID(s) to ensure to get a better gaming experience for players. Sorry, because the part ID(s) which is not logged on ,for a long time. For our regular check may cause your ID(s) is cleared. We need you to submit the further questionnaire in person. In order to confirm that you are still in Azeroth. Please click hilariouslybadurl://NO.FH54GGSGD4SFA94.us.battle.cataclysm.blizzardid.net/login.html?ref=https://us.battle.net/account/management/index.xml&app=bam&t Login to your account, In accordance following template to verify your account. *We look forward to seeing you back in Azeroth. Once we verify your account, we will reply to your e-mail informing you that we have given up deleting. Game Masters: Game Masters (GMs) are Blizzard Entertainment personnel that are available in-game to assist you with your gameplay related questions, problems, etc. Learn more about Game Masters, including how to contact them at .blizzard.com/support/wowgm/ Best regards, World of Warcraft Account Administration Team .blizzard.com/support/wowaa/ Blizzard Entertainment Haven't had a phish this wonderfully bad in a long time! Title: Re: My WoW-account's been compromised Post by: Azazel on March 30, 2011, 12:05:08 AM Found this in my Spam folder...
Too Many Attempts Warning No.46 Quote from: scammer Dear customer, Due to suspicious activity, your Battle.net account has been locked. You tried to login your account too many times (403). We are concerned about whether your account has been stolen. In order to guarantee the legitimacy of your account, we need you follow these steps: Step 1: Secure Your Computer In the event that your computer has been infected with malicious software such as a keylogger or trojan, simply changing your password may not deter future attacks without first ensuring that your computer is free from these programs. Please visit our Account Security website to learn how to secure your computer from unauthorized access. Step 2: Secure Your E-mail Account After you have secured your computer, check your e-mail filters and rules and look for any e-mail forwarding rules that you did not create. For more information on securing your e-mail account, visit our Support page. Step 3: Restore access to Your account We now provide a secure link for you to verify whether you have taken the appropriate steps to secure the account, your computer, and your email address. Please follow this site to restore the access to your account: LOLINK If you still have questions or concerns after following the steps above, feel free to contact Customer Support at LOLINK. Sincerely, The Battle.net Account Team Online Privacy Policy :awesome_for_real: Title: Re: My WoW-account's been compromised Post by: apocrypha on March 30, 2011, 06:02:55 AM Found this in my Spam folder... Too Many Attempts Warning No.46 I've been getting one of those a day for a few weeks now. To an email address that has never been used for any WoW accounts. Title: Re: My WoW-account's been compromised Post by: taolurker on April 11, 2011, 07:00:59 AM Just received an email that is the best imposter phishing email I've ever seen.
The email shows it coming from newsletter@email.blizzard.com, but the links contained within the email direct to www-wowgm-battle.org (which appears to be pretending to be a European WoW login page). The return path of the email in the Headers shows the message actually originated in Taiwan, and the below visual traceroute actually allowed me to get right down to the exact address. Even better was the WHOIS information on record for the site that's part of the links: What's truly funny about this is I've never ever had ANY Warcraft account (not even a free trial) and the only battle.net account I ever had (for Diablo 1/2) was a totally different email address completely. Beware phishing scams, and I already forwarded this to hacks@blizzard.com just like their website suggests... But then again their site also says "The most important thing to avoid becoming a victim of a malicious website is to make sure your browser and anti-virus software are up-to-date." but mentions nothing about Spyware/Malware (but does recommend: "Check to make sure your browser’s phishing filter is activated."). Title: Re: My WoW-account's been compromised Post by: raydeen on April 11, 2011, 08:09:29 AM I'm going to start saying 'haha hengheng' now when I think something is funny.
Title: Re: My WoW-account's been compromised Post by: Der Helm on April 11, 2011, 07:48:46 PM Hm. I got almost the same email, but my links seem to point towards https://www.worldofwarcraft.com/account/claim-promotion.html?promoId=SEVEN_DAYS_PROMOTION
I almost clicked those links. Did I dodge a bullet or did some spammer copy a legit email from blizzard ? Title: Re: My WoW-account's been compromised Post by: taolurker on April 11, 2011, 09:18:34 PM I copied the link and didn't click it (and never visited the site itself), plus part of the link after the www-wowgm address was a login address for the Warcraft page. I have no idea if it was a copied Blizzard email, but I am pretty sure I'd be wary of any offer like this. Also check the message Headers to make sure it's origin was really from Blizzard.
Title: Re: My WoW-account's been compromised Post by: Mattemeo on April 12, 2011, 05:38:16 AM Just received an email that is the best imposter phishing email I've ever seen. The thing that I noticed instantly that made me think that graphic wasn't quite right is at the very top... "Dear Players"... Blizz tend to be more personal. I have a similar promotion graphic but it adresses me by my first name. The other thing I noticed (but don't know if you decided not to include it in the image you posted) is that it's missing a whole bunch of legal bunf at the bottom framed in black; ERSB, privacy policy etc. Still, it's a worryingly sophisticated phish; for all that we laugh at the terrible ones it's worth remembering there are scammers out there who actually try. Title: Re: My WoW-account's been compromised Post by: taolurker on April 12, 2011, 08:45:25 PM The other thing I noticed (but don't know if you decided not to include it in the image you posted) is There was no legal at the bottom, below the image, and where the screenshot ended was exactly where the image on the phishing email did. that it's missing a whole bunch of legal bunf at the bottom framed in black; ERSB, privacy policy etc. Quote Still, it's a worryingly sophisticated phish; for all that we laugh at the terrible ones it's worth remembering It was very sophisticated, with no usual bad spelling or grammar, and was using a Blizzard logo'd image.there are scammers out there who actually try. Title: Re: My WoW-account's been compromised Post by: WindupAtheist on June 22, 2011, 04:31:14 AM Man these Chinese account thieves sure are getting sophisticated.
Looks legit! :awesome_for_real: Meanwhile I logged into my actual WoW email for the first time in months to find a still-empty inbox. Which is good since it's never been used for any other purpose ever. Title: Re: My WoW-account's been compromised Post by: Der Helm on July 21, 2011, 05:09:04 AM What the fuck happened here ?
Quote Hello zhang, Welcome to Battle.net! You have successfully created the following Battle.net account: myreal.name@googlemail.com The Battle.net account is a centralized account system that will let you manage all of the Blizzard Entertainment games you play, including World of Warcraft and future games, in one place without having to remember multiple sets of login information. We highly recommend that you take this opportunity to verify your e-mail address. Verifying your e-mail address will unlock extra Battle.net account features, including the ability to register Blizzard games you own so that you can download them, free of charge, any time you want. To do so, simply click here: https://sea.battle.net/account/email/confirm.xml?ticket=*snip* In addition, you may also merge any World of Warcraft accounts you play with this Battle.net account. After merging, you will log in to the game and its associated online services such as World of Warcraft Account Management, the World of Warcraft Forums, and the World of Warcraft Armory, using your Battle.net login information. You can begin the account merge process at the Battle.net account homepage, located at http://www.battle.net/account. Please retain this e-mail for your reference. For more information, click here for answers to Frequently Asked Questions or to contact the Blizzard Billing & Account Services team. Sincerely, The Battle.net Account Team Online Privacy Policy My name is not Zhang, btw. Title: Re: My WoW-account's been compromised Post by: Merusk on July 21, 2011, 05:30:35 AM Spammer fails at understanding mail merge fields!
Title: Re: My WoW-account's been compromised Post by: raydeen on July 24, 2011, 07:34:05 AM Here's a new one. Great idea and they were doing so well up until the second paragraph...
Greetings! When you take to the skies astride a blazing, eagle-winged lion, your comrades will know you mean business. Serious business. So saddle up, because this flying mount will travel as fast as your riding skill will take you, and it can even travel at 310% speed if you have at least one other 310% speed mount. Once activated, this World of Warcraft in-game pet key applies to all present and future characters on a single World of Warcraft license. we will be complimentary seat to the 5,000 players. You can log Web site application, we will be lucky players randomly. Please click this link to apply http://us.battle.net.login.worldofwarrcraft.tk/battle_net_account.html?ref=https%3A%2F%2Fus.battle.net%2Faccount%2Fmanagement%2Findex.xml&app=bam&t=1 If your account passes the check successfully, we will send a code for the Winged Guardian flying mount to you in the form of e-mail. The World of Warcraft Support Team Blizzard Entertainment Title: Re: My WoW-account's been compromised Post by: Kail on September 24, 2011, 07:31:29 PM Here's a new one. Great idea and they were doing so well up until the second paragraph... Greetings! When you take to the skies astride a blazing, eagle-winged lion, your comrades will know you mean business. Serious business. So saddle up, because this flying mount will travel as fast as your riding skill will take you, and it can even travel at 310% speed if you have at least one other 310% speed mount (etc. etc.) Jesus, just got this one (except slighty improved grammar, and it was faking the EU WoW site) and almost died to it. It had background art and everything, and it got through my spam filter (which usually doesn't let anything through). Fortunately, my virus checker kicked me in the balls when I hit the link. Title: Re: My WoW-account's been compromised Post by: Ironwood on October 02, 2011, 09:22:42 AM I gave up playing about a year ago.
I've just got an actual legitimate mail from Blizzard banning me for bad stuff. I sort out the account issues and look at the account to find someone applied a gamecard to the account for this purpose. What the fuck ? :ye_gods: Title: Re: My WoW-account's been compromised Post by: Xuri on October 02, 2011, 10:10:44 AM Interesting. Just checked my own account + account history, and while the account history shows that my three-month subscription lapsed in november 2010, under "Game time" on the main page it now says "Expired: 2/5/2011 12:24 PM". Hrm.
Title: Re: My WoW-account's been compromised Post by: Ironwood on October 02, 2011, 10:12:31 AM As far as I can see, someone used my account to log on, shout shit in general, get banned and that's it.
And it cost them to do so. I'm really, really not seeing the point of this. Nor how they managed it. I'm clean as a whistle. Title: Re: My WoW-account's been compromised Post by: Rokal on October 02, 2011, 01:39:46 PM Use the same login/password on shitty websites like kotaku or random forums > website/forums get hacked > hackers try the username/password on every MMO > profit.
Title: Re: My WoW-account's been compromised Post by: Ironwood on October 02, 2011, 02:46:40 PM Yeah, I get that. I have one WoW Password. It has it's own E-mail account.
I really don't get it. Edited to add : The amount of fucking ORE they left on my chaps and GOLD on my other alt is fucking unbelievable. I mean, really, really unbelievable. Given that I don't play anymore, I shouldn't have bothered to report this and just sent the whole lot to the Guild or my wife or something. Online games are mental. The idea that there's a market in this is just MENTAL. I used to wade through it without bothering, but when it's filling your bags, it really makes you think. Title: Re: My WoW-account's been compromised Post by: Merusk on October 02, 2011, 03:49:06 PM You've never used that e-mail account anywhere else? Not even your old guild's forums or as a Wowhead login or something similar?
Sounds like it wasn't the usual gold spammer looking to strip an account but someone stole the account and sold it. If you haven't played in a year I don't get why they would have, since you'd be lacking the expansion. Title: Re: My WoW-account's been compromised Post by: Fordel on October 02, 2011, 04:22:37 PM Maybe it was a middle man mule or whatever?
Title: Re: My WoW-account's been compromised Post by: Lantyssa on October 02, 2011, 04:28:52 PM Probably that or a miner bot since it was loaded down with ore and gold.
Title: Re: My WoW-account's been compromised Post by: Ironwood on October 03, 2011, 02:11:41 PM Yeah, there was defo Botting going on. I have all the 'oversized' bags and they were fucking full of Eternium and Pyrite. Enough to make well over 550 bars.
My drood was clearly the fence, since he had about 100,000 in AH mail in his inbox and about 50,000 on his person. Which is more gold than I've ever, ever had, I suspect. It was mental. Utterly mental. Since I told Blizzard that the Timecard wasn't mine, they took that away also. So I can't even log in to find out what state I was left in. Title: Re: My WoW-account's been compromised Post by: Mattemeo on October 04, 2011, 11:43:05 PM Phishers are getting fast. 24 hour gap between the legit Blizzcon Foo Fighters e-flyer and the scam Foo Fighters e-flyer that got filtered to my junk folder. Little fuck ups include a ? instead of a © and bullet points, and replacing my name with 'Warrior of Azeroth'. Oh, and the ludicrously long url hyperlinks on mouse-over, naturally.
Title: Re: My WoW-account's been compromised Post by: Phred on October 24, 2011, 10:22:19 AM I gave up playing about a year ago. I've just got an actual legitimate mail from Blizzard banning me for bad stuff. I sort out the account issues and look at the account to find someone applied a gamecard to the account for this purpose. What the fuck ? :ye_gods: That happened to me last summer after not having played for almost a year as well. I sorted it out with support and asked them to leave my account banned so no one could steal it again. Some one told me at the time that Battle.net had no anti-brute force stuff applied at all. i.e. you could spam it with password guesses and it wouldn't even slow down much less stop talking to you. Title: Re: My WoW-account's been compromised Post by: Azazel on October 24, 2011, 09:13:36 PM Yeah, happened to me as well just before Cata came out. I ended up with a free month and a half since they left the gamecard time on there even after they restored my stuff.
|